fix(idlewatcher): remove duplicated w.readyNotifyCh notification

use `uname -s` for OS detection

---------

Co-authored-by: charlesgauthereau <charles.gauthereau@soluce-technologies.com>
Co-authored-by: yusing <yusing.wys@gmail.com>

.github/workflows/docker-image-compat.yml

@@ -1,20 +0,0 @@
-name: Docker Image CI (compat)
-
-on:
-  push:
-    branches:
-      - compat
-
-jobs:
-  build-compat:
-    uses: ./.github/workflows/docker-image.yml
-    with:
-      image_name: ${{ github.repository_owner }}/godoxy
-      tag: latest-compat
-      target: main
-  build-compat-agent:
-    uses: ./.github/workflows/docker-image.yml
-    with:
-      image_name: ${{ github.repository_owner }}/godoxy-agent
-      tag: latest-compat
-      target: agent

.github/workflows/docker-image-nightly.yml

@@ -8,7 +8,6 @@ on:
       - "**" # matches every branch
       - "!dependabot/*"
       - "!main" # excludes main
-      - "!compat" # excludes compat branch
 
 jobs:
   build-nightly:

.github/workflows/docker-image.yml

@@ -45,37 +45,11 @@ jobs:
       attestations: write
 
     steps:
-      - name: Checkout (for tag resolution)
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
       - name: Prepare
         run: |
           platform=${{ matrix.platform }}
           echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
 
-      - name: Compute VERSION for build
-        run: |
-          if [ "${GITHUB_REF_TYPE}" = "tag" ]; then
-            version="${GITHUB_REF_NAME}"
-            cache_variant="release"
-          elif [ "${GITHUB_REF_NAME}" = "main" ] || [ "${GITHUB_REF_NAME}" = "compat" ]; then
-            git fetch --tags origin main
-            version="$(git describe --tags --abbrev=0 origin/main 2>/dev/null || git describe --tags --abbrev=0 main 2>/dev/null || echo v0.0.0)"
-            cache_variant="${GITHUB_REF_NAME}"
-          else
-            version="v$(date -u +'%Y%m%d-%H%M')"
-            cache_variant="nightly"
-          fi
-          echo "VERSION_FOR_BUILD=$version" >> $GITHUB_ENV
-          echo "CACHE_VARIANT=$cache_variant" >> $GITHUB_ENV
-          if [ "${GITHUB_REF_TYPE}" = "branch" ]; then
-            echo "BRANCH_FOR_BUILD=${GITHUB_REF_NAME}" >> $GITHUB_ENV
-          else
-            echo "BRANCH_FOR_BUILD=" >> $GITHUB_ENV
-          fi
-
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
@@ -106,15 +80,14 @@ jobs:
           file: ${{ env.DOCKERFILE }}
           outputs: type=image,name=${{ env.REGISTRY }}/${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=true
           cache-from: |
-            type=gha,scope=${{ github.workflow }}-${{ env.CACHE_VARIANT }}-${{ env.PLATFORM_PAIR }}
-            type=registry,ref=${{ env.REGISTRY }}/${{ inputs.image_name }}:buildcache-${{ env.CACHE_VARIANT }}-${{ env.PLATFORM_PAIR }}
+            type=registry,ref=${{ env.REGISTRY }}/${{ inputs.image_name }}:buildcache-${{ env.PLATFORM_PAIR }}
+          # type=gha,scope=${{ github.workflow }}-${{ env.PLATFORM_PAIR }}
           cache-to: |
-            type=gha,scope=${{ github.workflow }}-${{ env.CACHE_VARIANT }}-${{ env.PLATFORM_PAIR }},mode=max
-            type=registry,ref=${{ env.REGISTRY }}/${{ inputs.image_name }}:buildcache-${{ env.CACHE_VARIANT }}-${{ env.PLATFORM_PAIR }},mode=max
+            type=registry,ref=${{ env.REGISTRY }}/${{ inputs.image_name }}:buildcache-${{ env.PLATFORM_PAIR }},mode=max
+          # type=gha,scope=${{ github.workflow }}-${{ env.PLATFORM_PAIR }},mode=max
           build-args: |
-            VERSION=${{ env.VERSION_FOR_BUILD }}
+            VERSION=${{ github.ref_name }}
             MAKE_ARGS=${{ env.MAKE_ARGS }}
-            BRANCH=${{ env.BRANCH_FOR_BUILD }}
 
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1

.gitignore

@@ -40,8 +40,4 @@ tsconfig.tsbuildinfo
 
 !agent.compose.yml
 !agent/pkg/**
-dev-data/
-
-RELEASE_NOTES.md
-CLAUDE.md
-.kilocode/**
+dev-data/

.gitmodules

@@ -7,6 +7,3 @@
 [submodule "goutils"]
 	path = goutils
 	url = https://github.com/yusing/goutils.git
-[submodule "internal/go-proxmox"]
-	path = internal/go-proxmox
-	url = https://github.com/yusing/go-proxmox

Dockerfile

@@ -14,7 +14,6 @@ WORKDIR /src
 COPY goutils/go.mod goutils/go.sum ./goutils/
 COPY internal/go-oidc/go.mod internal/go-oidc/go.sum ./internal/go-oidc/
 COPY internal/gopsutil/go.mod internal/gopsutil/go.sum ./internal/gopsutil/
-COPY internal/go-proxmox/go.mod internal/go-proxmox/go.sum ./internal/go-proxmox/
 COPY go.mod go.sum ./
 
 # remove godoxy stuff from go.mod first
@@ -44,9 +43,6 @@ ENV VERSION=${VERSION}
 ARG MAKE_ARGS
 ENV MAKE_ARGS=${MAKE_ARGS}
 
-ARG BRANCH
-ENV BRANCH=${BRANCH}
-
 RUN --mount=type=cache,target=/root/.cache/go-build \
   --mount=type=cache,target=/root/go/pkg/mod \
   make ${MAKE_ARGS} docker=1 build

Makefile

@@ -1,6 +1,5 @@
 shell := /bin/sh
 export VERSION ?= $(shell git describe --tags --abbrev=0)
-export BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
 export BUILD_DATE ?= $(shell date -u +'%Y%m%d-%H%M')
 export GOOS = linux
 
@@ -9,12 +8,7 @@ REPO_URL ?= https://github.com/yusing/godoxy
 WEBUI_DIR ?= ../godoxy-webui
 DOCS_DIR ?= ${WEBUI_DIR}/wiki
 
-ifneq ($(BRANCH), compat)
-	GO_TAGS = sonic
-else
-	GO_TAGS =
-endif
-
+GO_TAGS = sonic
 LDFLAGS = -X github.com/yusing/goutils/version.version=${VERSION} -checklinkname=0
 
 ifeq ($(agent), 1)
@@ -92,7 +86,7 @@ docker-build-test:
 
 go_ver := $(shell go version | cut -d' ' -f3 | cut -d'o' -f2)
 files := $(shell find . -name go.mod -type f -or -name Dockerfile -type f)
-gomod_paths := $(shell find . -name go.mod -type f | grep -vE '^./internal/(go-oidc|go-proxmox|gopsutil)/' | xargs dirname)
+gomod_paths := $(shell find . -name go.mod -type f | xargs dirname)
 
 update-go:
 	for file in ${files}; do \
@@ -143,6 +137,9 @@ benchmark:
 dev-run: build
 	cd dev-data && ${BIN_PATH}
 
+mtrace:
+	 ${BIN_PATH} debug-ls-mtrace > mtrace.json
+
 rapid-crash:
 	docker run --restart=always --name test_crash -p 80 debian:bookworm-slim /bin/cat &&\
 	sleep 3 &&\
@@ -159,7 +156,7 @@ cloc:
 	scc -w -i go --not-match '_test.go$$'
 
 push-github:
-	git push origin $(BRANCH)
+	git push origin $(shell git rev-parse --abbrev-ref HEAD)
 
 gen-swagger:
   # go install github.com/swaggo/swag/cmd/swag@latest

README.md

@@ -33,10 +33,6 @@ Have questions? Ask [ChatGPT](https://chatgpt.com/g/g-6825390374b481919ad482f2e4
 - [Prerequisites](#prerequisites)
 - [Setup](#setup)
 - [How does GoDoxy work](#how-does-godoxy-work)
-- [Proxmox Integration](#proxmox-integration)
-  - [Automatic Route Binding](#automatic-route-binding)
-  - [WebUI Management](#webui-management)
-  - [API Endpoints](#api-endpoints)
 - [Update / Uninstall system agent](#update--uninstall-system-agent)
 - [Screenshots](#screenshots)
   - [idlesleeper](#idlesleeper)
@@ -71,11 +67,7 @@ Have questions? Ask [ChatGPT](https://chatgpt.com/g/g-6825390374b481919ad482f2e4
   - Podman
 - **Idle-sleep**: stop and wake containers based on traffic _(see [screenshots](#idlesleeper))_
   - Docker containers
-  - Proxmox LXC containers
-- **Proxmox Integration**
-  - **Automatic route binding**: Routes automatically bind to Proxmox nodes or LXC containers by matching hostname, IP, or alias
-  - **LXC lifecycle control**: Start, stop, restart containers directly from WebUI
-  - **Real-time logs**: Stream journalctl logs from nodes and LXC containers via WebSocket
+  - Proxmox LXCs
 - **Traffic Management**
   - HTTP reserve proxy
   - TCP/UDP port forwarding
@@ -88,12 +80,7 @@ Have questions? Ask [ChatGPT](https://chatgpt.com/g/g-6825390374b481919ad482f2e4
   - App Dashboard
   - Config Editor
   - Uptime and System Metrics
-  - **Docker**
-    - Container lifecycle management (start, stop, restart)
-    - Real-time container logs via WebSocket
-  - **Proxmox**
-    - LXC container lifecycle management (start, stop, restart)
-    - Real-time node and LXC journalctl logs via WebSocket
+  - Docker Logs Viewer
 - **Cross-Platform support**
   - Supports **linux/amd64** and **linux/arm64**
 - **Efficient and Performant**
@@ -141,50 +128,6 @@ Configure Wildcard DNS Record(s) to point to machine running `GoDoxy`, e.g.
 >
 > For example, with the label `proxy.aliases: qbt` you can access your app via `qbt.domain.com`.
 
-## Proxmox Integration
-
-GoDoxy can automatically discover and manage Proxmox nodes and LXC containers through configured providers.
-
-### Automatic Route Binding
-
-Routes are automatically linked to Proxmox resources through reverse lookup:
-
-1. **Node-level routes** (VMID = 0): When hostname, IP, or alias matches a Proxmox node name or IP
-2. **Container-level routes** (VMID > 0): When hostname, IP, or alias matches an LXC container
-
-This enables seamless proxy configuration without manual binding:
-
-```yaml
-routes:
-  pve-node-01:
-    host: pve-node-01.internal
-    port: 8006
-    # Automatically links to Proxmox node pve-node-01
-```
-
-### WebUI Management
-
-From the WebUI, you can:
-
-- **LXC Lifecycle Control**: Start, stop, restart containers
-- **Node Logs**: Stream real-time journalctl output from nodes
-- **LXC Logs**: Stream real-time journalctl output from containers
-
-### API Endpoints
-
-```http
-# Node journalctl (WebSocket)
-GET /api/v1/proxmox/journalctl/:node
-
-# LXC journalctl (WebSocket)
-GET /api/v1/proxmox/journalctl/:node/:vmid
-
-# LXC lifecycle control
-POST /api/v1/proxmox/lxc/:node/:vmid/start
-POST /api/v1/proxmox/lxc/:node/:vmid/stop
-POST /api/v1/proxmox/lxc/:node/:vmid/restart
-```
-
 ## Update / Uninstall system agent
 
 Update:

README_CHT.md

@@ -34,10 +34,6 @@
 - [安裝](#安裝)
   - [手動安裝](#手動安裝)
   - [資料夾結構](#資料夾結構)
-- [Proxmox 整合](#proxmox-整合)
-  - [自動路由綁定](#自動路由綁定)
-  - [WebUI 管理](#webui-管理)
-  - [API 端點](#api-端點)
 - [更新 / 卸載系統代理 (System Agent)](#更新--卸載系統代理-system-agent)
 - [截圖](#截圖)
   - [閒置休眠](#閒置休眠)
@@ -71,10 +67,6 @@
 - **閒置休眠**：根據流量停止和喚醒容器 _(參見[截圖](#閒置休眠))_
   - Docker 容器
   - Proxmox LXC 容器
-- **Proxmox 整合**
-  - **自動路由綁定**：透過比對主機名稱、IP 或別名自動將路由綁定至 Proxmox 節點或 LXC 容器
-  - **LXC 生命週期控制**：可直接從 WebUI 啟動、停止、重新啟動容器
-  - **即時日誌**：透過 WebSocket 串流節點和 LXC 容器的 journalctl 日誌
 - **流量管理**
   - HTTP 反向代理
   - TCP/UDP 連接埠轉送
@@ -87,12 +79,7 @@
   - 應用程式一覽
   - 設定編輯器
   - 執行時間與系統指標
-  - **Docker**
-    - 容器生命週期管理 (啟動、停止、重新啟動)
-    - 透過 WebSocket 即時串流容器日誌
-  - **Proxmox**
-    - LXC 容器生命週期管理 (啟動、停止、重新啟動)
-    - 透過 WebSocket 即時串流節點和 LXC 容器 journalctl 日誌
+  - Docker 日誌檢視器
 - **跨平台支援**
   - 支援 **linux/amd64** 與 **linux/arm64**
 - **高效能**
@@ -157,50 +144,6 @@
 └── .env
 ```
 
-## Proxmox 整合
-
-GoDoxy 可透過配置的提供者自動探索和管理 Proxmox 節點和 LXC 容器。
-
-### 自動路由綁定
-
-路由透過反向查詢自動連結至 Proxmox 資源：
-
-1. **節點級路由** (VMID = 0)：當主機名稱、IP 或別名符合 Proxmox 節點名稱或 IP 時
-2. **容器級路由** (VMID > 0)：當主機名稱、IP 或別名符合 LXC 容器時
-
-這可實現無需手動綁定的無縫代理配置：
-
-```yaml
-routes:
-  pve-node-01:
-    host: pve-node-01.internal
-    port: 8006
-    # 自動連結至 Proxmox 節點 pve-node-01
-```
-
-### WebUI 管理
-
-您可以從 WebUI：
-
-- **LXC 生命週期控制**：啟動、停止、重新啟動容器
-- **節點日誌**：串流來自節點的即時 journalctl 輸出
-- **LXC 日誌**：串流來自容器的即時 journalctl 輸出
-
-### API 端點
-
-```http
-# 節點 journalctl (WebSocket)
-GET /api/v1/proxmox/journalctl/:node
-
-# LXC journalctl (WebSocket)
-GET /api/v1/proxmox/journalctl/:node/:vmid
-
-# LXC 生命週期控制
-POST /api/v1/proxmox/lxc/:node/:vmid/start
-POST /api/v1/proxmox/lxc/:node/:vmid/stop
-POST /api/v1/proxmox/lxc/:node/:vmid/restart
-```
-
 ## 更新 / 卸載系統代理 (System Agent)
 
 更新：

agent/go.mod

@@ -14,16 +14,15 @@ replace (
 
 exclude github.com/containerd/nerdctl/mod/tigron v0.0.0
 
-exclude github.com/yusing/godoxy/internal/utils v0.0.0-20250927032450-e2aeef3a863f
-
 require (
+	github.com/bytedance/sonic v1.14.2
 	github.com/gin-gonic/gin v1.11.0
 	github.com/gorilla/websocket v1.5.3
 	github.com/pion/dtls/v3 v3.0.10
 	github.com/pion/transport/v3 v3.1.1
 	github.com/rs/zerolog v1.34.0
 	github.com/stretchr/testify v1.11.1
-	github.com/yusing/godoxy v0.25.2
+	github.com/yusing/godoxy v0.24.1
 	github.com/yusing/godoxy/socketproxy v0.0.0-00010101000000-000000000000
 	github.com/yusing/goutils v0.7.0
 )
@@ -32,16 +31,14 @@ require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/bytedance/gopkg v0.1.3 // indirect
-	github.com/bytedance/sonic v1.15.0 // indirect
-	github.com/bytedance/sonic/loader v0.5.0 // indirect
+	github.com/bytedance/sonic/loader v0.4.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/cli v29.2.0+incompatible // indirect
-	github.com/docker/docker v28.5.2+incompatible // indirect
+	github.com/docker/cli v29.1.4+incompatible // indirect
 	github.com/docker/go-connections v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/ebitengine/purego v0.9.1 // indirect
@@ -65,9 +62,8 @@ require (
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
-	github.com/moby/moby/api v1.53.0 // indirect
-	github.com/moby/sys/sequential v0.6.0 // indirect
-	github.com/moby/term v0.5.2 // indirect
+	github.com/moby/moby/api v1.52.0 // indirect
+	github.com/moby/moby/client v0.2.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
@@ -75,10 +71,9 @@ require (
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pion/logging v0.2.4 // indirect
 	github.com/pion/transport/v4 v4.0.1 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/puzpuzpuz/xsync/v4 v4.4.0 // indirect
+	github.com/puzpuzpuz/xsync/v4 v4.3.0 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/quic-go/quic-go v0.59.0 // indirect
 	github.com/shirou/gopsutil/v4 v4.25.12 // indirect
@@ -91,13 +86,12 @@ require (
 	github.com/valyala/fasthttp v1.69.0 // indirect
 	github.com/yusing/ds v0.4.1 // indirect
 	github.com/yusing/gointernals v0.1.16 // indirect
-	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260129081554-24e52ede7468 // indirect
-	github.com/yusing/goutils/http/websocket v0.0.0-20260129081554-24e52ede7468 // indirect
+	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260116021320-b12ef77f3743 // indirect
+	github.com/yusing/goutils/http/websocket v0.0.0-20260116021320-b12ef77f3743 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
 	go.opentelemetry.io/otel v1.39.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
 	go.opentelemetry.io/otel/metric v1.39.0 // indirect
 	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	golang.org/x/arch v0.23.0 // indirect
@@ -105,7 +99,6 @@ require (
 	golang.org/x/net v0.49.0 // indirect
 	golang.org/x/sys v0.40.0 // indirect
 	golang.org/x/text v0.33.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

agent/go.sum

@@ -1,5 +1,3 @@
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
@@ -12,10 +10,10 @@ github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY=
 github.com/buger/goterm v1.0.4/go.mod h1:HiFWV3xnkolgrBV3mY8m0X0Pumt4zg4QhbdOzQtB8tE=
 github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
 github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
-github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
-github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
-github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
-github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
+github.com/bytedance/sonic v1.14.2 h1:k1twIoe97C1DtYUo+fZQy865IuHia4PR5RPiuGPPIIE=
+github.com/bytedance/sonic v1.14.2/go.mod h1:T80iDELeHiHKSc0C9tubFygiuXoGzrkjKzX2quAx980=
+github.com/bytedance/sonic/loader v0.4.0 h1:olZ7lEqcxtZygCK9EKYKADnpQoYkRQxaeY2NYzevs+o=
+github.com/bytedance/sonic/loader v0.4.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -26,8 +24,6 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
 github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
@@ -41,10 +37,8 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
-github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
-github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
-github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/cli v29.1.4+incompatible h1:AI8fwZhqsAsrqZnVv9h6lbexeW/LzNTasf6A4vcNN8M=
+github.com/docker/cli v29.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -88,8 +82,8 @@ github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PU
 github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
 github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
-github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
+github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
+github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -101,8 +95,6 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gotify/server/v2 v2.8.0 h1:E3UDDn/3rFZi1sjZfbuhXNnxJP3ACZhdcw/iySegPRA=
 github.com/gotify/server/v2 v2.8.0/go.mod h1:6ci5adxcE2hf1v+2oowKiQmixOxXV8vU+CRLKP6sqZA=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/Kgo2/7xNSUuC5G28VR8ljfrLKU2G4IjU=
@@ -132,25 +124,19 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=
-github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
+github.com/miekg/dns v1.1.70 h1:DZ4u2AV35VJxdD9Fo9fIWm119BsQL5cZU1cQ9s0LkqA=
+github.com/miekg/dns v1.1.70/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/moby/api v1.53.0 h1:PihqG1ncw4W+8mZs69jlwGXdaYBeb5brF6BL7mPIS/w=
-github.com/moby/moby/api v1.53.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
-github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
-github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
-github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
+github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
+github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
+github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -167,17 +153,16 @@ github.com/pion/transport/v3 v3.1.1 h1:Tr684+fnnKlhPceU+ICdrw6KKkTms+5qHMgw6bIkY
 github.com/pion/transport/v3 v3.1.1/go.mod h1:+c2eewC5WJQHiAA46fkMMzoYZSuGzA/7E2FPrOYHctQ=
 github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k8o=
 github.com/pion/transport/v4 v4.0.1/go.mod h1:nEuEA4AD5lPdcIegQDpVLgNoDGreqM/YqmEx3ovP4jM=
-github.com/pires/go-proxyproto v0.9.2 h1:H1UdHn695zUVVmB0lQ354lOWHOy6TZSpzBl3tgN0s1U=
-github.com/pires/go-proxyproto v0.9.2/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pires/go-proxyproto v0.8.1 h1:9KEixbdJfhrbtjpz/ZwCdWDD2Xem0NZ38qMYaASJgp0=
+github.com/pires/go-proxyproto v0.8.1/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/puzpuzpuz/xsync/v4 v4.4.0 h1:vlSN6/CkEY0pY8KaB0yqo/pCLZvp9nhdbBdjipT4gWo=
-github.com/puzpuzpuz/xsync/v4 v4.4.0/go.mod h1:VJDmTCJMBt8igNxnkQd86r+8KUeN1quSfNKu5bLYFQo=
+github.com/puzpuzpuz/xsync/v4 v4.3.0 h1:w/bWkEJdYuRNYhHn5eXnIT8LzDM1O629X1I9MJSkD7Q=
+github.com/puzpuzpuz/xsync/v4 v4.3.0/go.mod h1:VJDmTCJMBt8igNxnkQd86r+8KUeN1quSfNKu5bLYFQo=
 github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
 github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
 github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
@@ -235,10 +220,6 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGN
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
 go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
 go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4=
 go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
 go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
 go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
@@ -247,8 +228,6 @@ go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2W
 go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
 go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
 go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
-go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
-go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
@@ -279,12 +258,6 @@ golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
 golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b h1:uA40e2M6fYRBf0+8uN5mLlqUtV192iiksiICIBkYJ1E=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:Xa7le7qx2vmqB/SzWUBa7KdMjpdpAHlh5QCSnjessQk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
-google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
-google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -295,3 +268,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

agent/pkg/agent/config.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/json"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -15,7 +16,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/bytedance/sonic"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent/common"
@@ -150,7 +150,7 @@ func (cfg *AgentConfig) InitWithCerts(ctx context.Context, ca, crt, key []byte)
 		// test stream server connection
 		const fakeAddress = "localhost:8080" // it won't be used, just for testing
 		// test TCP stream support
-		err := agentstream.TCPHealthCheck(ctx, cfg.Addr, cfg.caCert, cfg.clientCert)
+		err := agentstream.TCPHealthCheck(cfg.Addr, cfg.caCert, cfg.clientCert)
 		if err != nil {
 			streamUnsupportedErrs.Addf("failed to connect to stream server via TCP: %w", err)
 		} else {
@@ -158,7 +158,7 @@ func (cfg *AgentConfig) InitWithCerts(ctx context.Context, ca, crt, key []byte)
 		}
 
 		// test UDP stream support
-		err = agentstream.UDPHealthCheck(ctx, cfg.Addr, cfg.caCert, cfg.clientCert)
+		err = agentstream.UDPHealthCheck(cfg.Addr, cfg.caCert, cfg.clientCert)
 		if err != nil {
 			streamUnsupportedErrs.Addf("failed to connect to stream server via UDP: %w", err)
 		} else {
@@ -313,18 +313,8 @@ func (cfg *AgentConfig) do(ctx context.Context, method, endpoint string, body io
 	if err != nil {
 		return nil, err
 	}
-
-	timeout := 5 * time.Second
-	if deadline, ok := ctx.Deadline(); ok {
-		remaining := time.Until(deadline)
-		if remaining > 0 {
-			timeout = remaining
-		}
-	}
-
 	client := http.Client{
 		Transport: cfg.Transport(),
-		Timeout:   timeout,
 	}
 	return client.Do(req)
 }
@@ -366,7 +356,7 @@ func (cfg *AgentConfig) fetchJSON(ctx context.Context, endpoint string, out any)
 		return resp.StatusCode, nil
 	}
 
-	err = sonic.Unmarshal(data, out)
+	err = json.Unmarshal(data, out)
 	if err != nil {
 		return 0, err
 	}

agent/pkg/agent/stream/tcp_client.go

@@ -1,7 +1,6 @@
 package stream
 
 import (
-	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"net"
@@ -35,13 +34,13 @@ func NewTCPClient(serverAddr, targetAddress string, caCert *x509.Certificate, cl
 		return nil, err
 	}
 
-	return newTCPClientWIthHeader(context.Background(), serverAddr, header, caCert, clientCert)
+	return newTCPClientWIthHeader(serverAddr, header, caCert, clientCert)
 }
 
-func TCPHealthCheck(ctx context.Context, serverAddr string, caCert *x509.Certificate, clientCert *tls.Certificate) error {
+func TCPHealthCheck(serverAddr string, caCert *x509.Certificate, clientCert *tls.Certificate) error {
 	header := NewStreamHealthCheckHeader()
 
-	conn, err := newTCPClientWIthHeader(ctx, serverAddr, header, caCert, clientCert)
+	conn, err := newTCPClientWIthHeader(serverAddr, header, caCert, clientCert)
 	if err != nil {
 		return err
 	}
@@ -50,7 +49,7 @@ func TCPHealthCheck(ctx context.Context, serverAddr string, caCert *x509.Certifi
 	return nil
 }
 
-func newTCPClientWIthHeader(ctx context.Context, serverAddr string, header *StreamRequestHeader, caCert *x509.Certificate, clientCert *tls.Certificate) (net.Conn, error) {
+func newTCPClientWIthHeader(serverAddr string, header *StreamRequestHeader, caCert *x509.Certificate, clientCert *tls.Certificate) (net.Conn, error) {
 	// Setup TLS configuration
 	caCertPool := x509.NewCertPool()
 	caCertPool.AddCert(caCert)
@@ -63,43 +62,17 @@ func newTCPClientWIthHeader(ctx context.Context, serverAddr string, header *Stre
 		ServerName:   common.CertsDNSName,
 	}
 
-	dialer := &net.Dialer{
-		Timeout: dialTimeout,
-	}
-	tlsDialer := &tls.Dialer{
-		NetDialer: dialer,
-		Config:    tlsConfig,
-	}
-
 	// Establish TLS connection
-	conn, err := tlsDialer.DialContext(ctx, "tcp", serverAddr)
+	conn, err := tls.DialWithDialer(&net.Dialer{Timeout: dialTimeout}, "tcp", serverAddr, tlsConfig)
 	if err != nil {
 		return nil, err
 	}
-
-	deadline, hasDeadline := ctx.Deadline()
-	if hasDeadline {
-		err := conn.SetWriteDeadline(deadline)
-		if err != nil {
-			_ = conn.Close()
-			return nil, err
-		}
-	}
 	// Send the stream header once as a handshake.
 	if _, err := conn.Write(header.Bytes()); err != nil {
 		_ = conn.Close()
 		return nil, err
 	}
 
-	if hasDeadline {
-		// reset write deadline
-		err = conn.SetWriteDeadline(time.Time{})
-		if err != nil {
-			_ = conn.Close()
-			return nil, err
-		}
-	}
-
 	return &TCPClient{
 		conn: conn,
 	}, nil

agent/pkg/agent/stream/tests/healthcheck_test.go

@@ -12,7 +12,7 @@ func TestTCPHealthCheck(t *testing.T) {
 
 	srv := startTCPServer(t, certs)
 
-	err := stream.TCPHealthCheck(t.Context(), srv.Addr.String(), certs.CaCert, certs.ClientCert)
+	err := stream.TCPHealthCheck(srv.Addr.String(), certs.CaCert, certs.ClientCert)
 	require.NoError(t, err, "health check")
 }
 
@@ -21,6 +21,6 @@ func TestUDPHealthCheck(t *testing.T) {
 
 	srv := startUDPServer(t, certs)
 
-	err := stream.UDPHealthCheck(t.Context(), srv.Addr.String(), certs.CaCert, certs.ClientCert)
+	err := stream.UDPHealthCheck(srv.Addr.String(), certs.CaCert, certs.ClientCert)
 	require.NoError(t, err, "health check")
 }

agent/pkg/agent/stream/tests/server_flow_test.go

@@ -102,6 +102,7 @@ func TestUDPServer_RejectInvalidClient(t *testing.T) {
 
 	srv := startUDPServer(t, certs)
 
+
 	// Try to connect with a client cert from a different CA
 	_, err = stream.NewUDPClient(srv.Addr.String(), dstAddr, certs.CaCert, invalidClientCert)
 	require.Error(t, err, "expected error when connecting with client cert from different CA")

agent/pkg/agent/stream/udp_client.go

@@ -1,7 +1,6 @@
 package stream
 
 import (
-	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"net"
@@ -36,10 +35,10 @@ func NewUDPClient(serverAddr, targetAddress string, caCert *x509.Certificate, cl
 		return nil, err
 	}
 
-	return newUDPClientWIthHeader(context.Background(), serverAddr, header, caCert, clientCert)
+	return newUDPClientWIthHeader(serverAddr, header, caCert, clientCert)
 }
 
-func newUDPClientWIthHeader(ctx context.Context, serverAddr string, header *StreamRequestHeader, caCert *x509.Certificate, clientCert *tls.Certificate) (net.Conn, error) {
+func newUDPClientWIthHeader(serverAddr string, header *StreamRequestHeader, caCert *x509.Certificate, clientCert *tls.Certificate) (net.Conn, error) {
 	// Setup DTLS configuration
 	caCertPool := x509.NewCertPool()
 	caCertPool.AddCert(caCert)
@@ -63,40 +62,21 @@ func newUDPClientWIthHeader(ctx context.Context, serverAddr string, header *Stre
 	if err != nil {
 		return nil, err
 	}
-
-	deadline, hasDeadline := ctx.Deadline()
-	if hasDeadline {
-		err := conn.SetWriteDeadline(deadline)
-		if err != nil {
-			_ = conn.Close()
-			return nil, err
-		}
-	}
-
 	// Send the stream header once as a handshake.
 	if _, err := conn.Write(header.Bytes()); err != nil {
 		_ = conn.Close()
 		return nil, err
 	}
 
-	if hasDeadline {
-		// reset write deadline
-		err = conn.SetWriteDeadline(time.Time{})
-		if err != nil {
-			_ = conn.Close()
-			return nil, err
-		}
-	}
-
 	return &UDPClient{
 		conn: conn,
 	}, nil
 }
 
-func UDPHealthCheck(ctx context.Context, serverAddr string, caCert *x509.Certificate, clientCert *tls.Certificate) error {
+func UDPHealthCheck(serverAddr string, caCert *x509.Certificate, clientCert *tls.Certificate) error {
 	header := NewStreamHealthCheckHeader()
 
-	conn, err := newUDPClientWIthHeader(ctx, serverAddr, header, caCert, clientCert)
+	conn, err := newUDPClientWIthHeader(serverAddr, header, caCert, clientCert)
 	if err != nil {
 		return err
 	}

agent/pkg/agentproxy/config.go

@@ -2,11 +2,11 @@ package agentproxy
 
 import (
 	"encoding/base64"
-	"encoding/json"
 	"net/http"
 	"strconv"
 	"time"
 
+	"github.com/bytedance/sonic"
 	route "github.com/yusing/godoxy/internal/route/types"
 )
 
@@ -53,7 +53,7 @@ func proxyConfigFromHeaders(h http.Header) (cfg Config, err error) {
 		return cfg, err
 	}
 
-	err = json.Unmarshal(cfgJSON, &cfg)
+	err = sonic.Unmarshal(cfgJSON, &cfg)
 	return cfg, err
 }
 
@@ -67,7 +67,7 @@ func (cfg *Config) SetAgentProxyConfigHeadersLegacy(h http.Header) {
 func (cfg *Config) SetAgentProxyConfigHeaders(h http.Header) {
 	h.Set(HeaderXProxyHost, cfg.Host)
 	h.Set(HeaderXProxyScheme, string(cfg.Scheme))
-	cfgJSON, _ := json.Marshal(cfg.HTTPConfig)
+	cfgJSON, _ := sonic.Marshal(cfg.HTTPConfig)
 	cfgBase64 := base64.StdEncoding.EncodeToString(cfgJSON)
 	h.Set(HeaderXProxyConfig, cfgBase64)
 }

agent/pkg/handler/check_health.go

@@ -1,7 +1,6 @@
 package handler
 
 import (
-	"encoding/json"
 	"net"
 	"net/http"
 	"net/url"
@@ -9,6 +8,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/bytedance/sonic"
 	healthcheck "github.com/yusing/godoxy/internal/health/check"
 	"github.com/yusing/godoxy/internal/types"
 )
@@ -73,7 +73,7 @@ func CheckHealth(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-	json.NewEncoder(w).Encode(result)
+	sonic.ConfigDefault.NewEncoder(w).Encode(result)
 }
 
 func parseMsOrDefault(msStr string) time.Duration {

agent/pkg/handler/handler.go

@@ -1,9 +1,9 @@
 package handler
 
 import (
-	"encoding/json"
 	"net/http"
 
+	"github.com/bytedance/sonic"
 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/websocket"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -51,7 +51,7 @@ func NewAgentHandler() http.Handler {
 			Runtime: env.Runtime,
 		}
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(agentInfo)
+		sonic.ConfigDefault.NewEncoder(w).Encode(agentInfo)
 	})
 	mux.HandleEndpoint("GET", agent.EndpointHealth, CheckHealth)
 	mux.HandleEndpoint("GET", agent.EndpointSystemInfo, metricsHandler.ServeHTTP)

cmd/main.go

@@ -3,7 +3,6 @@ package main
 import (
 	"os"
 	"sync"
-	"time"
 
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/api"
@@ -33,16 +32,6 @@ func parallel(fns ...func()) {
 }
 
 func main() {
-	done := make(chan struct{}, 1)
-	go func() {
-		select {
-		case <-done:
-			return
-		case <-time.After(common.InitTimeout):
-			log.Fatal().Msgf("timeout waiting for initialization to complete, exiting...")
-		}
-	}()
-
 	initProfiling()
 
 	logging.InitLogger(os.Stderr, memlogger.GetMemLogger())
@@ -80,25 +69,14 @@ func main() {
 	server.StartServer(task.RootTask("api_server", false), server.Options{
 		Name:     "api",
 		HTTPAddr: common.APIHTTPAddr,
-		Handler:  api.NewHandler(true),
+		Handler:  api.NewHandler(),
 	})
 
-	// Local API Handler is used for unauthenticated access.
-	if common.LocalAPIHTTPAddr != "" {
-		server.StartServer(task.RootTask("local_api_server", false), server.Options{
-			Name:     "local_api",
-			HTTPAddr: common.LocalAPIHTTPAddr,
-			Handler:  api.NewHandler(false),
-		})
-	}
-
 	listenDebugServer()
 
 	uptime.Poller.Start()
 	config.WatchChanges()
 
-	close(done)
-
 	task.WaitExit(config.Value().TimeoutShutdown)
 }
 

go.mod

@@ -4,7 +4,6 @@ go 1.25.6
 
 replace (
 	github.com/coreos/go-oidc/v3 => ./internal/go-oidc
-	github.com/luthermonson/go-proxmox => ./internal/go-proxmox
 	github.com/shirou/gopsutil/v4 => ./internal/gopsutil
 	github.com/yusing/godoxy/agent => ./agent
 	github.com/yusing/godoxy/internal/dnsproviders => ./internal/dnsproviders
@@ -14,12 +13,9 @@ replace (
 	github.com/yusing/goutils/server => ./goutils/server
 )
 
-exclude github.com/luthermonson/go-proxmox v0.3.0
-
 require (
 	github.com/PuerkitoBio/goquery v1.11.0 // parsing HTML for extract fav icon; modify_html middleware
 	github.com/coreos/go-oidc/v3 v3.17.0 // oidc authentication
-	github.com/docker/docker v28.5.2+incompatible // docker daemon
 	github.com/fsnotify/fsnotify v1.9.0 // file watcher
 	github.com/gin-gonic/gin v1.11.0 // api server
 	github.com/go-acme/lego/v4 v4.31.0 // acme client
@@ -28,8 +24,8 @@ require (
 	github.com/gorilla/websocket v1.5.3 // websocket for API and agent
 	github.com/gotify/server/v2 v2.8.0 // reference the Message struct for json response
 	github.com/lithammer/fuzzysearch v1.1.8 // fuzzy search for searching icons and filtering metrics
-	github.com/pires/go-proxyproto v0.9.2 // proxy protocol support
-	github.com/puzpuzpuz/xsync/v4 v4.4.0 // lock free map for concurrent operations
+	github.com/pires/go-proxyproto v0.8.1 // proxy protocol support
+	github.com/puzpuzpuz/xsync/v4 v4.3.0 // lock free map for concurrent operations
 	github.com/rs/zerolog v1.34.0 // logging
 	github.com/vincent-petithory/dataurl v1.0.0 // data url for fav icon
 	golang.org/x/crypto v0.47.0 // encrypting password with bcrypt
@@ -41,29 +37,31 @@ require (
 
 require (
 	github.com/bytedance/gopkg v0.1.3 // xxhash64 for fast hash
-	github.com/bytedance/sonic v1.15.0 // indirect; fast json parsing
-	github.com/docker/cli v29.2.0+incompatible // needs docker/cli/cli/connhelper connection helper for docker client
+	github.com/bytedance/sonic v1.14.2 // fast json parsing
+	github.com/docker/cli v29.1.4+incompatible // needs docker/cli/cli/connhelper connection helper for docker client
 	github.com/goccy/go-yaml v1.19.2 // yaml parsing for different config files
-	github.com/golang-jwt/jwt/v5 v5.3.1
-	github.com/luthermonson/go-proxmox v0.3.2
-	github.com/oschwald/maxminddb-golang v1.13.1
+	github.com/golang-jwt/jwt/v5 v5.3.0 // jwt authentication
+	github.com/luthermonson/go-proxmox v0.3.2 // proxmox API client
+	github.com/moby/moby/api v1.52.0 // docker API
+	github.com/moby/moby/client v0.2.1 // docker client
+	github.com/oschwald/maxminddb-golang v1.13.1 // maxminddb for geoip database
 	github.com/quic-go/quic-go v0.59.0 // http3 support
 	github.com/shirou/gopsutil/v4 v4.25.12 // system information
 	github.com/spf13/afero v1.15.0 // afero for file system operations
 	github.com/stretchr/testify v1.11.1 // testing framework
 	github.com/valyala/fasthttp v1.69.0 // fast http for health check
 	github.com/yusing/ds v0.4.1 // data structures and algorithms
-	github.com/yusing/godoxy/agent v0.0.0-20260129101716-0f13004ad6ba
-	github.com/yusing/godoxy/internal/dnsproviders v0.0.0-20260129101716-0f13004ad6ba
+	github.com/yusing/godoxy/agent v0.0.0-20260116020954-edcde00dcc3a
+	github.com/yusing/godoxy/internal/dnsproviders v0.0.0-20260116020954-edcde00dcc3a
 	github.com/yusing/gointernals v0.1.16
 	github.com/yusing/goutils v0.7.0
-	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260129081554-24e52ede7468
-	github.com/yusing/goutils/http/websocket v0.0.0-20260129081554-24e52ede7468
-	github.com/yusing/goutils/server v0.0.0-20260129081554-24e52ede7468
+	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260116021320-b12ef77f3743
+	github.com/yusing/goutils/http/websocket v0.0.0-20260116021320-b12ef77f3743
+	github.com/yusing/goutils/server v0.0.0-20260116021320-b12ef77f3743
 )
 
 require (
-	cloud.google.com/go/auth v0.18.1 // indirect
+	cloud.google.com/go/auth v0.18.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 // indirect
@@ -105,7 +103,7 @@ require (
 	github.com/magefile/mage v1.15.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/miekg/dns v1.1.72 // indirect
+	github.com/miekg/dns v1.1.70 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -117,11 +115,11 @@ require (
 	github.com/ovh/go-ovh v1.9.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/samber/lo v1.52.0 // indirect
 	github.com/samber/slog-common v0.19.0 // indirect
+	github.com/samber/slog-zerolog/v2 v2.9.0 // indirect
 	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 // indirect
 	github.com/sirupsen/logrus v1.9.4 // indirect
 	github.com/sony/gobreaker v1.0.0 // indirect
@@ -137,8 +135,8 @@ require (
 	golang.org/x/sys v0.40.0 // indirect
 	golang.org/x/text v0.33.0 // indirect
 	golang.org/x/tools v0.41.0 // indirect
-	google.golang.org/api v0.263.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect
+	google.golang.org/api v0.260.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260114163908-3f89685c29c3 // indirect
 	google.golang.org/grpc v1.78.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.1 // indirect
@@ -146,20 +144,16 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-require github.com/moby/moby/api v1.53.0
-
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/boombuler/barcode v1.1.0 // indirect
-	github.com/bytedance/sonic/loader v0.5.0 // indirect
+	github.com/bytedance/sonic/loader v0.4.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
-	github.com/containerd/log v0.1.0 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
@@ -169,33 +163,28 @@ require (
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/go-querystring v1.2.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
 	github.com/klauspost/compress v1.18.3 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/linode/linodego v1.64.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
-	github.com/moby/sys/atomicwriter v0.1.0 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/nrdcg/goinwx v0.12.0 // indirect
-	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0 // indirect
-	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0 // indirect
+	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.106.0 // indirect
+	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.106.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pion/dtls/v3 v3.0.10 // indirect
 	github.com/pion/logging v0.2.4 // indirect
 	github.com/pion/transport/v4 v4.0.1 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/pquerna/otp v1.5.0 // indirect
-	github.com/samber/slog-zerolog/v2 v2.9.0 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/tklauser/go-sysconf v0.3.16 // indirect
 	github.com/tklauser/numcpus v0.11.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.1 // indirect
+	github.com/ulikunitz/xz v0.5.15 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/vultr/govultr/v3 v3.26.1 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	golang.org/x/arch v0.23.0 // indirect
 )

go.sum

@@ -1,5 +1,5 @@
-cloud.google.com/go/auth v0.18.1 h1:IwTEx92GFUo2pJ6Qea0EU3zYvKnTAeRCODxfA/G5UWs=
-cloud.google.com/go/auth v0.18.1/go.mod h1:GfTYoS9G3CWpRA3Va9doKN9mjPGRS+v41jmZAhBzbrA=
+cloud.google.com/go/auth v0.18.0 h1:wnqy5hrv7p3k7cShwAU/Br3nzod7fxoqG+k0VZ+/Pk0=
+cloud.google.com/go/auth v0.18.0/go.mod h1:wwkPM1AgE1f2u6dG443MiWoD8C3BtOywNsUMcUTVDRo=
 cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
 cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
 cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
@@ -23,8 +23,6 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourceg
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0/go.mod h1:wVEOJfGTj0oPAUGA1JuRAvz/lxXQsWW16axmHPP47Bk=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
@@ -53,10 +51,10 @@ github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY=
 github.com/buger/goterm v1.0.4/go.mod h1:HiFWV3xnkolgrBV3mY8m0X0Pumt4zg4QhbdOzQtB8tE=
 github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
 github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
-github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
-github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
-github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
-github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
+github.com/bytedance/sonic v1.14.2 h1:k1twIoe97C1DtYUo+fZQy865IuHia4PR5RPiuGPPIIE=
+github.com/bytedance/sonic v1.14.2/go.mod h1:T80iDELeHiHKSc0C9tubFygiuXoGzrkjKzX2quAx980=
+github.com/bytedance/sonic/loader v0.4.0 h1:olZ7lEqcxtZygCK9EKYKADnpQoYkRQxaeY2NYzevs+o=
+github.com/bytedance/sonic/loader v0.4.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -67,8 +65,6 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -80,10 +76,8 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
-github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
-github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
-github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/cli v29.1.4+incompatible h1:AI8fwZhqsAsrqZnVv9h6lbexeW/LzNTasf6A4vcNN8M=
+github.com/docker/cli v29.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -143,8 +137,8 @@ github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7Lk
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=
 github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0=
-github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
-github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
+github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
+github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -165,8 +159,6 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gotify/server/v2 v2.8.0 h1:E3UDDn/3rFZi1sjZfbuhXNnxJP3ACZhdcw/iySegPRA=
 github.com/gotify/server/v2 v2.8.0/go.mod h1:6ci5adxcE2hf1v+2oowKiQmixOxXV8vU+CRLKP6sqZA=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
 github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE=
 github.com/h2non/gock v1.2.0/go.mod h1:tNhoxHYW2W42cYkYb1WqzdbYIieALC99kpYr7rH/BQk=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
@@ -205,6 +197,8 @@ github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8
 github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ5ajtkr5xPLts4=
 github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=
 github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
+github.com/luthermonson/go-proxmox v0.3.2 h1:/zUg6FCl9cAABx0xU3OIgtDtClY0gVXxOCsrceDNylc=
+github.com/luthermonson/go-proxmox v0.3.2/go.mod h1:oyFgg2WwTEIF0rP6ppjiixOHa5ebK1p8OaRiFhvICBQ=
 github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
 github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
@@ -216,35 +210,29 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/maxatome/go-testdeep v1.14.0 h1:rRlLv1+kI8eOI3OaBXZwb3O7xY3exRzdW5QyX48g9wI=
 github.com/maxatome/go-testdeep v1.14.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
-github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=
-github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
+github.com/miekg/dns v1.1.70 h1:DZ4u2AV35VJxdD9Fo9fIWm119BsQL5cZU1cQ9s0LkqA=
+github.com/miekg/dns v1.1.70/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/moby/api v1.53.0 h1:PihqG1ncw4W+8mZs69jlwGXdaYBeb5brF6BL7mPIS/w=
-github.com/moby/moby/api v1.53.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
-github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
-github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
-github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
+github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
+github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
+github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0=
 github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
 github.com/nrdcg/goinwx v0.12.0 h1:ujdUqDBnaRSFwzVnImvPHYw3w3m9XgmGImNUw1GyMb4=
 github.com/nrdcg/goinwx v0.12.0/go.mod h1:IrVKd3ZDbFiMjdPgML4CSxZAY9wOoqLvH44zv3NodJ0=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0 h1:eMzyN+jGJbxG4ut278uwIsUo9XacXc711lFjhKnaUso=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0 h1:t34IpOa+8NfmjkU8bdWtYrLrmr346/FGhu8FlpJDQok=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0/go.mod h1:p95/OxVsdx71I2Qrck1GtIS87sRxcTRKXzUi5nWm9NY=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.106.0 h1:4MRzV6spwPHKct+4/ETqkEtr39Hq+0KvxhsgqbgQ2Bo=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.106.0/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.106.0 h1:RxraLVYX3eMUfQ1pDtJVvykEFGheky2YsrUt2HHRDcw=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.106.0/go.mod h1:JLMEKMX8IYPZ1TUSVHAVAbtnNSfP/I8OZQkAnfEMA0I=
 github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
 github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -265,11 +253,10 @@ github.com/pion/logging v0.2.4 h1:tTew+7cmQ+Mc1pTBLKH2puKsOvhm32dROumOZ655zB8=
 github.com/pion/logging v0.2.4/go.mod h1:DffhXTKYdNZU+KtJ5pyQDjvOAh/GsNSyv1lbkFbe3so=
 github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k8o=
 github.com/pion/transport/v4 v4.0.1/go.mod h1:nEuEA4AD5lPdcIegQDpVLgNoDGreqM/YqmEx3ovP4jM=
-github.com/pires/go-proxyproto v0.9.2 h1:H1UdHn695zUVVmB0lQ354lOWHOy6TZSpzBl3tgN0s1U=
-github.com/pires/go-proxyproto v0.9.2/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
+github.com/pires/go-proxyproto v0.8.1 h1:9KEixbdJfhrbtjpz/ZwCdWDD2Xem0NZ38qMYaASJgp0=
+github.com/pires/go-proxyproto v0.8.1/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
 github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
@@ -280,8 +267,8 @@ github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
 github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
-github.com/puzpuzpuz/xsync/v4 v4.4.0 h1:vlSN6/CkEY0pY8KaB0yqo/pCLZvp9nhdbBdjipT4gWo=
-github.com/puzpuzpuz/xsync/v4 v4.4.0/go.mod h1:VJDmTCJMBt8igNxnkQd86r+8KUeN1quSfNKu5bLYFQo=
+github.com/puzpuzpuz/xsync/v4 v4.3.0 h1:w/bWkEJdYuRNYhHn5eXnIT8LzDM1O629X1I9MJSkD7Q=
+github.com/puzpuzpuz/xsync/v4 v4.3.0/go.mod h1:VJDmTCJMBt8igNxnkQd86r+8KUeN1quSfNKu5bLYFQo=
 github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
 github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
 github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
@@ -327,8 +314,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
 github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
-github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
-github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
+github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.69.0 h1:fNLLESD2SooWeh2cidsuFtOcrEi4uB4m1mPrkJMZyVI=
@@ -356,10 +343,6 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGN
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
 go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
 go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4=
 go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
 go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
 go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
@@ -368,8 +351,6 @@ go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2W
 go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
 go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
 go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
-go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
-go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
@@ -421,7 +402,6 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -469,14 +449,14 @@ golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.263.0 h1:UFs7qn8gInIdtk1ZA6eXRXp5JDAnS4x9VRsRVCeKdbk=
-google.golang.org/api v0.263.0/go.mod h1:fAU1xtNNisHgOF5JooAs8rRaTkl2rT3uaoNGo9NS3R8=
+google.golang.org/api v0.260.0 h1:XbNi5E6bOVEj/uLXQRlt6TKuEzMD7zvW/6tNwltE4P4=
+google.golang.org/api v0.260.0/go.mod h1:Shj1j0Phr/9sloYrKomICzdYgsSDImpTxME8rGLaZ/o=
 google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934=
 google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:yJ2HH4EHEDTd3JiLmhds6NkJ17ITVYOdV3m3VKOnws0=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b h1:uA40e2M6fYRBf0+8uN5mLlqUtV192iiksiICIBkYJ1E=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:Xa7le7qx2vmqB/SzWUBa7KdMjpdpAHlh5QCSnjessQk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260114163908-3f89685c29c3 h1:C4WAdL+FbjnGlpp2S+HMVhBeCq2Lcib4xZqfPNF6OoQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260114163908-3f89685c29c3/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
 google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
 google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
@@ -494,3 +474,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

internal/acl/config.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"math"
 	"net"
+	"sync/atomic"
 	"time"
 
 	"github.com/puzpuzpuz/xsync/v4"
@@ -26,9 +27,9 @@ type Config struct {
 	Log        *accesslog.ACLLoggerConfig `json:"log"`
 
 	Notify struct {
-		To             []string      `json:"to,omitempty"`             // list of notification providers
-		Interval       time.Duration `json:"interval,omitempty"`       // interval between notifications
-		IncludeAllowed *bool         `json:"include_allowed,omitzero"` // default: false
+		To             []string      `json:"to"`              // list of notification providers
+		Interval       time.Duration `json:"interval"`        // interval between notifications
+		IncludeAllowed *bool         `json:"include_allowed"` // default: false
 	} `json:"notify"`
 
 	config
@@ -74,7 +75,8 @@ type ipLog struct {
 	allowed bool
 }
 
-type ContextKey struct{}
+// could be nil
+var ActiveConfig atomic.Pointer[Config]
 
 const cacheTTL = 1 * time.Minute
 
@@ -106,7 +108,7 @@ func (c *Config) Validate() gperr.Error {
 		c.allowLocal = true
 	}
 
-	if c.Notify.Interval <= 0 {
+	if c.Notify.Interval < 0 {
 		c.Notify.Interval = defaultNotifyInterval
 	}
 
@@ -290,16 +292,16 @@ func (c *Config) IPAllowed(ip net.IP) bool {
 	}
 
 	ipAndStr := &maxmind.IPInfo{IP: ip, Str: ipStr}
-	if c.Deny.Match(ipAndStr) {
-		c.logAndNotify(ipAndStr, false)
-		c.cacheRecord(ipAndStr, false)
-		return false
-	}
 	if c.Allow.Match(ipAndStr) {
 		c.logAndNotify(ipAndStr, true)
 		c.cacheRecord(ipAndStr, true)
 		return true
 	}
+	if c.Deny.Match(ipAndStr) {
+		c.logAndNotify(ipAndStr, false)
+		c.cacheRecord(ipAndStr, false)
+		return false
+	}
 
 	c.logAndNotify(ipAndStr, c.defaultAllow)
 	c.cacheRecord(ipAndStr, c.defaultAllow)

internal/acl/matcher.go

@@ -1,7 +1,6 @@
 package acl
 
 import (
-	"bytes"
 	"net"
 	"strings"
 
@@ -13,7 +12,6 @@ type MatcherFunc func(*maxmind.IPInfo) bool
 
 type Matcher struct {
 	match MatcherFunc
-	raw   string
 }
 
 type Matchers []Matcher
@@ -48,7 +46,6 @@ func (matcher *Matcher) Parse(s string) error {
 	if len(parts) != 2 {
 		return errSyntax
 	}
-	matcher.raw = s
 
 	switch parts[0] {
 	case MatcherTypeIP:
@@ -82,18 +79,6 @@ func (matchers Matchers) Match(ip *maxmind.IPInfo) bool {
 	return false
 }
 
-func (matchers Matchers) MarshalText() ([]byte, error) {
-	if len(matchers) == 0 {
-		return []byte("[]"), nil
-	}
-	var buf bytes.Buffer
-	for _, m := range matchers {
-		buf.WriteString(m.raw)
-		buf.WriteByte('\n')
-	}
-	return buf.Bytes(), nil
-}
-
 func matchIP(ip net.IP) MatcherFunc {
 	return func(ip2 *maxmind.IPInfo) bool {
 		return ip.Equal(ip2.IP)

internal/agentpool/agent.go

@@ -27,7 +27,6 @@ func newAgent(cfg *agent.AgentConfig) *Agent {
 		AgentConfig: cfg,
 		httpClient: &http.Client{
 			Transport: transport,
-			Timeout:   5 * time.Second,
 		},
 		fasthttpHcClient: &fasthttp.Client{
 			DialTimeout: func(addr string, timeout time.Duration) (net.Conn, error) {

internal/agentpool/http_requests.go

@@ -2,12 +2,12 @@ package agentpool
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/gorilla/websocket"
 	"github.com/valyala/fasthttp"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -63,7 +63,7 @@ func (cfg *Agent) DoHealthCheck(timeout time.Duration, query string) (ret Health
 		ret.Detail = fmt.Sprintf("HTTP %d %s", status, resp.Body())
 		return ret, nil
 	} else {
-		err = json.Unmarshal(resp.Body(), &ret)
+		err = sonic.Unmarshal(resp.Body(), &ret)
 		if err != nil {
 			return ret, err
 		}

internal/api/handler.go

@@ -2,8 +2,10 @@ package api
 
 import (
 	"net/http"
+	"reflect"
 
 	"github.com/gin-gonic/gin"
+	"github.com/gin-gonic/gin/codec/json"
 	"github.com/gorilla/websocket"
 	"github.com/rs/zerolog/log"
 	apiV1 "github.com/yusing/godoxy/internal/api/v1"
@@ -14,7 +16,6 @@ import (
 	fileApi "github.com/yusing/godoxy/internal/api/v1/file"
 	homepageApi "github.com/yusing/godoxy/internal/api/v1/homepage"
 	metricsApi "github.com/yusing/godoxy/internal/api/v1/metrics"
-	proxmoxApi "github.com/yusing/godoxy/internal/api/v1/proxmox"
 	routeApi "github.com/yusing/godoxy/internal/api/v1/route"
 	"github.com/yusing/godoxy/internal/auth"
 	"github.com/yusing/godoxy/internal/common"
@@ -37,7 +38,7 @@ import (
 
 // @externalDocs.description  GoDoxy Docs
 // @externalDocs.url          https://docs.godoxy.dev
-func NewHandler(requireAuth bool) *gin.Engine {
+func NewHandler() *gin.Engine {
 	if !common.IsDebug {
 		gin.SetMode("release")
 	}
@@ -46,9 +47,11 @@ func NewHandler(requireAuth bool) *gin.Engine {
 	r.Use(ErrorLoggingMiddleware())
 	r.Use(NoCache())
 
+	log.Debug().Msg("gin codec json.API: " + reflect.TypeOf(json.API).Name())
+
 	r.GET("/api/v1/version", apiV1.Version)
 
-	if auth.IsEnabled() && requireAuth {
+	if auth.IsEnabled() {
 		v1Auth := r.Group("/api/v1/auth")
 		{
 			v1Auth.HEAD("/check", authApi.Check)
@@ -61,7 +64,7 @@ func NewHandler(requireAuth bool) *gin.Engine {
 	}
 
 	v1 := r.Group("/api/v1")
-	if auth.IsEnabled() && requireAuth {
+	if auth.IsEnabled() {
 		v1.Use(AuthMiddleware())
 	}
 	if common.APISkipOriginCheck {
@@ -82,8 +85,6 @@ func NewHandler(requireAuth bool) *gin.Engine {
 			route.GET("/providers", routeApi.Providers)
 			route.GET("/by_provider", routeApi.ByProvider)
 			route.POST("/playground", routeApi.Playground)
-			route.GET("/validate", routeApi.Validate) // websocket
-			route.POST("/validate", routeApi.Validate)
 		}
 
 		file := v1.Group("/file")
@@ -139,21 +140,6 @@ func NewHandler(requireAuth bool) *gin.Engine {
 			docker.POST("/start", dockerApi.Start)
 			docker.POST("/stop", dockerApi.Stop)
 			docker.POST("/restart", dockerApi.Restart)
-			docker.GET("/stats/:id", dockerApi.Stats)
-		}
-
-		proxmox := v1.Group("/proxmox")
-		{
-			proxmox.GET("/tail", proxmoxApi.Tail)
-			proxmox.GET("/journalctl", proxmoxApi.Journalctl)
-			proxmox.GET("/journalctl/:node", proxmoxApi.Journalctl)
-			proxmox.GET("/journalctl/:node/:vmid", proxmoxApi.Journalctl)
-			proxmox.GET("/journalctl/:node/:vmid/:service", proxmoxApi.Journalctl)
-			proxmox.GET("/stats/:node", proxmoxApi.NodeStats)
-			proxmox.GET("/stats/:node/:vmid", proxmoxApi.VMStats)
-			proxmox.POST("/lxc/:node/:vmid/start", proxmoxApi.Start)
-			proxmox.POST("/lxc/:node/:vmid/stop", proxmoxApi.Stop)
-			proxmox.POST("/lxc/:node/:vmid/restart", proxmoxApi.Restart)
 		}
 	}
 

internal/api/v1/README.md

@@ -44,7 +44,6 @@ Types are defined in `goutils/apitypes`:
 | `file`     | Configuration file read/write operations       |
 | `auth`     | Authentication and session management          |
 | `agent`    | Remote agent creation and management           |
-| `proxmox`  | Proxmox API management and monitoring          |
 
 ## Architecture
 
@@ -78,16 +77,15 @@ API listening address is configured with `GODOXY_API_ADDR` environment variable.
 
 ### Internal Dependencies
 
-| Package                 | Purpose                               |
-| ----------------------- | ------------------------------------- |
-| `internal/route/routes` | Route storage and iteration           |
-| `internal/docker`       | Docker client management              |
-| `internal/config`       | Configuration access                  |
-| `internal/metrics`      | System metrics collection             |
-| `internal/homepage`     | Homepage item generation              |
-| `internal/agentpool`    | Remote agent management               |
-| `internal/auth`         | Authentication services               |
-| `internal/proxmox`      | Proxmox API management and monitoring |
+| Package                 | Purpose                     |
+| ----------------------- | --------------------------- |
+| `internal/route/routes` | Route storage and iteration |
+| `internal/docker`       | Docker client management    |
+| `internal/config`       | Configuration access        |
+| `internal/metrics`      | System metrics collection   |
+| `internal/homepage`     | Homepage item generation    |
+| `internal/agentpool`    | Remote agent management     |
+| `internal/auth`         | Authentication services     |
 
 ### External Dependencies
 

internal/api/v1/agent/verify.go

@@ -1,7 +1,6 @@
 package agentapi
 
 import (
-	"context"
 	"fmt"
 	"net/http"
 	"os"
@@ -37,9 +36,6 @@ type VerifyNewAgentRequest struct {
 // @Failure		500		{object}	ErrorResponse
 // @Router			/agent/verify [post]
 func Verify(c *gin.Context) {
-	// avoid timeout waiting for response headers
-	c.Status(http.StatusContinue)
-
 	var request VerifyNewAgentRequest
 	if err := c.ShouldBindJSON(&request); err != nil {
 		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
@@ -64,7 +60,7 @@ func Verify(c *gin.Context) {
 		return
 	}
 
-	nRoutesAdded, err := verifyNewAgent(c.Request.Context(), request.Host, ca, client, request.ContainerRuntime)
+	nRoutesAdded, err := verifyNewAgent(request.Host, ca, client, request.ContainerRuntime)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
 		return
@@ -86,7 +82,7 @@ func Verify(c *gin.Context) {
 
 var errAgentAlreadyExists = gperr.New("agent already exists")
 
-func verifyNewAgent(ctx context.Context, host string, ca agent.PEMPair, client agent.PEMPair, containerRuntime agent.ContainerRuntime) (int, gperr.Error) {
+func verifyNewAgent(host string, ca agent.PEMPair, client agent.PEMPair, containerRuntime agent.ContainerRuntime) (int, gperr.Error) {
 	var agentCfg agent.AgentConfig
 	agentCfg.Addr = host
 	agentCfg.Runtime = containerRuntime
@@ -103,7 +99,7 @@ func verifyNewAgent(ctx context.Context, host string, ca agent.PEMPair, client a
 		return 0, errAgentAlreadyExists
 	}
 
-	err := agentCfg.InitWithCerts(ctx, ca.Cert, client.Cert, client.Key)
+	err := agentCfg.InitWithCerts(cfgState.Context(), ca.Cert, client.Cert, client.Key)
 	if err != nil {
 		return 0, gperr.Wrap(err, "failed to initialize agent config")
 	}

internal/api/v1/docker/container.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
@@ -42,22 +43,22 @@ func GetContainer(c *gin.Context) {
 
 	defer dockerClient.Close()
 
-	cont, err := dockerClient.ContainerInspect(c.Request.Context(), id)
+	cont, err := dockerClient.ContainerInspect(c.Request.Context(), id, client.ContainerInspectOptions{})
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to inspect container"))
 		return
 	}
 
 	var state ContainerState
-	if cont.State != nil {
-		state = cont.State.Status
+	if cont.Container.State != nil {
+		state = cont.Container.State.Status
 	}
 
 	c.JSON(http.StatusOK, &Container{
 		Server: dockerCfg.URL,
-		Name:   cont.Name,
-		ID:     cont.ID,
-		Image:  cont.Image,
+		Name:   cont.Container.Name,
+		ID:     cont.Container.ID,
+		Image:  cont.Container.Image,
 		State:  state,
 	})
 }

internal/api/v1/docker/containers.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"sort"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	gperr "github.com/yusing/goutils/errs"
 
 	_ "github.com/yusing/goutils/apitypes"
@@ -39,12 +40,12 @@ func GetContainers(ctx context.Context, dockerClients DockerClients) ([]Containe
 	errs := gperr.NewBuilder("failed to get containers")
 	containers := make([]Container, 0)
 	for server, dockerClient := range dockerClients {
-		conts, err := dockerClient.ContainerList(ctx, container.ListOptions{All: true})
+		conts, err := dockerClient.ContainerList(ctx, client.ContainerListOptions{All: true})
 		if err != nil {
 			errs.Add(err)
 			continue
 		}
-		for _, cont := range conts {
+		for _, cont := range conts.Items {
 			containers = append(containers, Container{
 				Server: server,
 				Name:   cont.Names[0],

internal/api/v1/docker/info.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"sort"
 
-	dockerSystem "github.com/docker/docker/api/types/system"
 	"github.com/gin-gonic/gin"
+	dockerSystem "github.com/moby/moby/api/types/system"
+	"github.com/moby/moby/client"
 	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 
@@ -64,13 +65,13 @@ func GetDockerInfo(ctx context.Context, dockerClients DockerClients) ([]dockerIn
 
 	i := 0
 	for name, dockerClient := range dockerClients {
-		info, err := dockerClient.Info(ctx)
+		info, err := dockerClient.Info(ctx, client.InfoOptions{})
 		if err != nil {
 			errs.Add(err)
 			continue
 		}
-		info.Name = name
-		dockerInfos[i] = toDockerInfo(info)
+		info.Info.Name = name
+		dockerInfos[i] = toDockerInfo(info.Info)
 		i++
 	}
 

internal/api/v1/docker/logs.go

@@ -5,11 +5,10 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"strconv"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/api/pkg/stdcopy"
+	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
@@ -23,7 +22,6 @@ type LogsQueryParams struct {
 	Since  string `form:"from"`
 	Until  string `form:"to"`
 	Levels string `form:"levels"`
-	Limit  int    `form:"limit,default=100" binding:"min=1,max=1000"`
 } //	@name	LogsQueryParams
 
 // @x-id				"logs"
@@ -36,10 +34,9 @@ type LogsQueryParams struct {
 // @Param			id	path	string	true	"container id"
 // @Param			stdout		query	bool	false	"show stdout"
 // @Param			stderr		query	bool	false	"show stderr"
-// @Param			from		  query	string	false	"from timestamp"
-// @Param			to			  query	string	false	"to timestamp"
+// @Param			from		query	string	false	"from timestamp"
+// @Param			to			query	string	false	"to timestamp"
 // @Param			levels		query	string	false	"levels"
-// @Param			limit		  query	int	false	"limit"
 // @Success		200
 // @Failure		400	{object}	apitypes.ErrorResponse
 // @Failure		403	{object}	apitypes.ErrorResponse
@@ -73,14 +70,14 @@ func Logs(c *gin.Context) {
 	}
 	defer dockerClient.Close()
 
-	opts := container.LogsOptions{
+	opts := client.ContainerLogsOptions{
 		ShowStdout: queryParams.Stdout,
 		ShowStderr: queryParams.Stderr,
 		Since:      queryParams.Since,
 		Until:      queryParams.Until,
 		Timestamps: true,
 		Follow:     true,
-		Tail:       strconv.Itoa(queryParams.Limit),
+		Tail:       "100",
 	}
 	if queryParams.Levels != "" {
 		opts.Details = true

internal/api/v1/docker/restart.go

@@ -4,17 +4,23 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
+type RestartRequest struct {
+	ID string `json:"id" binding:"required"`
+	client.ContainerRestartOptions
+}
+
 // @x-id				"restart"
 // @BasePath		/api/v1
 // @Summary		Restart container
 // @Description	Restart container by container id
 // @Tags			docker
 // @Produce		json
-// @Param			request	body		StopRequest	true	"Request"
+// @Param			request	body	RestartRequest	true	"Request"
 // @Success		200	{object}  apitypes.SuccessResponse
 // @Failure		400	{object}	apitypes.ErrorResponse "Invalid request"
 // @Failure		403	{object}	apitypes.ErrorResponse
@@ -22,7 +28,7 @@ import (
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/docker/restart [post]
 func Restart(c *gin.Context) {
-	var req StopRequest
+	var req RestartRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
 		return
@@ -42,7 +48,7 @@ func Restart(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerRestart(c.Request.Context(), req.ID, req.StopOptions)
+	_, err = client.ContainerRestart(c.Request.Context(), req.ID, req.ContainerRestartOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to restart container"))
 		return

internal/api/v1/docker/start.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StartRequest struct {
 	ID string `json:"id" binding:"required"`
-	container.StartOptions
+	client.ContainerStartOptions
 }
 
 // @x-id				"start"
@@ -48,7 +48,7 @@ func Start(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerStart(c.Request.Context(), req.ID, req.StartOptions)
+	_, err = client.ContainerStart(c.Request.Context(), req.ID, req.ContainerStartOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to start container"))
 		return

internal/api/v1/docker/stats.go

@@ -1,116 +0,0 @@
-package dockerapi
-
-import (
-	"context"
-	"errors"
-	"io"
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/moby/moby/api/types/container"
-	"github.com/yusing/godoxy/internal/docker"
-	"github.com/yusing/godoxy/internal/route/routes"
-	"github.com/yusing/godoxy/internal/types"
-	apitypes "github.com/yusing/goutils/apitypes"
-	"github.com/yusing/goutils/http/httpheaders"
-	"github.com/yusing/goutils/http/websocket"
-	"github.com/yusing/goutils/synk"
-	"github.com/yusing/goutils/task"
-)
-
-type ContainerStatsResponse container.StatsResponse // @name ContainerStatsResponse
-
-// @x-id				"stats"
-// @BasePath		/api/v1
-// @Summary		Get container stats
-// @Description	Get container stats by container id
-// @Tags			docker,websocket
-// @Produce		json
-// @Param			id	path		string	true	"Container ID or route alias"
-// @Success		200	{object}	ContainerStatsResponse
-// @Failure		400	{object}	apitypes.ErrorResponse "Invalid request: id is required or route is not a docker container"
-// @Failure		403	{object}	apitypes.ErrorResponse
-// @Failure		404	{object}	apitypes.ErrorResponse "Container not found"
-// @Failure		500	{object}	apitypes.ErrorResponse
-// @Router			/docker/stats/{id} [get]
-func Stats(c *gin.Context) {
-	id := c.Param("id")
-	if id == "" {
-		c.JSON(http.StatusBadRequest, apitypes.Error("id is required"))
-		return
-	}
-
-	dockerCfg, ok := docker.GetDockerCfgByContainerID(id)
-	if !ok {
-		var route types.Route
-		route, ok = routes.GetIncludeExcluded(id)
-		if ok {
-			cont := route.ContainerInfo()
-			if cont == nil {
-				c.JSON(http.StatusBadRequest, apitypes.Error("route is not a docker container"))
-				return
-			}
-			dockerCfg = cont.DockerCfg
-			id = cont.ContainerID
-		}
-	}
-	if !ok {
-		c.JSON(http.StatusNotFound, apitypes.Error("container or route not found"))
-		return
-	}
-
-	dockerClient, err := docker.NewClient(dockerCfg)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to create docker client"))
-		return
-	}
-	defer dockerClient.Close()
-
-	if httpheaders.IsWebsocket(c.Request.Header) {
-		stats, err := dockerClient.ContainerStats(c.Request.Context(), id, true)
-		if err != nil {
-			c.Error(apitypes.InternalServerError(err, "failed to get container stats"))
-			return
-		}
-		defer stats.Body.Close()
-
-		manager, err := websocket.NewManagerWithUpgrade(c)
-		if err != nil {
-			c.Error(apitypes.InternalServerError(err, "failed to create websocket manager"))
-			return
-		}
-		defer manager.Close()
-
-		buf := synk.GetSizedBytesPool().GetSized(4096)
-		defer synk.GetSizedBytesPool().Put(buf)
-
-		for {
-			select {
-			case <-manager.Done():
-				return
-			default:
-				_, err = io.CopyBuffer(manager.NewWriter(websocket.TextMessage), stats.Body, buf)
-				if err != nil {
-					if errors.Is(err, context.Canceled) || errors.Is(err, task.ErrProgramExiting) {
-						return
-					}
-					c.Error(apitypes.InternalServerError(err, "failed to copy container stats"))
-					return
-				}
-			}
-		}
-	}
-
-	stats, err := dockerClient.ContainerStats(c.Request.Context(), id, false)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to get container stats"))
-		return
-	}
-	defer stats.Body.Close()
-
-	_, err = io.Copy(c.Writer, stats.Body)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to copy container stats"))
-		return
-	}
-}

internal/api/v1/docker/stop.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StopRequest struct {
 	ID string `json:"id" binding:"required"`
-	container.StopOptions
+	client.ContainerStopOptions
 }
 
 // @x-id				"stop"
@@ -48,7 +48,7 @@ func Stop(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerStop(c.Request.Context(), req.ID, req.StopOptions)
+	_, err = client.ContainerStop(c.Request.Context(), req.ID, req.ContainerStopOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to stop container"))
 		return

internal/api/v1/file/validate.go

@@ -20,7 +20,7 @@ type ValidateFileRequest struct {
 // @Summary		Validate file
 // @Description	Validate file
 // @Tags			file
-// @Accept		application/yaml
+// @Accept			text/plain
 // @Produce		json
 // @Param			type	query		FileType	true	"Type"
 // @Param			file	body		string		true	"File content"
@@ -29,7 +29,7 @@ type ValidateFileRequest struct {
 // @Failure		403		{object}	apitypes.ErrorResponse "Forbidden"
 // @Failure		417		{object}	any "Validation failed"
 // @Failure		500		{object}	apitypes.ErrorResponse "Internal server error"
-// @Router		/file/validate [post]
+// @Router			/file/validate [post]
 func Validate(c *gin.Context) {
 	var request ValidateFileRequest
 	if err := c.ShouldBindQuery(&request); err != nil {

internal/api/v1/metrics/all_system_info.go

@@ -7,6 +7,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -236,7 +237,7 @@ func marshalSystemInfo(ws *websocket.Manager, agentName string, systemInfo any)
 		defer bufFromPool.release(bufFromPool.RawMessage)
 	}
 
-	err := json.NewEncoder(buf).Encode(map[string]any{
+	err := sonic.ConfigDefault.NewEncoder(buf).Encode(map[string]any{
 		agentName: systemInfo,
 	})
 	if err != nil {

internal/api/v1/proxmox/common.go

@@ -1,6 +0,0 @@
-package proxmoxapi
-
-type ActionRequest struct {
-	Node string `uri:"node" binding:"required"`
-	VMID int    `uri:"vmid" binding:"required"`
-} //	@name	ProxmoxVMActionRequest

internal/api/v1/proxmox/journalctl.go

@@ -1,85 +0,0 @@
-package proxmoxapi
-
-import (
-	"errors"
-	"io"
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/proxmox"
-	"github.com/yusing/goutils/apitypes"
-	"github.com/yusing/goutils/http/websocket"
-)
-
-// e.g. ws://localhost:8889/api/v1/proxmox/journalctl?node=pve&vmid=127&service=pveproxy&service=pvedaemon&limit=10
-// e.g. ws://localhost:8889/api/v1/proxmox/journalctl/pve/127?service=pveproxy&service=pvedaemon&limit=10
-
-type JournalctlRequest struct {
-	Node     string   `form:"node" uri:"node" binding:"required"`                       // Node name
-	VMID     *int     `form:"vmid" uri:"vmid"`                                          // Container VMID (optional - if not provided, streams node journalctl)
-	Services []string `form:"service" uri:"service"`                                    // Service names
-	Limit    *int     `form:"limit" uri:"limit" default:"100" binding:"min=1,max=1000"` // Limit output lines (1-1000)
-} //	@name	ProxmoxJournalctlRequest
-
-// @x-id				"journalctl"
-// @BasePath		/api/v1
-// @Summary		Get journalctl output
-// @Description	Get journalctl output for node or LXC container. If vmid is not provided, streams node journalctl.
-// @Tags			proxmox,websocket
-// @Accept		json
-// @Produce		application/json
-// @Param			query		query		JournalctlRequest	true	"Request"
-// @Param			path		path		JournalctlRequest	true	"Request"
-// @Success		200			string	plain	  "Journalctl output"
-// @Failure		400			{object}	apitypes.ErrorResponse	"Invalid request"
-// @Failure		403			{object}	apitypes.ErrorResponse	"Unauthorized"
-// @Failure		404			{object}	apitypes.ErrorResponse	"Node not found"
-// @Failure		500			{object}	apitypes.ErrorResponse	"Internal server error"
-// @Router		/proxmox/journalctl [get]
-// @Router		/proxmox/journalctl/{node} [get]
-// @Router		/proxmox/journalctl/{node}/{vmid} [get]
-// @Router		/proxmox/journalctl/{node}/{vmid}/{service} [get]
-func Journalctl(c *gin.Context) {
-	var request JournalctlRequest
-	uriErr := c.ShouldBindUri(&request)
-	queryErr := c.ShouldBindQuery(&request)
-	if uriErr != nil && queryErr != nil { // allow both uri and query parameters to be set
-		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", errors.Join(uriErr, queryErr)))
-		return
-	}
-
-	node, ok := proxmox.Nodes.Get(request.Node)
-	if !ok {
-		c.JSON(http.StatusNotFound, apitypes.Error("node not found"))
-		return
-	}
-
-	c.Status(http.StatusContinue)
-
-	var reader io.ReadCloser
-	var err error
-	if request.VMID == nil {
-		reader, err = node.NodeJournalctl(c.Request.Context(), request.Services, *request.Limit)
-	} else {
-		reader, err = node.LXCJournalctl(c.Request.Context(), *request.VMID, request.Services, *request.Limit)
-	}
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to get journalctl output"))
-		return
-	}
-	defer reader.Close()
-
-	manager, err := websocket.NewManagerWithUpgrade(c)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to upgrade to websocket"))
-		return
-	}
-	defer manager.Close()
-
-	writer := manager.NewWriter(websocket.TextMessage)
-	_, err = io.Copy(writer, reader)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to copy journalctl output"))
-		return
-	}
-}

internal/api/v1/proxmox/restart.go

@@ -1,42 +0,0 @@
-package proxmoxapi
-
-import (
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/proxmox"
-	apitypes "github.com/yusing/goutils/apitypes"
-)
-
-// @x-id				"lxcRestart"
-// @BasePath		/api/v1
-// @Summary		Restart LXC container
-// @Description	Restart LXC container by node and vmid
-// @Tags			proxmox
-// @Produce		json
-// @Param			path		path		ActionRequest	true	"Request"
-// @Success		200	{object}  apitypes.SuccessResponse
-// @Failure		400	{object}	apitypes.ErrorResponse "Invalid request"
-// @Failure		404	{object}	apitypes.ErrorResponse "Node not found"
-// @Failure		500	{object}	apitypes.ErrorResponse
-// @Router		/proxmox/lxc/:node/:vmid/restart [post]
-func Restart(c *gin.Context) {
-	var req ActionRequest
-	if err := c.ShouldBindUri(&req); err != nil {
-		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
-		return
-	}
-
-	node, ok := proxmox.Nodes.Get(req.Node)
-	if !ok {
-		c.JSON(http.StatusNotFound, apitypes.Error("node not found"))
-		return
-	}
-
-	if err := node.LXCAction(c.Request.Context(), req.VMID, proxmox.LXCReboot); err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to restart container"))
-		return
-	}
-
-	c.JSON(http.StatusOK, apitypes.Success("container restarted"))
-}

internal/api/v1/proxmox/start.go

@@ -1,42 +0,0 @@
-package proxmoxapi
-
-import (
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/proxmox"
-	apitypes "github.com/yusing/goutils/apitypes"
-)
-
-// @x-id				"lxcStart"
-// @BasePath		/api/v1
-// @Summary		Start LXC container
-// @Description	Start LXC container by node and vmid
-// @Tags			proxmox
-// @Produce		json
-// @Param			path		path		ActionRequest	true	"Request"
-// @Success		200	{object}  apitypes.SuccessResponse
-// @Failure		400	{object}	apitypes.ErrorResponse "Invalid request"
-// @Failure		404	{object}	apitypes.ErrorResponse "Node not found"
-// @Failure		500	{object}	apitypes.ErrorResponse
-// @Router		/proxmox/lxc/:node/:vmid/start [post]
-func Start(c *gin.Context) {
-	var req ActionRequest
-	if err := c.ShouldBindUri(&req); err != nil {
-		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
-		return
-	}
-
-	node, ok := proxmox.Nodes.Get(req.Node)
-	if !ok {
-		c.JSON(http.StatusNotFound, apitypes.Error("node not found"))
-		return
-	}
-
-	if err := node.LXCAction(c.Request.Context(), req.VMID, proxmox.LXCStart); err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to start container"))
-		return
-	}
-
-	c.JSON(http.StatusOK, apitypes.Success("container started"))
-}

internal/api/v1/proxmox/stats.go

@@ -1,139 +0,0 @@
-package proxmoxapi
-
-import (
-	"io"
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/proxmox"
-	"github.com/yusing/goutils/apitypes"
-	"github.com/yusing/goutils/http/httpheaders"
-	"github.com/yusing/goutils/http/websocket"
-)
-
-type StatsRequest struct {
-	Node string `uri:"node" binding:"required"`
-	VMID int    `uri:"vmid" binding:"required"`
-}
-
-// @x-id			"nodeStats"
-// @BasePath	/api/v1
-// @Summary		Get proxmox node stats
-// @Description	Get proxmox node stats in json
-// @Tags			proxmox,websocket
-// @Produce		application/json
-// @Param			node		path	  	string	true	"Node name"
-// @Success		200			{object}	proxmox.NodeStats	      "Stats output"
-// @Failure		400			{object}	apitypes.ErrorResponse	"Invalid request"
-// @Failure		403			{object}	apitypes.ErrorResponse	"Unauthorized"
-// @Failure		404			{object}	apitypes.ErrorResponse	"Node not found"
-// @Failure		500			{object}	apitypes.ErrorResponse	"Internal server error"
-// @Router		/proxmox/stats/{node} [get]
-func NodeStats(c *gin.Context) {
-	nodeName := c.Param("node")
-	if nodeName == "" {
-		c.JSON(http.StatusBadRequest, apitypes.Error("node name is required"))
-		return
-	}
-
-	node, ok := proxmox.Nodes.Get(nodeName)
-	if !ok {
-		c.JSON(http.StatusNotFound, apitypes.Error("node not found"))
-		return
-	}
-
-	isWs := httpheaders.IsWebsocket(c.Request.Header)
-
-	reader, err := node.NodeStats(c.Request.Context(), isWs)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to get stats"))
-		return
-	}
-	defer reader.Close()
-
-	if !isWs {
-		var line [512]byte
-		n, err := reader.Read(line[:])
-		if err != nil {
-			c.Error(apitypes.InternalServerError(err, "failed to copy stats"))
-			return
-		}
-		c.Data(http.StatusOK, "application/json", line[:n])
-		return
-	}
-
-	manager, err := websocket.NewManagerWithUpgrade(c)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to upgrade to websocket"))
-		return
-	}
-	defer manager.Close()
-
-	writer := manager.NewWriter(websocket.TextMessage)
-	_, err = io.Copy(writer, reader)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to copy stats"))
-		return
-	}
-}
-
-// @x-id			"vmStats"
-// @BasePath	/api/v1
-// @Summary		Get proxmox VM stats
-// @Description	Get proxmox VM stats in format of "STATUS|CPU%%|MEM USAGE/LIMIT|MEM%%|NET I/O|BLOCK I/O"
-// @Tags			proxmox,websocket
-// @Produce		text/plain
-// @Param			path		path		StatsRequest	true	"Request"
-// @Success		200			string		plain	"Stats output"
-// @Failure		400			{object}	apitypes.ErrorResponse	"Invalid request"
-// @Failure		403			{object}	apitypes.ErrorResponse	"Unauthorized"
-// @Failure		404			{object}	apitypes.ErrorResponse	"Node not found"
-// @Failure		500			{object}	apitypes.ErrorResponse	"Internal server error"
-// @Router		/proxmox/stats/{node}/{vmid} [get]
-func VMStats(c *gin.Context) {
-	var request StatsRequest
-	if err := c.ShouldBindUri(&request); err != nil {
-		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
-		return
-	}
-
-	node, ok := proxmox.Nodes.Get(request.Node)
-	if !ok {
-		c.JSON(http.StatusNotFound, apitypes.Error("node not found"))
-		return
-	}
-
-	isWs := httpheaders.IsWebsocket(c.Request.Header)
-
-	reader, err := node.LXCStats(c.Request.Context(), request.VMID, isWs)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to get stats"))
-		return
-	}
-	defer reader.Close()
-
-	if !isWs {
-		var line [128]byte
-		n, err := reader.Read(line[:])
-		if err != nil {
-			c.Error(apitypes.InternalServerError(err, "failed to copy stats"))
-			return
-		}
-		c.Data(http.StatusOK, "text/plain; charset=utf-8", line[:n])
-		return
-	}
-
-	manager, err := websocket.NewManagerWithUpgrade(c)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to upgrade to websocket"))
-		return
-	}
-	defer manager.Close()
-
-	writer := manager.NewWriter(websocket.TextMessage)
-	_, err = io.Copy(writer, reader)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to copy stats"))
-		return
-	}
-}

internal/api/v1/proxmox/stop.go

@@ -1,42 +0,0 @@
-package proxmoxapi
-
-import (
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/proxmox"
-	apitypes "github.com/yusing/goutils/apitypes"
-)
-
-// @x-id				"lxcStop"
-// @BasePath		/api/v1
-// @Summary		Stop LXC container
-// @Description	Stop LXC container by node and vmid
-// @Tags			proxmox
-// @Produce		json
-// @Param			path		path		ActionRequest	true	"Request"
-// @Success		200	{object}  apitypes.SuccessResponse
-// @Failure		400	{object}	apitypes.ErrorResponse "Invalid request"
-// @Failure		404	{object}	apitypes.ErrorResponse "Node not found"
-// @Failure		500	{object}	apitypes.ErrorResponse
-// @Router		/proxmox/lxc/:node/:vmid/stop [post]
-func Stop(c *gin.Context) {
-	var req ActionRequest
-	if err := c.ShouldBindUri(&req); err != nil {
-		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
-		return
-	}
-
-	node, ok := proxmox.Nodes.Get(req.Node)
-	if !ok {
-		c.JSON(http.StatusNotFound, apitypes.Error("node not found"))
-		return
-	}
-
-	if err := node.LXCAction(c.Request.Context(), req.VMID, proxmox.LXCShutdown); err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to stop container"))
-		return
-	}
-
-	c.JSON(http.StatusOK, apitypes.Success("container stopped"))
-}

internal/api/v1/proxmox/tail.go

@@ -1,77 +0,0 @@
-package proxmoxapi
-
-import (
-	"io"
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/proxmox"
-	"github.com/yusing/goutils/apitypes"
-	"github.com/yusing/goutils/http/websocket"
-)
-
-// e.g. ws://localhost:8889/api/v1/proxmox/tail?node=pve&vmid=127&file=/var/log/immich/web.log&file=/var/log/immich/ml.log&limit=10
-
-type TailRequest struct {
-	Node  string   `form:"node" binding:"required"`                      // Node name
-	VMID  *int     `form:"vmid"`                                         // Container VMID (optional - if not provided, streams node journalctl)
-	Files []string `form:"file" binding:"required,dive,filepath"`        // File paths
-	Limit int      `form:"limit" default:"100" binding:"min=1,max=1000"` // Limit output lines (1-1000)
-} //	@name	ProxmoxTailRequest
-
-// @x-id				"tail"
-// @BasePath		/api/v1
-// @Summary		Get tail output
-// @Description	Get tail output for node or LXC container. If vmid is not provided, streams node tail.
-// @Tags			proxmox,websocket
-// @Accept		json
-// @Produce		application/json
-// @Param			query		query		TailRequest	true	"Request"
-// @Success		200			string	plain	  "Tail output"
-// @Failure		400			{object}	apitypes.ErrorResponse	"Invalid request"
-// @Failure		403			{object}	apitypes.ErrorResponse	"Unauthorized"
-// @Failure		404			{object}	apitypes.ErrorResponse	"Node not found"
-// @Failure		500			{object}	apitypes.ErrorResponse	"Internal server error"
-// @Router		/proxmox/tail [get]
-func Tail(c *gin.Context) {
-	var request TailRequest
-	if err := c.ShouldBindQuery(&request); err != nil {
-		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
-		return
-	}
-
-	node, ok := proxmox.Nodes.Get(request.Node)
-	if !ok {
-		c.JSON(http.StatusNotFound, apitypes.Error("node not found"))
-		return
-	}
-
-	c.Status(http.StatusContinue)
-
-	var reader io.ReadCloser
-	var err error
-	if request.VMID == nil {
-		reader, err = node.NodeTail(c.Request.Context(), request.Files, request.Limit)
-	} else {
-		reader, err = node.LXCTail(c.Request.Context(), *request.VMID, request.Files, request.Limit)
-	}
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to get journalctl output"))
-		return
-	}
-	defer reader.Close()
-
-	manager, err := websocket.NewManagerWithUpgrade(c)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to upgrade to websocket"))
-		return
-	}
-	defer manager.Close()
-
-	writer := manager.NewWriter(websocket.TextMessage)
-	_, err = io.Copy(writer, reader)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to copy journalctl output"))
-		return
-	}
-}

internal/api/v1/route/route.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	statequery "github.com/yusing/godoxy/internal/config/query"
 	"github.com/yusing/godoxy/internal/route/routes"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
@@ -32,10 +33,17 @@ func Route(c *gin.Context) {
 		return
 	}
 
-	route, ok := routes.GetIncludeExcluded(request.Which)
+	route, ok := routes.Get(request.Which)
 	if ok {
 		c.JSON(http.StatusOK, route)
 		return
 	}
-	c.JSON(http.StatusNotFound, apitypes.Error("route not found"))
+
+	// also search for excluded routes
+	route = statequery.SearchRoute(request.Which)
+	if route != nil {
+		c.JSON(http.StatusOK, route)
+		return
+	}
+	c.JSON(http.StatusNotFound, nil)
 }

internal/api/v1/route/validate.go

@@ -1,69 +0,0 @@
-package routeApi
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/gin-gonic/gin"
-	"github.com/goccy/go-yaml"
-	"github.com/yusing/godoxy/internal/route"
-	"github.com/yusing/godoxy/internal/serialization"
-	apitypes "github.com/yusing/goutils/apitypes"
-	"github.com/yusing/goutils/http/httpheaders"
-	"github.com/yusing/goutils/http/websocket"
-)
-
-type _ = route.Route
-
-// @x-id			"validate"
-// @BasePath	/api/v1
-// @Summary		Validate route
-// @Description	Validate route,
-// @Tags			route,websocket
-// @Accept		application/yaml
-// @Produce		json
-// @Param			route body route.Route true "Route"
-// @Success		200		{object}	apitypes.SuccessResponse "Route validated"
-// @Failure		400		{object}	apitypes.ErrorResponse "Bad request"
-// @Failure		403		{object}	apitypes.ErrorResponse "Forbidden"
-// @Failure		417		{object}	any "Validation failed"
-// @Failure		500		{object}	apitypes.ErrorResponse "Internal server error"
-// @Router		/route/validate [get]
-// @Router		/route/validate [post]
-func Validate(c *gin.Context) {
-	if httpheaders.IsWebsocket(c.Request.Header) {
-		ValidateWS(c)
-		return
-	}
-	var request route.Route
-	if err := c.ShouldBindWith(&request, serialization.GinYAMLBinding{}); err != nil {
-		c.JSON(http.StatusExpectationFailed, err)
-		return
-	}
-	c.JSON(http.StatusOK, apitypes.Success("route validated"))
-}
-
-func ValidateWS(c *gin.Context) {
-	manager, err := websocket.NewManagerWithUpgrade(c)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to upgrade to websocket"))
-		return
-	}
-	defer manager.Close()
-
-	const writeTimeout = 5 * time.Second
-
-	for {
-		select {
-		case <-manager.Done():
-			return
-		case msg := <-manager.ReadCh():
-			var request route.Route
-			if err := serialization.UnmarshalValidate(msg, &request, yaml.Unmarshal); err != nil {
-				manager.WriteJSON(gin.H{"error": err}, writeTimeout)
-				continue
-			}
-			manager.WriteJSON(gin.H{"message": "route validated"}, writeTimeout)
-		}
-	}
-}

internal/auth/userpass.go

@@ -1,11 +1,11 @@
 package auth
 
 import (
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/yusing/godoxy/internal/common"
 	gperr "github.com/yusing/goutils/errs"
@@ -109,7 +109,7 @@ type UserPassAuthCallbackRequest struct {
 
 func (auth *UserPassAuth) PostAuthCallbackHandler(w http.ResponseWriter, r *http.Request) {
 	var creds UserPassAuthCallbackRequest
-	err := json.NewDecoder(r.Body).Decode(&creds)
+	err := sonic.ConfigDefault.NewDecoder(r.Body).Decode(&creds)
 	if err != nil {
 		http.Error(w, "invalid request", http.StatusBadRequest)
 		return

internal/autocert/config.go

@@ -4,13 +4,10 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
-	"crypto/sha256"
 	"crypto/x509"
-	"encoding/hex"
 	"fmt"
 	"net/http"
 	"os"
-	"path/filepath"
 	"regexp"
 
 	"github.com/go-acme/lego/v4/certcrypto"
@@ -30,7 +27,7 @@ type Config struct {
 	CertPath    string                       `json:"cert_path,omitempty"`
 	KeyPath     string                       `json:"key_path,omitempty"`
 	Extra       []ConfigExtra                `json:"extra,omitempty"`
-	ACMEKeyPath string                       `json:"acme_key_path,omitempty"` // shared by all extra providers with the same CA directory URL
+	ACMEKeyPath string                       `json:"acme_key_path,omitempty"` // shared by all extra providers
 	Provider    string                       `json:"provider,omitempty"`
 	Options     map[string]strutils.Redacted `json:"options,omitempty"`
 
@@ -91,7 +88,7 @@ func (cfg *Config) validate(seenPaths map[string]int) gperr.Error {
 		cfg.KeyPath = KeyFileDefault
 	}
 	if cfg.ACMEKeyPath == "" {
-		cfg.ACMEKeyPath = acmeKeyPath(cfg.CADirURL)
+		cfg.ACMEKeyPath = ACMEKeyFileDefault
 	}
 
 	b := gperr.NewBuilder("certificate error")
@@ -275,16 +272,3 @@ func (cfg *Config) SaveACMEKey(key *ecdsa.PrivateKey) error {
 	}
 	return os.WriteFile(cfg.ACMEKeyPath, data, 0o600)
 }
-
-// acmeKeyPath returns the path to the ACME key file based on the CA directory URL.
-// Different CA directory URLs will use different key files to avoid key conflicts.
-func acmeKeyPath(caDirURL string) string {
-	// Use a hash of the CA directory URL to create a unique key filename
-	// Default to "acme" if no custom CA is configured (Let's Encrypt default)
-	filename := "acme"
-	if caDirURL != "" {
-		hash := sha256.Sum256([]byte(caDirURL))
-		filename = "acme_" + hex.EncodeToString(hash[:])[:16]
-	}
-	return filepath.Join(certBasePath, filename+".key")
-}

internal/autocert/config_test.go

@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/goccy/go-yaml"
 	"github.com/stretchr/testify/require"
 	"github.com/yusing/godoxy/internal/autocert"
 	"github.com/yusing/godoxy/internal/dnsproviders"
@@ -26,9 +25,9 @@ func TestEABConfigRequired(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			yamlCfg := fmt.Appendf(nil, "eab_kid: %s\neab_hmac: %s", test.cfg.EABKid, test.cfg.EABHmac)
+			yaml := fmt.Appendf(nil, "eab_kid: %s\neab_hmac: %s", test.cfg.EABKid, test.cfg.EABHmac)
 			cfg := autocert.Config{}
-			err := serialization.UnmarshalValidate(yamlCfg, &cfg, yaml.Unmarshal)
+			err := serialization.UnmarshalValidateYAML(yaml, &cfg)
 			if (err != nil) != test.wantErr {
 				t.Errorf("Validate() error = %v, wantErr %v", err, test.wantErr)
 			}

internal/autocert/paths.go

@@ -1,7 +1,8 @@
 package autocert
 
 const (
-	certBasePath    = "certs/"
-	CertFileDefault = certBasePath + "cert.crt"
-	KeyFileDefault  = certBasePath + "priv.key"
+	certBasePath       = "certs/"
+	CertFileDefault    = certBasePath + "cert.crt"
+	KeyFileDefault     = certBasePath + "priv.key"
+	ACMEKeyFileDefault = certBasePath + "acme.key"
 )

internal/autocert/provider.go

@@ -222,14 +222,13 @@ func (p *Provider) ObtainCertIfNotExistsAll() error {
 		})
 	}
 
-	err := errs.Wait().Error()
 	p.rebuildSNIMatcher()
-	return err
+	return errs.Wait().Error()
 }
 
 // obtainCertIfNotExists obtains a new certificate for this provider if it does not exist.
 func (p *Provider) obtainCertIfNotExists() error {
-	err := p.loadCert()
+	err := p.LoadCert()
 	if err == nil {
 		return nil
 	}
@@ -262,10 +261,7 @@ func (p *Provider) ObtainCertAll() error {
 			return nil
 		})
 	}
-
-	err := errs.Wait().Error()
-	p.rebuildSNIMatcher()
-	return err
+	return errs.Wait().Error()
 }
 
 // ObtainCert renews existing certificate or obtains a new certificate for this provider.
@@ -350,32 +346,29 @@ func (p *Provider) ObtainCert() error {
 	return nil
 }
 
-func (p *Provider) LoadCertAll() error {
+func (p *Provider) LoadCert() error {
 	var errs gperr.Builder
-	for _, provider := range p.allProviders() {
-		if err := provider.loadCert(); err != nil {
-			errs.Add(provider.fmtError(err))
-		}
-	}
-	p.rebuildSNIMatcher()
-	return errs.Error()
-}
-
-func (p *Provider) loadCert() error {
 	cert, err := tls.LoadX509KeyPair(p.cfg.CertPath, p.cfg.KeyPath)
 	if err != nil {
-		return err
+		errs.Addf("load SSL certificate: %w", p.fmtError(err))
 	}
 
 	expiries, err := getCertExpiries(&cert)
 	if err != nil {
-		return err
+		errs.Addf("parse SSL certificate: %w", p.fmtError(err))
 	}
 
 	p.tlsCert = &cert
 	p.certExpiries = expiries
 
-	return nil
+	for _, ep := range p.extraProviders {
+		if err := ep.LoadCert(); err != nil {
+			errs.Add(err)
+		}
+	}
+
+	p.rebuildSNIMatcher()
+	return errs.Error()
 }
 
 // PrintCertExpiriesAll prints the certificate expiries for this provider and all extra providers.

internal/autocert/provider_test/multi_cert_test.go

@@ -6,7 +6,6 @@ import (
 	"os"
 	"testing"
 
-	"github.com/goccy/go-yaml"
 	"github.com/stretchr/testify/require"
 	"github.com/yusing/godoxy/internal/autocert"
 	"github.com/yusing/godoxy/internal/serialization"
@@ -42,7 +41,7 @@ func TestMultipleCertificatesLifecycle(t *testing.T) {
 	cfg.HTTPClient = acmeServer.httpClient()
 
 	/* unmarshal yaml config with multiple certs */
-	err := error(serialization.UnmarshalValidate(yamlConfig, &cfg, yaml.Unmarshal))
+	err := error(serialization.UnmarshalValidateYAML(yamlConfig, &cfg))
 	require.NoError(t, err)
 	require.Equal(t, []string{"main.example.com"}, cfg.Domains)
 	require.Len(t, cfg.Extra, 2)

internal/autocert/provider_test/sni_test.go

@@ -81,7 +81,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert, err := p.GetCert(&tls.ClientHelloInfo{ServerName: "a.internal.example.com"})
@@ -113,7 +113,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert, err := p.GetCert(&tls.ClientHelloInfo{ServerName: "foo.example.com"})
@@ -145,7 +145,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert, err := p.GetCert(&tls.ClientHelloInfo{ServerName: "unknown.domain.com"})
@@ -171,7 +171,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert, err := p.GetCert(nil)
@@ -197,7 +197,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert, err := p.GetCert(&tls.ClientHelloInfo{ServerName: ""})
@@ -229,7 +229,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert, err := p.GetCert(&tls.ClientHelloInfo{ServerName: "FOO.EXAMPLE.COM"})
@@ -261,7 +261,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert, err := p.GetCert(&tls.ClientHelloInfo{ServerName: "  foo.example.com.  "})
@@ -293,7 +293,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert, err := p.GetCert(&tls.ClientHelloInfo{ServerName: "foo.a.example.com"})
@@ -319,7 +319,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert, err := p.GetCert(&tls.ClientHelloInfo{ServerName: "bar.example.com"})
@@ -355,7 +355,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert1, err := p.GetCert(&tls.ClientHelloInfo{ServerName: "foo.test.com"})
@@ -392,7 +392,7 @@ func TestGetCertBySNI(t *testing.T) {
 		p, err := autocert.NewProvider(cfg, nil, nil)
 		require.NoError(t, err)
 
-		err = p.LoadCertAll()
+		err = p.LoadCert()
 		require.NoError(t, err)
 
 		cert1, err := p.GetCert(&tls.ClientHelloInfo{ServerName: "foo.example.com"})

internal/autocert/setup_test.go

@@ -3,7 +3,6 @@ package autocert_test
 import (
 	"testing"
 
-	"github.com/goccy/go-yaml"
 	"github.com/stretchr/testify/require"
 	"github.com/yusing/godoxy/internal/autocert"
 	"github.com/yusing/godoxy/internal/dnsproviders"
@@ -43,7 +42,7 @@ extra:
 `
 
 	var cfg autocert.Config
-	err := error(serialization.UnmarshalValidate([]byte(cfgYAML), &cfg, yaml.Unmarshal))
+	err := error(serialization.UnmarshalValidateYAML([]byte(cfgYAML), &cfg))
 	require.NoError(t, err)
 
 	// Test: extra[0] inherits all fields from main except CertPath and KeyPath.

internal/common/env.go

@@ -13,8 +13,6 @@ var (
 	IsDebug = env.GetEnvBool("DEBUG", IsTest)
 	IsTrace = env.GetEnvBool("TRACE", false) && IsDebug
 
-	InitTimeout = env.GetEnvDuation("INIT_TIMEOUT", 1*time.Minute)
-
 	ShortLinkPrefix = env.GetEnvString("SHORTLINK_PREFIX", "go")
 
 	ProxyHTTPAddr,
@@ -32,11 +30,6 @@ var (
 	APIHTTPPort,
 	APIHTTPURL = env.GetAddrEnv("API_ADDR", "127.0.0.1:8888", "http")
 
-	LocalAPIHTTPAddr,
-	LocalAPIHTTPHost,
-	LocalAPIHTTPPort,
-	LocalAPIHTTPURL = env.GetAddrEnv("LOCAL_API_ADDR", "", "http")
-
 	APIJWTSecure   = env.GetEnvBool("API_JWT_SECURE", true)
 	APIJWTSecret   = decodeJWTKey(env.GetEnvString("API_JWT_SECRET", ""))
 	APIJWTTokenTTL = env.GetEnvDuation("API_JWT_TOKEN_TTL", 24*time.Hour)

internal/config/events.go

@@ -10,7 +10,6 @@ import (
 	"github.com/yusing/godoxy/internal/common"
 	config "github.com/yusing/godoxy/internal/config/types"
 	"github.com/yusing/godoxy/internal/notif"
-	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/watcher"
 	"github.com/yusing/godoxy/internal/watcher/events"
 	gperr "github.com/yusing/goutils/errs"
@@ -60,15 +59,6 @@ func Load() error {
 
 	cfgWatcher = watcher.NewConfigFileWatcher(common.ConfigFileName)
 
-	// disable pool logging temporary since we already have pretty logging
-	routes.HTTP.DisableLog(true)
-	routes.Stream.DisableLog(true)
-
-	defer func() {
-		routes.HTTP.DisableLog(false)
-		routes.Stream.DisableLog(false)
-	}()
-
 	initErr := state.InitFromFile(common.ConfigPath)
 	err := errors.Join(initErr, state.StartProviders())
 	if err != nil {

internal/config/query/README.md

@@ -54,6 +54,12 @@ Returns all route providers as a map keyed by their short name. Thread-safe acce
 func RouteProviderList() []RouteProviderListResponse
 ```
 
+Returns a list of route providers with their short and full names. Useful for API responses.
+
+```go
+func SearchRoute(alias string) types.Route
+```
+
 Searches for a route by alias across all providers. Returns `nil` if not found.
 
 ```go
@@ -173,6 +179,15 @@ for shortName, provider := range providers {
 }
 ```
 
+### Searching for a route
+
+```go
+route := statequery.SearchRoute("my-service")
+if route != nil {
+    fmt.Printf("Found route: %s\n", route.Alias())
+}
+```
+
 ### Getting system statistics
 
 ```go
@@ -198,4 +213,14 @@ func handleGetStats(w http.ResponseWriter, r *http.Request) {
     w.Header().Set("Content-Type", "application/json")
     json.NewEncoder(w).Encode(stats)
 }
+
+func handleFindRoute(w http.ResponseWriter, r *http.Request) {
+    alias := r.URL.Query().Get("alias")
+    route := statequery.SearchRoute(alias)
+    if route == nil {
+        http.NotFound(w, r)
+        return
+    }
+    json.NewEncoder(w).Encode(route)
+}
 ```

internal/config/query/query.go

@@ -30,3 +30,13 @@ func RouteProviderList() []RouteProviderListResponse {
 	}
 	return list
 }
+
+func SearchRoute(alias string) types.Route {
+	state := config.ActiveState.Load()
+	for _, p := range state.IterProviders() {
+		if r, ok := p.GetRoute(alias); ok {
+			return r
+		}
+	}
+	return nil
+}

internal/config/state.go

@@ -28,6 +28,7 @@ import (
 	"github.com/yusing/godoxy/internal/maxmind"
 	"github.com/yusing/godoxy/internal/notif"
 	route "github.com/yusing/godoxy/internal/route/provider"
+	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/serialization"
 	"github.com/yusing/godoxy/internal/types"
 	gperr "github.com/yusing/goutils/errs"
@@ -73,6 +74,7 @@ func SetState(state config.State) {
 
 	cfg := state.Value()
 	config.ActiveState.Store(state)
+	acl.ActiveConfig.Store(cfg.ACL)
 	entrypoint.ActiveConfig.Store(&cfg.Entrypoint)
 	homepage.ActiveConfig.Store(&cfg.Homepage)
 	if autocertProvider := state.AutoCertProvider(); autocertProvider != nil {
@@ -103,7 +105,7 @@ func (state *state) InitFromFile(filename string) error {
 }
 
 func (state *state) Init(data []byte) error {
-	err := serialization.UnmarshalValidate(data, &state.Config, yaml.Unmarshal)
+	err := serialization.UnmarshalValidateYAML(data, &state.Config)
 	if err != nil {
 		return err
 	}
@@ -111,14 +113,14 @@ func (state *state) Init(data []byte) error {
 	g := gperr.NewGroup("config load error")
 	g.Go(state.initMaxMind)
 	g.Go(state.initProxmox)
+	g.Go(state.loadRouteProviders)
 	g.Go(state.initAutoCert)
 
 	errs := g.Wait()
 	// these won't benefit from running on goroutines
 	errs.Add(state.initNotification())
-	errs.Add(state.initACL())
+	errs.Add(state.initAccessLogger())
 	errs.Add(state.initEntrypoint())
-	errs.Add(state.loadRouteProviders())
 	return errs.Error()
 }
 
@@ -190,17 +192,12 @@ func (state *state) FlushTmpLog() {
 	state.tmpLogBuf.Reset()
 }
 
-// initACL initializes the ACL.
-func (state *state) initACL() error {
+// this one is connection level access logger, different from entrypoint access logger
+func (state *state) initAccessLogger() error {
 	if !state.ACL.Valid() {
 		return nil
 	}
-	err := state.ACL.Start(state.task)
-	if err != nil {
-		return err
-	}
-	state.task.SetValue(acl.ContextKey{}, state.ACL)
-	return nil
+	return state.ACL.Start(state.task)
 }
 
 func (state *state) initEntrypoint() error {
@@ -317,50 +314,76 @@ func (state *state) initProxmox() error {
 	return errs.Wait().Error()
 }
 
+func (state *state) storeProvider(p types.RouteProvider) {
+	state.providers.Store(p.String(), p)
+}
+
 func (state *state) loadRouteProviders() error {
-	providers := state.Providers
+	// disable pool logging temporary since we will have pretty logging below
+	routes.HTTP.DisableLog(true)
+	routes.Stream.DisableLog(true)
+
+	defer func() {
+		routes.HTTP.DisableLog(false)
+		routes.Stream.DisableLog(false)
+	}()
+
+	providers := &state.Providers
 	errs := gperr.NewGroup("route provider errors")
+	results := gperr.NewGroup("loaded route providers")
 
 	agentpool.RemoveAll()
 
-	registerProvider := func(p types.RouteProvider) {
-		if actual, loaded := state.providers.LoadOrStore(p.String(), p); loaded {
-			errs.Addf("provider %s already exists, first: %s, second: %s", p.String(), actual.GetType(), p.GetType())
-		}
-	}
+	numProviders := len(providers.Agents) + len(providers.Files) + len(providers.Docker)
+	providersCh := make(chan types.RouteProvider, numProviders)
 
-	agentErrs := gperr.NewGroup("agent init errors")
+	// start providers concurrently
+	var providersConsumer sync.WaitGroup
+	providersConsumer.Go(func() {
+		for p := range providersCh {
+			if actual, loaded := state.providers.LoadOrStore(p.String(), p); loaded {
+				errs.Add(gperr.Errorf("provider %s already exists, first: %s, second: %s", p.String(), actual.GetType(), p.GetType()))
+				continue
+			}
+			state.storeProvider(p)
+		}
+	})
+
+	var providersProducer sync.WaitGroup
 	for _, a := range providers.Agents {
-		agentErrs.Go(func() error {
+		providersProducer.Go(func() {
 			if err := a.Init(state.task.Context()); err != nil {
-				return gperr.PrependSubject(a.String(), err)
+				errs.Add(gperr.PrependSubject(a.String(), err))
+				return
 			}
 			agentpool.Add(a)
-			return nil
+			p := route.NewAgentProvider(a)
+			providersCh <- p
 		})
 	}
 
-	if err := agentErrs.Wait().Error(); err != nil {
-		errs.Add(err)
-	}
-
-	for _, a := range providers.Agents {
-		registerProvider(route.NewAgentProvider(a))
-	}
-
 	for _, filename := range providers.Files {
-		p, err := route.NewFileProvider(filename)
-		if err != nil {
-			errs.Add(gperr.PrependSubject(filename, err))
-			return err
-		}
-		registerProvider(p)
+		providersProducer.Go(func() {
+			p, err := route.NewFileProvider(filename)
+			if err != nil {
+				errs.Add(gperr.PrependSubject(filename, err))
+			} else {
+				providersCh <- p
+			}
+		})
 	}
 
 	for name, dockerCfg := range providers.Docker {
-		registerProvider(route.NewDockerProvider(name, dockerCfg))
+		providersProducer.Go(func() {
+			providersCh <- route.NewDockerProvider(name, dockerCfg)
+		})
 	}
 
+	providersProducer.Wait()
+
+	close(providersCh)
+	providersConsumer.Wait()
+
 	lenLongestName := 0
 	for k := range state.providers.Range {
 		if len(k) > lenLongestName {
@@ -369,26 +392,18 @@ func (state *state) loadRouteProviders() error {
 	}
 
 	// load routes concurrently
-	loadErrs := gperr.NewGroup("route load errors")
-
-	results := gperr.NewBuilder("loaded route providers")
-	resultsMu := sync.Mutex{}
+	var providersLoader sync.WaitGroup
 	for _, p := range state.providers.Range {
-		loadErrs.Go(func() error {
+		providersLoader.Go(func() {
 			if err := p.LoadRoutes(); err != nil {
-				return err.Subject(p.String())
+				errs.Add(err.Subject(p.String()))
 			}
-			resultsMu.Lock()
 			results.Addf("%-"+strconv.Itoa(lenLongestName)+"s %d routes", p.String(), p.NumRoutes())
-			resultsMu.Unlock()
-			return nil
 		})
 	}
-	if err := loadErrs.Wait().Error(); err != nil {
-		errs.Add(err)
-	}
+	providersLoader.Wait()
 
-	state.tmpLog.Info().Msg(results.String())
+	state.tmpLog.Info().Msg(results.Wait().String())
 	state.printRoutesByProvider(lenLongestName)
 	state.printState()
 	return errs.Wait().Error()

internal/config/types/config.go

@@ -4,7 +4,6 @@ import (
 	"regexp"
 
 	"github.com/go-playground/validator/v10"
-	"github.com/goccy/go-yaml"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/acl"
 	"github.com/yusing/godoxy/internal/autocert"
@@ -37,14 +36,14 @@ type (
 		Docker       map[string]types.DockerProviderConfig `json:"docker" yaml:"docker,omitempty" validate:"non_empty_docker_keys"`
 		Agents       []*agent.AgentConfig                  `json:"agents" yaml:"agents,omitempty"`
 		Notification []*notif.NotificationConfig           `json:"notification" yaml:"notification,omitempty"`
-		Proxmox      []*proxmox.Config                     `json:"proxmox" yaml:"proxmox,omitempty"`
+		Proxmox      []proxmox.Config                      `json:"proxmox" yaml:"proxmox,omitempty"`
 		MaxMind      *maxmind.Config                       `json:"maxmind" yaml:"maxmind,omitempty"`
 	}
 )
 
 func Validate(data []byte) gperr.Error {
 	var model Config
-	return serialization.UnmarshalValidate(data, &model, yaml.Unmarshal)
+	return serialization.UnmarshalValidateYAML(data, &model)
 }
 
 func DefaultConfig() Config {

internal/dnsproviders/go.mod

@@ -6,11 +6,11 @@ replace github.com/yusing/godoxy => ../..
 
 require (
 	github.com/go-acme/lego/v4 v4.31.0
-	github.com/yusing/godoxy v0.25.2
+	github.com/yusing/godoxy v0.24.1
 )
 
 require (
-	cloud.google.com/go/auth v0.18.1 // indirect
+	cloud.google.com/go/auth v0.18.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 // indirect
@@ -23,8 +23,12 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/boombuler/barcode v1.1.0 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.14.2 // indirect
+	github.com/bytedance/sonic/loader v0.4.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -40,7 +44,7 @@ require (
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
 	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/gofrs/flock v0.13.0 // indirect
-	github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
 	github.com/google/go-querystring v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -49,6 +53,7 @@ require (
 	github.com/gotify/server/v2 v2.8.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
@@ -56,23 +61,24 @@ require (
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/maxatome/go-testdeep v1.14.0 // indirect
-	github.com/miekg/dns v1.1.72 // indirect
+	github.com/miekg/dns v1.1.70 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/nrdcg/goacmedns v0.2.0 // indirect
 	github.com/nrdcg/goinwx v0.12.0 // indirect
-	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0 // indirect
-	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0 // indirect
+	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.106.0 // indirect
+	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.106.0 // indirect
 	github.com/nrdcg/porkbun v0.4.0 // indirect
 	github.com/ovh/go-ovh v1.9.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/pquerna/otp v1.5.0 // indirect
-	github.com/puzpuzpuz/xsync/v4 v4.4.0 // indirect
+	github.com/puzpuzpuz/xsync/v4 v4.3.0 // indirect
 	github.com/rs/zerolog v1.34.0 // indirect
 	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 // indirect
 	github.com/sony/gobreaker v1.0.0 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/stretchr/testify v1.11.1 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/vultr/govultr/v3 v3.26.1 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	github.com/yusing/gointernals v0.1.16 // indirect
@@ -83,6 +89,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.39.0 // indirect
 	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.uber.org/ratelimit v0.3.1 // indirect
+	golang.org/x/arch v0.23.0 // indirect
 	golang.org/x/crypto v0.47.0 // indirect
 	golang.org/x/mod v0.32.0 // indirect
 	golang.org/x/net v0.49.0 // indirect
@@ -91,8 +98,8 @@ require (
 	golang.org/x/sys v0.40.0 // indirect
 	golang.org/x/text v0.33.0 // indirect
 	golang.org/x/tools v0.41.0 // indirect
-	google.golang.org/api v0.263.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect
+	google.golang.org/api v0.260.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260114163908-3f89685c29c3 // indirect
 	google.golang.org/grpc v1.78.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.1 // indirect

internal/dnsproviders/go.sum

@@ -1,5 +1,5 @@
-cloud.google.com/go/auth v0.18.1 h1:IwTEx92GFUo2pJ6Qea0EU3zYvKnTAeRCODxfA/G5UWs=
-cloud.google.com/go/auth v0.18.1/go.mod h1:GfTYoS9G3CWpRA3Va9doKN9mjPGRS+v41jmZAhBzbrA=
+cloud.google.com/go/auth v0.18.0 h1:wnqy5hrv7p3k7cShwAU/Br3nzod7fxoqG+k0VZ+/Pk0=
+cloud.google.com/go/auth v0.18.0/go.mod h1:wwkPM1AgE1f2u6dG443MiWoD8C3BtOywNsUMcUTVDRo=
 cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
 cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
 cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
@@ -37,10 +37,18 @@ github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
 github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
+github.com/bytedance/sonic v1.14.2 h1:k1twIoe97C1DtYUo+fZQy865IuHia4PR5RPiuGPPIIE=
+github.com/bytedance/sonic v1.14.2/go.mod h1:T80iDELeHiHKSc0C9tubFygiuXoGzrkjKzX2quAx980=
+github.com/bytedance/sonic/loader v0.4.0 h1:olZ7lEqcxtZygCK9EKYKADnpQoYkRQxaeY2NYzevs+o=
+github.com/bytedance/sonic/loader v0.4.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -82,8 +90,8 @@ github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7Lk
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=
 github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0=
-github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
-github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
+github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
+github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -111,6 +119,8 @@ github.com/jarcoal/httpmock v1.4.1 h1:0Ju+VCFuARfFlhVXFc2HxlcQkfB+Xq12/EotHko+x2
 github.com/jarcoal/httpmock v1.4.1/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -132,18 +142,18 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/maxatome/go-testdeep v1.14.0 h1:rRlLv1+kI8eOI3OaBXZwb3O7xY3exRzdW5QyX48g9wI=
 github.com/maxatome/go-testdeep v1.14.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
-github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=
-github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
+github.com/miekg/dns v1.1.70 h1:DZ4u2AV35VJxdD9Fo9fIWm119BsQL5cZU1cQ9s0LkqA=
+github.com/miekg/dns v1.1.70/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0=
 github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
 github.com/nrdcg/goinwx v0.12.0 h1:ujdUqDBnaRSFwzVnImvPHYw3w3m9XgmGImNUw1GyMb4=
 github.com/nrdcg/goinwx v0.12.0/go.mod h1:IrVKd3ZDbFiMjdPgML4CSxZAY9wOoqLvH44zv3NodJ0=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0 h1:eMzyN+jGJbxG4ut278uwIsUo9XacXc711lFjhKnaUso=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0 h1:t34IpOa+8NfmjkU8bdWtYrLrmr346/FGhu8FlpJDQok=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0/go.mod h1:p95/OxVsdx71I2Qrck1GtIS87sRxcTRKXzUi5nWm9NY=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.106.0 h1:4MRzV6spwPHKct+4/ETqkEtr39Hq+0KvxhsgqbgQ2Bo=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.106.0/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.106.0 h1:RxraLVYX3eMUfQ1pDtJVvykEFGheky2YsrUt2HHRDcw=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.106.0/go.mod h1:JLMEKMX8IYPZ1TUSVHAVAbtnNSfP/I8OZQkAnfEMA0I=
 github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
 github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/ovh/go-ovh v1.9.0 h1:6K8VoL3BYjVV3In9tPJUdT7qMx9h0GExN9EXx1r2kKE=
@@ -156,8 +166,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
 github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
-github.com/puzpuzpuz/xsync/v4 v4.4.0 h1:vlSN6/CkEY0pY8KaB0yqo/pCLZvp9nhdbBdjipT4gWo=
-github.com/puzpuzpuz/xsync/v4 v4.4.0/go.mod h1:VJDmTCJMBt8igNxnkQd86r+8KUeN1quSfNKu5bLYFQo=
+github.com/puzpuzpuz/xsync/v4 v4.3.0 h1:w/bWkEJdYuRNYhHn5eXnIT8LzDM1O629X1I9MJSkD7Q=
+github.com/puzpuzpuz/xsync/v4 v4.3.0/go.mod h1:VJDmTCJMBt8igNxnkQd86r+8KUeN1quSfNKu5bLYFQo=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
@@ -178,8 +188,11 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/vultr/govultr/v3 v3.26.1 h1:G/M0rMQKwVSmL+gb0UgETbW5mcQi0Vf/o/ZSGdBCxJw=
 github.com/vultr/govultr/v3 v3.26.1/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
@@ -208,6 +221,8 @@ go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/ratelimit v0.3.1 h1:K4qVE+byfv/B3tC+4nYWP7v/6SimcO7HzHekoMNBma0=
 go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJhRk=
+golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
+golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
 golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
 golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
 golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
@@ -234,14 +249,14 @@ golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
 golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.263.0 h1:UFs7qn8gInIdtk1ZA6eXRXp5JDAnS4x9VRsRVCeKdbk=
-google.golang.org/api v0.263.0/go.mod h1:fAU1xtNNisHgOF5JooAs8rRaTkl2rT3uaoNGo9NS3R8=
+google.golang.org/api v0.260.0 h1:XbNi5E6bOVEj/uLXQRlt6TKuEzMD7zvW/6tNwltE4P4=
+google.golang.org/api v0.260.0/go.mod h1:Shj1j0Phr/9sloYrKomICzdYgsSDImpTxME8rGLaZ/o=
 google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934=
 google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:yJ2HH4EHEDTd3JiLmhds6NkJ17ITVYOdV3m3VKOnws0=
 google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
 google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260114163908-3f89685c29c3 h1:C4WAdL+FbjnGlpp2S+HMVhBeCq2Lcib4xZqfPNF6OoQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260114163908-3f89685c29c3/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
 google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
 google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=

internal/docker/client.go

@@ -14,7 +14,7 @@ import (
 	"unsafe"
 
 	"github.com/docker/cli/cli/connhelper"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/agentpool"
@@ -152,7 +152,7 @@ func NewClient(cfg types.DockerProviderConfig, unique ...bool) (*SharedClient, e
 	if agent.IsDockerHostAgent(host) {
 		a, ok := agentpool.Get(host)
 		if !ok {
-			return nil, fmt.Errorf("agent %q not found", host)
+			panic(fmt.Errorf("agent %q not found", host))
 		}
 		opt = []client.Opt{
 			client.WithHost(agent.DockerHost),
@@ -198,9 +198,7 @@ func NewClient(cfg types.DockerProviderConfig, unique ...bool) (*SharedClient, e
 		opt = append(opt, client.WithTLSClientConfig(cfg.TLS.CAFile, cfg.TLS.CertFile, cfg.TLS.KeyFile))
 	}
 
-	opt = append(opt, client.WithAPIVersionNegotiation())
-
-	client, err := client.NewClientWithOpts(opt...)
+	client, err := client.New(opt...)
 	if err != nil {
 		return nil, err
 	}

internal/docker/container.go

@@ -11,8 +11,9 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/agentpool"
 	"github.com/yusing/godoxy/internal/serialization"
@@ -98,18 +99,18 @@ func UpdatePorts(ctx context.Context, c *types.Container) error {
 	}
 	defer dockerClient.Close()
 
-	inspect, err := dockerClient.ContainerInspect(ctx, c.ContainerID)
+	inspect, err := dockerClient.ContainerInspect(ctx, c.ContainerID, client.ContainerInspectOptions{})
 	if err != nil {
 		return err
 	}
 
-	for port := range inspect.Config.ExposedPorts {
-		proto, portStr := nat.SplitProtoPort(string(port))
+	for port := range inspect.Container.Config.ExposedPorts {
+		proto, portStr := nat.SplitProtoPort(port.String())
 		portInt, _ := nat.ParsePort(portStr)
 		if portInt == 0 {
 			continue
 		}
-		c.PublicPortMapping[portInt] = container.Port{
+		c.PublicPortMapping[portInt] = container.PortSummary{
 			PublicPort:  uint16(portInt), //nolint:gosec
 			PrivatePort: uint16(portInt), //nolint:gosec
 			Type:        proto,
@@ -210,8 +211,8 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 	}
 	if c.Network != "" {
 		v, hasNetwork := helper.NetworkSettings.Networks[c.Network]
-		if hasNetwork && v.IPAddress != "" {
-			c.PrivateHostname = v.IPAddress
+		if hasNetwork && v.IPAddress.IsValid() {
+			c.PrivateHostname = v.IPAddress.String()
 			return
 		}
 		var hasComposeNetwork bool
@@ -219,9 +220,9 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 		if proj := DockerComposeProject(c); proj != "" {
 			newNetwork := fmt.Sprintf("%s_%s", proj, c.Network)
 			v, hasComposeNetwork = helper.NetworkSettings.Networks[newNetwork]
-			if hasComposeNetwork && v.IPAddress != "" {
+			if hasComposeNetwork && v.IPAddress.IsValid() {
 				c.Network = newNetwork // update network to the new one
-				c.PrivateHostname = v.IPAddress
+				c.PrivateHostname = v.IPAddress.String()
 				return
 			}
 		}
@@ -234,9 +235,9 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 	}
 	// fallback to first network if no network is specified
 	for k, v := range helper.NetworkSettings.Networks {
-		if v.IPAddress != "" {
+		if v.IPAddress.IsValid() {
 			c.Network = k // update network to the first network
-			c.PrivateHostname = v.IPAddress
+			c.PrivateHostname = v.IPAddress.String()
 			return
 		}
 	}

internal/docker/container_helper.go

@@ -3,7 +3,7 @@ package docker
 import (
 	"strings"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/yusing/ds/ordered"
 	"github.com/yusing/godoxy/internal/types"
 	strutils "github.com/yusing/goutils/strings"

internal/docker/container_test.go

@@ -3,7 +3,7 @@ package docker
 import (
 	"testing"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/yusing/godoxy/internal/types"
 	expect "github.com/yusing/goutils/testing"
 )

internal/docker/list_containers.go

@@ -3,12 +3,12 @@ package docker
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/types"
 )
 
-var listOptions = container.ListOptions{
+var listOptions = client.ContainerListOptions{
 	// created|restarting|running|removing|paused|exited|dead
 	// Filters: filters.NewArgs(
 	// 	filters.Arg("status", "created"),
@@ -31,7 +31,7 @@ func ListContainers(ctx context.Context, dockerCfg types.DockerProviderConfig) (
 	if err != nil {
 		return nil, err
 	}
-	return containers, nil
+	return containers.Items, nil
 }
 
 func IsErrConnectionFailed(err error) bool {

internal/entrypoint/entrypoint.go

@@ -100,7 +100,7 @@ func (ep *Entrypoint) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		rec := accesslog.GetResponseRecorder(w)
 		w = rec
 		defer func() {
-			ep.accessLogger.LogRequest(r, rec.Response())
+			ep.accessLogger.Log(r, rec.Response())
 			accesslog.PutResponseRecorder(rec)
 		}()
 	}

internal/health/check/docker.go

@@ -2,12 +2,13 @@ package healthcheck
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"net/http"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	"github.com/yusing/godoxy/internal/types"
 	httputils "github.com/yusing/goutils/http"
@@ -43,7 +44,7 @@ func Docker(ctx context.Context, state *DockerHealthcheckState, timeout time.Dur
 	defer cancel()
 
 	// the actual inspect response is intercepted and returned as RequestInterceptedError
-	_, err := state.client.ContainerInspect(ctx, state.containerId)
+	_, err := state.client.ContainerInspect(ctx, state.containerId, client.ContainerInspectOptions{})
 
 	var interceptedErr *httputils.RequestInterceptedError
 	if !httputils.AsRequestInterceptedError(err, &interceptedErr) {
@@ -105,7 +106,7 @@ func interceptDockerInspectResponse(resp *http.Response) (intercepted bool, err
 	}
 
 	var state container.State
-	err = json.Unmarshal(body, &state)
+	err = sonic.Unmarshal(body, &state)
 	release(body)
 	if err != nil {
 		return false, err

internal/health/check/http.go

@@ -76,11 +76,8 @@ func H2C(ctx context.Context, url *url.URL, method, path string, timeout time.Du
 
 	setCommonHeaders(req.Header.Set)
 
-	client := *h2cClient
-	client.Timeout = timeout
-
 	start := time.Now()
-	resp, err := client.Do(req)
+	resp, err := h2cClient.Do(req)
 	lat := time.Since(start)
 
 	if resp != nil {

internal/health/check/stream.go

@@ -12,14 +12,6 @@ import (
 )
 
 func Stream(ctx context.Context, url *url.URL, timeout time.Duration) (types.HealthCheckResult, error) {
-	if port := url.Port(); port == "" || port == "0" {
-		return types.HealthCheckResult{
-			Latency: 0,
-			Healthy: false,
-			Detail:  "no port specified",
-		}, nil
-	}
-
 	dialer := net.Dialer{
 		Timeout:       timeout,
 		FallbackDelay: -1,

internal/homepage/icons/list/list_icons.go

@@ -2,12 +2,12 @@ package iconlist
 
 import (
 	"context"
-	"encoding/json"
 	"net/http"
 	"slices"
 	"strings"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/lithammer/fuzzysearch/fuzzy"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
@@ -55,20 +55,20 @@ func init() {
 
 func InitCache() {
 	m := make(IconMap)
-	err := serialization.LoadFileIfExist(common.IconListCachePath, &m, json.Unmarshal)
+	err := serialization.LoadJSONIfExist(common.IconListCachePath, &m)
 	if err != nil {
 		// backward compatible
 		oldFormat := struct {
 			Icons      IconMap
 			LastUpdate time.Time
 		}{}
-		err = serialization.LoadFileIfExist(common.IconListCachePath, &oldFormat, json.Unmarshal)
+		err = serialization.LoadJSONIfExist(common.IconListCachePath, &oldFormat)
 		if err != nil {
 			log.Error().Err(err).Msg("failed to load icons")
 		} else {
 			m = oldFormat.Icons
 			// store it to disk immediately
-			_ = serialization.SaveFile(common.IconListCachePath, &m, 0o644, json.Marshal)
+			_ = serialization.SaveJSON(common.IconListCachePath, &m, 0o644)
 		}
 	} else if len(m) > 0 {
 		log.Info().
@@ -84,7 +84,7 @@ func InitCache() {
 
 	task.OnProgramExit("save_icons_cache", func() {
 		icons := iconsCache.Load()
-		_ = serialization.SaveFile(common.IconListCachePath, &icons, 0o644, json.Marshal)
+		_ = serialization.SaveJSON(common.IconListCachePath, &icons, 0o644)
 	})
 
 	go backgroundUpdateIcons()
@@ -105,7 +105,7 @@ func backgroundUpdateIcons() {
 				// swap old cache with new cache
 				iconsCache.Store(newCache)
 				// save it to disk
-				err := serialization.SaveFile(common.IconListCachePath, &newCache, 0o644, json.Marshal)
+				err := serialization.SaveJSON(common.IconListCachePath, &newCache, 0o644)
 				if err != nil {
 					log.Warn().Err(err).Msg("failed to save icons")
 				}
@@ -270,7 +270,7 @@ func UpdateWalkxCodeIcons(m IconMap) error {
 	}
 
 	data := make(map[string][]string)
-	err = json.Unmarshal(body, &data)
+	err = sonic.Unmarshal(body, &data)
 	release(body)
 	if err != nil {
 		return err
@@ -349,7 +349,7 @@ func UpdateSelfhstIcons(m IconMap) error {
 	}
 
 	data := make([]SelfhStIcon, 0)
-	err = json.Unmarshal(body, &data) //nolint:musttag
+	err = sonic.Unmarshal(body, &data) //nolint:musttag
 	release(body)
 	if err != nil {
 		return err

internal/homepage/integrations/qbittorrent/client.go

@@ -2,11 +2,11 @@ package qbittorrent
 
 import (
 	"context"
-	"encoding/json"
 	"io"
 	"net/http"
 	"net/url"
 
+	"github.com/bytedance/sonic"
 	"github.com/yusing/godoxy/internal/homepage/widgets"
 	gperr "github.com/yusing/goutils/errs"
 )
@@ -59,7 +59,7 @@ func jsonRequest[T any](ctx context.Context, client *Client, endpoint string, qu
 	}
 	defer resp.Body.Close()
 
-	err = json.NewDecoder(resp.Body).Decode(&result)
+	err = sonic.ConfigDefault.NewDecoder(resp.Body).Decode(&result)
 	if err != nil {
 		return result, err
 	}

internal/homepage/integrations/qbittorrent/logs.go

@@ -2,10 +2,11 @@ package qbittorrent
 
 import (
 	"context"
-	"encoding/json"
 	"net/url"
 	"strconv"
 	"time"
+
+	"github.com/bytedance/sonic"
 )
 
 const endpointLogs = "/api/v2/log/main"
@@ -44,7 +45,7 @@ func (l *LogEntry) Level() string {
 }
 
 func (l *LogEntry) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"id":        l.ID,
 		"timestamp": l.Timestamp,
 		"level":     l.Level(),

internal/idlewatcher/debug.go

@@ -1,10 +1,10 @@
 package idlewatcher
 
 import (
-	"encoding/json"
 	"iter"
 	"strconv"
 
+	"github.com/bytedance/sonic"
 	strutils "github.com/yusing/goutils/strings"
 )
 
@@ -14,7 +14,7 @@ type watcherDebug struct {
 
 func (w watcherDebug) MarshalJSON() ([]byte, error) {
 	state := w.state.Load()
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"name": w.Name(),
 		"state": map[string]string{
 			"status": string(state.status),

internal/idlewatcher/events.go

@@ -1,10 +1,11 @@
 package idlewatcher
 
 import (
-	"encoding/json"
 	"fmt"
 	"io"
 	"time"
+
+	"github.com/bytedance/sonic"
 )
 
 type WakeEvent struct {
@@ -39,7 +40,7 @@ func (w *Watcher) newWakeEvent(eventType WakeEventType, message string, err erro
 }
 
 func (e *WakeEvent) WriteSSE(w io.Writer) error {
-	data, err := json.Marshal(e)
+	data, err := sonic.Marshal(e)
 	if err != nil {
 		return err
 	}

internal/idlewatcher/provider/docker.go

@@ -3,7 +3,8 @@ package provider
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	idlewatcher "github.com/yusing/godoxy/internal/idlewatcher/types"
 	"github.com/yusing/godoxy/internal/types"
@@ -17,7 +18,7 @@ type DockerProvider struct {
 	containerID string
 }
 
-var startOptions = container.StartOptions{}
+var startOptions = client.ContainerStartOptions{}
 
 func NewDockerProvider(dockerCfg types.DockerProviderConfig, containerID string) (idlewatcher.Provider, error) {
 	client, err := docker.NewClient(dockerCfg)
@@ -32,34 +33,41 @@ func NewDockerProvider(dockerCfg types.DockerProviderConfig, containerID string)
 }
 
 func (p *DockerProvider) ContainerPause(ctx context.Context) error {
-	return p.client.ContainerPause(ctx, p.containerID)
+	_, err := p.client.ContainerPause(ctx, p.containerID, client.ContainerPauseOptions{})
+	return err
 }
 
 func (p *DockerProvider) ContainerUnpause(ctx context.Context) error {
-	return p.client.ContainerUnpause(ctx, p.containerID)
+	_, err := p.client.ContainerUnpause(ctx, p.containerID, client.ContainerUnpauseOptions{})
+	return err
 }
 
 func (p *DockerProvider) ContainerStart(ctx context.Context) error {
-	return p.client.ContainerStart(ctx, p.containerID, startOptions)
+	_, err := p.client.ContainerStart(ctx, p.containerID, startOptions)
+	return err
 }
 
 func (p *DockerProvider) ContainerStop(ctx context.Context, signal types.ContainerSignal, timeout int) error {
-	return p.client.ContainerStop(ctx, p.containerID, container.StopOptions{
+	_, err := p.client.ContainerStop(ctx, p.containerID, client.ContainerStopOptions{
 		Signal:  string(signal),
 		Timeout: &timeout,
 	})
+	return err
 }
 
 func (p *DockerProvider) ContainerKill(ctx context.Context, signal types.ContainerSignal) error {
-	return p.client.ContainerKill(ctx, p.containerID, string(signal))
+	_, err := p.client.ContainerKill(ctx, p.containerID, client.ContainerKillOptions{
+		Signal: string(signal),
+	})
+	return err
 }
 
 func (p *DockerProvider) ContainerStatus(ctx context.Context) (idlewatcher.ContainerStatus, error) {
-	status, err := p.client.ContainerInspect(ctx, p.containerID)
+	status, err := p.client.ContainerInspect(ctx, p.containerID, client.ContainerInspectOptions{})
 	if err != nil {
 		return idlewatcher.ContainerStatusError, err
 	}
-	switch status.State.Status {
+	switch status.Container.State.Status {
 	case container.StateRunning:
 		return idlewatcher.ContainerStatusRunning, nil
 	case container.StateExited, container.StateDead, container.StateRestarting:
@@ -67,12 +75,12 @@ func (p *DockerProvider) ContainerStatus(ctx context.Context) (idlewatcher.Conta
 	case container.StatePaused:
 		return idlewatcher.ContainerStatusPaused, nil
 	}
-	return idlewatcher.ContainerStatusError, idlewatcher.ErrUnexpectedContainerStatus.Subject(status.State.Status)
+	return idlewatcher.ContainerStatusError, idlewatcher.ErrUnexpectedContainerStatus.Subject(string(status.Container.State.Status))
 }
 
 func (p *DockerProvider) Watch(ctx context.Context) (eventCh <-chan watcher.Event, errCh <-chan gperr.Error) {
 	return p.watcher.EventsWithOptions(ctx, watcher.DockerListOptions{
-		Filters: watcher.NewDockerFilter(
+		Filters: watcher.NewDockerFilters(
 			watcher.DockerFilterContainer,
 			watcher.DockerFilterContainerNameID(p.containerID),
 			watcher.DockerFilterStart,

internal/idlewatcher/provider/proxmox.go

@@ -26,10 +26,6 @@ const proxmoxStateCheckInterval = 1 * time.Second
 var ErrNodeNotFound = gperr.New("node not found in pool")
 
 func NewProxmoxProvider(ctx context.Context, nodeName string, vmid int) (idlewatcher.Provider, error) {
-	if nodeName == "" || vmid == 0 {
-		return nil, gperr.New("node name and vmid are required")
-	}
-
 	node, ok := proxmox.Nodes.Get(nodeName)
 	if !ok {
 		return nil, ErrNodeNotFound.Subject(nodeName).

internal/idlewatcher/types/config.go

@@ -0,0 +1 @@
+package idlewatcher

internal/idlewatcher/watcher.go

@@ -173,7 +173,7 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *types.IdlewatcherConfig)
 		}
 
 		if !ok {
-			depRoute, ok = routes.GetIncludeExcluded(dep)
+			depRoute, ok = routes.Get(dep)
 			if !ok {
 				depErrors.Addf("dependency %q not found", dep)
 				continue

internal/jsonstore/README.md

@@ -261,7 +261,7 @@ func loadNS[T store](ns namespace) T {
     }
     defer file.Close()
 
-    if err := json.NewDecoder(file).Decode(&store); err != nil {
+    if err := sonic.ConfigDefault.NewDecoder(file).Decode(&store); err != nil {
         log.Err(err).Msg("failed to decode store")
     }
 
@@ -316,7 +316,7 @@ type MapStore[VT any] struct {
 
 ```go
 func (s MapStore[VT]) MarshalJSON() ([]byte, error) {
-    return json.Marshal(xsync.ToPlainMap(s.Map))
+    return sonic.Marshal(xsync.ToPlainMap(s.Map))
 }
 ```
 
@@ -325,7 +325,7 @@ func (s MapStore[VT]) MarshalJSON() ([]byte, error) {
 ```go
 func (s *MapStore[VT]) UnmarshalJSON(data []byte) error {
     tmp := make(map[string]VT)
-    if err := json.Unmarshal(data, &tmp); err != nil {
+    if err := sonic.Unmarshal(data, &tmp); err != nil {
         return err
     }
     s.Map = xsync.NewMap[string, VT](xsync.WithPresize(len(tmp)))
@@ -349,7 +349,7 @@ The jsonstore package integrates with:
 Errors are logged but don't prevent store usage:
 
 ```go
-if err := json.Unmarshal(data, &tmp); err != nil {
+if err := sonic.Unmarshal(data, &tmp); err != nil {
     log.Err(err).
         Str("path", path).
         Msg("failed to load store")

internal/jsonstore/jsonstore.go

@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"reflect"
 
+	"github.com/bytedance/sonic"
 	"github.com/puzpuzpuz/xsync/v4"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
@@ -65,7 +66,7 @@ func loadNS[T store](ns namespace) T {
 		}
 	} else {
 		defer file.Close()
-		if err := json.NewDecoder(file).Decode(&store); err != nil {
+		if err := sonic.ConfigDefault.NewDecoder(file).Decode(&store); err != nil {
 			log.Err(err).
 				Str("path", path).
 				Msg("failed to load store")
@@ -82,8 +83,7 @@ func loadNS[T store](ns namespace) T {
 func save() error {
 	errs := gperr.NewBuilder("failed to save data stores")
 	for ns, store := range stores {
-		path := filepath.Join(storesPath, string(ns)+".json")
-		if err := serialization.SaveFile(path, &store, 0o644, json.Marshal); err != nil {
+		if err := serialization.SaveJSON(filepath.Join(storesPath, string(ns)+".json"), &store, 0o644); err != nil {
 			errs.Add(err)
 		}
 	}
@@ -113,12 +113,12 @@ func (s *MapStore[VT]) Initialize() {
 }
 
 func (s MapStore[VT]) MarshalJSON() ([]byte, error) {
-	return json.Marshal(xsync.ToPlainMap(s.Map))
+	return sonic.Marshal(xsync.ToPlainMap(s.Map))
 }
 
 func (s *MapStore[VT]) UnmarshalJSON(data []byte) error {
 	tmp := make(map[string]VT)
-	if err := json.Unmarshal(data, &tmp); err != nil {
+	if err := sonic.Unmarshal(data, &tmp); err != nil {
 		return err
 	}
 	s.Map = xsync.NewMap[string, VT](xsync.WithPresize(len(tmp)))
@@ -134,10 +134,10 @@ func (obj *ObjectStore[Ptr]) Initialize() {
 }
 
 func (obj ObjectStore[Ptr]) MarshalJSON() ([]byte, error) {
-	return json.Marshal(obj.ptr)
+	return sonic.Marshal(obj.ptr)
 }
 
 func (obj *ObjectStore[Ptr]) UnmarshalJSON(data []byte) error {
 	obj.Initialize()
-	return json.Unmarshal(data, obj.ptr)
+	return sonic.Unmarshal(data, obj.ptr)
 }

internal/logging/accesslog/access_logger.go

@@ -20,20 +20,25 @@ import (
 )
 
 type (
-	File interface {
-		io.WriteCloser
-		supportRotate
-		Name() string
+	AccessLogger interface {
+		Log(req *http.Request, res *http.Response)
+		LogError(req *http.Request, err error)
+		LogACL(info *maxmind.IPInfo, blocked bool)
+
+		Config() *Config
+
+		Flush()
+		Close() error
 	}
 
-	fileAccessLogger struct {
+	accessLogger struct {
 		task *task.Task
 		cfg  *Config
 
-		writer    BufferedWriter
-		file      File
-		writeLock *sync.Mutex
-		closed    bool
+		writer        BufferedWriter
+		supportRotate SupportRotate
+		writeLock     *sync.Mutex
+		closed        bool
 
 		writeCount int64
 		bufSize    int
@@ -43,7 +48,32 @@ type (
 		logger zerolog.Logger
 
 		RequestFormatter
-		ACLLogFormatter
+		ACLFormatter
+	}
+
+	Writer interface {
+		io.WriteCloser
+		ShouldBeBuffered() bool
+		Name() string // file name or path
+	}
+
+	SupportRotate interface {
+		io.Writer
+		supportRotate
+		Name() string
+	}
+
+	AccessLogRotater interface {
+		Rotate(result *RotateResult) (rotated bool, err error)
+	}
+
+	RequestFormatter interface {
+		// AppendRequestLog appends a log line to line with or without a trailing newline
+		AppendRequestLog(line []byte, req *http.Request, res *http.Response) []byte
+	}
+	ACLFormatter interface {
+		// AppendACLLog appends a log line to line with or without a trailing newline
+		AppendACLLog(line []byte, info *maxmind.IPInfo, blocked bool) []byte
 	}
 )
 
@@ -66,87 +96,112 @@ const (
 var bytesPool = synk.GetUnsizedBytesPool()
 var sizedPool = synk.GetSizedBytesPool()
 
-func NewFileAccessLogger(parent task.Parent, file File, anyCfg AnyConfig) AccessLogger {
+func NewAccessLogger(parent task.Parent, cfg AnyConfig) (AccessLogger, error) {
+	writers, err := cfg.Writers()
+	if err != nil {
+		return nil, err
+	}
+
+	return NewMultiAccessLogger(parent, cfg, writers), nil
+}
+
+func NewMockAccessLogger(parent task.Parent, cfg *RequestLoggerConfig) AccessLogger {
+	return NewAccessLoggerWithIO(parent, NewMockFile(true), cfg)
+}
+
+func NewAccessLoggerWithIO(parent task.Parent, writer Writer, anyCfg AnyConfig) AccessLogger {
 	cfg := anyCfg.ToConfig()
 	if cfg.RotateInterval == 0 {
 		cfg.RotateInterval = defaultRotateInterval
 	}
 
-	name := file.Name()
-	l := &fileAccessLogger{
-		task:           parent.Subtask("accesslog."+name, true),
+	l := &accessLogger{
+		task:           parent.Subtask("accesslog."+writer.Name(), true),
 		cfg:            cfg,
 		bufSize:        InitialBufferSize,
 		errRateLimiter: rate.NewLimiter(rate.Every(errRateLimit), errBurst),
-		logger:         log.With().Str("file", name).Logger(),
+		logger:         log.With().Str("file", writer.Name()).Logger(),
 	}
 
-	l.writeLock, _ = writerLocks.LoadOrStore(name, &sync.Mutex{})
+	l.writeLock, _ = writerLocks.LoadOrStore(writer.Name(), &sync.Mutex{})
 
-	l.writer = ioutils.NewBufferedWriter(file, InitialBufferSize)
-	l.file = file
+	if writer.ShouldBeBuffered() {
+		l.writer = ioutils.NewBufferedWriter(writer, InitialBufferSize)
+	} else {
+		l.writer = NewUnbufferedWriter(writer)
+	}
+
+	if supportRotate, ok := writer.(SupportRotate); ok {
+		l.supportRotate = supportRotate
+	}
 
 	if cfg.req != nil {
+		fmt := CommonFormatter{cfg: &cfg.req.Fields}
 		switch cfg.req.Format {
 		case FormatCommon:
-			l.RequestFormatter = CommonFormatter{cfg: &cfg.req.Fields}
+			l.RequestFormatter = &fmt
 		case FormatCombined:
-			l.RequestFormatter = CombinedFormatter{CommonFormatter{cfg: &cfg.req.Fields}}
+			l.RequestFormatter = &CombinedFormatter{fmt}
 		case FormatJSON:
-			l.RequestFormatter = JSONFormatter{cfg: &cfg.req.Fields}
+			l.RequestFormatter = &JSONFormatter{fmt}
 		default: // should not happen, validation has done by validate tags
 			panic("invalid access log format")
 		}
+	} else {
+		l.ACLFormatter = ACLLogFormatter{}
 	}
 
 	go l.start()
 	return l
 }
 
-func (l *fileAccessLogger) Config() *Config {
+func (l *accessLogger) Config() *Config {
 	return l.cfg
 }
 
-func (l *fileAccessLogger) LogRequest(req *http.Request, res *http.Response) {
-	if !l.cfg.ShouldLogRequest(req, res) {
+func (l *accessLogger) shouldLog(req *http.Request, res *http.Response) bool {
+	if !l.cfg.req.Filters.StatusCodes.CheckKeep(req, res) ||
+		!l.cfg.req.Filters.Method.CheckKeep(req, res) ||
+		!l.cfg.req.Filters.Headers.CheckKeep(req, res) ||
+		!l.cfg.req.Filters.CIDR.CheckKeep(req, res) {
+		return false
+	}
+	return true
+}
+
+func (l *accessLogger) Log(req *http.Request, res *http.Response) {
+	if !l.shouldLog(req, res) {
 		return
 	}
 
-	line := bytesPool.GetBuffer()
-	defer bytesPool.PutBuffer(line)
-	l.AppendRequestLog(line, req, res)
-	// line is never empty
-	if line.Bytes()[line.Len()-1] != '\n' {
-		line.WriteByte('\n')
+	line := bytesPool.Get()
+	line = l.AppendRequestLog(line, req, res)
+	if line[len(line)-1] != '\n' {
+		line = append(line, '\n')
 	}
-	l.write(line.Bytes())
+	l.write(line)
+	bytesPool.Put(line)
 }
 
-var internalErrorResponse = &http.Response{
-	StatusCode: http.StatusInternalServerError,
-	Status:     http.StatusText(http.StatusInternalServerError),
+func (l *accessLogger) LogError(req *http.Request, err error) {
+	l.Log(req, &http.Response{StatusCode: http.StatusInternalServerError, Status: err.Error()})
 }
 
-func (l *fileAccessLogger) LogError(req *http.Request, err error) {
-	l.LogRequest(req, internalErrorResponse)
-}
-
-func (l *fileAccessLogger) LogACL(info *maxmind.IPInfo, blocked bool) {
-	line := bytesPool.GetBuffer()
-	defer bytesPool.PutBuffer(line)
-	l.AppendACLLog(line, info, blocked)
-	// line is never empty
-	if line.Bytes()[line.Len()-1] != '\n' {
-		line.WriteByte('\n')
+func (l *accessLogger) LogACL(info *maxmind.IPInfo, blocked bool) {
+	line := bytesPool.Get()
+	line = l.AppendACLLog(line, info, blocked)
+	if line[len(line)-1] != '\n' {
+		line = append(line, '\n')
 	}
-	l.write(line.Bytes())
+	l.write(line)
+	bytesPool.Put(line)
 }
 
-func (l *fileAccessLogger) ShouldRotate() bool {
-	return l.cfg.Retention.IsValid()
+func (l *accessLogger) ShouldRotate() bool {
+	return l.supportRotate != nil && l.cfg.Retention.IsValid()
 }
 
-func (l *fileAccessLogger) Rotate(result *RotateResult) (rotated bool, err error) {
+func (l *accessLogger) Rotate(result *RotateResult) (rotated bool, err error) {
 	if !l.ShouldRotate() {
 		return false, nil
 	}
@@ -155,11 +210,11 @@ func (l *fileAccessLogger) Rotate(result *RotateResult) (rotated bool, err error
 	l.writeLock.Lock()
 	defer l.writeLock.Unlock()
 
-	rotated, err = rotateLogFile(l.file, l.cfg.Retention, result)
+	rotated, err = rotateLogFile(l.supportRotate, l.cfg.Retention, result)
 	return
 }
 
-func (l *fileAccessLogger) handleErr(err error) {
+func (l *accessLogger) handleErr(err error) {
 	if l.errRateLimiter.Allow() {
 		gperr.LogError("failed to write access log", err, &l.logger)
 	} else {
@@ -168,7 +223,7 @@ func (l *fileAccessLogger) handleErr(err error) {
 	}
 }
 
-func (l *fileAccessLogger) start() {
+func (l *accessLogger) start() {
 	defer func() {
 		l.Flush()
 		l.Close()
@@ -204,7 +259,7 @@ func (l *fileAccessLogger) start() {
 	}
 }
 
-func (l *fileAccessLogger) Close() error {
+func (l *accessLogger) Close() error {
 	l.writeLock.Lock()
 	defer l.writeLock.Unlock()
 	if l.closed {
@@ -215,7 +270,7 @@ func (l *fileAccessLogger) Close() error {
 	return l.writer.Close()
 }
 
-func (l *fileAccessLogger) Flush() {
+func (l *accessLogger) Flush() {
 	l.writeLock.Lock()
 	defer l.writeLock.Unlock()
 	if l.closed {
@@ -224,7 +279,7 @@ func (l *fileAccessLogger) Flush() {
 	l.writer.Flush()
 }
 
-func (l *fileAccessLogger) write(data []byte) {
+func (l *accessLogger) write(data []byte) {
 	l.writeLock.Lock()
 	defer l.writeLock.Unlock()
 	if l.closed {
@@ -239,7 +294,7 @@ func (l *fileAccessLogger) write(data []byte) {
 	atomic.AddInt64(&l.writeCount, int64(n))
 }
 
-func (l *fileAccessLogger) adjustBuffer() {
+func (l *accessLogger) adjustBuffer() {
 	wps := int(atomic.SwapInt64(&l.writeCount, 0)) / int(bufferAdjustInterval.Seconds())
 	origBufSize := l.bufSize
 	newBufSize := origBufSize

internal/logging/accesslog/access_logger_test.go

@@ -1,7 +1,6 @@
 package accesslog_test
 
 import (
-	"bytes"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -54,13 +53,13 @@ var (
 )
 
 func fmtLog(cfg *RequestLoggerConfig) (ts string, line string) {
-	buf := bytes.NewBuffer(make([]byte, 0, 1024))
+	buf := make([]byte, 0, 1024)
 
 	t := time.Now()
 	logger := NewMockAccessLogger(testTask, cfg)
 	mockable.MockTimeNow(t)
-	logger.(RequestFormatter).AppendRequestLog(buf, req, resp)
-	return t.Format(LogTimeFormat), buf.String()
+	buf = logger.(RequestFormatter).AppendRequestLog(buf, req, resp)
+	return t.Format(LogTimeFormat), string(buf)
 }
 
 func TestAccessLoggerCommon(t *testing.T) {
@@ -142,6 +141,9 @@ func TestAccessLoggerJSON(t *testing.T) {
 	expect.Equal(t, entry.UserAgent, ua)
 	expect.Equal(t, len(entry.Headers), 0)
 	expect.Equal(t, len(entry.Cookies), 0)
+	if status >= 400 {
+		expect.Equal(t, entry.Error, http.StatusText(status))
+	}
 }
 
 func BenchmarkAccessLoggerJSON(b *testing.B) {
@@ -150,7 +152,7 @@ func BenchmarkAccessLoggerJSON(b *testing.B) {
 	logger := NewMockAccessLogger(testTask, config)
 	b.ResetTimer()
 	for b.Loop() {
-		logger.LogRequest(req, resp)
+		logger.Log(req, resp)
 	}
 }
 
@@ -160,6 +162,6 @@ func BenchmarkAccessLoggerCombined(b *testing.B) {
 	logger := NewMockAccessLogger(testTask, config)
 	b.ResetTimer()
 	for b.Loop() {
-		logger.LogRequest(req, resp)
+		logger.Log(req, resp)
 	}
 }

internal/logging/accesslog/back_scanner.go

@@ -13,9 +13,10 @@ type ReaderAtSeeker interface {
 
 // BackScanner provides an interface to read a file backward line by line.
 type BackScanner struct {
-	file     ReaderAtSeeker
-	size     int64
-	chunkBuf []byte
+	file      ReaderAtSeeker
+	size      int64
+	chunkSize int
+	chunkBuf  []byte
 
 	offset int64
 	chunk  []byte
@@ -26,25 +27,16 @@ type BackScanner struct {
 // NewBackScanner creates a new Scanner to read the file backward.
 // chunkSize determines the size of each read chunk from the end of the file.
 func NewBackScanner(file ReaderAtSeeker, fileSize int64, chunkSize int) *BackScanner {
-	return newBackScanner(file, fileSize, sizedPool.GetSized(chunkSize))
+	return newBackScanner(file, fileSize, make([]byte, chunkSize))
 }
 
 func newBackScanner(file ReaderAtSeeker, fileSize int64, buf []byte) *BackScanner {
 	return &BackScanner{
-		file:     file,
-		size:     fileSize,
-		offset:   fileSize,
-		chunkBuf: buf,
-	}
-}
-
-// Release releases the buffer back to the pool.
-func (s *BackScanner) Release() {
-	sizedPool.Put(s.chunkBuf)
-	s.chunkBuf = nil
-	if s.chunk != nil {
-		sizedPool.Put(s.chunk)
-		s.chunk = nil
+		file:      file,
+		size:      fileSize,
+		offset:    fileSize,
+		chunkSize: len(buf),
+		chunkBuf:  buf,
 	}
 }
 
@@ -72,14 +64,13 @@ func (s *BackScanner) Scan() bool {
 				// No more data to read; check remaining buffer
 				if len(s.chunk) > 0 {
 					s.line = s.chunk
-					sizedPool.Put(s.chunk)
 					s.chunk = nil
 					return true
 				}
 				return false
 			}
 
-			newOffset := max(0, s.offset-int64(len(s.chunkBuf)))
+			newOffset := max(0, s.offset-int64(s.chunkSize))
 			chunkSize := s.offset - newOffset
 			chunk := s.chunkBuf[:chunkSize]
 
@@ -94,19 +85,8 @@ func (s *BackScanner) Scan() bool {
 			}
 
 			// Prepend the chunk to the buffer
-			if s.chunk == nil { // first chunk
-				s.chunk = sizedPool.GetSized(2 * len(s.chunkBuf))
-				copy(s.chunk, chunk[:n])
-				s.chunk = s.chunk[:n]
-			} else {
-				neededSize := n + len(s.chunk)
-				newChunk := sizedPool.GetSized(max(neededSize, 2*len(s.chunkBuf)))
-				copy(newChunk, chunk[:n])
-				copy(newChunk[n:], s.chunk)
-				sizedPool.Put(s.chunk)
-				s.chunk = newChunk[:neededSize]
-			}
-
+			clone := append([]byte{}, chunk[:n]...)
+			s.chunk = append(clone, s.chunk...)
 			s.offset = newOffset
 
 			// Check for newline in the updated buffer
@@ -131,3 +111,12 @@ func (s *BackScanner) Bytes() []byte {
 func (s *BackScanner) Err() error {
 	return s.err
 }
+
+func (s *BackScanner) Reset() error {
+	_, err := s.file.Seek(0, io.SeekStart)
+	if err != nil {
+		return err
+	}
+	*s = *newBackScanner(s.file, s.size, s.chunkBuf)
+	return nil
+}

internal/logging/accesslog/back_scanner_test.go

@@ -1,17 +1,15 @@
 package accesslog
 
 import (
-	"bytes"
 	"fmt"
-	"math/rand/v2"
 	"net/http"
 	"net/http/httptest"
 	"os"
-	"strconv"
 	"strings"
 	"testing"
 
 	"github.com/spf13/afero"
+	expect "github.com/yusing/goutils/testing"
 
 	strutils "github.com/yusing/goutils/strings"
 	"github.com/yusing/goutils/task"
@@ -137,40 +135,88 @@ func TestBackScannerWithVaryingChunkSizes(t *testing.T) {
 	}
 }
 
-var logEntry = func() func() []byte {
+func logEntry() []byte {
 	accesslog := NewMockAccessLogger(task.RootTask("test", false), &RequestLoggerConfig{
 		Format: FormatJSON,
 	})
-
-	contentTypes := []string{"application/json", "text/html", "text/plain", "application/xml", "application/x-www-form-urlencoded"}
-	userAgents := []string{"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/120.0", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/120.0", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/120.0"}
-	methods := []string{"GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"}
-	paths := []string{"/", "/about", "/contact", "/login", "/logout", "/register", "/profile"}
-
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		allocSize := rand.IntN(8192)
-		w.Header().Set("Content-Type", contentTypes[rand.IntN(len(contentTypes))])
-		w.Header().Set("Content-Length", strconv.Itoa(allocSize))
-		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte("hello"))
 	}))
 	srv.URL = "http://localhost:8080"
-
-	return func() []byte {
-		// make a request to the server
-		req, _ := http.NewRequest(http.MethodGet, srv.URL, nil)
-		res := httptest.NewRecorder()
-		req.Header.Set("User-Agent", userAgents[rand.IntN(len(userAgents))])
-		req.Method = methods[rand.IntN(len(methods))]
-		req.URL.Path = paths[rand.IntN(len(paths))]
-		// server the request
-		srv.Config.Handler.ServeHTTP(res, req)
-		b := bytes.NewBuffer(make([]byte, 0, 1024))
-		accesslog.(RequestFormatter).AppendRequestLog(b, req, res.Result())
-		return b.Bytes()
+	defer srv.Close()
+	// make a request to the server
+	req, _ := http.NewRequest(http.MethodGet, srv.URL, nil)
+	res := httptest.NewRecorder()
+	// server the request
+	srv.Config.Handler.ServeHTTP(res, req)
+	b := accesslog.(RequestFormatter).AppendRequestLog(nil, req, res.Result())
+	if b[len(b)-1] != '\n' {
+		b = append(b, '\n')
 	}
-}()
+	return b
+}
+
+func TestReset(t *testing.T) {
+	file, err := afero.TempFile(afero.NewOsFs(), "", "accesslog")
+	if err != nil {
+		t.Fatalf("failed to create temp file: %v", err)
+	}
+	defer os.Remove(file.Name())
+	line := logEntry()
+	nLines := 1000
+	for range nLines {
+		_, err := file.Write(line)
+		if err != nil {
+			t.Fatalf("failed to write to temp file: %v", err)
+		}
+	}
+	linesRead := 0
+	stat, _ := file.Stat()
+	s := NewBackScanner(file, stat.Size(), defaultChunkSize)
+	for s.Scan() {
+		linesRead++
+	}
+	if err := s.Err(); err != nil {
+		t.Errorf("scanner error: %v", err)
+	}
+	expect.Equal(t, linesRead, nLines)
+	err = s.Reset()
+	if err != nil {
+		t.Errorf("failed to reset scanner: %v", err)
+	}
+
+	linesRead = 0
+	for s.Scan() {
+		linesRead++
+	}
+	if err := s.Err(); err != nil {
+		t.Errorf("scanner error: %v", err)
+	}
+	expect.Equal(t, linesRead, nLines)
+}
 
 // 100000 log entries.
+func BenchmarkBackScanner(b *testing.B) {
+	mockFile := NewMockFile(false)
+	line := logEntry()
+	for range 100000 {
+		_, _ = mockFile.Write(line)
+	}
+	for i := range 14 {
+		chunkSize := (2 << i) * kilobyte
+		scanner := NewBackScanner(mockFile, mockFile.MustSize(), chunkSize)
+		name := strutils.FormatByteSize(chunkSize)
+		b.ResetTimer()
+		b.Run(name, func(b *testing.B) {
+			for b.Loop() {
+				_ = scanner.Reset()
+				for scanner.Scan() {
+				}
+			}
+		})
+	}
+}
+
 func BenchmarkBackScannerRealFile(b *testing.B) {
 	file, err := afero.TempFile(afero.NewOsFs(), "", "accesslog")
 	if err != nil {
@@ -178,58 +224,51 @@ func BenchmarkBackScannerRealFile(b *testing.B) {
 	}
 	defer os.Remove(file.Name())
 
-	buf := bytes.NewBuffer(nil)
-	for range 100000 {
-		buf.Write(logEntry())
+	for range 10000 {
+		_, err = file.Write(logEntry())
+		if err != nil {
+			b.Fatalf("failed to write to temp file: %v", err)
+		}
 	}
 
-	fSize := int64(buf.Len())
-	_, err = file.Write(buf.Bytes())
-	if err != nil {
-		b.Fatalf("failed to write to file: %v", err)
+	stat, _ := file.Stat()
+	scanner := NewBackScanner(file, stat.Size(), 256*kilobyte)
+	b.ResetTimer()
+	for scanner.Scan() {
 	}
-
-	// file position does not matter, Seek not needed
-
-	for i := range 12 {
-		chunkSize := (2 << i) * kilobyte
-		name := strutils.FormatByteSize(chunkSize)
-		b.ResetTimer()
-		b.Run(name, func(b *testing.B) {
-			for b.Loop() {
-				scanner := NewBackScanner(file, fSize, chunkSize)
-				for scanner.Scan() {
-				}
-				scanner.Release()
-			}
-		})
+	if err := scanner.Err(); err != nil {
+		b.Errorf("scanner error: %v", err)
 	}
 }
 
 /*
-BenchmarkBackScannerRealFile
-BenchmarkBackScannerRealFile/2_KiB
-BenchmarkBackScannerRealFile/2_KiB-10                 21          51796773 ns/op             619 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/4_KiB
-BenchmarkBackScannerRealFile/4_KiB-10                 36          32081281 ns/op             699 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/8_KiB
-BenchmarkBackScannerRealFile/8_KiB-10                 57          22155619 ns/op             847 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/16_KiB
-BenchmarkBackScannerRealFile/16_KiB-10                62          21323125 ns/op            1449 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/32_KiB
-BenchmarkBackScannerRealFile/32_KiB-10                63          17534883 ns/op            2729 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/64_KiB
-BenchmarkBackScannerRealFile/64_KiB-10                73          17877029 ns/op            4617 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/128_KiB
-BenchmarkBackScannerRealFile/128_KiB-10               75          17797267 ns/op            8866 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/256_KiB
-BenchmarkBackScannerRealFile/256_KiB-10               67          16732108 ns/op           19691 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/512_KiB
-BenchmarkBackScannerRealFile/512_KiB-10               70          17121683 ns/op           37577 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/1_MiB
-BenchmarkBackScannerRealFile/1_MiB-10                 51          19615791 ns/op          102930 B/op          1 allocs/op
-BenchmarkBackScannerRealFile/2_MiB
-BenchmarkBackScannerRealFile/2_MiB-10                 26          41744928 ns/op        77595287 B/op         57 allocs/op
-BenchmarkBackScannerRealFile/4_MiB
-BenchmarkBackScannerRealFile/4_MiB-10                 22          48081521 ns/op        79692224 B/op         49 allocs/op
+BenchmarkBackScanner
+BenchmarkBackScanner/2_KiB
+BenchmarkBackScanner/2_KiB-20         	      52	  23254071 ns/op	67596663 B/op	   26420 allocs/op
+BenchmarkBackScanner/4_KiB
+BenchmarkBackScanner/4_KiB-20         	      55	  20961059 ns/op	62529378 B/op	   13211 allocs/op
+BenchmarkBackScanner/8_KiB
+BenchmarkBackScanner/8_KiB-20         	      64	  18242460 ns/op	62951141 B/op	    6608 allocs/op
+BenchmarkBackScanner/16_KiB
+BenchmarkBackScanner/16_KiB-20        	      52	  20162076 ns/op	62940256 B/op	    3306 allocs/op
+BenchmarkBackScanner/32_KiB
+BenchmarkBackScanner/32_KiB-20        	      54	  19247968 ns/op	67553645 B/op	    1656 allocs/op
+BenchmarkBackScanner/64_KiB
+BenchmarkBackScanner/64_KiB-20        	      60	  20909046 ns/op	64053342 B/op	     827 allocs/op
+BenchmarkBackScanner/128_KiB
+BenchmarkBackScanner/128_KiB-20       	      68	  17759890 ns/op	62201945 B/op	     414 allocs/op
+BenchmarkBackScanner/256_KiB
+BenchmarkBackScanner/256_KiB-20       	      52	  19531877 ns/op	61030487 B/op	     208 allocs/op
+BenchmarkBackScanner/512_KiB
+BenchmarkBackScanner/512_KiB-20       	      54	  19124656 ns/op	61030485 B/op	     208 allocs/op
+BenchmarkBackScanner/1_MiB
+BenchmarkBackScanner/1_MiB-20         	      67	  17078936 ns/op	61030495 B/op	     208 allocs/op
+BenchmarkBackScanner/2_MiB
+BenchmarkBackScanner/2_MiB-20         	      66	  18467421 ns/op	61030492 B/op	     208 allocs/op
+BenchmarkBackScanner/4_MiB
+BenchmarkBackScanner/4_MiB-20         	      68	  17214573 ns/op	61030486 B/op	     208 allocs/op
+BenchmarkBackScanner/8_MiB
+BenchmarkBackScanner/8_MiB-20         	      57	  18235229 ns/op	61030492 B/op	     208 allocs/op
+BenchmarkBackScanner/16_MiB
+BenchmarkBackScanner/16_MiB-20        	      57	  19343441 ns/op	61030499 B/op	     208 allocs/op
 */

internal/logging/accesslog/config.go

@@ -1,7 +1,6 @@
 package accesslog
 
 import (
-	"net/http"
 	"time"
 
 	"github.com/yusing/godoxy/internal/serialization"
@@ -10,15 +9,16 @@ import (
 
 type (
 	ConfigBase struct {
-		Path           string        `json:"path,omitempty"`
+		B              int           `json:"buffer_size"` // Deprecated: buffer size is adjusted dynamically
+		Path           string        `json:"path"`
 		Stdout         bool          `json:"stdout"`
 		Retention      *Retention    `json:"retention" aliases:"keep"`
 		RotateInterval time.Duration `json:"rotate_interval,omitempty" swaggertype:"primitive,integer"`
-	} // @name AccessLoggerConfigBase
+	}
 	ACLLoggerConfig struct {
 		ConfigBase
 		LogAllowed bool `json:"log_allowed"`
-	} // @name ACLLoggerConfig
+	}
 	RequestLoggerConfig struct {
 		ConfigBase
 		Format  Format  `json:"format" validate:"oneof=common combined json"`
@@ -32,21 +32,21 @@ type (
 	}
 	AnyConfig interface {
 		ToConfig() *Config
-		Writers() ([]File, error)
+		Writers() ([]Writer, error)
 	}
 
 	Format  string
 	Filters struct {
-		StatusCodes LogFilter[*StatusCodeRange] `json:"status_codes,omitzero"`
-		Method      LogFilter[HTTPMethod]       `json:"method,omitzero"`
-		Host        LogFilter[Host]             `json:"host,omitzero"`
-		Headers     LogFilter[*HTTPHeader]      `json:"headers,omitzero"` // header exists or header == value
-		CIDR        LogFilter[*CIDR]            `json:"cidr,omitzero"`
+		StatusCodes LogFilter[*StatusCodeRange] `json:"status_codes"`
+		Method      LogFilter[HTTPMethod]       `json:"method"`
+		Host        LogFilter[Host]             `json:"host"`
+		Headers     LogFilter[*HTTPHeader]      `json:"headers"` // header exists or header == value
+		CIDR        LogFilter[*CIDR]            `json:"cidr"`
 	}
 	Fields struct {
-		Headers FieldConfig `json:"headers,omitzero" aliases:"header"`
-		Query   FieldConfig `json:"query,omitzero" aliases:"queries"`
-		Cookies FieldConfig `json:"cookies,omitzero" aliases:"cookie"`
+		Headers FieldConfig `json:"headers" aliases:"header"`
+		Query   FieldConfig `json:"query" aliases:"queries"`
+		Cookies FieldConfig `json:"cookies" aliases:"cookie"`
 	}
 )
 
@@ -66,17 +66,17 @@ func (cfg *ConfigBase) Validate() gperr.Error {
 }
 
 // Writers returns a list of writers for the config.
-func (cfg *ConfigBase) Writers() ([]File, error) {
-	writers := make([]File, 0, 2)
+func (cfg *ConfigBase) Writers() ([]Writer, error) {
+	writers := make([]Writer, 0, 2)
 	if cfg.Path != "" {
-		f, err := OpenFile(cfg.Path)
+		io, err := NewFileIO(cfg.Path)
 		if err != nil {
 			return nil, err
 		}
-		writers = append(writers, f)
+		writers = append(writers, io)
 	}
 	if cfg.Stdout {
-		writers = append(writers, stdout)
+		writers = append(writers, NewStdout())
 	}
 	return writers, nil
 }
@@ -95,16 +95,6 @@ func (cfg *RequestLoggerConfig) ToConfig() *Config {
 	}
 }
 
-func (cfg *Config) ShouldLogRequest(req *http.Request, res *http.Response) bool {
-	if cfg.req == nil {
-		return true
-	}
-	return cfg.req.Filters.StatusCodes.CheckKeep(req, res) &&
-		cfg.req.Filters.Method.CheckKeep(req, res) &&
-		cfg.req.Filters.Headers.CheckKeep(req, res) &&
-		cfg.req.Filters.CIDR.CheckKeep(req, res)
-}
-
 func DefaultRequestLoggerConfig() *RequestLoggerConfig {
 	return &RequestLoggerConfig{
 		ConfigBase: ConfigBase{

internal/logging/accesslog/console_logger.go

@@ -1,73 +0,0 @@
-package accesslog
-
-import (
-	"net/http"
-	"os"
-
-	"github.com/rs/zerolog"
-	maxmind "github.com/yusing/godoxy/internal/maxmind/types"
-)
-
-type ConsoleLogger struct {
-	cfg *Config
-
-	formatter ConsoleFormatter
-}
-
-var stdoutLogger = func() *zerolog.Logger {
-	l := zerolog.New(zerolog.NewConsoleWriter(func(w *zerolog.ConsoleWriter) {
-		w.Out = os.Stdout
-		w.TimeFormat = zerolog.TimeFieldFormat
-		w.FieldsOrder = []string{
-			"uri", "protocol", "type", "size",
-			"useragent", "query", "headers", "cookies",
-			"error", "iso_code", "time_zone"}
-	})).With().Str("level", zerolog.InfoLevel.String()).Timestamp().Logger()
-	return &l
-}()
-
-// placeholder for console logger
-var stdout File = &sharedFileHandle{}
-
-func NewConsoleLogger(cfg *Config) AccessLogger {
-	if cfg == nil {
-		panic("accesslog: NewConsoleLogger called with nil config")
-	}
-	l := &ConsoleLogger{
-		cfg: cfg,
-	}
-	if cfg.req != nil {
-		l.formatter = ConsoleFormatter{cfg: &cfg.req.Fields}
-	}
-	return l
-}
-
-func (l *ConsoleLogger) Config() *Config {
-	return l.cfg
-}
-
-func (l *ConsoleLogger) LogRequest(req *http.Request, res *http.Response) {
-	if !l.cfg.ShouldLogRequest(req, res) {
-		return
-	}
-
-	l.formatter.LogRequestZeroLog(stdoutLogger, req, res)
-}
-
-func (l *ConsoleLogger) LogError(req *http.Request, err error) {
-	log := stdoutLogger.With().Err(err).Logger()
-	l.formatter.LogRequestZeroLog(&log, req, internalErrorResponse)
-}
-
-func (l *ConsoleLogger) LogACL(info *maxmind.IPInfo, blocked bool) {
-	ConsoleACLFormatter{}.LogACLZeroLog(stdoutLogger, info, blocked)
-}
-
-func (l *ConsoleLogger) Flush() {
-	// No-op for console logger
-}
-
-func (l *ConsoleLogger) Close() error {
-	// No-op for console logger
-	return nil
-}

internal/logging/accesslog/file_logger.go

@@ -11,8 +11,8 @@ import (
 	"github.com/yusing/goutils/synk"
 )
 
-type sharedFileHandle struct {
-	*os.File
+type File struct {
+	f *os.File
 
 	// os.File.Name() may not equal to key of `openedFiles`.
 	// Store it for later delete from `openedFiles`.
@@ -22,18 +22,18 @@ type sharedFileHandle struct {
 }
 
 var (
-	openedFiles   = make(map[string]*sharedFileHandle)
+	openedFiles   = make(map[string]*File)
 	openedFilesMu sync.Mutex
 )
 
-// OpenFile creates a new file writer with cleaned path.
+// NewFileIO creates a new file writer with cleaned path.
 //
 // If the file is already opened, it will be returned.
-func OpenFile(path string) (File, error) {
+func NewFileIO(path string) (Writer, error) {
 	openedFilesMu.Lock()
 	defer openedFilesMu.Unlock()
 
-	var file *sharedFileHandle
+	var file *File
 	var err error
 
 	// make it absolute path, so that we can use it as key of `openedFiles` and shared lock
@@ -53,38 +53,65 @@ func OpenFile(path string) (File, error) {
 		return nil, fmt.Errorf("access log open error: %w", err)
 	}
 	if _, err := f.Seek(0, io.SeekEnd); err != nil {
-		f.Close()
 		return nil, fmt.Errorf("access log seek error: %w", err)
 	}
-
-	file = &sharedFileHandle{File: f, path: path, refCount: synk.NewRefCounter()}
+	file = &File{f: f, path: path, refCount: synk.NewRefCounter()}
 	openedFiles[path] = file
-
-	log.Debug().Str("path", path).Msg("file opened")
-
 	go file.closeOnZero()
 	return file, nil
 }
 
-func (f *sharedFileHandle) Name() string {
+// Name returns the absolute path of the file.
+func (f *File) Name() string {
 	return f.path
 }
 
-func (f *sharedFileHandle) Close() error {
+func (f *File) ShouldBeBuffered() bool {
+	return true
+}
+
+func (f *File) Write(p []byte) (n int, err error) {
+	return f.f.Write(p)
+}
+
+func (f *File) ReadAt(p []byte, off int64) (n int, err error) {
+	return f.f.ReadAt(p, off)
+}
+
+func (f *File) WriteAt(p []byte, off int64) (n int, err error) {
+	return f.f.WriteAt(p, off)
+}
+
+func (f *File) Seek(offset int64, whence int) (int64, error) {
+	return f.f.Seek(offset, whence)
+}
+
+func (f *File) Size() (int64, error) {
+	stat, err := f.f.Stat()
+	if err != nil {
+		return 0, err
+	}
+	return stat.Size(), nil
+}
+
+func (f *File) Truncate(size int64) error {
+	return f.f.Truncate(size)
+}
+
+func (f *File) Close() error {
 	f.refCount.Sub()
 	return nil
 }
 
-func (f *sharedFileHandle) closeOnZero() {
-	defer log.Debug().Str("path", f.path).Msg("file closed")
+func (f *File) closeOnZero() {
+	defer log.Debug().
+		Str("path", f.path).
+		Msg("access log closed")
 
 	<-f.refCount.Zero()
 
 	openedFilesMu.Lock()
 	delete(openedFiles, f.path)
 	openedFilesMu.Unlock()
-	err := f.File.Close()
-	if err != nil {
-		log.Error().Str("path", f.path).Err(err).Msg("failed to close file")
-	}
+	f.f.Close()
 }

internal/logging/accesslog/file_logger_test.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/yusing/goutils/task"
-	"golang.org/x/sync/errgroup"
 )
 
 func TestConcurrentFileLoggersShareSameAccessLogIO(t *testing.T) {
@@ -19,7 +18,7 @@ func TestConcurrentFileLoggersShareSameAccessLogIO(t *testing.T) {
 	cfg.Path = "test.log"
 
 	loggerCount := runtime.GOMAXPROCS(0)
-	accessLogIOs := make([]File, loggerCount)
+	accessLogIOs := make([]Writer, loggerCount)
 
 	// make test log file
 	file, err := os.Create(cfg.Path)
@@ -29,20 +28,16 @@ func TestConcurrentFileLoggersShareSameAccessLogIO(t *testing.T) {
 		assert.NoError(t, os.Remove(cfg.Path))
 	})
 
-	var errs errgroup.Group
+	var wg sync.WaitGroup
 	for i := range loggerCount {
-		errs.Go(func() error {
-			file, err := OpenFile(cfg.Path)
-			if err != nil {
-				return err
-			}
+		wg.Go(func() {
+			file, err := NewFileIO(cfg.Path)
+			assert.NoError(t, err)
 			accessLogIOs[i] = file
-			return nil
 		})
 	}
 
-	err = errs.Wait()
-	assert.NoError(t, err)
+	wg.Wait()
 
 	firstIO := accessLogIOs[0]
 	for _, io := range accessLogIOs {
@@ -63,7 +58,7 @@ func TestConcurrentAccessLoggerLogAndFlush(t *testing.T) {
 			loggers := make([]AccessLogger, loggerCount)
 
 			for i := range loggerCount {
-				loggers[i] = NewFileAccessLogger(parent, file, cfg)
+				loggers[i] = NewAccessLoggerWithIO(parent, file, cfg)
 			}
 
 			req, _ := http.NewRequest(http.MethodGet, "http://example.com", nil)
@@ -92,7 +87,7 @@ func concurrentLog(logger AccessLogger, req *http.Request, resp *http.Response,
 	var wg sync.WaitGroup
 	for range n {
 		wg.Go(func() {
-			logger.LogRequest(req, resp)
+			logger.Log(req, resp)
 			if rand.IntN(2) == 0 {
 				logger.Flush()
 			}

internal/logging/accesslog/formatter.go

@@ -16,11 +16,9 @@ type (
 	CommonFormatter struct {
 		cfg *Fields
 	}
-	CombinedFormatter   struct{ CommonFormatter }
-	JSONFormatter       struct{ cfg *Fields }
-	ConsoleFormatter    struct{ cfg *Fields }
-	ACLLogFormatter     struct{}
-	ConsoleACLFormatter struct{}
+	CombinedFormatter struct{ CommonFormatter }
+	JSONFormatter     struct{ CommonFormatter }
+	ACLLogFormatter   struct{}
 )
 
 const LogTimeFormat = "02/Jan/2006:15:04:05 -0700"
@@ -32,26 +30,24 @@ func scheme(req *http.Request) string {
 	return "http"
 }
 
-func appendRequestURI(line *bytes.Buffer, req *http.Request, query iter.Seq2[string, []string]) {
+func appendRequestURI(line []byte, req *http.Request, query iter.Seq2[string, []string]) []byte {
 	uri := req.URL.EscapedPath()
-	line.WriteString(uri)
+	line = append(line, uri...)
 	isFirst := true
 	for k, v := range query {
 		if isFirst {
-			line.WriteByte('?')
+			line = append(line, '?')
 			isFirst = false
 		} else {
-			line.WriteByte('&')
+			line = append(line, '&')
 		}
-		for i, val := range v {
-			if i > 0 {
-				line.WriteByte('&')
-			}
-			line.WriteString(k)
-			line.WriteByte('=')
-			line.WriteString(val)
+		line = append(line, k...)
+		line = append(line, '=')
+		for _, v := range v {
+			line = append(line, v...)
 		}
 	}
+	return line
 }
 
 func clientIP(req *http.Request) string {
@@ -62,51 +58,50 @@ func clientIP(req *http.Request) string {
 	return req.RemoteAddr
 }
 
-func (f CommonFormatter) AppendRequestLog(line *bytes.Buffer, req *http.Request, res *http.Response) {
+func (f *CommonFormatter) AppendRequestLog(line []byte, req *http.Request, res *http.Response) []byte {
 	query := f.cfg.Query.IterQuery(req.URL.Query())
 
-	line.WriteString(req.Host)
-	line.WriteByte(' ')
+	line = append(line, req.Host...)
+	line = append(line, ' ')
 
-	line.WriteString(clientIP(req))
-	line.WriteString(" - - [")
+	line = append(line, clientIP(req)...)
+	line = append(line, " - - ["...)
 
-	line.WriteString(mockable.TimeNow().Format(LogTimeFormat))
-	line.WriteString("] \"")
+	line = mockable.TimeNow().AppendFormat(line, LogTimeFormat)
+	line = append(line, `] "`...)
 
-	line.WriteString(req.Method)
-	line.WriteByte(' ')
-	appendRequestURI(line, req, query)
-	line.WriteByte(' ')
-	line.WriteString(req.Proto)
-	line.WriteByte('"')
-	line.WriteByte(' ')
+	line = append(line, req.Method...)
+	line = append(line, ' ')
+	line = appendRequestURI(line, req, query)
+	line = append(line, ' ')
+	line = append(line, req.Proto...)
+	line = append(line, '"')
+	line = append(line, ' ')
 
-	line.WriteString(strconv.FormatInt(int64(res.StatusCode), 10))
-	line.WriteByte(' ')
-	line.WriteString(strconv.FormatInt(res.ContentLength, 10))
+	line = strconv.AppendInt(line, int64(res.StatusCode), 10)
+	line = append(line, ' ')
+	line = strconv.AppendInt(line, res.ContentLength, 10)
+	return line
 }
 
-func (f CombinedFormatter) AppendRequestLog(line *bytes.Buffer, req *http.Request, res *http.Response) {
-	f.CommonFormatter.AppendRequestLog(line, req, res)
-	line.WriteString(" \"")
-	line.WriteString(req.Referer())
-	line.WriteString("\" \"")
-	line.WriteString(req.UserAgent())
-	line.WriteByte('"')
+func (f *CombinedFormatter) AppendRequestLog(line []byte, req *http.Request, res *http.Response) []byte {
+	line = f.CommonFormatter.AppendRequestLog(line, req, res)
+	line = append(line, " \""...)
+	line = append(line, req.Referer()...)
+	line = append(line, "\" \""...)
+	line = append(line, req.UserAgent()...)
+	line = append(line, '"')
+	return line
 }
 
-func (f JSONFormatter) AppendRequestLog(line *bytes.Buffer, req *http.Request, res *http.Response) {
-	logger := zerolog.New(line)
-	f.LogRequestZeroLog(&logger, req, res)
-}
-
-func (f JSONFormatter) LogRequestZeroLog(logger *zerolog.Logger, req *http.Request, res *http.Response) {
+func (f *JSONFormatter) AppendRequestLog(line []byte, req *http.Request, res *http.Response) []byte {
 	query := f.cfg.Query.ZerologQuery(req.URL.Query())
 	headers := f.cfg.Headers.ZerologHeaders(req.Header)
 	cookies := f.cfg.Cookies.ZerologCookies(req.Cookies())
 	contentType := res.Header.Get("Content-Type")
 
+	writer := bytes.NewBuffer(line)
+	logger := zerolog.New(writer)
 	event := logger.Info().
 		Str("time", mockable.TimeNow().Format(LogTimeFormat)).
 		Str("ip", clientIP(req)).
@@ -124,33 +119,22 @@ func (f JSONFormatter) LogRequestZeroLog(logger *zerolog.Logger, req *http.Reque
 		Object("headers", headers).
 		Object("cookies", cookies)
 
+	if res.StatusCode >= 400 {
+		if res.Status != "" {
+			event.Str("error", res.Status)
+		} else {
+			event.Str("error", http.StatusText(res.StatusCode))
+		}
+	}
+
 	// NOTE: zerolog will append a newline to the buffer
 	event.Send()
+	return writer.Bytes()
 }
 
-func (f ConsoleFormatter) LogRequestZeroLog(logger *zerolog.Logger, req *http.Request, res *http.Response) {
-	contentType := res.Header.Get("Content-Type")
-
-	var reqURI bytes.Buffer
-	appendRequestURI(&reqURI, req, f.cfg.Query.IterQuery(req.URL.Query()))
-
-	event := logger.Info().
-		Bytes("uri", reqURI.Bytes()).
-		Str("protocol", req.Proto).
-		Str("type", contentType).
-		Int64("size", res.ContentLength).
-		Str("useragent", req.UserAgent())
-
-	// NOTE: zerolog will append a newline to the buffer
-	event.Msgf("[%d] %s %s://%s from %s", res.StatusCode, req.Method, scheme(req), req.Host, clientIP(req))
-}
-
-func (f ACLLogFormatter) AppendACLLog(line *bytes.Buffer, info *maxmind.IPInfo, blocked bool) {
-	logger := zerolog.New(line)
-	f.LogACLZeroLog(&logger, info, blocked)
-}
-
-func (f ACLLogFormatter) LogACLZeroLog(logger *zerolog.Logger, info *maxmind.IPInfo, blocked bool) {
+func (f ACLLogFormatter) AppendACLLog(line []byte, info *maxmind.IPInfo, blocked bool) []byte {
+	writer := bytes.NewBuffer(line)
+	logger := zerolog.New(writer)
 	event := logger.Info().
 		Str("time", mockable.TimeNow().Format(LogTimeFormat)).
 		Str("ip", info.Str)
@@ -160,32 +144,10 @@ func (f ACLLogFormatter) LogACLZeroLog(logger *zerolog.Logger, info *maxmind.IPI
 		event.Str("action", "allow")
 	}
 	if info.City != nil {
-		if isoCode := info.City.Country.IsoCode; isoCode != "" {
-			event.Str("iso_code", isoCode)
-		}
-		if timeZone := info.City.Location.TimeZone; timeZone != "" {
-			event.Str("time_zone", timeZone)
-		}
+		event.Str("iso_code", info.City.Country.IsoCode)
+		event.Str("time_zone", info.City.Location.TimeZone)
 	}
 	// NOTE: zerolog will append a newline to the buffer
 	event.Send()
-}
-
-func (f ConsoleACLFormatter) LogACLZeroLog(logger *zerolog.Logger, info *maxmind.IPInfo, blocked bool) {
-	event := logger.Info()
-	if info.City != nil {
-		if isoCode := info.City.Country.IsoCode; isoCode != "" {
-			event.Str("iso_code", isoCode)
-		}
-		if timeZone := info.City.Location.TimeZone; timeZone != "" {
-			event.Str("time_zone", timeZone)
-		}
-	}
-	action := "accepted"
-	if blocked {
-		action = "denied"
-	}
-
-	// NOTE: zerolog will append a newline to the buffer
-	event.Msgf("request %s from %s", action, info.Str)
+	return writer.Bytes()
 }

internal/logging/accesslog/mock_file.go

@@ -13,7 +13,7 @@ type MockFile struct {
 	buffered bool
 }
 
-var _ File = (*MockFile)(nil)
+var _ SupportRotate = (*MockFile)(nil)
 
 func NewMockFile(buffered bool) *MockFile {
 	f, _ := afero.TempFile(afero.NewMemMapFs(), "", "")
@@ -52,9 +52,14 @@ func (m *MockFile) NumLines() int {
 	return count
 }
 
-func (m *MockFile) MustSize() int64 {
+func (m *MockFile) Size() (int64, error) {
 	stat, _ := m.Stat()
-	return stat.Size()
+	return stat.Size(), nil
+}
+
+func (m *MockFile) MustSize() int64 {
+	size, _ := m.Size()
+	return size
 }
 
 func (m *MockFile) Close() error {

internal/logging/accesslog/multi_access_logger.go

@@ -15,21 +15,14 @@ type MultiAccessLogger struct {
 //
 // If there is only one writer, it will return a single AccessLogger.
 // Otherwise, it will return a MultiAccessLogger that writes to all the writers.
-func NewMultiAccessLogger(parent task.Parent, cfg AnyConfig, writers []File) AccessLogger {
+func NewMultiAccessLogger(parent task.Parent, cfg AnyConfig, writers []Writer) AccessLogger {
 	if len(writers) == 1 {
-		if writers[0] == stdout {
-			return NewConsoleLogger(cfg.ToConfig())
-		}
-		return NewFileAccessLogger(parent, writers[0], cfg)
+		return NewAccessLoggerWithIO(parent, writers[0], cfg)
 	}
 
 	accessLoggers := make([]AccessLogger, len(writers))
 	for i, writer := range writers {
-		if writer == stdout {
-			accessLoggers[i] = NewConsoleLogger(cfg.ToConfig())
-		} else {
-			accessLoggers[i] = NewFileAccessLogger(parent, writer, cfg)
-		}
+		accessLoggers[i] = NewAccessLoggerWithIO(parent, writer, cfg)
 	}
 	return &MultiAccessLogger{accessLoggers}
 }
@@ -38,9 +31,9 @@ func (m *MultiAccessLogger) Config() *Config {
 	return m.accessLoggers[0].Config()
 }
 
-func (m *MultiAccessLogger) LogRequest(req *http.Request, res *http.Response) {
+func (m *MultiAccessLogger) Log(req *http.Request, res *http.Response) {
 	for _, accessLogger := range m.accessLoggers {
-		accessLogger.LogRequest(req, res)
+		accessLogger.Log(req, res)
 	}
 }
 

internal/logging/accesslog/multi_access_logger_test.go

@@ -16,7 +16,7 @@ func TestNewMultiAccessLogger(t *testing.T) {
 	testTask := task.RootTask("test", false)
 	cfg := DefaultRequestLoggerConfig()
 
-	writers := []File{
+	writers := []Writer{
 		NewMockFile(true),
 		NewMockFile(true),
 	}
@@ -30,7 +30,7 @@ func TestMultiAccessLoggerConfig(t *testing.T) {
 	cfg := DefaultRequestLoggerConfig()
 	cfg.Format = FormatCommon
 
-	writers := []File{
+	writers := []Writer{
 		NewMockFile(true),
 		NewMockFile(true),
 	}
@@ -48,7 +48,7 @@ func TestMultiAccessLoggerLog(t *testing.T) {
 
 	writer1 := NewMockFile(true)
 	writer2 := NewMockFile(true)
-	writers := []File{writer1, writer2}
+	writers := []Writer{writer1, writer2}
 
 	logger := NewMultiAccessLogger(testTask, cfg, writers)
 
@@ -68,7 +68,7 @@ func TestMultiAccessLoggerLog(t *testing.T) {
 		ContentLength: 100,
 	}
 
-	logger.LogRequest(req, resp)
+	logger.Log(req, resp)
 	logger.Flush()
 
 	expect.Equal(t, writer1.NumLines(), 1)
@@ -81,7 +81,7 @@ func TestMultiAccessLoggerLogError(t *testing.T) {
 
 	writer1 := NewMockFile(true)
 	writer2 := NewMockFile(true)
-	writers := []File{writer1, writer2}
+	writers := []Writer{writer1, writer2}
 
 	logger := NewMultiAccessLogger(testTask, cfg, writers)
 
@@ -107,7 +107,7 @@ func TestMultiAccessLoggerLogACL(t *testing.T) {
 
 	writer1 := NewMockFile(true)
 	writer2 := NewMockFile(true)
-	writers := []File{writer1, writer2}
+	writers := []Writer{writer1, writer2}
 
 	logger := NewMultiAccessLogger(testTask, cfg, writers)
 
@@ -129,7 +129,7 @@ func TestMultiAccessLoggerFlush(t *testing.T) {
 
 	writer1 := NewMockFile(true)
 	writer2 := NewMockFile(true)
-	writers := []File{writer1, writer2}
+	writers := []Writer{writer1, writer2}
 
 	logger := NewMultiAccessLogger(testTask, cfg, writers)
 
@@ -143,7 +143,7 @@ func TestMultiAccessLoggerFlush(t *testing.T) {
 		StatusCode: http.StatusOK,
 	}
 
-	logger.LogRequest(req, resp)
+	logger.Log(req, resp)
 	logger.Flush()
 
 	expect.Equal(t, writer1.NumLines(), 1)
@@ -156,7 +156,7 @@ func TestMultiAccessLoggerClose(t *testing.T) {
 
 	writer1 := NewMockFile(true)
 	writer2 := NewMockFile(true)
-	writers := []File{writer1, writer2}
+	writers := []Writer{writer1, writer2}
 
 	logger := NewMultiAccessLogger(testTask, cfg, writers)
 
@@ -170,7 +170,7 @@ func TestMultiAccessLoggerMultipleLogs(t *testing.T) {
 
 	writer1 := NewMockFile(true)
 	writer2 := NewMockFile(true)
-	writers := []File{writer1, writer2}
+	writers := []Writer{writer1, writer2}
 
 	logger := NewMultiAccessLogger(testTask, cfg, writers)
 
@@ -185,7 +185,7 @@ func TestMultiAccessLoggerMultipleLogs(t *testing.T) {
 		resp := &http.Response{
 			StatusCode: http.StatusOK,
 		}
-		logger.LogRequest(req, resp)
+		logger.Log(req, resp)
 	}
 
 	logger.Flush()
@@ -199,7 +199,7 @@ func TestMultiAccessLoggerSingleWriter(t *testing.T) {
 	cfg := DefaultRequestLoggerConfig()
 
 	writer := NewMockFile(true)
-	writers := []File{writer}
+	writers := []Writer{writer}
 
 	logger := NewMultiAccessLogger(testTask, cfg, writers)
 	expect.NotNil(t, logger)
@@ -214,7 +214,7 @@ func TestMultiAccessLoggerSingleWriter(t *testing.T) {
 		StatusCode: http.StatusOK,
 	}
 
-	logger.LogRequest(req, resp)
+	logger.Log(req, resp)
 	logger.Flush()
 
 	expect.Equal(t, writer.NumLines(), 1)
@@ -226,7 +226,7 @@ func TestMultiAccessLoggerMixedOperations(t *testing.T) {
 
 	writer1 := NewMockFile(true)
 	writer2 := NewMockFile(true)
-	writers := []File{writer1, writer2}
+	writers := []Writer{writer1, writer2}
 
 	logger := NewMultiAccessLogger(testTask, cfg, writers)
 
@@ -241,7 +241,7 @@ func TestMultiAccessLoggerMixedOperations(t *testing.T) {
 		StatusCode: http.StatusOK,
 	}
 
-	logger.LogRequest(req, resp)
+	logger.Log(req, resp)
 	logger.Flush()
 
 	info := &maxmind.IPInfo{