feat(metrics): add IsExcluded field to RouteUptimeAggregate for enhanced status tracking

- updated swagger

.github/workflows/docker-image-socket-proxy.yml

@@ -6,13 +6,12 @@ on:
       - main
     paths:
       - "socket-proxy/**"
+      - "socket-proxy.Dockerfile"
+      - ".github/workflows/docker-image-socket-proxy.yml"
     tags-ignore:
-      - '**'
+      - "**"
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   build:
     uses: ./.github/workflows/docker-image.yml

.github/workflows/merge-main-into-compat.yml

@@ -0,0 +1,39 @@
+name: Cherry-pick into Compat
+
+on:
+  push:
+    tags:
+      - v*
+    paths:
+      - ".github/workflows/merge-main-into-compat.yml"
+
+jobs:
+  cherry-pick:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Configure git user
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+      - name: Cherry-pick commits from last tag
+        run: |
+          git fetch origin compat
+          git checkout compat
+          CURRENT_TAG=${{ github.ref_name }}
+          PREV_TAG=$(git describe --tags --abbrev=0 $CURRENT_TAG^ 2>/dev/null || echo "")
+
+          if [ -z "$PREV_TAG" ]; then
+            echo "No previous tag found. Cherry-picking all commits up to $CURRENT_TAG"
+            git rev-list --reverse --no-merges $CURRENT_TAG | xargs -r git cherry-pick
+          else
+            echo "Cherry-picking commits from $PREV_TAG to $CURRENT_TAG"
+            git rev-list --reverse --no-merges $PREV_TAG..$CURRENT_TAG | xargs -r git cherry-pick
+          fi
+      - name: Push compat
+        run: |
+          git push origin compat

.gitignore

@@ -40,3 +40,4 @@ tsconfig.tsbuildinfo
 
 !agent.compose.yml
 !agent/pkg/**
+dev-data/

Dockerfile

@@ -1,5 +1,5 @@
 # Stage 1: deps
-FROM golang:1.25.3-alpine AS deps
+FROM golang:1.25.5-alpine AS deps
 HEALTHCHECK NONE
 
 # package version does not matter
@@ -19,7 +19,9 @@ COPY go.mod go.sum ./
 # remove godoxy stuff from go.mod first
 RUN --mount=type=cache,target=/root/.cache/go-build \
   --mount=type=cache,target=/root/go/pkg/mod \
-  sed -i '/^module github\.com\/yusing\/godoxy/!{/github\.com\/yusing\/godoxy/d}' go.mod && go mod download -x
+  sed -i '/^module github\.com\/yusing\/godoxy/!{/github\.com\/yusing\/godoxy/d}' go.mod && \
+  sed -i '/^module github\.com\/yusing\/goutils/!{/github\.com\/yusing\/goutils/d}' go.mod && \
+  go mod download -x
 
 # Stage 2: builder
 FROM deps AS builder

Jenkinsfile

@@ -0,0 +1,11 @@
+node {
+  stage('SCM') {
+    checkout scm
+  }
+  stage('SonarQube Analysis') {
+    def scannerHome = tool 'SonarScanner';
+    withSonarQubeEnv() {
+      sh "${scannerHome}/bin/sonar-scanner"
+    }
+  }
+}

Makefile

@@ -35,7 +35,7 @@ else ifeq ($(debug), 1)
 	CGO_ENABLED = 1
 	GODOXY_DEBUG = 1
 	GO_TAGS += debug
-	BUILD_FLAGS += -asan # FIXME: -gcflags=all='-N -l'
+	# FIXME: BUILD_FLAGS += -asan -gcflags=all='-N -l'
 else ifeq ($(pprof), 1)
 	CGO_ENABLED = 0
 	GORACE = log_path=logs/pprof strip_path_prefix=$(shell pwd)/ halt_on_error=1
@@ -80,6 +80,7 @@ test:
 docker-build-test:
 	docker build -t godoxy .
 	docker build --build-arg=MAKE_ARGS=agent=1 -t godoxy-agent .
+	docker build --build-arg=MAKE_ARGS=socket-proxy=1 -t godoxy-socket-proxy .
 
 go_ver := $(shell go version | cut -d' ' -f3 | cut -d'o' -f2)
 files := $(shell find . -name go.mod -type f -or -name Dockerfile -type f)
@@ -110,7 +111,7 @@ mod-tidy:
 
 build:
 	mkdir -p $(shell dirname ${BIN_PATH})
-	cd ${PWD} && go build ${BUILD_FLAGS} -o ${BIN_PATH} ./cmd
+	go build -C ${PWD} ${BUILD_FLAGS} -o ${BIN_PATH} ./cmd
 	${POST_BUILD}
 
 run:
@@ -141,12 +142,13 @@ ci-test:
 	act -n --artifact-server-path /tmp/artifacts -s GITHUB_TOKEN="$$(gh auth token)"
 
 cloc:
-	cloc --include-lang=Go --not-match-f '_test.go$$' .
+	scc -w -i go --not-match '_test.go$'
 
 push-github:
 	git push origin $(shell git rev-parse --abbrev-ref HEAD)
 
 gen-swagger:
+  # go install github.com/swaggo/swag/cmd/swag@latest
 	swag init --parseDependency --parseInternal --parseFuncBody -g handler.go -d internal/api -o internal/api/v1/docs
 	python3 scripts/fix-swagger-json.py
 	# we don't need this

agent/go.mod

@@ -1,14 +1,16 @@
 module github.com/yusing/godoxy/agent
 
-go 1.25.3
+go 1.25.5
 
-replace github.com/yusing/godoxy => ..
-
-replace github.com/yusing/godoxy/socketproxy => ../socket-proxy
-
-replace github.com/shirou/gopsutil/v4 => ../internal/gopsutil
-
-replace github.com/yusing/goutils => ../goutils
+replace (
+	github.com/shirou/gopsutil/v4 => ../internal/gopsutil
+	github.com/yusing/godoxy => ../
+	github.com/yusing/godoxy/socketproxy => ../socket-proxy
+	github.com/yusing/goutils => ../goutils
+	github.com/yusing/goutils/http/reverseproxy => ../goutils/http/reverseproxy
+	github.com/yusing/goutils/http/websocket => ../goutils/http/websocket
+	github.com/yusing/goutils/server => ../goutils/server
+)
 
 exclude github.com/containerd/nerdctl/mod/tigron v0.0.0
 
@@ -20,96 +22,106 @@ require (
 	github.com/rs/zerolog v1.34.0
 	github.com/stretchr/testify v1.11.1
 	github.com/valyala/fasthttp v1.68.0
-	github.com/yusing/godoxy v0.20.2
+	github.com/yusing/godoxy v0.20.10
 	github.com/yusing/godoxy/socketproxy v0.0.0-00010101000000-000000000000
 	github.com/yusing/goutils v0.7.0
+	github.com/yusing/goutils/http/reverseproxy v0.0.0-20251217162119-cb0f79b51ce2
+	github.com/yusing/goutils/server v0.0.0-20251217162119-cb0f79b51ce2
 )
 
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/PuerkitoBio/goquery v1.10.3 // indirect
+	github.com/PuerkitoBio/goquery v1.11.0 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/andybalholm/cascadia v1.3.3 // indirect
+	github.com/buger/goterm v1.0.4 // indirect
 	github.com/bytedance/gopkg v0.1.3 // indirect
 	github.com/bytedance/sonic/loader v0.4.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/diskfs/go-diskfs v1.7.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/cli v28.5.1+incompatible // indirect
-	github.com/docker/docker v28.5.1+incompatible // indirect
+	github.com/djherbis/times v1.6.0 // indirect
+	github.com/docker/cli v29.1.3+incompatible // indirect
 	github.com/docker/go-connections v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/ebitengine/purego v0.9.0 // indirect
+	github.com/ebitengine/purego v0.9.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
+	github.com/go-acme/lego/v4 v4.30.1 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.28.0 // indirect
+	github.com/go-playground/validator/v10 v10.30.1 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/goccy/go-yaml v1.19.1 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gotify/server/v2 v2.7.3 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
+	github.com/jinzhu/copier v0.4.0 // indirect
 	github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 // indirect
-	github.com/klauspost/compress v1.18.1 // indirect
+	github.com/klauspost/compress v1.18.2 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lithammer/fuzzysearch v1.1.8 // indirect
 	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
+	github.com/luthermonson/go-proxmox v0.2.4 // indirect
+	github.com/magefile/mage v1.15.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/miekg/dns v1.1.69 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
-	github.com/moby/sys/sequential v0.6.0 // indirect
+	github.com/moby/moby/api v1.52.0 // indirect
+	github.com/moby/moby/client v0.2.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
+	github.com/oschwald/maxminddb-golang v1.13.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pires/go-proxyproto v0.8.1 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/quic-go/qpack v0.5.1 // indirect
-	github.com/quic-go/quic-go v0.55.0 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.58.0 // indirect
 	github.com/samber/lo v1.52.0 // indirect
 	github.com/samber/slog-common v0.19.0 // indirect
-	github.com/samber/slog-zerolog/v2 v2.8.0 // indirect
-	github.com/shirou/gopsutil/v4 v4.25.9 // indirect
+	github.com/samber/slog-zerolog/v2 v2.9.0 // indirect
+	github.com/shirou/gopsutil/v4 v4.25.11 // indirect
 	github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af // indirect
-	github.com/tklauser/go-sysconf v0.3.15 // indirect
-	github.com/tklauser/numcpus v0.10.0 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/tklauser/go-sysconf v0.3.16 // indirect
+	github.com/tklauser/numcpus v0.11.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/vincent-petithory/dataurl v1.0.0 // indirect
 	github.com/yusing/ds v0.3.1 // indirect
 	github.com/yusing/gointernals v0.1.16 // indirect
+	github.com/yusing/goutils/http/websocket v0.0.0-20251217162119-cb0f79b51ce2 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
-	go.opentelemetry.io/otel v1.38.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
-	go.opentelemetry.io/otel/metric v1.38.0 // indirect
-	go.opentelemetry.io/otel/trace v1.38.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.8.0 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
-	golang.org/x/arch v0.22.0 // indirect
-	golang.org/x/crypto v0.43.0 // indirect
-	golang.org/x/mod v0.29.0 // indirect
-	golang.org/x/net v0.46.0 // indirect
-	golang.org/x/sync v0.17.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/text v0.30.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
-	google.golang.org/protobuf v1.36.10 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
+	golang.org/x/arch v0.23.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/mod v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	golang.org/x/time v0.14.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gotest.tools/v3 v3.5.2 // indirect
 )

agent/go.sum

@@ -1,9 +1,9 @@
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/PuerkitoBio/goquery v1.10.3 h1:pFYcNSqHxBD06Fpj/KsbStFRsgRATgnf3LeXiUkhzPo=
-github.com/PuerkitoBio/goquery v1.10.3/go.mod h1:tMUX0zDMHXYlAQk6p35XxQMqMweEKB7iK7iLNd4RH4Y=
+github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
+github.com/PuerkitoBio/goquery v1.11.0/go.mod h1:wQHgxUOU3JGuj3oD/QFfxUdlzW6xPHfqyHre6VMY4DQ=
+github.com/anchore/go-lzo v0.1.0 h1:NgAacnzqPeGH49Ky19QKLBZEuFRqtTG9cdaucc3Vncs=
+github.com/anchore/go-lzo v0.1.0/go.mod h1:3kLx0bve2oN1iDwgM1U5zGku1Tfbdb0No5qp1eL1fIk=
 github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
 github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/andybalholm/cascadia v1.3.3 h1:AG2YHrzJIm4BZ19iwJ/DAua6Btl3IwJX+VI4kktS1LM=
@@ -18,16 +18,16 @@ github.com/bytedance/sonic/loader v0.4.0 h1:olZ7lEqcxtZygCK9EKYKADnpQoYkRQxaeY2N
 github.com/bytedance/sonic/loader v0.4.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
 github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
-github.com/coreos/go-oidc/v3 v3.16.0 h1:qRQUCFstKpXwmEjDQTIbyY/5jF00+asXzSkmkoa/mow=
-github.com/coreos/go-oidc/v3 v3.16.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
+github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
+github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -39,28 +39,28 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
-github.com/docker/cli v28.5.1+incompatible h1:ESutzBALAD6qyCLqbQSEf1a/U8Ybms5agw59yGVc+yY=
-github.com/docker/cli v28.5.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v28.5.1+incompatible h1:Bm8DchhSD2J6PsFzxC35TZo4TLGR2PdW/E69rU45NhM=
-github.com/docker/docker v28.5.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/cli v29.1.3+incompatible h1:+kz9uDWgs+mAaIZojWfFt4d53/jv0ZUOOoSh5ZnH36c=
+github.com/docker/cli v29.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/ebitengine/purego v0.9.0 h1:mh0zpKBIXDceC63hpvPuGLiJ8ZAa3DfrFTudmfi8A4k=
-github.com/ebitengine/purego v0.9.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
+github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab h1:h1UgjJdAAhj+uPL68n7XASS6bU+07ZX1WJvVS2eyoeY=
+github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab/go.mod h1:GLo/8fDswSAniFG+BFIaiSPcK610jyzgEhWYPQwuQdw=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
-github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
+github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
 github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
-github.com/go-acme/lego/v4 v4.27.0 h1:cIhWd7Uj4BNFLEF3IpwuMkukVVRs5qjlp4KdUGa75yU=
-github.com/go-acme/lego/v4 v4.27.0/go.mod h1:9FfNZHZmg6hf5CWOp4Lzo4gU8aBEvqZvrwdkBboa+4g=
+github.com/go-acme/lego/v4 v4.30.1 h1:tmb6U0lvy8Mc3lQbqKwTat7oAhE8FUYNJ3D0gSg6pJU=
+github.com/go-acme/lego/v4 v4.30.1/go.mod h1:V7m/Ip+EeFkjOe028+zeH+SwWtESxw1LHelwMIfAjm4=
 github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
 github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -77,14 +77,16 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
-github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
+github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
+github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
+github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
+github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
-github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/goccy/go-yaml v1.19.1 h1:3rG3+v8pkhRqoQ/88NYNMHYVGYztCOCIZ7UQhu7H+NE=
+github.com/goccy/go-yaml v1.19.1/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
 github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
@@ -100,14 +102,16 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gotify/server/v2 v2.7.3 h1:nro/ZnxdlZFvxFcw9LREGA8zdk6CK744azwhuhX/A4g=
 github.com/gotify/server/v2 v2.7.3/go.mod h1:VAtE1RIc/2j886PYs9WPQbMjqbFsoyQ0G8IdFtnAxU0=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
+github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE=
+github.com/h2non/gock v1.2.0/go.mod h1:tNhoxHYW2W42cYkYb1WqzdbYIieALC99kpYr7rH/BQk=
+github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
+github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/Kgo2/7xNSUuC5G28VR8ljfrLKU2G4IjU=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12/go.mod h1:TBzl5BIHNXfS9+C35ZyJaklL7mLDbgUkcgXzSLa8Tk0=
-github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co=
-github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0=
+github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
+github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -120,8 +124,8 @@ github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8
 github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ5ajtkr5xPLts4=
 github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=
 github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
-github.com/luthermonson/go-proxmox v0.2.3 h1:NAjUJ5Jd1ynIK6UHMGd/VLGgNZWpGXhfL+DBmAVSEaA=
-github.com/luthermonson/go-proxmox v0.2.3/go.mod h1:oyFgg2WwTEIF0rP6ppjiixOHa5ebK1p8OaRiFhvICBQ=
+github.com/luthermonson/go-proxmox v0.2.4 h1:XQ6YNUTVvHS7N4EJxWpuqWLW2s1VPtsIblxLV/rGHLw=
+github.com/luthermonson/go-proxmox v0.2.4/go.mod h1:oyFgg2WwTEIF0rP6ppjiixOHa5ebK1p8OaRiFhvICBQ=
 github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
 github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
@@ -131,23 +135,19 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
-github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
+github.com/miekg/dns v1.1.69 h1:Kb7Y/1Jo+SG+a2GtfoFUfDkG//csdRPwRLkCsxDG9Sc=
+github.com/miekg/dns v1.1.69/go.mod h1:7OyjD9nEba5OkqQ/hB4fy3PIoxafSZJtducccIelz3g=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
-github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
-github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
-github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
+github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
+github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
+github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -156,10 +156,13 @@ github.com/oschwald/maxminddb-golang v1.13.1 h1:G3wwjdN9JmIK2o/ermkHM+98oX5fS+k5
 github.com/oschwald/maxminddb-golang v1.13.1/go.mod h1:K4pgV9N/GcK694KSTmVSDTODk4IsCNThNdTmnaBZ/F8=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
+github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
+github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pires/go-proxyproto v0.8.1 h1:9KEixbdJfhrbtjpz/ZwCdWDD2Xem0NZ38qMYaASJgp0=
 github.com/pires/go-proxyproto v0.8.1/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
+github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -167,10 +170,10 @@ github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/puzpuzpuz/xsync/v4 v4.2.0 h1:dlxm77dZj2c3rxq0/XNvvUKISAmovoXF4a4qM6Wvkr0=
 github.com/puzpuzpuz/xsync/v4 v4.2.0/go.mod h1:VJDmTCJMBt8igNxnkQd86r+8KUeN1quSfNKu5bLYFQo=
-github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
-github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
-github.com/quic-go/quic-go v0.55.0 h1:zccPQIqYCXDt5NmcEabyYvOnomjs8Tlwl7tISjJh9Mk=
-github.com/quic-go/quic-go v0.55.0/go.mod h1:DR51ilwU1uE164KuWXhinFcKWGlEjzys2l8zUl5Ss1U=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
+github.com/quic-go/quic-go v0.58.0 h1:ggY2pvZaVdB9EyojxL1p+5mptkuHyX5MOSv4dgWF4Ug=
+github.com/quic-go/quic-go v0.58.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
@@ -180,8 +183,8 @@ github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw=
 github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
 github.com/samber/slog-common v0.19.0 h1:fNcZb8B2uOLooeYwFpAlKjkQTUafdjfqKcwcC89G9YI=
 github.com/samber/slog-common v0.19.0/go.mod h1:dTz+YOU76aH007YUU0DffsXNsGFQRQllPQh9XyNoA3M=
-github.com/samber/slog-zerolog/v2 v2.8.0 h1:K3+PJieRyi2rX/eaJZ95EdmpY/pzdeDd3jRnIQZG6kU=
-github.com/samber/slog-zerolog/v2 v2.8.0/go.mod h1:gnQW9VnCfM34v2pRMUIGMsZOVbYLqY/v0Wxu6atSVGc=
+github.com/samber/slog-zerolog/v2 v2.9.0 h1:6LkOabJmZdNLaUWkTC3IVVA+dq7b/V0FM6lz6/7+THI=
+github.com/samber/slog-zerolog/v2 v2.9.0/go.mod h1:gnQW9VnCfM34v2pRMUIGMsZOVbYLqY/v0Wxu6atSVGc=
 github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af h1:Sp5TG9f7K39yfB+If0vjp97vuT74F72r8hfRpP8jLU0=
 github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
@@ -197,14 +200,16 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4=
-github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4=
-github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso=
-github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ=
+github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
+github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
+github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
+github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
 github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
+github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.68.0 h1:v12Nx16iepr8r9ySOwqI+5RBJ/DqTxhOy1HrHoDFnok=
@@ -222,45 +227,39 @@ github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg=
-go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
-go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 h1:bDMKF3RUSxshZ5OjOTi8rsHGaPKsAt76FaqgvIUySLc=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0/go.mod h1:dDT67G/IkA46Mr2l9Uj7HsQVwsjASyV9SjGofsiUZDA=
-go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
-go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
-go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
-go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
-go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
-go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
-go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
-go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
-go.opentelemetry.io/proto/otlp v1.8.0 h1:fRAZQDcAFHySxpJ1TwlA1cJ4tvcrw7nXl9xWWC8N5CE=
-go.opentelemetry.io/proto/otlp v1.8.0/go.mod h1:tIeYOeNBU4cvmPqpaji1P+KbB4Oloai8wN4rWzRrFF0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
-go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
-golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
-golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
+go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
+golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
+golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
-golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
-golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@@ -270,10 +269,10 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
-golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
-golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
-golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -281,15 +280,16 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -301,8 +301,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
-golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -321,8 +321,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
-golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -331,18 +331,11 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto v0.0.0-20250908214217-97024824d090 h1:ywCL7vA2n3vVHyf+bx1ZV/knaTPRI8GIeKY0MEhEeOc=
-google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 h1:8XJ4pajGwOlasW+L13MnEGA8W4115jJySQtVfS2/IBU=
-google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4/go.mod h1:NnuHhy+bxcg30o7FnVAZbXsPHUDQ9qKWAQKCD7VxFtk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
-google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
-google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
-google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
-google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -351,3 +344,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

agent/pkg/agent/http_requests.go

@@ -60,11 +60,8 @@ func (cfg *AgentConfig) DoHealthCheck(timeout time.Duration, query string) (ret
 	}
 
 	if status := resp.StatusCode(); status != http.StatusOK {
-		// clone body since fasthttp response will be released
-		body := resp.Body()
-		cloneBody := make([]byte, len(body))
-		copy(cloneBody, body)
-		return ret, fmt.Errorf("HTTP %d %s", status, cloneBody)
+		ret.Detail = fmt.Sprintf("HTTP %d %s", status, resp.Body())
+		return ret, nil
 	} else {
 		err = sonic.Unmarshal(resp.Body(), &ret)
 		if err != nil {

agent/pkg/handler/check_health.go

@@ -1,6 +1,7 @@
 package handler
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -12,8 +13,6 @@ import (
 	"github.com/yusing/godoxy/internal/watcher/health/monitor"
 )
 
-var defaultHealthConfig = types.DefaultHealthConfig()
-
 func CheckHealth(w http.ResponseWriter, r *http.Request) {
 	query := r.URL.Query()
 	scheme := query.Get("scheme")
@@ -49,7 +48,7 @@ func CheckHealth(w http.ResponseWriter, r *http.Request) {
 			Scheme: scheme,
 			Host:   host,
 			Path:   path,
-		}, defaultHealthConfig).CheckHealth()
+		}, healthCheckConfigFromRequest(r)).CheckHealth()
 	case "tcp", "udp":
 		host := query.Get("host")
 		if host == "" {
@@ -68,7 +67,7 @@ func CheckHealth(w http.ResponseWriter, r *http.Request) {
 		result, err = monitor.NewRawHealthMonitor(&url.URL{
 			Scheme: scheme,
 			Host:   host,
-		}, defaultHealthConfig).CheckHealth()
+		}, healthCheckConfigFromRequest(r)).CheckHealth()
 	}
 
 	if err != nil {
@@ -80,3 +79,13 @@ func CheckHealth(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 	sonic.ConfigDefault.NewEncoder(w).Encode(result)
 }
+
+func healthCheckConfigFromRequest(r *http.Request) types.HealthCheckConfig {
+	// we only need timeout and base context because it's one shot request
+	return types.HealthCheckConfig{
+		Timeout: types.HealthCheckTimeoutDefault,
+		BaseContext: func() context.Context {
+			return r.Context()
+		},
+	}
+}

cmd/debug_page.go

@@ -0,0 +1,257 @@
+//go:build !production
+
+package main
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/yusing/godoxy/internal/api"
+	apiV1 "github.com/yusing/godoxy/internal/api/v1"
+	agentApi "github.com/yusing/godoxy/internal/api/v1/agent"
+	authApi "github.com/yusing/godoxy/internal/api/v1/auth"
+	certApi "github.com/yusing/godoxy/internal/api/v1/cert"
+	dockerApi "github.com/yusing/godoxy/internal/api/v1/docker"
+	fileApi "github.com/yusing/godoxy/internal/api/v1/file"
+	homepageApi "github.com/yusing/godoxy/internal/api/v1/homepage"
+	metricsApi "github.com/yusing/godoxy/internal/api/v1/metrics"
+	routeApi "github.com/yusing/godoxy/internal/api/v1/route"
+	"github.com/yusing/godoxy/internal/auth"
+	"github.com/yusing/godoxy/internal/idlewatcher"
+	idlewatcherTypes "github.com/yusing/godoxy/internal/idlewatcher/types"
+)
+
+type debugMux struct {
+	endpoints []debugEndpoint
+	mux       http.ServeMux
+}
+
+type debugEndpoint struct {
+	name   string
+	method string
+	path   string
+}
+
+func newDebugMux() *debugMux {
+	return &debugMux{
+		endpoints: make([]debugEndpoint, 0),
+		mux:       *http.NewServeMux(),
+	}
+}
+
+func (mux *debugMux) registerEndpoint(name, method, path string) {
+	mux.endpoints = append(mux.endpoints, debugEndpoint{name: name, method: method, path: path})
+}
+
+func (mux *debugMux) HandleFunc(name, method, path string, handler http.HandlerFunc) {
+	mux.registerEndpoint(name, method, path)
+	mux.mux.HandleFunc(method+" "+path, handler)
+}
+
+func (mux *debugMux) Finalize() {
+	mux.mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprintln(w, `
+<!DOCTYPE html>
+<html>
+	<head>
+		<style>
+				body {
+					font-family: ui-sans-serif, system-ui, -apple-system, Segoe UI, Roboto, Helvetica, Arial, Apple Color Emoji, Segoe UI Emoji;
+					font-size: 16px;
+					line-height: 1.5;
+					color: #f8f9fa;
+					background-color: #121212;
+					margin: 0;
+					padding: 0;
+				}
+				table {
+					border-collapse: collapse;
+					width: 100%;
+					margin-top: 20px;
+				}
+				th, td {
+					padding: 12px;
+					text-align: left;
+					border-bottom: 1px solid #333;
+				}
+				th {
+					background-color: #1e1e1e;
+					font-weight: 600;
+					color: #f8f9fa;
+				}
+				td {
+					color: #e9ecef;
+				}
+				.link {
+					color: #007bff;
+					text-decoration: none;
+				}
+				.link:hover {
+					text-decoration: underline;
+				}
+				.method {
+					color: #6c757d;
+					font-family: monospace;
+				}
+				.path {
+					color: #6c757d;
+					font-family: monospace;
+				}
+		</style>
+	</head>
+	<body>
+		<table>
+			<thead>
+				<tr>
+					<th>Name</th>
+					<th>Method</th>
+					<th>Path</th>
+				</tr>
+			</thead>
+			<tbody>`)
+		for _, endpoint := range mux.endpoints {
+			fmt.Fprintf(w, "<tr><td><a class='link' href=%q>%s</a></td><td class='method'>%s</td><td class='path'>%s</td></tr>", endpoint.path, endpoint.name, endpoint.method, endpoint.path)
+		}
+		fmt.Fprintln(w, `
+			</tbody>
+		</table>
+	</body>
+</html>`)
+	})
+}
+
+func listenDebugServer() {
+	mux := newDebugMux()
+	mux.mux.HandleFunc("/favicon.ico", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "image/svg+xml")
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><text x="50" y="50" text-anchor="middle" dominant-baseline="middle">🐙</text></svg>`))
+	})
+
+	mux.HandleFunc("Auth block page", "GET", "/auth/block", AuthBlockPageHandler)
+	mux.HandleFunc("Idlewatcher loading page", "GET", idlewatcherTypes.PathPrefix, idlewatcher.DebugHandler)
+	apiHandler := newApiHandler(mux)
+	mux.mux.HandleFunc("/api/v1/", apiHandler.ServeHTTP)
+
+	mux.Finalize()
+
+	go http.ListenAndServe(":7777", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Pragma", "no-cache")
+		w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+		w.Header().Set("Expires", "0")
+		mux.mux.ServeHTTP(w, r)
+	}))
+}
+
+func newApiHandler(debugMux *debugMux) *gin.Engine {
+	r := gin.New()
+	r.Use(api.ErrorHandler())
+	r.Use(api.ErrorLoggingMiddleware())
+	r.Use(api.NoCache())
+
+	registerGinRoute := func(router gin.IRouter, method, name string, path string, handler gin.HandlerFunc) {
+		if group, ok := router.(*gin.RouterGroup); ok {
+			debugMux.registerEndpoint(name, method, group.BasePath()+path)
+		} else {
+			debugMux.registerEndpoint(name, method, path)
+		}
+		router.Handle(method, path, handler)
+	}
+
+	registerGinRoute(r, "GET", "App version", "/api/v1/version", apiV1.Version)
+
+	v1 := r.Group("/api/v1")
+	if auth.IsEnabled() {
+		v1Auth := v1.Group("/auth")
+		{
+			registerGinRoute(v1Auth, "HEAD", "Auth check", "/check", authApi.Check)
+			registerGinRoute(v1Auth, "POST", "Auth login", "/login", authApi.Login)
+			registerGinRoute(v1Auth, "GET", "Auth callback", "/callback", authApi.Callback)
+			registerGinRoute(v1Auth, "POST", "Auth callback", "/callback", authApi.Callback)
+			registerGinRoute(v1Auth, "POST", "Auth logout", "/logout", authApi.Logout)
+			registerGinRoute(v1Auth, "GET", "Auth logout", "/logout", authApi.Logout)
+		}
+	}
+
+	{
+		// enable cache for favicon
+		registerGinRoute(v1, "GET", "Route favicon", "/favicon", apiV1.FavIcon)
+		registerGinRoute(v1, "GET", "Route health", "/health", apiV1.Health)
+		registerGinRoute(v1, "GET", "List icons", "/icons", apiV1.Icons)
+		registerGinRoute(v1, "POST", "Config reload", "/reload", apiV1.Reload)
+		registerGinRoute(v1, "GET", "Route stats", "/stats", apiV1.Stats)
+
+		route := v1.Group("/route")
+		{
+			registerGinRoute(route, "GET", "List routes", "/list", routeApi.Routes)
+			registerGinRoute(route, "GET", "Get route", "/:which", routeApi.Route)
+			registerGinRoute(route, "GET", "List providers", "/providers", routeApi.Providers)
+			registerGinRoute(route, "GET", "List routes by provider", "/by_provider", routeApi.ByProvider)
+			registerGinRoute(route, "POST", "Playground", "/playground", routeApi.Playground)
+		}
+
+		file := v1.Group("/file")
+		{
+			registerGinRoute(file, "GET", "List files", "/list", fileApi.List)
+			registerGinRoute(file, "GET", "Get file", "/content", fileApi.Get)
+			registerGinRoute(file, "PUT", "Set file", "/content", fileApi.Set)
+			registerGinRoute(file, "POST", "Set file", "/content", fileApi.Set)
+			registerGinRoute(file, "POST", "Validate file", "/validate", fileApi.Validate)
+		}
+
+		homepage := v1.Group("/homepage")
+		{
+			registerGinRoute(homepage, "GET", "List categories", "/categories", homepageApi.Categories)
+			registerGinRoute(homepage, "GET", "List items", "/items", homepageApi.Items)
+			registerGinRoute(homepage, "POST", "Set item", "/set/item", homepageApi.SetItem)
+			registerGinRoute(homepage, "POST", "Set items batch", "/set/items_batch", homepageApi.SetItemsBatch)
+			registerGinRoute(homepage, "POST", "Set item visible", "/set/item_visible", homepageApi.SetItemVisible)
+			registerGinRoute(homepage, "POST", "Set item favorite", "/set/item_favorite", homepageApi.SetItemFavorite)
+			registerGinRoute(homepage, "POST", "Set item sort order", "/set/item_sort_order", homepageApi.SetItemSortOrder)
+			registerGinRoute(homepage, "POST", "Set item all sort order", "/set/item_all_sort_order", homepageApi.SetItemAllSortOrder)
+			registerGinRoute(homepage, "POST", "Set item fav sort order", "/set/item_fav_sort_order", homepageApi.SetItemFavSortOrder)
+			registerGinRoute(homepage, "POST", "Set category order", "/set/category_order", homepageApi.SetCategoryOrder)
+			registerGinRoute(homepage, "POST", "Item click", "/item_click", homepageApi.ItemClick)
+		}
+
+		cert := v1.Group("/cert")
+		{
+			registerGinRoute(cert, "GET", "Get cert info", "/info", certApi.Info)
+			registerGinRoute(cert, "GET", "Renew cert", "/renew", certApi.Renew)
+		}
+
+		agent := v1.Group("/agent")
+		{
+			registerGinRoute(agent, "GET", "List agents", "/list", agentApi.List)
+			registerGinRoute(agent, "POST", "Create agent", "/create", agentApi.Create)
+			registerGinRoute(agent, "POST", "Verify agent", "/verify", agentApi.Verify)
+		}
+
+		metrics := v1.Group("/metrics")
+		{
+			registerGinRoute(metrics, "GET", "Get system info", "/system_info", metricsApi.SystemInfo)
+			registerGinRoute(metrics, "GET", "Get all system info", "/all_system_info", metricsApi.AllSystemInfo)
+			registerGinRoute(metrics, "GET", "Get uptime", "/uptime", metricsApi.Uptime)
+		}
+
+		docker := v1.Group("/docker")
+		{
+			registerGinRoute(docker, "GET", "Get container", "/container/:id", dockerApi.GetContainer)
+			registerGinRoute(docker, "GET", "List containers", "/containers", dockerApi.Containers)
+			registerGinRoute(docker, "GET", "Get docker info", "/info", dockerApi.Info)
+			registerGinRoute(docker, "GET", "Get docker logs", "/logs/:id", dockerApi.Logs)
+			registerGinRoute(docker, "POST", "Start docker container", "/start", dockerApi.Start)
+			registerGinRoute(docker, "POST", "Stop docker container", "/stop", dockerApi.Stop)
+			registerGinRoute(docker, "POST", "Restart docker container", "/restart", dockerApi.Restart)
+		}
+	}
+
+	return r
+}
+
+func AuthBlockPageHandler(w http.ResponseWriter, r *http.Request) {
+	auth.WriteBlockPage(w, http.StatusForbidden, "Forbidden", "Login", "/login")
+}

cmd/debug_page_prod.go

@@ -0,0 +1,7 @@
+//go:build production
+
+package main
+
+func listenDebugServer() {
+	// no-op
+}

cmd/main.go

@@ -16,6 +16,7 @@ import (
 	"github.com/yusing/godoxy/internal/metrics/systeminfo"
 	"github.com/yusing/godoxy/internal/metrics/uptime"
 	"github.com/yusing/godoxy/internal/net/gphttp/middleware"
+	"github.com/yusing/godoxy/internal/route/rules"
 	gperr "github.com/yusing/goutils/errs"
 	"github.com/yusing/goutils/server"
 	"github.com/yusing/goutils/task"
@@ -58,9 +59,12 @@ func main() {
 	}
 
 	config.StartProxyServers()
+
 	if err := auth.Initialize(); err != nil {
 		log.Fatal().Err(err).Msg("failed to initialize authentication")
 	}
+	rules.InitAuthHandler(auth.AuthOrProceed)
+
 	// API Handler needs to start after auth is initialized.
 	server.StartServer(task.RootTask("api_server", false), server.Options{
 		Name:     "api",
@@ -68,6 +72,8 @@ func main() {
 		Handler:  api.NewHandler(),
 	})
 
+	listenDebugServer()
+
 	uptime.Poller.Start()
 	config.WatchChanges()
 

compose.example.yml

@@ -22,6 +22,8 @@ services:
       - ${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}:2375
   frontend:
     image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest}
+    # lite variant
+    # image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest}-lite
     container_name: godoxy-frontend
     restart: unless-stopped
     env_file: .env
@@ -74,10 +76,9 @@ services:
       - ./error_pages:/app/error_pages:ro
       - ./data:/app/data
 
-      # To use autocert, certs will be stored in "./certs".
-      # You can also use a docker volume to store it
+      # This path stores certs obtained from autocert and agent TLS client certs
       - ./certs:/app/certs
 
-      # remove "./certs:/app/certs" and uncomment below to use existing certificate
+      # mount existing certificate
       # - /path/to/certs/cert.crt:/app/certs/cert.crt
       # - /path/to/certs/priv.key:/app/certs/priv.key

config.example.yml

@@ -4,6 +4,8 @@
 
 # autocert:
 #   provider: local
+#   cert_path: /path/to/cert.crt # default: /app/certs/cert.crt
+#   key_path: /path/to/priv.key # default: /app/certs/priv.key
 
 # 2. cloudflare
 # autocert:
@@ -86,6 +88,12 @@ entrypoint:
   #     - name: default
   #       do: proxy http://other-proxy:8080
 
+defaults:
+  healthcheck:
+    interval: 5s
+    timeout: 15s
+    retries: 3
+
 providers:
   # include files are standalone yaml files under `config/` directory
   #

go.mod

@@ -1,25 +1,25 @@
 module github.com/yusing/godoxy
 
-go 1.25.3
+go 1.25.5
 
-replace github.com/yusing/godoxy/agent => ./agent
-
-replace github.com/yusing/godoxy/internal/dnsproviders => ./internal/dnsproviders
-
-replace github.com/coreos/go-oidc/v3 => ./internal/go-oidc
-
-replace github.com/shirou/gopsutil/v4 => ./internal/gopsutil
-
-replace github.com/yusing/goutils => ./goutils
+replace (
+	github.com/coreos/go-oidc/v3 => ./internal/go-oidc
+	github.com/shirou/gopsutil/v4 => ./internal/gopsutil
+	github.com/yusing/godoxy/agent => ./agent
+	github.com/yusing/godoxy/internal/dnsproviders => ./internal/dnsproviders
+	github.com/yusing/goutils => ./goutils
+	github.com/yusing/goutils/http/reverseproxy => ./goutils/http/reverseproxy
+	github.com/yusing/goutils/http/websocket => ./goutils/http/websocket
+	github.com/yusing/goutils/server => ./goutils/server
+)
 
 require (
-	github.com/PuerkitoBio/goquery v1.10.3 // parsing HTML for extract fav icon
-	github.com/coreos/go-oidc/v3 v3.16.0 // oidc authentication
-	github.com/docker/docker v28.5.1+incompatible // docker daemon
+	github.com/PuerkitoBio/goquery v1.11.0 // parsing HTML for extract fav icon
+	github.com/coreos/go-oidc/v3 v3.17.0 // oidc authentication
 	github.com/fsnotify/fsnotify v1.9.0 // file watcher
 	github.com/gin-gonic/gin v1.11.0 // api server
-	github.com/go-acme/lego/v4 v4.27.0 // acme client
-	github.com/go-playground/validator/v10 v10.28.0 // validator
+	github.com/go-acme/lego/v4 v4.30.1 // acme client
+	github.com/go-playground/validator/v10 v10.30.1 // validator
 	github.com/gobwas/glob v0.2.3 // glob matcher for route rules
 	github.com/gorilla/websocket v1.5.3 // websocket for API and agent
 	github.com/gotify/server/v2 v2.7.3 // reference the Message struct for json response
@@ -28,40 +28,49 @@ require (
 	github.com/puzpuzpuz/xsync/v4 v4.2.0 // lock free map for concurrent operations
 	github.com/rs/zerolog v1.34.0 // logging
 	github.com/vincent-petithory/dataurl v1.0.0 // data url for fav icon
-	golang.org/x/crypto v0.43.0 // encrypting password with bcrypt
-	golang.org/x/net v0.46.0 // HTTP header utilities
-	golang.org/x/oauth2 v0.32.0 // oauth2 authentication
-	golang.org/x/sync v0.17.0
+	golang.org/x/crypto v0.46.0 // encrypting password with bcrypt
+	golang.org/x/net v0.48.0 // HTTP header utilities
+	golang.org/x/oauth2 v0.34.0 // oauth2 authentication
+	golang.org/x/sync v0.19.0
 	golang.org/x/time v0.14.0 // time utilities
 )
 
 require (
-	github.com/docker/cli v28.5.1+incompatible
-	github.com/goccy/go-yaml v1.18.0 // yaml parsing for different config files
-	github.com/golang-jwt/jwt/v5 v5.3.0
-	github.com/luthermonson/go-proxmox v0.2.3
-	github.com/oschwald/maxminddb-golang v1.13.1
-	github.com/quic-go/quic-go v0.55.0 // indirect; http3 support
-	github.com/samber/slog-zerolog/v2 v2.8.0 // indirect
-	github.com/spf13/afero v1.15.0
-	github.com/stretchr/testify v1.11.1
-	github.com/yusing/ds v0.3.1
-	github.com/yusing/godoxy/agent v0.0.0-20251028124446-1797a222cd18
-	github.com/yusing/godoxy/internal/dnsproviders v0.0.0-20251028124446-1797a222cd18
+	github.com/bytedance/gopkg v0.1.3 // xxhash64 for fast hash
+	github.com/bytedance/sonic v1.14.2 // fast json parsing
+	github.com/docker/cli v29.1.3+incompatible // needs docker/cli/cli/connhelper connection helper for docker client
+	github.com/goccy/go-yaml v1.19.1 // yaml parsing for different config files
+	github.com/golang-jwt/jwt/v5 v5.3.0 // jwt authentication
+	github.com/luthermonson/go-proxmox v0.2.4 // proxmox API client
+	github.com/moby/moby/api v1.52.0 // docker API
+	github.com/moby/moby/client v0.2.1 // docker client
+	github.com/oschwald/maxminddb-golang v1.13.1 // maxminddb for geoip database
+	github.com/quic-go/quic-go v0.58.0 // http3 support
+	github.com/shirou/gopsutil/v4 v4.25.11 // system information
+	github.com/spf13/afero v1.15.0 // afero for file system operations
+	github.com/stretchr/testify v1.11.1 // testing framework
+	github.com/valyala/fasthttp v1.68.0 // fast http for health check
+	github.com/yusing/ds v0.3.1 // data structures and algorithms
+	github.com/yusing/godoxy/agent v0.0.0-20251230135310-5087800fd763
+	github.com/yusing/godoxy/internal/dnsproviders v0.0.0-20251230043958-dba8441e8a5d
+	github.com/yusing/gointernals v0.1.16
 	github.com/yusing/goutils v0.7.0
+	github.com/yusing/goutils/http/reverseproxy v0.0.0-20251217162119-cb0f79b51ce2
+	github.com/yusing/goutils/http/websocket v0.0.0-20251217162119-cb0f79b51ce2
+	github.com/yusing/goutils/server v0.0.0-20251217162119-cb0f79b51ce2
 )
 
 require (
-	cloud.google.com/go/auth v0.17.0 // indirect
+	cloud.google.com/go/auth v0.18.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/compute/metadata v0.9.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/andybalholm/cascadia v1.3.3 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
@@ -72,9 +81,9 @@ require (
 	github.com/djherbis/times v1.6.0 // indirect
 	github.com/docker/go-connections v0.6.0
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/ebitengine/purego v0.9.0 // indirect
+	github.com/ebitengine/purego v0.9.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -83,8 +92,8 @@ require (
 	github.com/gofrs/flock v0.13.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
-	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
+	github.com/googleapis/gax-go/v2 v2.16.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/jinzhu/copier v0.4.0 // indirect
@@ -94,7 +103,7 @@ require (
 	github.com/magefile/mage v1.15.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/miekg/dns v1.1.68 // indirect
+	github.com/miekg/dns v1.1.69 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -106,81 +115,67 @@ require (
 	github.com/ovh/go-ovh v1.9.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/samber/lo v1.52.0 // indirect
 	github.com/samber/slog-common v0.19.0 // indirect
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35 // indirect
+	github.com/samber/slog-zerolog/v2 v2.9.0 // indirect
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 // indirect
 	github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af // indirect
 	github.com/sony/gobreaker v1.0.0 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0
-	go.opentelemetry.io/otel v1.38.0 // indirect
-	go.opentelemetry.io/otel/metric v1.38.0 // indirect
-	go.opentelemetry.io/otel/trace v1.38.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.uber.org/atomic v1.11.0
 	go.uber.org/ratelimit v0.3.1 // indirect
-	golang.org/x/mod v0.29.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/text v0.30.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
-	google.golang.org/api v0.253.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect
-	google.golang.org/grpc v1.76.0 // indirect
-	google.golang.org/protobuf v1.36.10 // indirect
+	golang.org/x/mod v0.31.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
+	google.golang.org/api v0.258.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
+	google.golang.org/grpc v1.78.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-require (
-	github.com/bytedance/sonic v1.14.2
-	github.com/shirou/gopsutil/v4 v4.25.9
-	github.com/valyala/fasthttp v1.68.0
-	github.com/yusing/gointernals v0.1.16
-)
-
 require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
-	github.com/bytedance/gopkg v0.1.3 // indirect
 	github.com/bytedance/sonic/loader v0.4.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
-	github.com/containerd/log v0.1.0 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0 // indirect
-	github.com/go-resty/resty/v2 v2.16.5 // indirect
+	github.com/go-resty/resty/v2 v2.17.1 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/klauspost/compress v1.18.1 // indirect
+	github.com/google/go-querystring v1.2.0 // indirect
+	github.com/klauspost/compress v1.18.2 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
-	github.com/linode/linodego v1.60.0 // indirect
+	github.com/linode/linodego v1.63.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
-	github.com/moby/sys/atomicwriter v0.1.0 // indirect
-	github.com/moby/term v0.5.2 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.102.1 // indirect
-	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.102.1 // indirect
+	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.105.2 // indirect
+	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.105.2 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
-	github.com/tklauser/go-sysconf v0.3.15 // indirect
-	github.com/tklauser/numcpus v0.10.0 // indirect
+	github.com/tklauser/go-sysconf v0.3.16 // indirect
+	github.com/tklauser/numcpus v0.11.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.1 // indirect
-	github.com/ulikunitz/xz v0.5.14 // indirect
+	github.com/ulikunitz/xz v0.5.15 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/vultr/govultr/v3 v3.24.0 // indirect
+	github.com/vultr/govultr/v3 v3.26.1 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 // indirect
-	golang.org/x/arch v0.22.0 // indirect
-	google.golang.org/genproto v0.0.0-20250908214217-97024824d090 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1 // indirect
+	golang.org/x/arch v0.23.0 // indirect
 )

go.sum

@@ -1,14 +1,14 @@
-cloud.google.com/go/auth v0.17.0 h1:74yCm7hCj2rUyyAocqnFzsAYXgJhrG26XCFimrc/Kz4=
-cloud.google.com/go/auth v0.17.0/go.mod h1:6wv/t5/6rOPAX4fJiRjKkJCvswLwdet7G8+UGXt7nCQ=
+cloud.google.com/go/auth v0.18.0 h1:wnqy5hrv7p3k7cShwAU/Br3nzod7fxoqG+k0VZ+/Pk0=
+cloud.google.com/go/auth v0.18.0/go.mod h1:wwkPM1AgE1f2u6dG443MiWoD8C3BtOywNsUMcUTVDRo=
 cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
 cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
 cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
 cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 h1:5YTBM8QDVIBN3sxBil89WfdAAqDZbyJTgh688DSxX5w=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 h1:KpMC6LFL7mqpExyMC9jVOYRiVhLmamjeZfRsUpB7l4s=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0/go.mod h1:J7MUC/wtRpfGVbQ5sIItY5/FuVWmvzlY21WAOfQnq/I=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 h1:JXg2dwJUmPB9JmtVmdEB16APJ7jurfbY5jnfXpJoRMc=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
@@ -23,16 +23,14 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourceg
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0/go.mod h1:wVEOJfGTj0oPAUGA1JuRAvz/lxXQsWW16axmHPP47Bk=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 h1:XkkQbfMyuH2jTSjQjSoihryI8GINRcs4xp8lNawg0FI=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/PuerkitoBio/goquery v1.10.3 h1:pFYcNSqHxBD06Fpj/KsbStFRsgRATgnf3LeXiUkhzPo=
-github.com/PuerkitoBio/goquery v1.10.3/go.mod h1:tMUX0zDMHXYlAQk6p35XxQMqMweEKB7iK7iLNd4RH4Y=
+github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
+github.com/PuerkitoBio/goquery v1.11.0/go.mod h1:wQHgxUOU3JGuj3oD/QFfxUdlzW6xPHfqyHre6VMY4DQ=
 github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 h1:h/33OxYLqBk0BYmEbSUy7MlvgQR/m1w1/7OJFKoPL1I=
 github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0/go.mod h1:rvh3imDA6EaQi+oM/GQHkQAOHbXPKJ7EWJvfjuw141Q=
 github.com/anchore/go-lzo v0.1.0 h1:NgAacnzqPeGH49Ky19QKLBZEuFRqtTG9cdaucc3Vncs=
@@ -56,14 +54,14 @@ github.com/bytedance/sonic/loader v0.4.0 h1:olZ7lEqcxtZygCK9EKYKADnpQoYkRQxaeY2N
 github.com/bytedance/sonic/loader v0.4.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
 github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -75,16 +73,14 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
-github.com/docker/cli v28.5.1+incompatible h1:ESutzBALAD6qyCLqbQSEf1a/U8Ybms5agw59yGVc+yY=
-github.com/docker/cli v28.5.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v28.5.1+incompatible h1:Bm8DchhSD2J6PsFzxC35TZo4TLGR2PdW/E69rU45NhM=
-github.com/docker/docker v28.5.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/cli v29.1.3+incompatible h1:+kz9uDWgs+mAaIZojWfFt4d53/jv0ZUOOoSh5ZnH36c=
+github.com/docker/cli v29.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/ebitengine/purego v0.9.0 h1:mh0zpKBIXDceC63hpvPuGLiJ8ZAa3DfrFTudmfi8A4k=
-github.com/ebitengine/purego v0.9.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
+github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
 github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab h1:h1UgjJdAAhj+uPL68n7XASS6bU+07ZX1WJvVS2eyoeY=
 github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab/go.mod h1:GLo/8fDswSAniFG+BFIaiSPcK610jyzgEhWYPQwuQdw=
 github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
@@ -93,14 +89,14 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
-github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
+github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
 github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
-github.com/go-acme/lego/v4 v4.27.0 h1:cIhWd7Uj4BNFLEF3IpwuMkukVVRs5qjlp4KdUGa75yU=
-github.com/go-acme/lego/v4 v4.27.0/go.mod h1:9FfNZHZmg6hf5CWOp4Lzo4gU8aBEvqZvrwdkBboa+4g=
+github.com/go-acme/lego/v4 v4.30.1 h1:tmb6U0lvy8Mc3lQbqKwTat7oAhE8FUYNJ3D0gSg6pJU=
+github.com/go-acme/lego/v4 v4.30.1/go.mod h1:V7m/Ip+EeFkjOe028+zeH+SwWtESxw1LHelwMIfAjm4=
 github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
 github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -119,18 +115,18 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
-github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
-github.com/go-resty/resty/v2 v2.16.5 h1:hBKqmWrr7uRc3euHVqmh1HTHcKn99Smr7o5spptdhTM=
-github.com/go-resty/resty/v2 v2.16.5/go.mod h1:hkJtXbA2iKHzJheXYvQ8snQES5ZLGKMwQ07xAwp/fiA=
+github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
+github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
+github.com/go-resty/resty/v2 v2.17.1 h1:x3aMpHK1YM9e4va/TMDRlusDDoZiQ+ViDu/WpA6xTM4=
+github.com/go-resty/resty/v2 v2.17.1/go.mod h1:kCKZ3wWmwJaNc7S29BRtUhJwy7iqmn+2mLtQrOyQlVA=
 github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
 github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
-github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/goccy/go-yaml v1.19.1 h1:3rG3+v8pkhRqoQ/88NYNMHYVGYztCOCIZ7UQhu7H+NE=
+github.com/goccy/go-yaml v1.19.1/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=
 github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0=
@@ -138,27 +134,24 @@ github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9v
 github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
-github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0=
+github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
-github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo=
-github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc=
+github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
+github.com/googleapis/gax-go/v2 v2.16.0 h1:iHbQmKLLZrexmb0OSsNGTeSTS0HO4YvFOG8g5E4Zd0Y=
+github.com/googleapis/gax-go/v2 v2.16.0/go.mod h1:o1vfQjjNZn4+dPnRdl/4ZD7S9414Y4xA+a/6Icj6l14=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gotify/server/v2 v2.7.3 h1:nro/ZnxdlZFvxFcw9LREGA8zdk6CK744azwhuhX/A4g=
 github.com/gotify/server/v2 v2.7.3/go.mod h1:VAtE1RIc/2j886PYs9WPQbMjqbFsoyQ0G8IdFtnAxU0=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
 github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE=
 github.com/h2non/gock v1.2.0/go.mod h1:tNhoxHYW2W42cYkYb1WqzdbYIieALC99kpYr7rH/BQk=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
@@ -177,8 +170,8 @@ github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12/go.mod h1:TBzl5BIHNXfS9+C35ZyJaklL7mLDbgUkcgXzSLa8Tk0=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
-github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co=
-github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0=
+github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
+github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -189,14 +182,14 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/linode/linodego v1.60.0 h1:SgsebJFRCi+lSmYy+C40wmKZeJllGGm+W12Qw4+yVdI=
-github.com/linode/linodego v1.60.0/go.mod h1:1+Bt0oTz5rBnDOJbGhccxn7LYVytXTIIfAy7QYmijDs=
+github.com/linode/linodego v1.63.0 h1:MdjizfXNJDVJU6ggoJmMO5O9h4KGPGivNX0fzrAnstk=
+github.com/linode/linodego v1.63.0/go.mod h1:GoiwLVuLdBQcAebxAVKVL3mMYUgJZR/puOUSla04xBE=
 github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8LFgLN4=
 github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ5ajtkr5xPLts4=
 github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=
 github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
-github.com/luthermonson/go-proxmox v0.2.3 h1:NAjUJ5Jd1ynIK6UHMGd/VLGgNZWpGXhfL+DBmAVSEaA=
-github.com/luthermonson/go-proxmox v0.2.3/go.mod h1:oyFgg2WwTEIF0rP6ppjiixOHa5ebK1p8OaRiFhvICBQ=
+github.com/luthermonson/go-proxmox v0.2.4 h1:XQ6YNUTVvHS7N4EJxWpuqWLW2s1VPtsIblxLV/rGHLw=
+github.com/luthermonson/go-proxmox v0.2.4/go.mod h1:oyFgg2WwTEIF0rP6ppjiixOHa5ebK1p8OaRiFhvICBQ=
 github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
 github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
@@ -208,31 +201,27 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/maxatome/go-testdeep v1.14.0 h1:rRlLv1+kI8eOI3OaBXZwb3O7xY3exRzdW5QyX48g9wI=
 github.com/maxatome/go-testdeep v1.14.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
-github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
-github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
+github.com/miekg/dns v1.1.69 h1:Kb7Y/1Jo+SG+a2GtfoFUfDkG//csdRPwRLkCsxDG9Sc=
+github.com/miekg/dns v1.1.69/go.mod h1:7OyjD9nEba5OkqQ/hB4fy3PIoxafSZJtducccIelz3g=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
-github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
-github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
-github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
+github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
+github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
+github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0=
 github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.102.1 h1:45giryNXrlUHzK/Cd4DDBOhaK0EklXrhjTgv00Zo5po=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.102.1/go.mod h1:SfDIKzNQ5AGNMMOA3LGqSPnn63F6Gc4E4bsKArqymvg=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.102.1 h1:2EthQw4pEN2rbbSLWlF9itV+Ws2xmAmIcfKYsrwCbVA=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.102.1/go.mod h1:xOLJ0zNGmF4M4LqdQclLONwdzjJewNl/7WQiZgrvYR8=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.105.2 h1:l0tH15ACQADZAzC+LZ+mo2tIX4H6uZu0ulrVmG5Tqz0=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.105.2/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.105.2 h1:gzB4c6ztb38C/jYiqEaFC+mCGcWFHDji9e6jwymY9d4=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.105.2/go.mod h1:l1qIPIq2uRV5WTSvkbhbl/ndbeOu7OCb3UZ+0+2ZSb8=
 github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
 github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -251,7 +240,6 @@ github.com/pires/go-proxyproto v0.8.1 h1:9KEixbdJfhrbtjpz/ZwCdWDD2Xem0NZ38qMYaAS
 github.com/pires/go-proxyproto v0.8.1/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
 github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
@@ -262,10 +250,10 @@ github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/puzpuzpuz/xsync/v4 v4.2.0 h1:dlxm77dZj2c3rxq0/XNvvUKISAmovoXF4a4qM6Wvkr0=
 github.com/puzpuzpuz/xsync/v4 v4.2.0/go.mod h1:VJDmTCJMBt8igNxnkQd86r+8KUeN1quSfNKu5bLYFQo=
-github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
-github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
-github.com/quic-go/quic-go v0.55.0 h1:zccPQIqYCXDt5NmcEabyYvOnomjs8Tlwl7tISjJh9Mk=
-github.com/quic-go/quic-go v0.55.0/go.mod h1:DR51ilwU1uE164KuWXhinFcKWGlEjzys2l8zUl5Ss1U=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
+github.com/quic-go/quic-go v0.58.0 h1:ggY2pvZaVdB9EyojxL1p+5mptkuHyX5MOSv4dgWF4Ug=
+github.com/quic-go/quic-go v0.58.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
@@ -275,10 +263,10 @@ github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw=
 github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
 github.com/samber/slog-common v0.19.0 h1:fNcZb8B2uOLooeYwFpAlKjkQTUafdjfqKcwcC89G9YI=
 github.com/samber/slog-common v0.19.0/go.mod h1:dTz+YOU76aH007YUU0DffsXNsGFQRQllPQh9XyNoA3M=
-github.com/samber/slog-zerolog/v2 v2.8.0 h1:K3+PJieRyi2rX/eaJZ95EdmpY/pzdeDd3jRnIQZG6kU=
-github.com/samber/slog-zerolog/v2 v2.8.0/go.mod h1:gnQW9VnCfM34v2pRMUIGMsZOVbYLqY/v0Wxu6atSVGc=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35 h1:8xfn1RzeI9yoCUuEwDy08F+No6PcKZGEDOQ6hrRyLts=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35/go.mod h1:47B1d/YXmSAxlJxUJxClzHR6b3T4M1WyCvwENPQNBWc=
+github.com/samber/slog-zerolog/v2 v2.9.0 h1:6LkOabJmZdNLaUWkTC3IVVA+dq7b/V0FM6lz6/7+THI=
+github.com/samber/slog-zerolog/v2 v2.9.0/go.mod h1:gnQW9VnCfM34v2pRMUIGMsZOVbYLqY/v0Wxu6atSVGc=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 h1:ObX9hZmK+VmijreZO/8x9pQ8/P/ToHD/bdSb4Eg4tUo=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36/go.mod h1:LEsDu4BubxK7/cWhtlQWfuxwL4rf/2UEpxXz1o1EMtM=
 github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af h1:Sp5TG9f7K39yfB+If0vjp97vuT74F72r8hfRpP8jLU0=
 github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sony/gobreaker v1.0.0 h1:feX5fGGXSl3dYd4aHZItw+FpHLvvoaqkawKjVNiFMNQ=
@@ -300,24 +288,24 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4=
-github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4=
-github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso=
-github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ=
+github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
+github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
+github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
+github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
 github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
-github.com/ulikunitz/xz v0.5.14 h1:uv/0Bq533iFdnMHZdRBTOlaNMdb1+ZxXIlHDZHIHcvg=
-github.com/ulikunitz/xz v0.5.14/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
+github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.68.0 h1:v12Nx16iepr8r9ySOwqI+5RBJ/DqTxhOy1HrHoDFnok=
 github.com/valyala/fasthttp v1.68.0/go.mod h1:5EXiRfYQAoiO/khu4oU9VISC/eVY6JqmSpPJoHCKsz4=
 github.com/vincent-petithory/dataurl v1.0.0 h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI=
 github.com/vincent-petithory/dataurl v1.0.0/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U=
-github.com/vultr/govultr/v3 v3.24.0 h1:fTTTj0VBve+Miy+wGhlb90M2NMDfpGFi6Frlj3HVy6M=
-github.com/vultr/govultr/v3 v3.24.0/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
+github.com/vultr/govultr/v3 v3.26.1 h1:G/M0rMQKwVSmL+gb0UgETbW5mcQi0Vf/o/ZSGdBCxJw=
+github.com/vultr/govultr/v3 v3.26.1/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
@@ -333,47 +321,41 @@ go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg=
-go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
-go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 h1:bDMKF3RUSxshZ5OjOTi8rsHGaPKsAt76FaqgvIUySLc=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0/go.mod h1:dDT67G/IkA46Mr2l9Uj7HsQVwsjASyV9SjGofsiUZDA=
-go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
-go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
-go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
-go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
-go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
-go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
-go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
-go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
-go.opentelemetry.io/proto/otlp v1.8.0 h1:fRAZQDcAFHySxpJ1TwlA1cJ4tvcrw7nXl9xWWC8N5CE=
-go.opentelemetry.io/proto/otlp v1.8.0/go.mod h1:tIeYOeNBU4cvmPqpaji1P+KbB4Oloai8wN4rWzRrFF0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
-go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
+go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
+go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
 go.uber.org/ratelimit v0.3.1 h1:K4qVE+byfv/B3tC+4nYWP7v/6SimcO7HzHekoMNBma0=
 go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJhRk=
-golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
-golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
+golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
-golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
-golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@@ -383,10 +365,10 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
-golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
-golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
-golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -394,8 +376,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -415,8 +397,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
-golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -435,8 +417,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
-golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -445,24 +427,23 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.253.0 h1:apU86Eq9Q2eQco3NsUYFpVTfy7DwemojL7LmbAj7g/I=
-google.golang.org/api v0.253.0/go.mod h1:PX09ad0r/4du83vZVAaGg7OaeyGnaUmT/CYPNvtLCbw=
-google.golang.org/genproto v0.0.0-20250908214217-97024824d090 h1:ywCL7vA2n3vVHyf+bx1ZV/knaTPRI8GIeKY0MEhEeOc=
-google.golang.org/genproto v0.0.0-20250908214217-97024824d090/go.mod h1:zwJI9HzbJJlw2KXy0wX+lmT2JuZoaKK9JC4ppqmxxjk=
-google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1 h1:APHvLLYBhtZvsbnpkfknDZ7NyH4z5+ub/I0u8L3Oz6g=
-google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1/go.mod h1:xUjFWUnWDpZ/C0Gu0qloASKFb6f8/QXiiXhSPFsD668=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
-google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
-google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
-google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
-google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+google.golang.org/api v0.258.0 h1:IKo1j5FBlN74fe5isA2PVozN3Y5pwNKriEgAXPOkDAc=
+google.golang.org/api v0.258.0/go.mod h1:qhOMTQEZ6lUps63ZNq9jhODswwjkjYYguA7fA3TBFww=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:yJ2HH4EHEDTd3JiLmhds6NkJ17ITVYOdV3m3VKOnws0=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b h1:Mv8VFug0MP9e5vUxfBcE3vUkV6CImK3cMNMIDFjmzxU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
+google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -476,3 +457,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

internal/acl/config.go

@@ -14,7 +14,6 @@ import (
 	"github.com/yusing/godoxy/internal/logging/accesslog"
 	"github.com/yusing/godoxy/internal/maxmind"
 	"github.com/yusing/godoxy/internal/notif"
-	"github.com/yusing/godoxy/internal/utils"
 	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 	"github.com/yusing/goutils/task"
@@ -55,7 +54,7 @@ type config struct {
 
 	logAllowed bool
 	// will be nil if Log is nil
-	logger *accesslog.AccessLogger
+	logger accesslog.AccessLogger
 
 	// will never tick if Notify.To is empty
 	notifyTicker  *time.Ticker
@@ -82,7 +81,7 @@ var ActiveConfig atomic.Pointer[Config]
 const cacheTTL = 1 * time.Minute
 
 func (c *checkCache) Expired() bool {
-	return c.created.Add(cacheTTL).Before(utils.TimeNow())
+	return c.created.Add(cacheTTL).Before(time.Now())
 }
 
 // TODO: add stats
@@ -180,7 +179,7 @@ func (c *Config) cacheRecord(info *maxmind.IPInfo, allow bool) {
 	c.ipCache.Store(info.Str, &checkCache{
 		IPInfo:  info,
 		allow:   allow,
-		created: utils.TimeNow(),
+		created: time.Now(),
 	})
 }
 

internal/api/v1/docker/container.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
@@ -28,36 +29,36 @@ func GetContainer(c *gin.Context) {
 		return
 	}
 
-	dockerHost, ok := docker.GetDockerHostByContainerID(id)
+	dockerCfg, ok := docker.GetDockerCfgByContainerID(id)
 	if !ok {
 		c.JSON(http.StatusNotFound, apitypes.Error("container not found"))
 		return
 	}
 
-	client, err := docker.NewClient(dockerHost)
+	dockerClient, err := docker.NewClient(dockerCfg)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to create docker client"))
 		return
 	}
 
-	defer client.Close()
+	defer dockerClient.Close()
 
-	cont, err := client.ContainerInspect(c.Request.Context(), id)
+	cont, err := dockerClient.ContainerInspect(c.Request.Context(), id, client.ContainerInspectOptions{})
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to inspect container"))
 		return
 	}
 
 	var state ContainerState
-	if cont.State != nil {
-		state = cont.State.Status
+	if cont.Container.State != nil {
+		state = cont.Container.State.Status
 	}
 
 	c.JSON(http.StatusOK, &Container{
-		Server: dockerHost,
-		Name:   cont.Name,
-		ID:     cont.ID,
-		Image:  cont.Image,
+		Server: dockerCfg.URL,
+		Name:   cont.Container.Name,
+		ID:     cont.Container.ID,
+		Image:  cont.Container.Image,
 		State:  state,
 	})
 }

internal/api/v1/docker/containers.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"sort"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	gperr "github.com/yusing/goutils/errs"
 
 	_ "github.com/yusing/goutils/apitypes"
@@ -39,12 +40,12 @@ func GetContainers(ctx context.Context, dockerClients DockerClients) ([]Containe
 	errs := gperr.NewBuilder("failed to get containers")
 	containers := make([]Container, 0)
 	for server, dockerClient := range dockerClients {
-		conts, err := dockerClient.ContainerList(ctx, container.ListOptions{All: true})
+		conts, err := dockerClient.ContainerList(ctx, client.ContainerListOptions{All: true})
 		if err != nil {
 			errs.Add(err)
 			continue
 		}
-		for _, cont := range conts {
+		for _, cont := range conts.Items {
 			containers = append(containers, Container{
 				Server: server,
 				Name:   cont.Names[0],

internal/api/v1/docker/info.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"sort"
 
-	dockerSystem "github.com/docker/docker/api/types/system"
 	"github.com/gin-gonic/gin"
+	dockerSystem "github.com/moby/moby/api/types/system"
+	"github.com/moby/moby/client"
 	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 
@@ -64,13 +65,13 @@ func GetDockerInfo(ctx context.Context, dockerClients DockerClients) ([]dockerIn
 
 	i := 0
 	for name, dockerClient := range dockerClients {
-		info, err := dockerClient.Info(ctx)
+		info, err := dockerClient.Info(ctx, client.InfoOptions{})
 		if err != nil {
 			errs.Add(err)
 			continue
 		}
-		info.Name = name
-		dockerInfos[i] = toDockerInfo(info)
+		info.Info.Name = name
+		dockerInfos[i] = toDockerInfo(info.Info)
 		i++
 	}
 

internal/api/v1/docker/logs.go

@@ -6,9 +6,9 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/api/pkg/stdcopy"
+	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
@@ -57,20 +57,20 @@ func Logs(c *gin.Context) {
 	}
 
 	// TODO: implement levels
-	dockerHost, ok := docker.GetDockerHostByContainerID(id)
+	dockerCfg, ok := docker.GetDockerCfgByContainerID(id)
 	if !ok {
 		c.JSON(http.StatusNotFound, apitypes.Error(fmt.Sprintf("container %s not found", id)))
 		return
 	}
 
-	dockerClient, err := docker.NewClient(dockerHost)
+	dockerClient, err := docker.NewClient(dockerCfg)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to get docker client"))
 		return
 	}
 	defer dockerClient.Close()
 
-	opts := container.LogsOptions{
+	opts := client.ContainerLogsOptions{
 		ShowStdout: queryParams.Stdout,
 		ShowStderr: queryParams.Stderr,
 		Since:      queryParams.Since,
@@ -105,7 +105,7 @@ func Logs(c *gin.Context) {
 			return
 		}
 		log.Err(err).
-			Str("server", dockerHost).
+			Str("server", dockerCfg.URL).
 			Str("container", id).
 			Msg("failed to de-multiplex logs")
 	}

internal/api/v1/docker/restart.go

@@ -4,17 +4,23 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
+type RestartRequest struct {
+	ID string `json:"id" binding:"required"`
+	client.ContainerRestartOptions
+}
+
 // @x-id				"restart"
 // @BasePath		/api/v1
 // @Summary		Restart container
 // @Description	Restart container by container id
 // @Tags			docker
 // @Produce		json
-// @Param			request	body		StopRequest	true	"Request"
+// @Param			request	body	RestartRequest	true	"Request"
 // @Success		200	{object}  apitypes.SuccessResponse
 // @Failure		400	{object}	apitypes.ErrorResponse "Invalid request"
 // @Failure		403	{object}	apitypes.ErrorResponse
@@ -22,19 +28,19 @@ import (
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/docker/restart [post]
 func Restart(c *gin.Context) {
-	var req StopRequest
+	var req RestartRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
 		return
 	}
 
-	dockerHost, ok := docker.GetDockerHostByContainerID(req.ID)
+	dockerCfg, ok := docker.GetDockerCfgByContainerID(req.ID)
 	if !ok {
 		c.JSON(http.StatusNotFound, apitypes.Error("container not found"))
 		return
 	}
 
-	client, err := docker.NewClient(dockerHost)
+	client, err := docker.NewClient(dockerCfg)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to create docker client"))
 		return
@@ -42,7 +48,7 @@ func Restart(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerRestart(c.Request.Context(), req.ID, req.StopOptions)
+	_, err = client.ContainerRestart(c.Request.Context(), req.ID, req.ContainerRestartOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to restart container"))
 		return

internal/api/v1/docker/start.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StartRequest struct {
 	ID string `json:"id" binding:"required"`
-	container.StartOptions
+	client.ContainerStartOptions
 }
 
 // @x-id				"start"
@@ -34,13 +34,13 @@ func Start(c *gin.Context) {
 		return
 	}
 
-	dockerHost, ok := docker.GetDockerHostByContainerID(req.ID)
+	dockerCfg, ok := docker.GetDockerCfgByContainerID(req.ID)
 	if !ok {
 		c.JSON(http.StatusNotFound, apitypes.Error("container not found"))
 		return
 	}
 
-	client, err := docker.NewClient(dockerHost)
+	client, err := docker.NewClient(dockerCfg)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to create docker client"))
 		return
@@ -48,7 +48,7 @@ func Start(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerStart(c.Request.Context(), req.ID, req.StartOptions)
+	_, err = client.ContainerStart(c.Request.Context(), req.ID, req.ContainerStartOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to start container"))
 		return

internal/api/v1/docker/stop.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StopRequest struct {
 	ID string `json:"id" binding:"required"`
-	container.StopOptions
+	client.ContainerStopOptions
 }
 
 // @x-id				"stop"
@@ -34,13 +34,13 @@ func Stop(c *gin.Context) {
 		return
 	}
 
-	dockerHost, ok := docker.GetDockerHostByContainerID(req.ID)
+	dockerCfg, ok := docker.GetDockerCfgByContainerID(req.ID)
 	if !ok {
 		c.JSON(http.StatusNotFound, apitypes.Error("container not found"))
 		return
 	}
 
-	client, err := docker.NewClient(dockerHost)
+	client, err := docker.NewClient(dockerCfg)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to create docker client"))
 		return
@@ -48,7 +48,7 @@ func Stop(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerStop(c.Request.Context(), req.ID, req.StopOptions)
+	_, err = client.ContainerStop(c.Request.Context(), req.ID, req.ContainerStopOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to stop container"))
 		return

internal/api/v1/docs/swagger.json

@@ -618,7 +618,7 @@
             "in": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/dockerapi.StopRequest"
+              "$ref": "#/definitions/dockerapi.RestartRequest"
             }
           }
         ],
@@ -2458,8 +2458,8 @@
           "x-nullable": false,
           "x-omitempty": false
         },
-        "docker_host": {
-          "type": "string",
+        "docker_cfg": {
+          "$ref": "#/definitions/DockerProviderConfig",
           "x-nullable": false,
           "x-omitempty": false
         },
@@ -2715,7 +2715,7 @@
       "required": [
         "container_id",
         "container_name",
-        "docker_host"
+        "docker_cfg"
       ],
       "properties": {
         "container_id": {
@@ -2728,7 +2728,24 @@
           "x-nullable": false,
           "x-omitempty": false
         },
-        "docker_host": {
+        "docker_cfg": {
+          "$ref": "#/definitions/DockerProviderConfig",
+          "x-nullable": false,
+          "x-omitempty": false
+        }
+      },
+      "x-nullable": false,
+      "x-omitempty": false
+    },
+    "DockerProviderConfig": {
+      "type": "object",
+      "properties": {
+        "tls": {
+          "$ref": "#/definitions/DockerTLSConfig",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
+        "url": {
           "type": "string",
           "x-nullable": false,
           "x-omitempty": false
@@ -2737,6 +2754,27 @@
       "x-nullable": false,
       "x-omitempty": false
     },
+    "DockerTLSConfig": {
+      "type": "object",
+      "required": [
+        "ca_file"
+      ],
+      "properties": {
+        "ca_file": {
+          "type": "string",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
+        "cert_file": {
+          "type": "string"
+        },
+        "key_file": {
+          "type": "string"
+        }
+      },
+      "x-nullable": false,
+      "x-omitempty": false
+    },
     "ErrorResponse": {
       "type": "object",
       "properties": {
@@ -2881,7 +2919,7 @@
           "x-omitempty": false
         },
         "retries": {
-          "description": "<0: immediate, >=0: threshold",
+          "description": "<0: immediate, 0: default, >0: threshold",
           "type": "integer",
           "x-nullable": false,
           "x-omitempty": false
@@ -3430,6 +3468,11 @@
           "x-nullable": false,
           "x-omitempty": false
         },
+        "no_loading_page": {
+          "type": "boolean",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
         "proxmox": {
           "$ref": "#/definitions/ProxmoxConfig",
           "x-nullable": false,
@@ -3515,6 +3558,16 @@
           "x-nullable": false,
           "x-omitempty": false
         },
+        "sticky": {
+          "type": "boolean",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
+        "sticky_max_age": {
+          "$ref": "#/definitions/time.Duration",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
         "weight": {
           "type": "integer",
           "x-nullable": false,
@@ -4198,9 +4251,13 @@
           "x-omitempty": false
         },
         "healthcheck": {
-          "$ref": "#/definitions/HealthCheckConfig",
-          "x-nullable": false,
-          "x-omitempty": false
+          "description": "null on load-balancer routes",
+          "allOf": [
+            {
+              "$ref": "#/definitions/HealthCheckConfig"
+            }
+          ],
+          "x-nullable": true
         },
         "homepage": {
           "$ref": "#/definitions/HomepageItemConfig",
@@ -4220,6 +4277,12 @@
           ],
           "x-nullable": true
         },
+        "index": {
+          "description": "Index file to serve for single-page app mode",
+          "type": "string",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
         "load_balance": {
           "allOf": [
             {
@@ -4301,6 +4364,12 @@
           "x-nullable": false,
           "x-omitempty": false
         },
+        "spa": {
+          "description": "Single-page app mode: serves index for non-existent paths",
+          "type": "boolean",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
         "ssl_certificate": {
           "description": "Path to client certificate",
           "type": "string",
@@ -4486,6 +4555,11 @@
           "x-nullable": false,
           "x-omitempty": false
         },
+        "is_excluded": {
+          "type": "boolean",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
         "statuses": {
           "type": "array",
           "items": {
@@ -4916,12 +4990,16 @@
       "x-nullable": false,
       "x-omitempty": false
     },
-    "container.Port": {
+    "container.PortSummary": {
       "type": "object",
       "properties": {
         "IP": {
           "description": "Host IP address that the container's port is mapped to",
-          "type": "string",
+          "allOf": [
+            {
+              "$ref": "#/definitions/netip.Addr"
+            }
+          ],
           "x-nullable": false,
           "x-omitempty": false
         },
@@ -4938,7 +5016,7 @@
           "x-omitempty": false
         },
         "Type": {
-          "description": "type\nRequired: true",
+          "description": "type\nRequired: true\nEnum: [\"tcp\",\"udp\",\"sctp\"]",
           "type": "string",
           "x-nullable": false,
           "x-omitempty": false
@@ -5033,6 +5111,29 @@
       "x-nullable": false,
       "x-omitempty": false
     },
+    "dockerapi.RestartRequest": {
+      "type": "object",
+      "required": [
+        "id"
+      ],
+      "properties": {
+        "id": {
+          "type": "string",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
+        "signal": {
+          "description": "Signal (optional) is the signal to send to the container to (gracefully)\nstop it before forcibly terminating the container with SIGKILL after the\ntimeout expires. If no value is set, the default (SIGTERM) is used.",
+          "type": "string"
+        },
+        "timeout": {
+          "description": "Timeout (optional) is the timeout (in seconds) to wait for the container\nto stop gracefully before forcibly terminating it with SIGKILL.\n\n- Use nil to use the default timeout (10 seconds).\n- Use '-1' to wait indefinitely.\n- Use '0' to not wait for the container to exit gracefully, and\n  immediately proceeds to forcibly terminating the container.\n- Other positive values are used as timeout (in seconds).",
+          "type": "integer"
+        }
+      },
+      "x-nullable": false,
+      "x-omitempty": false
+    },
     "dockerapi.StartRequest": {
       "type": "object",
       "required": [
@@ -5066,7 +5167,7 @@
           "x-omitempty": false
         },
         "signal": {
-          "description": "Signal (optional) is the signal to send to the container to (gracefully)\nstop it before forcibly terminating the container with SIGKILL after the\ntimeout expires. If not value is set, the default (SIGTERM) is used.",
+          "description": "Signal (optional) is the signal to send to the container to (gracefully)\nstop it before forcibly terminating the container with SIGKILL after the\ntimeout expires. If no value is set, the default (SIGTERM) is used.",
           "type": "string"
         },
         "timeout": {
@@ -5219,6 +5320,20 @@
       "x-nullable": false,
       "x-omitempty": false
     },
+    "netip.Addr": {
+      "anyOf": [
+        {
+          "type": "string",
+          "format": "ipv4"
+        },
+        {
+          "type": "string",
+          "format": "ipv6"
+        }
+      ],
+      "x-nullable": false,
+      "x-omitempty": false
+    },
     "route.Route": {
       "type": "object",
       "properties": {
@@ -5273,9 +5388,13 @@
           "x-omitempty": false
         },
         "healthcheck": {
-          "$ref": "#/definitions/HealthCheckConfig",
-          "x-nullable": false,
-          "x-omitempty": false
+          "description": "null on load-balancer routes",
+          "allOf": [
+            {
+              "$ref": "#/definitions/HealthCheckConfig"
+            }
+          ],
+          "x-nullable": true
         },
         "homepage": {
           "$ref": "#/definitions/HomepageItemConfig",
@@ -5295,6 +5414,12 @@
           ],
           "x-nullable": true
         },
+        "index": {
+          "description": "Index file to serve for single-page app mode",
+          "type": "string",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
         "load_balance": {
           "allOf": [
             {
@@ -5376,6 +5501,12 @@
           "x-nullable": false,
           "x-omitempty": false
         },
+        "spa": {
+          "description": "Single-page app mode: serves index for non-existent paths",
+          "type": "boolean",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
         "ssl_certificate": {
           "description": "Path to client certificate",
           "type": "string",
@@ -5530,7 +5661,7 @@
     "types.PortMapping": {
       "type": "object",
       "additionalProperties": {
-        "$ref": "#/definitions/container.Port"
+        "$ref": "#/definitions/container.PortSummary"
       },
       "x-nullable": false,
       "x-omitempty": false

internal/api/v1/docs/swagger.yaml

@@ -57,8 +57,8 @@ definitions:
         type: string
       container_name:
         type: string
-      docker_host:
-        type: string
+      docker_cfg:
+        $ref: '#/definitions/DockerProviderConfig'
       errors:
         type: string
       idlewatcher_config:
@@ -192,12 +192,30 @@ definitions:
         type: string
       container_name:
         type: string
-      docker_host:
-        type: string
+      docker_cfg:
+        $ref: '#/definitions/DockerProviderConfig'
     required:
     - container_id
     - container_name
-    - docker_host
+    - docker_cfg
+    type: object
+  DockerProviderConfig:
+    properties:
+      tls:
+        $ref: '#/definitions/DockerTLSConfig'
+      url:
+        type: string
+    type: object
+  DockerTLSConfig:
+    properties:
+      ca_file:
+        type: string
+      cert_file:
+        type: string
+      key_file:
+        type: string
+    required:
+    - ca_file
     type: object
   ErrorResponse:
     properties:
@@ -269,7 +287,7 @@ definitions:
       path:
         type: string
       retries:
-        description: '<0: immediate, >=0: threshold'
+        description: '<0: immediate, 0: default, >0: threshold'
         type: integer
       timeout:
         type: integer
@@ -517,6 +535,8 @@ definitions:
         description: "0: no idle watcher.\nPositive: idle watcher with idle timeout.\nNegative:
           idle watcher as a dependency.\tIdleTimeout time.Duration `json:\"idle_timeout\"
           json_ext:\"duration\"`"
+      no_loading_page:
+        type: boolean
       proxmox:
         $ref: '#/definitions/ProxmoxConfig'
       start_endpoint:
@@ -555,6 +575,10 @@ definitions:
       options:
         additionalProperties: {}
         type: object
+      sticky:
+        type: boolean
+      sticky_max_age:
+        $ref: '#/definitions/time.Duration'
       weight:
         type: integer
     type: object
@@ -881,7 +905,10 @@ definitions:
         - $ref: '#/definitions/HealthJSON'
         description: for swagger
       healthcheck:
-        $ref: '#/definitions/HealthCheckConfig'
+        allOf:
+        - $ref: '#/definitions/HealthCheckConfig'
+        description: null on load-balancer routes
+        x-nullable: true
       homepage:
         $ref: '#/definitions/HomepageItemConfig'
       host:
@@ -890,6 +917,9 @@ definitions:
         allOf:
         - $ref: '#/definitions/IdlewatcherConfig'
         x-nullable: true
+      index:
+        description: Index file to serve for single-page app mode
+        type: string
       load_balance:
         allOf:
         - $ref: '#/definitions/LoadBalancerConfig'
@@ -937,6 +967,9 @@ definitions:
         - udp
         - fileserver
         type: string
+      spa:
+        description: 'Single-page app mode: serves index for non-existent paths'
+        type: boolean
       ssl_certificate:
         description: Path to client certificate
         type: string
@@ -1023,6 +1056,8 @@ definitions:
         type: number
       is_docker:
         type: boolean
+      is_excluded:
+        type: boolean
       statuses:
         items:
           $ref: '#/definitions/RouteStatus'
@@ -1248,11 +1283,12 @@ definitions:
     - StateRemoving
     - StateExited
     - StateDead
-  container.Port:
+  container.PortSummary:
     properties:
       IP:
+        allOf:
+        - $ref: '#/definitions/netip.Addr'
         description: Host IP address that the container's port is mapped to
-        type: string
       PrivatePort:
         description: |-
           Port on the container
@@ -1265,6 +1301,7 @@ definitions:
         description: |-
           type
           Required: true
+          Enum: ["tcp","udp","sctp"]
         type: string
     type: object
   disk.IOCountersStat:
@@ -1316,6 +1353,30 @@ definitions:
       used_percent:
         type: number
     type: object
+  dockerapi.RestartRequest:
+    properties:
+      id:
+        type: string
+      signal:
+        description: |-
+          Signal (optional) is the signal to send to the container to (gracefully)
+          stop it before forcibly terminating the container with SIGKILL after the
+          timeout expires. If no value is set, the default (SIGTERM) is used.
+        type: string
+      timeout:
+        description: |-
+          Timeout (optional) is the timeout (in seconds) to wait for the container
+          to stop gracefully before forcibly terminating it with SIGKILL.
+
+          - Use nil to use the default timeout (10 seconds).
+          - Use '-1' to wait indefinitely.
+          - Use '0' to not wait for the container to exit gracefully, and
+            immediately proceeds to forcibly terminating the container.
+          - Other positive values are used as timeout (in seconds).
+        type: integer
+    required:
+    - id
+    type: object
   dockerapi.StartRequest:
     properties:
       checkpointDir:
@@ -1335,7 +1396,7 @@ definitions:
         description: |-
           Signal (optional) is the signal to send to the container to (gracefully)
           stop it before forcibly terminating the container with SIGKILL after the
-          timeout expires. If not value is set, the default (SIGTERM) is used.
+          timeout expires. If no value is set, the default (SIGTERM) is used.
         type: string
       timeout:
         description: |-
@@ -1429,6 +1490,8 @@ definitions:
         description: godoxy
         type: number
     type: object
+  netip.Addr:
+    type: object
   route.Route:
     properties:
       access_log:
@@ -1457,7 +1520,10 @@ definitions:
         - $ref: '#/definitions/HealthJSON'
         description: for swagger
       healthcheck:
-        $ref: '#/definitions/HealthCheckConfig'
+        allOf:
+        - $ref: '#/definitions/HealthCheckConfig'
+        description: null on load-balancer routes
+        x-nullable: true
       homepage:
         $ref: '#/definitions/HomepageItemConfig'
       host:
@@ -1466,6 +1532,9 @@ definitions:
         allOf:
         - $ref: '#/definitions/IdlewatcherConfig'
         x-nullable: true
+      index:
+        description: Index file to serve for single-page app mode
+        type: string
       load_balance:
         allOf:
         - $ref: '#/definitions/LoadBalancerConfig'
@@ -1513,6 +1582,9 @@ definitions:
         - udp
         - fileserver
         type: string
+      spa:
+        description: 'Single-page app mode: serves index for non-existent paths'
+        type: boolean
       ssl_certificate:
         description: Path to client certificate
         type: string
@@ -1592,7 +1664,7 @@ definitions:
     type: object
   types.PortMapping:
     additionalProperties:
-      $ref: '#/definitions/container.Port'
+      $ref: '#/definitions/container.PortSummary'
     type: object
   widgets.Config:
     properties:
@@ -2008,7 +2080,7 @@ paths:
         name: request
         required: true
         schema:
-          $ref: '#/definitions/dockerapi.StopRequest'
+          $ref: '#/definitions/dockerapi.RestartRequest'
       produces:
       - application/json
       responses:

internal/api/v1/favicon.go

@@ -13,8 +13,9 @@ import (
 )
 
 type GetFavIconRequest struct {
-	URL   string `form:"url" binding:"required_without=Alias"`
-	Alias string `form:"alias" binding:"required_without=URL"`
+	URL     string               `form:"url" binding:"required_without=Alias"`
+	Alias   string               `form:"alias" binding:"required_without=URL"`
+	Variant homepage.IconVariant `form:"variant" binding:"omitempty,oneof=light dark"`
 } //	@name	GetFavIconRequest
 
 // @x-id				"favicon"
@@ -46,7 +47,11 @@ func FavIcon(c *gin.Context) {
 			c.JSON(http.StatusBadRequest, apitypes.Error("invalid url", err))
 			return
 		}
-		fetchResult, err := homepage.FetchFavIconFromURL(c.Request.Context(), &iconURL)
+		icon := &iconURL
+		if request.Variant != homepage.IconVariantNone {
+			icon = icon.WithVariant(request.Variant)
+		}
+		fetchResult, err := homepage.FetchFavIconFromURL(c.Request.Context(), icon)
 		if err != nil {
 			homepage.GinFetchError(c, fetchResult.StatusCode, err)
 			return
@@ -56,7 +61,7 @@ func FavIcon(c *gin.Context) {
 	}
 
 	// try with alias
-	result, err := GetFavIconFromAlias(c.Request.Context(), request.Alias)
+	result, err := GetFavIconFromAlias(c.Request.Context(), request.Alias, request.Variant)
 	if err != nil {
 		homepage.GinFetchError(c, result.StatusCode, err)
 		return
@@ -65,7 +70,7 @@ func FavIcon(c *gin.Context) {
 }
 
 //go:linkname GetFavIconFromAlias v1.GetFavIconFromAlias
-func GetFavIconFromAlias(ctx context.Context, alias string) (homepage.FetchResult, error) {
+func GetFavIconFromAlias(ctx context.Context, alias string, variant homepage.IconVariant) (homepage.FetchResult, error) {
 	// try with route.Icon
 	r, ok := routes.HTTP.Get(alias)
 	if !ok {
@@ -79,13 +84,19 @@ func GetFavIconFromAlias(ctx context.Context, alias string) (homepage.FetchResul
 	hp := r.HomepageItem()
 	if hp.Icon != nil {
 		if hp.Icon.IconSource == homepage.IconSourceRelative {
-			result, err = homepage.FindIcon(ctx, r, *hp.Icon.FullURL)
+			result, err = homepage.FindIcon(ctx, r, *hp.Icon.FullURL, variant)
+		} else if variant != homepage.IconVariantNone {
+			result, err = homepage.FetchFavIconFromURL(ctx, hp.Icon.WithVariant(variant))
+			if err != nil {
+				// fallback to no variant
+				result, err = homepage.FetchFavIconFromURL(ctx, hp.Icon.WithVariant(homepage.IconVariantNone))
+			}
 		} else {
 			result, err = homepage.FetchFavIconFromURL(ctx, hp.Icon)
 		}
 	} else {
 		// try extract from "link[rel=icon]"
-		result, err = homepage.FindIcon(ctx, r, "/")
+		result, err = homepage.FindIcon(ctx, r, "/", variant)
 	}
 	if result.StatusCode == 0 {
 		result.StatusCode = http.StatusOK

internal/api/v1/file/list.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/yusing/godoxy/internal/common"
-	"github.com/yusing/godoxy/internal/utils"
 	apitypes "github.com/yusing/goutils/apitypes"
+	"github.com/yusing/goutils/fs"
 )
 
 type ListFilesResponse struct {
@@ -35,7 +35,7 @@ func List(c *gin.Context) {
 	}
 
 	// config/
-	files, err := utils.ListFiles(common.ConfigBasePath, 0, true)
+	files, err := fs.ListFiles(common.ConfigBasePath, 0, true)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to list files"))
 		return
@@ -48,7 +48,7 @@ func List(c *gin.Context) {
 	}
 
 	// config/middlewares/
-	mids, err := utils.ListFiles(common.MiddlewareComposeBasePath, 0, true)
+	mids, err := fs.ListFiles(common.MiddlewareComposeBasePath, 0, true)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to list files"))
 		return

internal/api/v1/route/playground.go

@@ -12,6 +12,7 @@ import (
 	"github.com/yusing/godoxy/internal/route/rules"
 	apitypes "github.com/yusing/goutils/apitypes"
 	gperr "github.com/yusing/goutils/errs"
+	httputils "github.com/yusing/goutils/http"
 )
 
 type RawRule struct {
@@ -348,7 +349,7 @@ func checkMatchedRules(rulesList rules.Rules, w http.ResponseWriter, r *http.Req
 	var matched []string
 
 	// Create a ResponseModifier to properly check rules
-	rm := rules.NewResponseModifier(w)
+	rm := httputils.NewResponseModifier(w)
 
 	for _, rule := range rulesList {
 		// Check if rule matches

internal/api/v1/route/routes.go

@@ -34,12 +34,12 @@ func Routes(c *gin.Context) {
 
 	provider := c.Query("provider")
 	if provider == "" {
-		c.JSON(http.StatusOK, slices.Collect(routes.Iter))
+		c.JSON(http.StatusOK, slices.Collect(routes.IterAll))
 		return
 	}
 
-	rts := make([]types.Route, 0, routes.NumRoutes())
-	for r := range routes.Iter {
+	rts := make([]types.Route, 0, routes.NumAllRoutes())
+	for r := range routes.IterAll {
 		if r.ProviderName() == provider {
 			rts = append(rts, r)
 		}
@@ -51,14 +51,14 @@ func RoutesWS(c *gin.Context) {
 	provider := c.Query("provider")
 	if provider == "" {
 		websocket.PeriodicWrite(c, 3*time.Second, func() (any, error) {
-			return slices.Collect(routes.Iter), nil
+			return slices.Collect(routes.IterAll), nil
 		})
 		return
 	}
 
 	websocket.PeriodicWrite(c, 3*time.Second, func() (any, error) {
-		rts := make([]types.Route, 0, routes.NumRoutes())
-		for r := range routes.Iter {
+		rts := make([]types.Route, 0, routes.NumAllRoutes())
+		for r := range routes.IterAll {
 			if r.ProviderName() == provider {
 				rts = append(rts, r)
 			}

internal/auth/auth.go

@@ -51,6 +51,10 @@ func ProceedNext(w http.ResponseWriter, r *http.Request) {
 }
 
 func AuthCheckHandler(w http.ResponseWriter, r *http.Request) {
+	if defaultAuth == nil {
+		w.WriteHeader(http.StatusServiceUnavailable)
+		return
+	}
 	err := defaultAuth.CheckToken(r)
 	if err != nil {
 		defaultAuth.LoginHandler(w, r)
@@ -60,11 +64,13 @@ func AuthCheckHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func AuthOrProceed(w http.ResponseWriter, r *http.Request) (proceed bool) {
+	if defaultAuth == nil {
+		return true
+	}
 	err := defaultAuth.CheckToken(r)
 	if err != nil {
 		defaultAuth.LoginHandler(w, r)
 		return false
-	} else {
-		return true
 	}
+	return true
 }

internal/auth/block_page.go

@@ -12,11 +12,12 @@ var blockPageHTML string
 
 var blockPageTemplate = template.Must(template.New("block_page").Parse(blockPageHTML))
 
-func WriteBlockPage(w http.ResponseWriter, status int, error string, logoutURL string) {
+func WriteBlockPage(w http.ResponseWriter, status int, errorMessage, actionText, actionURL string) {
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	blockPageTemplate.Execute(w, map[string]string{
 		"StatusText": http.StatusText(status),
-		"Error":      error,
-		"LogoutURL":  logoutURL,
+		"Error":      errorMessage,
+		"ActionURL":  actionURL,
+		"ActionText": actionText,
 	})
 }

internal/auth/block_page.html

@@ -1,14 +1,231 @@
 <!DOCTYPE html>
 <html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 
     <title>Access Denied</title>
-</head>
-<body>
-    <h1>{{.StatusText}}</h1>
-    <p>{{.Error}}</p>
-    <a href="{{.LogoutURL}}">Logout</a>
-</body>
+    <meta name="color-scheme" content="dark" />
+    <style>
+      :root {
+        color-scheme: dark;
+        --bg0: #070a12;
+        --bg1: #0b1020;
+        --card: rgba(255, 255, 255, 0.055);
+        --card2: rgba(255, 255, 255, 0.05);
+        --text: rgba(255, 255, 255, 0.92);
+        --muted: rgba(255, 255, 255, 0.68);
+        --border: rgba(255, 255, 255, 0.12);
+        --borderSoft: rgba(255, 255, 255, 0.08);
+        --borderStrong: rgba(255, 255, 255, 0.14);
+        --borderHover: rgba(255, 255, 255, 0.22);
+        --shadow: 0 22px 60px rgba(0, 0, 0, 0.55);
+        --shadowCard: 0 22px 60px rgba(0, 0, 0, 0.58);
+        --shadowButton: 0 12px 28px rgba(0, 0, 0, 0.35);
+        --insetHighlight: inset 0 1px 0 rgba(255, 255, 255, 0.04);
+        --ring: rgba(120, 160, 210, 0.42);
+        --accent0: #7aa3c8;
+        --accent1: #9a8bc7;
+        --btn: rgba(255, 255, 255, 0.06);
+        --btnHover: rgba(255, 255, 255, 0.08);
+      }
+
+      * {
+        box-sizing: border-box;
+      }
+
+      html,
+      body {
+        height: 100%;
+      }
+
+      body {
+        margin: 0;
+        font-family: ui-sans-serif, system-ui, -apple-system, Segoe UI, Roboto,
+          Helvetica, Arial, Apple Color Emoji, Segoe UI Emoji;
+        color: var(--text);
+        background-color: var(--bg1);
+        background-image: none;
+      }
+
+      .wrap {
+        min-height: 100%;
+        display: grid;
+        place-items: center;
+        padding: 28px 16px;
+      }
+
+      .card {
+        width: min(720px, 100%);
+        background: var(--card);
+        border: 1px solid var(--border);
+        border-radius: 16px;
+        box-shadow: var(--shadowCard), var(--insetHighlight);
+        overflow: hidden;
+      }
+
+      .topbar {
+        display: flex;
+        align-items: center;
+        gap: 12px;
+        padding: 18px 18px 12px;
+        border-bottom: 1px solid var(--borderSoft);
+        background: var(--card2);
+      }
+
+      .badge {
+        width: 38px;
+        height: 38px;
+        border-radius: 12px;
+        display: grid;
+        place-items: center;
+        border: 1px solid var(--borderStrong);
+        background: var(--card2);
+      }
+
+      .badge svg {
+        opacity: 0.95;
+      }
+
+      .badge .bang {
+        font-size: 22px;
+        line-height: 1;
+        font-weight: 700;
+        color: rgba(255, 255, 255, 0.9);
+        transform: translateY(-1px);
+      }
+
+      h1 {
+        margin: 0;
+        font-size: 18px;
+        line-height: 1.25;
+        letter-spacing: 0.2px;
+      }
+
+      .sub {
+        margin: 2px 0 0;
+        font-size: 13px;
+        color: var(--muted);
+      }
+
+      .content {
+        padding: 18px;
+      }
+
+      .error {
+        margin: 0;
+        padding: 14px 14px;
+        border-radius: 12px;
+        border: 1px solid rgba(255, 255, 255, 0.1);
+        background: rgba(0, 0, 0, 0.25);
+        color: rgba(255, 255, 255, 0.8);
+        font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas,
+          Liberation Mono, Courier New, monospace;
+        font-size: 13px;
+        line-height: 1.55;
+        white-space: pre-wrap;
+        word-break: break-word;
+        text-transform: capitalize;
+      }
+
+      .actions {
+        display: flex;
+        gap: 10px;
+        flex-wrap: wrap;
+        align-items: center;
+        margin-top: 14px;
+      }
+
+      a.button {
+        display: inline-flex;
+        align-items: center;
+        justify-content: center;
+        gap: 8px;
+        padding: 8px 12px;
+        border-radius: 10px;
+        font-size: 14px;
+        text-decoration: none;
+        color: rgba(255, 255, 255, 0.92);
+        border: 1px solid var(--borderStrong);
+        background: var(--btn);
+        transition: transform 120ms ease, border-color 120ms ease,
+          background 120ms ease, box-shadow 120ms ease;
+        box-shadow: var(--shadowButton);
+      }
+
+      a.button:hover {
+        transform: translateY(-1px);
+        border-color: var(--borderHover);
+        background: var(--btnHover);
+      }
+
+      a.button:focus-visible {
+        outline: 0;
+        box-shadow: 0 0 0 3px var(--ring), var(--shadowButton);
+      }
+
+      .hint {
+        color: var(--muted);
+        font-size: 12px;
+        line-height: 1.4;
+      }
+
+      .hint kbd {
+        font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas,
+          Liberation Mono, Courier New, monospace;
+        font-size: 11px;
+        padding: 2px 4px;
+        border-radius: 6px;
+        border: 1px solid var(--borderStrong);
+        background: var(--btn);
+        color: rgba(255, 255, 255, 0.86);
+      }
+
+      kbd {
+        font-weight: 500;
+      }
+
+      .kbd-container {
+        display: inline-flex;
+        gap: 2px;
+        align-items: center;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="wrap">
+      <main class="card" role="main" aria-labelledby="title">
+        <header class="topbar">
+          <div class="badge" aria-hidden="true">
+            <span class="bang">!</span>
+          </div>
+          <div>
+            <h1 id="title">{{.StatusText}}</h1>
+            <p class="sub">
+              You don’t have permission to access this resource.
+            </p>
+          </div>
+        </header>
+
+        <section class="content">
+          <pre class="error">{{.Error}}</pre>
+          <div class="actions">
+            <a class="button" href="{{.ActionURL}}">
+              <span>{{.ActionText}}</span>
+              <span aria-hidden="true">→</span>
+            </a>
+            <div class="hint">
+              If you just signed in, try refreshing the page.
+              <span aria-hidden="true"> </span>
+              <div class="kbd-container">
+                <kbd>Ctrl</kbd>
+                <span>+</span>
+                <kbd>R</kbd>
+              </div>
+            </div>
+          </div>
+        </section>
+      </main>
+    </div>
+  </body>
 </html>

internal/auth/oidc.go

@@ -10,6 +10,7 @@ import (
 	"net/http"
 	"net/url"
 	"slices"
+	"strings"
 	"time"
 
 	"github.com/coreos/go-oidc/v3/oidc"
@@ -30,6 +31,10 @@ type (
 		endSessionURL *url.URL
 		allowedUsers  []string
 		allowedGroups []string
+
+		rateLimit *rate.Limiter
+
+		onUnknownPathHandler http.HandlerFunc
 	}
 
 	IDTokenClaims struct {
@@ -63,8 +68,9 @@ func (auth *OIDCProvider) getAppScopedCookieName(baseName string) string {
 
 const (
 	OIDCAuthInitPath = "/"
-	OIDCPostAuthPath = "/auth/callback"
-	OIDCLogoutPath   = "/auth/logout"
+	OIDCAuthBasePath = "/auth/"
+	OIDCPostAuthPath = OIDCAuthBasePath + "callback"
+	OIDCLogoutPath   = OIDCAuthBasePath + "logout"
 )
 
 var (
@@ -119,6 +125,7 @@ func NewOIDCProvider(issuerURL, clientID, clientSecret string, allowedUsers, all
 		endSessionURL: endSessionURL,
 		allowedUsers:  allowedUsers,
 		allowedGroups: allowedGroups,
+		rateLimit:     rate.NewLimiter(rate.Every(common.OIDCRateLimitPeriod), common.OIDCRateLimit),
 	}, nil
 }
 
@@ -161,6 +168,7 @@ func NewOIDCProviderWithCustomClient(baseProvider *OIDCProvider, clientID, clien
 		endSessionURL: baseProvider.endSessionURL,
 		allowedUsers:  baseProvider.allowedUsers,
 		allowedGroups: baseProvider.allowedGroups,
+		rateLimit:     baseProvider.rateLimit,
 	}, nil
 }
 
@@ -176,6 +184,10 @@ func (auth *OIDCProvider) SetScopes(scopes []string) {
 	auth.oauthConfig.Scopes = scopes
 }
 
+func (auth *OIDCProvider) SetOnUnknownPathHandler(handler http.HandlerFunc) {
+	auth.onUnknownPathHandler = handler
+}
+
 // optRedirectPostAuth returns an oauth2 option that sets the "redirect_uri"
 // parameter of the authorization URL to the post auth path of the current
 // request host.
@@ -199,7 +211,7 @@ func (auth *OIDCProvider) HandleAuth(w http.ResponseWriter, r *http.Request) {
 	if r.URL.Path == "" {
 		r.URL.Path = OIDCAuthInitPath
 	}
-	if r.TLS == nil && r.Header.Get("X-Forwarded-Proto") != "https" {
+	if r.TLS == nil && strings.EqualFold(r.Header.Get("X-Forwarded-Proto"), "https") {
 		r.URL.Scheme = "https"
 		http.Redirect(w, r, r.URL.String(), http.StatusFound)
 		return
@@ -212,13 +224,20 @@ func (auth *OIDCProvider) HandleAuth(w http.ResponseWriter, r *http.Request) {
 	case OIDCLogoutPath:
 		auth.LogoutHandler(w, r)
 	default:
+		if auth.onUnknownPathHandler != nil {
+			auth.onUnknownPathHandler(w, r)
+			return
+		}
 		http.Redirect(w, r, OIDCAuthInitPath, http.StatusFound)
 	}
 }
 
-var rateLimit = rate.NewLimiter(rate.Every(time.Second), 1)
-
 func (auth *OIDCProvider) LoginHandler(w http.ResponseWriter, r *http.Request) {
+	if !httputils.GetAccept(r.Header).AcceptHTML() {
+		http.Error(w, "authentication is required", http.StatusForbidden)
+		return
+	}
+
 	// check for session token
 	sessionToken, err := r.Cookie(auth.getAppScopedCookieName(CookieOauthSessionToken))
 	if err == nil { // session token exists
@@ -238,8 +257,8 @@ func (auth *OIDCProvider) LoginHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !rateLimit.Allow() {
-		http.Error(w, "auth rate limit exceeded", http.StatusTooManyRequests)
+	if !auth.rateLimit.Allow() {
+		WriteBlockPage(w, http.StatusTooManyRequests, "auth rate limit exceeded", "Try again", OIDCAuthInitPath)
 		return
 	}
 
@@ -306,34 +325,39 @@ func (auth *OIDCProvider) PostAuthCallbackHandler(w http.ResponseWriter, r *http
 	// verify state
 	state, err := r.Cookie(auth.getAppScopedCookieName(CookieOauthState))
 	if err != nil {
-		http.Error(w, "missing state cookie", http.StatusBadRequest)
+		auth.clearCookie(w, r)
+		WriteBlockPage(w, http.StatusBadRequest, "missing state cookie", "Back to Login", OIDCAuthInitPath)
 		return
 	}
 	if r.URL.Query().Get("state") != state.Value {
-		http.Error(w, "invalid oauth state", http.StatusBadRequest)
+		auth.clearCookie(w, r)
+		WriteBlockPage(w, http.StatusBadRequest, "invalid oauth state", "Back to Login", OIDCAuthInitPath)
 		return
 	}
 
 	code := r.URL.Query().Get("code")
 	oauth2Token, err := auth.oauthConfig.Exchange(r.Context(), code, optRedirectPostAuth(r))
 	if err != nil {
-		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-		httputils.LogError(r).Msg(fmt.Sprintf("failed to exchange token: %v", err))
+		auth.clearCookie(w, r)
+		WriteBlockPage(w, http.StatusInternalServerError, "failed to exchange token", "Try again", OIDCAuthInitPath)
+		httputils.LogError(r).Msgf("failed to exchange token: %v", err)
 		return
 	}
 
 	idTokenJWT, idToken, err := auth.getIDToken(r.Context(), oauth2Token)
 	if err != nil {
-		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-		httputils.LogError(r).Msg(fmt.Sprintf("failed to get ID token: %v", err))
+		auth.clearCookie(w, r)
+		WriteBlockPage(w, http.StatusInternalServerError, "failed to get ID token", "Try again", OIDCAuthInitPath)
+		httputils.LogError(r).Msgf("failed to get ID token: %v", err)
 		return
 	}
 
 	if oauth2Token.RefreshToken != "" {
 		claims, err := parseClaims(idToken)
 		if err != nil {
-			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			httputils.LogError(r).Msg(fmt.Sprintf("failed to parse claims: %v", err))
+			auth.clearCookie(w, r)
+			WriteBlockPage(w, http.StatusInternalServerError, "failed to parse claims", "Try again", OIDCAuthInitPath)
+			httputils.LogError(r).Msgf("failed to parse claims: %v", err)
 			return
 		}
 		session := newSession(claims.Username, claims.Groups)

internal/autocert/config.go

@@ -15,18 +15,18 @@ import (
 	"github.com/go-acme/lego/v4/lego"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
-	"github.com/yusing/godoxy/internal/utils"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )
 
 type Config struct {
-	Email       string         `json:"email,omitempty"`
-	Domains     []string       `json:"domains,omitempty"`
-	CertPath    string         `json:"cert_path,omitempty"`
-	KeyPath     string         `json:"key_path,omitempty"`
-	ACMEKeyPath string         `json:"acme_key_path,omitempty"`
-	Provider    string         `json:"provider,omitempty"`
-	Options     map[string]any `json:"options,omitempty"`
+	Email       string                       `json:"email,omitempty"`
+	Domains     []string                     `json:"domains,omitempty"`
+	CertPath    string                       `json:"cert_path,omitempty"`
+	KeyPath     string                       `json:"key_path,omitempty"`
+	ACMEKeyPath string                       `json:"acme_key_path,omitempty"`
+	Provider    string                       `json:"provider,omitempty"`
+	Options     map[string]strutils.Redacted `json:"options,omitempty"`
 
 	Resolvers []string `json:"resolvers,omitempty"`
 
@@ -96,7 +96,7 @@ func (cfg *Config) Validate() gperr.Error {
 			if cfg.Provider != ProviderCustom {
 				b.Add(ErrUnknownProvider.
 					Subject(cfg.Provider).
-					With(gperr.DoYouMean(utils.NearestField(cfg.Provider, Providers))))
+					With(gperr.DoYouMeanField(cfg.Provider, Providers)))
 			}
 		} else {
 			provider, err := providerConstructor(cfg.Options)

internal/autocert/providers.go

@@ -4,9 +4,10 @@ import (
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/yusing/godoxy/internal/serialization"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )
 
-type Generator func(map[string]any) (challenge.Provider, gperr.Error)
+type Generator func(map[string]strutils.Redacted) (challenge.Provider, gperr.Error)
 
 var Providers = make(map[string]Generator)
 
@@ -14,10 +15,10 @@ func DNSProvider[CT any, PT challenge.Provider](
 	defaultCfg func() *CT,
 	newProvider func(*CT) (PT, error),
 ) Generator {
-	return func(opt map[string]any) (challenge.Provider, gperr.Error) {
+	return func(opt map[string]strutils.Redacted) (challenge.Provider, gperr.Error) {
 		cfg := defaultCfg()
 		if len(opt) > 0 {
-			err := serialization.MapUnmarshalValidate(opt, &cfg)
+			err := serialization.MapUnmarshalValidate(serialization.ToSerializedObject(opt), &cfg)
 			if err != nil {
 				return nil, err
 			}

internal/common/constants.go

@@ -1,9 +1,5 @@
 package common
 
-import (
-	"time"
-)
-
 // file, folder structure
 
 const (
@@ -38,10 +34,6 @@ var RequiredDirectories = []string{
 const DockerHostFromEnv = "$DOCKER_HOST"
 
 const (
-	HealthCheckIntervalDefault        = 5 * time.Second
-	HealthCheckTimeoutDefault         = 5 * time.Second
-	HealthCheckDownNotifyDelayDefault = 15 * time.Second
-
 	WakeTimeoutDefault = "3m"
 	StopTimeoutDefault = "3m"
 	StopMethodDefault  = "stop"

internal/common/env.go

@@ -39,12 +39,14 @@ var (
 	DebugDisableAuth = env.GetEnvBool("DEBUG_DISABLE_AUTH", false)
 
 	// OIDC Configuration.
-	OIDCIssuerURL     = env.GetEnvString("OIDC_ISSUER_URL", "")
-	OIDCClientID      = env.GetEnvString("OIDC_CLIENT_ID", "")
-	OIDCClientSecret  = env.GetEnvString("OIDC_CLIENT_SECRET", "")
-	OIDCScopes        = env.GetEnvCommaSep("OIDC_SCOPES", "openid, profile, email, groups")
-	OIDCAllowedUsers  = env.GetEnvCommaSep("OIDC_ALLOWED_USERS", "")
-	OIDCAllowedGroups = env.GetEnvCommaSep("OIDC_ALLOWED_GROUPS", "")
+	OIDCIssuerURL       = env.GetEnvString("OIDC_ISSUER_URL", "")
+	OIDCClientID        = env.GetEnvString("OIDC_CLIENT_ID", "")
+	OIDCClientSecret    = env.GetEnvString("OIDC_CLIENT_SECRET", "")
+	OIDCScopes          = env.GetEnvCommaSep("OIDC_SCOPES", "openid, profile, email, groups")
+	OIDCAllowedUsers    = env.GetEnvCommaSep("OIDC_ALLOWED_USERS", "")
+	OIDCAllowedGroups   = env.GetEnvCommaSep("OIDC_ALLOWED_GROUPS", "")
+	OIDCRateLimit       = env.GetEnvInt("OIDC_RATE_LIMIT", 10)
+	OIDCRateLimitPeriod = env.GetEnvDuation("OIDC_RATE_LIMIT_PERIOD", time.Second)
 
 	// metrics configuration
 	MetricsDisableCPU     = env.GetEnvBool("METRICS_DISABLE_CPU", false)

internal/config/events.go

@@ -57,6 +57,8 @@ func Load() error {
 		panic(errors.New("config already loaded"))
 	}
 	state := NewState()
+	config.WorkingState.Store(state)
+
 	cfgWatcher = watcher.NewConfigFileWatcher(common.ConfigFileName)
 
 	initErr := state.InitFromFile(common.ConfigPath)
@@ -82,11 +84,13 @@ func Reload() gperr.Error {
 	defer reloadMu.Unlock()
 
 	newState := NewState()
+	config.WorkingState.Store(newState)
+
 	err := newState.InitFromFile(common.ConfigPath)
 	if err != nil {
 		newState.Task().FinishAndWait(err)
-		logNotifyError("reload", err)
-		return gperr.New(ansi.Warning("using last config")).With(err)
+		config.WorkingState.Store(GetState())
+		return gperr.Wrap(err, ansi.Warning("using last config"))
 	}
 
 	// flush temporary log
@@ -98,7 +102,6 @@ func Reload() gperr.Error {
 	SetState(newState)
 
 	if err := newState.StartProviders(); err != nil {
-		gperr.LogWarn("start providers error", err)
 		logNotifyError("start providers", err)
 		return nil // continue
 	}
@@ -113,7 +116,7 @@ func WatchChanges() {
 		configEventFlushInterval,
 		OnConfigChange,
 		func(err gperr.Error) {
-			gperr.LogError("config reload error", err)
+			logNotifyError("reload", err)
 		},
 	)
 	eventQueue.Start(cfgWatcher.Events(t.Context()))

internal/config/state.go

@@ -70,7 +70,6 @@ func SetState(state config.State) {
 	defer stateMu.Unlock()
 
 	cfg := state.Value()
-	config.ActiveConfig.Store(cfg)
 	config.ActiveState.Store(state)
 	acl.ActiveConfig.Store(cfg.ACL)
 	entrypoint.ActiveConfig.Store(&cfg.Entrypoint)
@@ -87,13 +86,13 @@ func HasState() bool {
 }
 
 func Value() *config.Config {
-	return config.ActiveConfig.Load()
+	return config.ActiveState.Load().Value()
 }
 
 func (state *state) InitFromFile(filename string) error {
 	data, err := os.ReadFile(common.ConfigPath)
 	if err != nil {
-		state.Config = *config.DefaultConfig()
+		state.Config = config.DefaultConfig()
 		return err
 	}
 	return state.Init(data)
@@ -319,9 +318,9 @@ func (state *state) loadRouteProviders() error {
 		})
 	}
 
-	for name, dockerHost := range providers.Docker {
+	for name, dockerCfg := range providers.Docker {
 		providersProducer.Go(func() {
-			providersCh <- route.NewDockerProvider(name, dockerHost)
+			providersCh <- route.NewDockerProvider(name, dockerCfg)
 		})
 	}
 
@@ -409,5 +408,6 @@ func (state *state) printRoutesByProvider(lenLongestName int) {
 
 func (state *state) printState() {
 	state.tmpLog.Info().Msg("active config:")
-	yaml.NewEncoder(state.tmpLog).Encode(state.Config)
+	yamlRepr, _ := yaml.Marshal(state.Config)
+	state.tmpLog.Info().Msgf("%s", yamlRepr) // prevent copying when casting to string
 }

internal/config/types/config.go

@@ -2,7 +2,6 @@ package config
 
 import (
 	"regexp"
-	"sync/atomic"
 
 	"github.com/go-playground/validator/v10"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -14,6 +13,7 @@ import (
 	"github.com/yusing/godoxy/internal/notif"
 	"github.com/yusing/godoxy/internal/proxmox"
 	"github.com/yusing/godoxy/internal/serialization"
+	"github.com/yusing/godoxy/internal/types"
 	gperr "github.com/yusing/goutils/errs"
 )
 
@@ -25,32 +25,29 @@ type (
 		Providers       Providers         `json:"providers"`
 		MatchDomains    []string          `json:"match_domains" validate:"domain_name"`
 		Homepage        homepage.Config   `json:"homepage"`
+		Defaults        Defaults          `json:"defaults"`
 		TimeoutShutdown int               `json:"timeout_shutdown" validate:"gte=0"`
 	}
+	Defaults struct {
+		HealthCheck types.HealthCheckConfig `json:"healthcheck"`
+	}
 	Providers struct {
-		Files        []string                    `json:"include" yaml:"include,omitempty" validate:"dive,filepath"`
-		Docker       map[string]string           `json:"docker" yaml:"docker,omitempty" validate:"non_empty_docker_keys,dive,unix_addr|url"`
-		Agents       []*agent.AgentConfig        `json:"agents" yaml:"agents,omitempty"`
-		Notification []*notif.NotificationConfig `json:"notification" yaml:"notification,omitempty"`
-		Proxmox      []proxmox.Config            `json:"proxmox" yaml:"proxmox,omitempty"`
-		MaxMind      *maxmind.Config             `json:"maxmind" yaml:"maxmind,omitempty"`
+		Files        []string                              `json:"include" yaml:"include,omitempty" validate:"dive,filepath"`
+		Docker       map[string]types.DockerProviderConfig `json:"docker" yaml:"docker,omitempty" validate:"non_empty_docker_keys"`
+		Agents       []*agent.AgentConfig                  `json:"agents" yaml:"agents,omitempty"`
+		Notification []*notif.NotificationConfig           `json:"notification" yaml:"notification,omitempty"`
+		Proxmox      []proxmox.Config                      `json:"proxmox" yaml:"proxmox,omitempty"`
+		MaxMind      *maxmind.Config                       `json:"maxmind" yaml:"maxmind,omitempty"`
 	}
 )
 
-// nil-safe
-var ActiveConfig atomic.Pointer[Config]
-
-func init() {
-	ActiveConfig.Store(DefaultConfig())
-}
-
 func Validate(data []byte) gperr.Error {
 	var model Config
 	return serialization.UnmarshalValidateYAML(data, &model)
 }
 
-func DefaultConfig() *Config {
-	return &Config{
+func DefaultConfig() Config {
+	return Config{
 		TimeoutShutdown: 3,
 		Homepage: homepage.Config{
 			UseDefaultCategories: true,
@@ -61,7 +58,6 @@ func DefaultConfig() *Config {
 var matchDomainsRegex = regexp.MustCompile(`^[^\.]?([\w\d\-_]\.?)+[^\.]?$`)
 
 func init() {
-	serialization.RegisterDefaultValueFactory(DefaultConfig)
 	serialization.MustRegisterValidation("domain_name", func(fl validator.FieldLevel) bool {
 		domains := fl.Field().Interface().([]string)
 		for _, domain := range domains {
@@ -72,7 +68,7 @@ func init() {
 		return true
 	})
 	serialization.MustRegisterValidation("non_empty_docker_keys", func(fl validator.FieldLevel) bool {
-		m := fl.Field().Interface().(map[string]string)
+		m := fl.Field().Interface().(map[string]types.DockerProviderConfig)
 		for k := range m {
 			if k == "" {
 				return false

internal/config/types/state.go

@@ -33,7 +33,10 @@ type State interface {
 	FlushTmpLog()
 }
 
-// could be nil
+// could be nil before first call on Load
 var ActiveState synk.Value[State]
 
+// working state while loading config, same as ActiveState after successful load
+var WorkingState synk.Value[State]
+
 var ErrConfigChanged = errors.New("config changed")

internal/dnsproviders/go.mod

@@ -1,101 +1,101 @@
 module github.com/yusing/godoxy/internal/dnsproviders
 
-go 1.25.3
+go 1.25.5
 
 replace github.com/yusing/godoxy => ../..
 
 require (
-	github.com/go-acme/lego/v4 v4.27.0
-	github.com/yusing/godoxy v0.20.2
+	github.com/go-acme/lego/v4 v4.30.1
+	github.com/yusing/godoxy v0.21.3
 )
 
 require (
-	cloud.google.com/go/auth v0.17.0 // indirect
+	cloud.google.com/go/auth v0.18.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/compute/metadata v0.9.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/bytedance/gopkg v0.1.3 // indirect
 	github.com/bytedance/sonic v1.14.2 // indirect
 	github.com/bytedance/sonic/loader v0.4.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.28.0 // indirect
-	github.com/go-resty/resty/v2 v2.16.5 // indirect
-	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/go-playground/validator/v10 v10.30.1 // indirect
+	github.com/go-resty/resty/v2 v2.17.1 // indirect
+	github.com/goccy/go-yaml v1.19.1 // indirect
 	github.com/gofrs/flock v0.13.0 // indirect
 	github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
-	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/go-querystring v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
-	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
+	github.com/googleapis/gax-go/v2 v2.16.0 // indirect
 	github.com/gotify/server/v2 v2.7.3 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/linode/linodego v1.60.0 // indirect
+	github.com/linode/linodego v1.63.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/maxatome/go-testdeep v1.14.0 // indirect
-	github.com/miekg/dns v1.1.68 // indirect
+	github.com/miekg/dns v1.1.69 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/nrdcg/goacmedns v0.2.0 // indirect
-	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.102.1 // indirect
-	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.102.1 // indirect
+	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.105.2 // indirect
+	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.105.2 // indirect
 	github.com/nrdcg/porkbun v0.4.0 // indirect
 	github.com/ovh/go-ovh v1.9.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/puzpuzpuz/xsync/v4 v4.2.0 // indirect
 	github.com/rs/zerolog v1.34.0 // indirect
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35 // indirect
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 // indirect
 	github.com/sony/gobreaker v1.0.0 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/stretchr/testify v1.11.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/vultr/govultr/v3 v3.24.0 // indirect
+	github.com/vultr/govultr/v3 v3.26.1 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	github.com/yusing/gointernals v0.1.16 // indirect
 	github.com/yusing/goutils v0.7.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
-	go.opentelemetry.io/otel v1.38.0 // indirect
-	go.opentelemetry.io/otel/metric v1.38.0 // indirect
-	go.opentelemetry.io/otel/trace v1.38.0 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.uber.org/ratelimit v0.3.1 // indirect
-	golang.org/x/arch v0.22.0 // indirect
-	golang.org/x/crypto v0.43.0 // indirect
-	golang.org/x/mod v0.29.0 // indirect
-	golang.org/x/net v0.46.0 // indirect
-	golang.org/x/oauth2 v0.32.0 // indirect
-	golang.org/x/sync v0.17.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/text v0.30.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
-	google.golang.org/api v0.253.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect
-	google.golang.org/grpc v1.76.0 // indirect
-	google.golang.org/protobuf v1.36.10 // indirect
+	golang.org/x/arch v0.23.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/mod v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
+	google.golang.org/api v0.258.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
+	google.golang.org/grpc v1.78.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

internal/dnsproviders/go.sum

@@ -1,14 +1,14 @@
-cloud.google.com/go/auth v0.17.0 h1:74yCm7hCj2rUyyAocqnFzsAYXgJhrG26XCFimrc/Kz4=
-cloud.google.com/go/auth v0.17.0/go.mod h1:6wv/t5/6rOPAX4fJiRjKkJCvswLwdet7G8+UGXt7nCQ=
+cloud.google.com/go/auth v0.18.0 h1:wnqy5hrv7p3k7cShwAU/Br3nzod7fxoqG+k0VZ+/Pk0=
+cloud.google.com/go/auth v0.18.0/go.mod h1:wwkPM1AgE1f2u6dG443MiWoD8C3BtOywNsUMcUTVDRo=
 cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
 cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
 cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
 cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 h1:5YTBM8QDVIBN3sxBil89WfdAAqDZbyJTgh688DSxX5w=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 h1:KpMC6LFL7mqpExyMC9jVOYRiVhLmamjeZfRsUpB7l4s=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0/go.mod h1:J7MUC/wtRpfGVbQ5sIItY5/FuVWmvzlY21WAOfQnq/I=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 h1:JXg2dwJUmPB9JmtVmdEB16APJ7jurfbY5jnfXpJoRMc=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
@@ -25,8 +25,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 h1:XkkQbfMyuH2jTSjQjSoihryI8GINRcs4xp8lNawg0FI=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
 github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 h1:h/33OxYLqBk0BYmEbSUy7MlvgQR/m1w1/7OJFKoPL1I=
 github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0/go.mod h1:rvh3imDA6EaQi+oM/GQHkQAOHbXPKJ7EWJvfjuw141Q=
 github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
@@ -42,6 +42,8 @@ github.com/bytedance/sonic/loader v0.4.0 h1:olZ7lEqcxtZygCK9EKYKADnpQoYkRQxaeY2N
 github.com/bytedance/sonic/loader v0.4.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
 github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
@@ -53,10 +55,10 @@ github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
 github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
-github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
-github.com/go-acme/lego/v4 v4.27.0 h1:cIhWd7Uj4BNFLEF3IpwuMkukVVRs5qjlp4KdUGa75yU=
-github.com/go-acme/lego/v4 v4.27.0/go.mod h1:9FfNZHZmg6hf5CWOp4Lzo4gU8aBEvqZvrwdkBboa+4g=
+github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
+github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/go-acme/lego/v4 v4.30.1 h1:tmb6U0lvy8Mc3lQbqKwTat7oAhE8FUYNJ3D0gSg6pJU=
+github.com/go-acme/lego/v4 v4.30.1/go.mod h1:V7m/Ip+EeFkjOe028+zeH+SwWtESxw1LHelwMIfAjm4=
 github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
 github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -72,12 +74,12 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
-github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
-github.com/go-resty/resty/v2 v2.16.5 h1:hBKqmWrr7uRc3euHVqmh1HTHcKn99Smr7o5spptdhTM=
-github.com/go-resty/resty/v2 v2.16.5/go.mod h1:hkJtXbA2iKHzJheXYvQ8snQES5ZLGKMwQ07xAwp/fiA=
-github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
-github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
+github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
+github.com/go-resty/resty/v2 v2.17.1 h1:x3aMpHK1YM9e4va/TMDRlusDDoZiQ+ViDu/WpA6xTM4=
+github.com/go-resty/resty/v2 v2.17.1/go.mod h1:kCKZ3wWmwJaNc7S29BRtUhJwy7iqmn+2mLtQrOyQlVA=
+github.com/goccy/go-yaml v1.19.1 h1:3rG3+v8pkhRqoQ/88NYNMHYVGYztCOCIZ7UQhu7H+NE=
+github.com/goccy/go-yaml v1.19.1/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=
 github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0=
@@ -85,19 +87,19 @@ github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9v
 github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
-github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0=
+github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU=
 github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
-github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo=
-github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc=
+github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
+github.com/googleapis/gax-go/v2 v2.16.0 h1:iHbQmKLLZrexmb0OSsNGTeSTS0HO4YvFOG8g5E4Zd0Y=
+github.com/googleapis/gax-go/v2 v2.16.0/go.mod h1:o1vfQjjNZn4+dPnRdl/4ZD7S9414Y4xA+a/6Icj6l14=
 github.com/gotify/server/v2 v2.7.3 h1:nro/ZnxdlZFvxFcw9LREGA8zdk6CK744azwhuhX/A4g=
 github.com/gotify/server/v2 v2.7.3/go.mod h1:VAtE1RIc/2j886PYs9WPQbMjqbFsoyQ0G8IdFtnAxU0=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
@@ -120,8 +122,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/linode/linodego v1.60.0 h1:SgsebJFRCi+lSmYy+C40wmKZeJllGGm+W12Qw4+yVdI=
-github.com/linode/linodego v1.60.0/go.mod h1:1+Bt0oTz5rBnDOJbGhccxn7LYVytXTIIfAy7QYmijDs=
+github.com/linode/linodego v1.63.0 h1:MdjizfXNJDVJU6ggoJmMO5O9h4KGPGivNX0fzrAnstk=
+github.com/linode/linodego v1.63.0/go.mod h1:GoiwLVuLdBQcAebxAVKVL3mMYUgJZR/puOUSla04xBE=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -131,16 +133,16 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/maxatome/go-testdeep v1.14.0 h1:rRlLv1+kI8eOI3OaBXZwb3O7xY3exRzdW5QyX48g9wI=
 github.com/maxatome/go-testdeep v1.14.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
-github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
-github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
+github.com/miekg/dns v1.1.69 h1:Kb7Y/1Jo+SG+a2GtfoFUfDkG//csdRPwRLkCsxDG9Sc=
+github.com/miekg/dns v1.1.69/go.mod h1:7OyjD9nEba5OkqQ/hB4fy3PIoxafSZJtducccIelz3g=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0=
 github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.102.1 h1:45giryNXrlUHzK/Cd4DDBOhaK0EklXrhjTgv00Zo5po=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.102.1/go.mod h1:SfDIKzNQ5AGNMMOA3LGqSPnn63F6Gc4E4bsKArqymvg=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.102.1 h1:2EthQw4pEN2rbbSLWlF9itV+Ws2xmAmIcfKYsrwCbVA=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.102.1/go.mod h1:xOLJ0zNGmF4M4LqdQclLONwdzjJewNl/7WQiZgrvYR8=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.105.2 h1:l0tH15ACQADZAzC+LZ+mo2tIX4H6uZu0ulrVmG5Tqz0=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.105.2/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.105.2 h1:gzB4c6ztb38C/jYiqEaFC+mCGcWFHDji9e6jwymY9d4=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.105.2/go.mod h1:l1qIPIq2uRV5WTSvkbhbl/ndbeOu7OCb3UZ+0+2ZSb8=
 github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
 github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/ovh/go-ovh v1.9.0 h1:6K8VoL3BYjVV3In9tPJUdT7qMx9h0GExN9EXx1r2kKE=
@@ -158,8 +160,8 @@ github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35 h1:8xfn1RzeI9yoCUuEwDy08F+No6PcKZGEDOQ6hrRyLts=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.35/go.mod h1:47B1d/YXmSAxlJxUJxClzHR6b3T4M1WyCvwENPQNBWc=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 h1:ObX9hZmK+VmijreZO/8x9pQ8/P/ToHD/bdSb4Eg4tUo=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36/go.mod h1:LEsDu4BubxK7/cWhtlQWfuxwL4rf/2UEpxXz1o1EMtM=
 github.com/sony/gobreaker v1.0.0 h1:feX5fGGXSl3dYd4aHZItw+FpHLvvoaqkawKjVNiFMNQ=
 github.com/sony/gobreaker v1.0.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -178,8 +180,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/vultr/govultr/v3 v3.24.0 h1:fTTTj0VBve+Miy+wGhlb90M2NMDfpGFi6Frlj3HVy6M=
-github.com/vultr/govultr/v3 v3.24.0/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
+github.com/vultr/govultr/v3 v3.26.1 h1:G/M0rMQKwVSmL+gb0UgETbW5mcQi0Vf/o/ZSGdBCxJw=
+github.com/vultr/govultr/v3 v3.26.1/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI=
 github.com/yusing/gointernals v0.1.16 h1:GrhZZdxzA+jojLEqankctJrOuAYDb7kY1C93S1pVR34=
@@ -190,61 +192,60 @@ go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg=
-go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
-go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
-go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
-go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
-go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
-go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
-go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
-go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
-go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
-go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/ratelimit v0.3.1 h1:K4qVE+byfv/B3tC+4nYWP7v/6SimcO7HzHekoMNBma0=
 go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJhRk=
-golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
-golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
-golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
-golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
-golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
-golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
-golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
-golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
-golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
-golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
+golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
-golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
-golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.253.0 h1:apU86Eq9Q2eQco3NsUYFpVTfy7DwemojL7LmbAj7g/I=
-google.golang.org/api v0.253.0/go.mod h1:PX09ad0r/4du83vZVAaGg7OaeyGnaUmT/CYPNvtLCbw=
-google.golang.org/genproto v0.0.0-20250908214217-97024824d090 h1:ywCL7vA2n3vVHyf+bx1ZV/knaTPRI8GIeKY0MEhEeOc=
-google.golang.org/genproto v0.0.0-20250908214217-97024824d090/go.mod h1:zwJI9HzbJJlw2KXy0wX+lmT2JuZoaKK9JC4ppqmxxjk=
-google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1 h1:APHvLLYBhtZvsbnpkfknDZ7NyH4z5+ub/I0u8L3Oz6g=
-google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1/go.mod h1:xUjFWUnWDpZ/C0Gu0qloASKFb6f8/QXiiXhSPFsD668=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
-google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
-google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
-google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
-google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+google.golang.org/api v0.258.0 h1:IKo1j5FBlN74fe5isA2PVozN3Y5pwNKriEgAXPOkDAc=
+google.golang.org/api v0.258.0/go.mod h1:qhOMTQEZ6lUps63ZNq9jhODswwjkjYYguA7fA3TBFww=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:yJ2HH4EHEDTd3JiLmhds6NkJ17ITVYOdV3m3VKOnws0=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b h1:Mv8VFug0MP9e5vUxfBcE3vUkV6CImK3cMNMIDFjmzxU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
+google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

internal/docker/client.go

@@ -2,7 +2,6 @@ package docker
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"maps"
 	"net"
@@ -14,10 +13,10 @@ import (
 	"unsafe"
 
 	"github.com/docker/cli/cli/connhelper"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
-	"github.com/yusing/godoxy/internal/common"
+	"github.com/yusing/godoxy/internal/types"
 	httputils "github.com/yusing/goutils/http"
 	"github.com/yusing/goutils/task"
 	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
@@ -28,6 +27,8 @@ type (
 	SharedClient struct {
 		*client.Client
 
+		cfg types.DockerProviderConfig
+
 		refCount atomic.Int32
 		closedOn atomic.Int64
 
@@ -115,12 +116,12 @@ func Clients() map[string]*SharedClient {
 // Returns existing client if available.
 //
 // Parameters:
-//   - host: the host to connect to (either a URL or common.DockerHostFromEnv).
+//   - host: the host to connect to (either a URL or client.DefaultDockerHost).
 //
 // Returns:
 //   - Client: the Docker client connection.
 //   - error: an error if the connection failed.
-func NewClient(host string, unique ...bool) (*SharedClient, error) {
+func NewClient(cfg types.DockerProviderConfig, unique ...bool) (*SharedClient, error) {
 	initClientCleanerOnce.Do(initClientCleaner)
 
 	u := false
@@ -128,6 +129,8 @@ func NewClient(host string, unique ...bool) (*SharedClient, error) {
 		u = unique[0]
 	}
 
+	host := cfg.URL
+
 	if !u {
 		clientMapMu.Lock()
 		defer clientMapMu.Unlock()
@@ -152,52 +155,38 @@ func NewClient(host string, unique ...bool) (*SharedClient, error) {
 		opt = []client.Opt{
 			client.WithHost(agent.DockerHost),
 			client.WithHTTPClient(cfg.NewHTTPClient()),
-			client.WithAPIVersionNegotiation(),
 		}
 		addr = "tcp://" + cfg.Addr
 		dial = cfg.DialContext
 	} else {
-		switch host {
-		case "":
-			return nil, errors.New("empty docker host")
-		case common.DockerHostFromEnv:
+		helper, err := connhelper.GetConnectionHelper(host)
+		if err != nil {
+			log.Panic().Err(err).Msg("failed to get connection helper")
+		}
+		if helper != nil {
 			opt = []client.Opt{
-				client.WithHostFromEnv(),
-				client.WithAPIVersionNegotiation(),
+				client.WithHost(helper.Host),
+				client.WithDialContext(helper.Dialer),
 			}
-		default:
-			helper, err := connhelper.GetConnectionHelper(host)
-			if err != nil {
-				log.Panic().Err(err).Msg("failed to get connection helper")
-			}
-			if helper != nil {
-				httpClient := &http.Client{
-					Transport: &http.Transport{
-						DialContext: helper.Dialer,
-					},
-				}
-				opt = []client.Opt{
-					client.WithHTTPClient(httpClient),
-					client.WithHost(helper.Host),
-					client.WithAPIVersionNegotiation(),
-					client.WithDialContext(helper.Dialer),
-				}
-			} else {
-				opt = []client.Opt{
-					client.WithHost(host),
-					client.WithAPIVersionNegotiation(),
-				}
+		} else {
+			opt = []client.Opt{
+				client.WithHost(host),
 			}
 		}
 	}
 
-	client, err := client.NewClientWithOpts(opt...)
+	if cfg.TLS != nil {
+		opt = append(opt, client.WithTLSClientConfig(cfg.TLS.CAFile, cfg.TLS.CertFile, cfg.TLS.KeyFile))
+	}
+
+	client, err := client.New(opt...)
 	if err != nil {
 		return nil, err
 	}
 
 	c := &SharedClient{
 		Client: client,
+		cfg:    cfg,
 		addr:   addr,
 		key:    host,
 		dial:   dial,
@@ -234,7 +223,7 @@ func (c *SharedClient) InterceptHTTPClient(intercept httputils.InterceptFunc) {
 func (c *SharedClient) CloneUnique() *SharedClient {
 	// there will be no error here
 	// since we are using the same host from a valid client.
-	c, _ = NewClient(c.key, true)
+	c, _ = NewClient(c.cfg, true)
 	return c
 }
 

internal/docker/container.go

@@ -11,12 +11,12 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/serialization"
 	"github.com/yusing/godoxy/internal/types"
-	"github.com/yusing/godoxy/internal/utils"
 	gperr "github.com/yusing/goutils/errs"
 )
 
@@ -29,7 +29,7 @@ var (
 	ErrNoNetwork       = errors.New("no network found")
 )
 
-func FromDocker(c *container.Summary, dockerHost string) (res *types.Container) {
+func FromDocker(c *container.Summary, dockerCfg types.DockerProviderConfig) (res *types.Container) {
 	actualLabels := maps.Clone(c.Labels)
 
 	_, isExplicit := c.Labels[LabelAliases]
@@ -47,7 +47,7 @@ func FromDocker(c *container.Summary, dockerHost string) (res *types.Container)
 
 	isExcluded, _ := strconv.ParseBool(helper.getDeleteLabel(LabelExclude))
 	res = &types.Container{
-		DockerHost:    dockerHost,
+		DockerCfg:     dockerCfg,
 		Image:         helper.parseImage(),
 		ContainerName: helper.getName(),
 		ContainerID:   c.ID,
@@ -69,11 +69,11 @@ func FromDocker(c *container.Summary, dockerHost string) (res *types.Container)
 		State:             c.State,
 	}
 
-	if agent.IsDockerHostAgent(dockerHost) {
+	if agent.IsDockerHostAgent(dockerCfg.URL) {
 		var ok bool
-		res.Agent, ok = agent.GetAgent(dockerHost)
+		res.Agent, ok = agent.GetAgent(dockerCfg.URL)
 		if !ok {
-			addError(res, fmt.Errorf("agent %q not found", dockerHost))
+			addError(res, fmt.Errorf("agent %q not found", dockerCfg.URL))
 		}
 	}
 
@@ -92,24 +92,24 @@ func IsBlacklisted(c *types.Container) bool {
 }
 
 func UpdatePorts(c *types.Container) error {
-	client, err := NewClient(c.DockerHost)
+	dockerClient, err := NewClient(c.DockerCfg)
 	if err != nil {
 		return err
 	}
-	defer client.Close()
+	defer dockerClient.Close()
 
-	inspect, err := client.ContainerInspect(context.Background(), c.ContainerID)
+	inspect, err := dockerClient.ContainerInspect(context.Background(), c.ContainerID, client.ContainerInspectOptions{})
 	if err != nil {
 		return err
 	}
 
-	for port := range inspect.Config.ExposedPorts {
-		proto, portStr := nat.SplitProtoPort(string(port))
+	for port := range inspect.Container.Config.ExposedPorts {
+		proto, portStr := nat.SplitProtoPort(port.String())
 		portInt, _ := nat.ParsePort(portStr)
 		if portInt == 0 {
 			continue
 		}
-		c.PublicPortMapping[portInt] = container.Port{
+		c.PublicPortMapping[portInt] = container.PortSummary{
 			PublicPort:  uint16(portInt), //nolint:gosec
 			PrivatePort: uint16(portInt), //nolint:gosec
 			Type:        proto,
@@ -163,14 +163,14 @@ func isDatabase(c *types.Container) bool {
 }
 
 func isLocal(c *types.Container) bool {
-	if strings.HasPrefix(c.DockerHost, "unix://") {
+	if strings.HasPrefix(c.DockerCfg.URL, "unix://") {
 		return true
 	}
 	// treat it as local if the docker host is the same as the environment variable
-	if c.DockerHost == EnvDockerHost {
+	if c.DockerCfg.URL == EnvDockerHost {
 		return true
 	}
-	url, err := url.Parse(c.DockerHost)
+	url, err := url.Parse(c.DockerCfg.URL)
 	if err != nil {
 		return false
 	}
@@ -190,7 +190,7 @@ func setPublicHostname(c *types.Container) {
 		c.PublicHostname = "127.0.0.1"
 		return
 	}
-	url, err := url.Parse(c.DockerHost)
+	url, err := url.Parse(c.DockerCfg.URL)
 	if err != nil {
 		c.PublicHostname = "127.0.0.1"
 		return
@@ -207,8 +207,8 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 	}
 	if c.Network != "" {
 		v, ok := helper.NetworkSettings.Networks[c.Network]
-		if ok {
-			c.PrivateHostname = v.IPAddress
+		if ok && v.IPAddress.IsValid() {
+			c.PrivateHostname = v.IPAddress.String()
 			return
 		}
 		// try {project_name}_{network_name}
@@ -216,47 +216,49 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 			oldNetwork, newNetwork := c.Network, fmt.Sprintf("%s_%s", proj, c.Network)
 			if newNetwork != oldNetwork {
 				v, ok = helper.NetworkSettings.Networks[newNetwork]
-				if ok {
+				if ok && v.IPAddress.IsValid() {
 					c.Network = newNetwork // update network to the new one
-					c.PrivateHostname = v.IPAddress
+					c.PrivateHostname = v.IPAddress.String()
 					return
 				}
 			}
 		}
-		nearest := gperr.DoYouMean(utils.NearestField(c.Network, helper.NetworkSettings.Networks))
+		nearest := gperr.DoYouMeanField(c.Network, helper.NetworkSettings.Networks)
 		addError(c, fmt.Errorf("network %q not found, %w", c.Network, nearest))
 		return
 	}
 	// fallback to first network if no network is specified
 	for k, v := range helper.NetworkSettings.Networks {
-		if v.IPAddress != "" {
+		if v.IPAddress.IsValid() {
 			c.Network = k // update network to the first network
-			c.PrivateHostname = v.IPAddress
+			c.PrivateHostname = v.IPAddress.String()
 			return
 		}
 	}
 }
 
 func loadDeleteIdlewatcherLabels(c *types.Container, helper containerHelper) {
-	cfg := map[string]any{
-		"idle_timeout":   helper.getDeleteLabel(LabelIdleTimeout),
-		"wake_timeout":   helper.getDeleteLabel(LabelWakeTimeout),
-		"stop_method":    helper.getDeleteLabel(LabelStopMethod),
-		"stop_timeout":   helper.getDeleteLabel(LabelStopTimeout),
-		"stop_signal":    helper.getDeleteLabel(LabelStopSignal),
-		"start_endpoint": helper.getDeleteLabel(LabelStartEndpoint),
-		"depends_on":     Dependencies(c),
+	hasIdleTimeout := false
+	cfg := make(map[string]any, len(idlewatcherLabels))
+	for lbl, key := range idlewatcherLabels {
+		value := helper.getDeleteLabel(lbl)
+		if value == "" {
+			continue
+		}
+		cfg[key] = value
+		switch lbl {
+		case LabelIdleTimeout:
+			hasIdleTimeout = true
+		case LabelDependsOn:
+			cfg[key] = Dependencies(c)
+		}
 	}
 
-	// ensure it's deleted from labels
-	helper.getDeleteLabel(LabelDependsOn)
-
 	// set only if idlewatcher is enabled
-	idleTimeout := cfg["idle_timeout"]
-	if idleTimeout != "" {
+	if hasIdleTimeout {
 		idwCfg := new(types.IdlewatcherConfig)
 		idwCfg.Docker = &types.DockerConfig{
-			DockerHost:    c.DockerHost,
+			DockerCfg:     c.DockerCfg,
 			ContainerID:   c.ContainerID,
 			ContainerName: c.ContainerName,
 		}

internal/docker/container_helper.go

@@ -3,7 +3,7 @@ package docker
 import (
 	"strings"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/yusing/ds/ordered"
 	"github.com/yusing/godoxy/internal/types"
 	strutils "github.com/yusing/goutils/strings"
@@ -31,6 +31,9 @@ func (c containerHelper) getAliases() []string {
 }
 
 func (c containerHelper) getName() string {
+	if len(c.Names) == 0 { // Why did it happen? Every container must have a name.
+		return ""
+	}
 	return strings.TrimPrefix(c.Names[0], "/")
 }
 

internal/docker/container_test.go

@@ -3,7 +3,8 @@ package docker
 import (
 	"testing"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
+	"github.com/yusing/godoxy/internal/types"
 	expect "github.com/yusing/goutils/testing"
 )
 
@@ -36,7 +37,7 @@ func TestContainerExplicit(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := FromDocker(&container.Summary{Names: []string{"test"}, State: "test", Labels: tt.labels}, "")
+			c := FromDocker(&container.Summary{Names: []string{"test"}, State: "test", Labels: tt.labels}, types.DockerProviderConfig{})
 			expect.Equal(t, c.IsExplicit, tt.isExplicit)
 		})
 	}
@@ -73,7 +74,7 @@ func TestContainerHostNetworkMode(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := FromDocker(tt.container, "")
+			c := FromDocker(tt.container, types.DockerProviderConfig{})
 			expect.Equal(t, c.IsHostNetworkMode, tt.isHostNetworkMode)
 		})
 	}

internal/docker/id_lookup.go

@@ -2,18 +2,19 @@ package docker
 
 import (
 	"github.com/puzpuzpuz/xsync/v4"
+	"github.com/yusing/godoxy/internal/types"
 )
 
-var idDockerHostMap = xsync.NewMap[string, string](xsync.WithPresize(100))
+var idDockerCfgMap = xsync.NewMap[string, types.DockerProviderConfig](xsync.WithPresize(100))
 
-func GetDockerHostByContainerID(id string) (string, bool) {
-	return idDockerHostMap.Load(id)
+func GetDockerCfgByContainerID(id string) (types.DockerProviderConfig, bool) {
+	return idDockerCfgMap.Load(id)
 }
 
-func SetDockerHostByContainerID(id, host string) {
-	idDockerHostMap.Store(id, host)
+func SetDockerCfgByContainerID(id string, cfg types.DockerProviderConfig) {
+	idDockerCfgMap.Store(id, cfg)
 }
 
-func DeleteDockerHostByContainerID(id string) {
-	idDockerHostMap.Delete(id)
+func DeleteDockerCfgByContainerID(id string) {
+	idDockerCfgMap.Delete(id)
 }

internal/docker/label.go

@@ -2,6 +2,7 @@ package docker
 
 import (
 	"fmt"
+	"strconv"
 	"strings"
 
 	"github.com/goccy/go-yaml"
@@ -12,6 +13,16 @@ import (
 
 var ErrInvalidLabel = gperr.New("invalid label")
 
+const nsProxyDot = NSProxy + "."
+
+var refPrefixes = func() []string {
+	prefixes := make([]string, 100)
+	for i := range prefixes {
+		prefixes[i] = nsProxyDot + "#" + strconv.Itoa(i+1) + "."
+	}
+	return prefixes
+}()
+
 func ParseLabels(labels map[string]string, aliases ...string) (types.LabelMap, gperr.Error) {
 	nestedMap := make(types.LabelMap)
 	errs := gperr.NewBuilder("labels error")
@@ -57,58 +68,83 @@ func ParseLabels(labels map[string]string, aliases ...string) (types.LabelMap, g
 }
 
 func ExpandWildcard(labels map[string]string, aliases ...string) {
-	// collect all explicit aliases first
-	aliasSet := make(map[string]int, len(labels))
-	// wildcardLabels holds mapping suffix -> value derived from wildcard label definitions
-	wildcardLabels := make(map[string]string)
-
+	aliasSet := make(map[string]int, len(aliases))
 	for i, alias := range aliases {
 		aliasSet[alias] = i
 	}
 
-	// iterate over a copy of the keys to safely mutate the map while ranging
+	wildcardLabels := make(map[string]string)
+
+	// First pass: collect wildcards and discover aliases
 	for lbl, value := range labels {
-		parts := strings.SplitN(lbl, ".", 3)
-		if len(parts) < 2 || parts[0] != NSProxy {
+		if !strings.HasPrefix(lbl, nsProxyDot) {
 			continue
 		}
-		alias := parts[1]
-		if alias == WildcardAlias { // "*"
-			// remove wildcard label from original map – it should not remain afterwards
+		// lbl is "proxy.X..." where X is alias or wildcard
+		rest := lbl[len(nsProxyDot):] // "X..." or "X.suffix"
+		dotIdx := strings.IndexByte(rest, '.')
+		var alias, suffix string
+		if dotIdx == -1 {
+			alias = rest
+		} else {
+			alias = rest[:dotIdx]
+			suffix = rest[dotIdx+1:]
+		}
+
+		if alias == WildcardAlias {
 			delete(labels, lbl)
-
-			// value looks like YAML (multiline)
-			if strings.Count(value, "\n") > 1 {
+			if suffix == "" || strings.Count(value, "\n") > 1 {
 				expandYamlWildcard(value, wildcardLabels)
-				continue
+			} else {
+				wildcardLabels[suffix] = value
 			}
-
-			// normal wildcard label with suffix – store directly
-			wildcardLabels[parts[2]] = value
 			continue
 		}
-		// explicit alias label – remember the alias
-		if _, ok := aliasSet[alias]; !ok {
+
+		if suffix == "" || alias[0] == '#' {
+			continue
+		}
+
+		if _, known := aliasSet[alias]; !known {
 			aliasSet[alias] = len(aliasSet)
 		}
 	}
 
 	if len(aliasSet) == 0 || len(wildcardLabels) == 0 {
-		return // nothing to expand
+		return
 	}
 
-	// expand collected wildcard labels for every alias
-	for suffix, v := range wildcardLabels {
-		for alias, i := range aliasSet {
-			// for FQDN aliases, use numeric index instead of the alias name
-			if strings.Contains(alias, ".") {
-				alias = fmt.Sprintf("#%d", i+1)
-			}
-			key := fmt.Sprintf("%s.%s.%s", NSProxy, alias, suffix)
-			if suffix == "" { // this should not happen (root wildcard handled earlier) but keep safe
-				key = fmt.Sprintf("%s.%s", NSProxy, alias)
-			}
-			labels[key] = v
+	// Second pass: convert explicit labels to #N format
+	for lbl, value := range labels {
+		if !strings.HasPrefix(lbl, nsProxyDot) {
+			continue
+		}
+		rest := lbl[len(nsProxyDot):]
+		dotIdx := strings.IndexByte(rest, '.')
+		if dotIdx == -1 {
+			continue
+		}
+		alias := rest[:dotIdx]
+		if alias[0] == '#' {
+			continue
+		}
+		suffix := rest[dotIdx+1:]
+
+		idx, known := aliasSet[alias]
+		if !known {
+			continue
+		}
+
+		delete(labels, lbl)
+		if _, overridden := wildcardLabels[suffix]; !overridden {
+			labels[refPrefixes[idx]+suffix] = value
+		}
+	}
+
+	// Expand wildcards for all aliases
+	for suffix, value := range wildcardLabels {
+		for _, idx := range aliasSet {
+			labels[refPrefixes[idx]+suffix] = value
 		}
 	}
 }
@@ -140,12 +176,46 @@ func flattenMap(prefix string, src map[string]any, dest map[string]string) {
 		case map[string]any:
 			flattenMap(key, vv, dest)
 		case map[any]any:
-			// convert to map[string]any by stringifying keys
-			tmp := make(map[string]any, len(vv))
-			for kk, vvv := range vv {
-				tmp[fmt.Sprintf("%v", kk)] = vvv
-			}
-			flattenMap(key, tmp, dest)
+			flattenMapAny(key, vv, dest)
+		case string:
+			dest[key] = vv
+		case int:
+			dest[key] = strconv.Itoa(vv)
+		case bool:
+			dest[key] = strconv.FormatBool(vv)
+		case float64:
+			dest[key] = strconv.FormatFloat(vv, 'f', -1, 64)
+		default:
+			dest[key] = fmt.Sprint(v)
+		}
+	}
+}
+
+func flattenMapAny(prefix string, src map[any]any, dest map[string]string) {
+	for k, v := range src {
+		var key string
+		switch kk := k.(type) {
+		case string:
+			key = kk
+		default:
+			key = fmt.Sprint(k)
+		}
+		if prefix != "" {
+			key = prefix + "." + key
+		}
+		switch vv := v.(type) {
+		case map[string]any:
+			flattenMap(key, vv, dest)
+		case map[any]any:
+			flattenMapAny(key, vv, dest)
+		case string:
+			dest[key] = vv
+		case int:
+			dest[key] = strconv.Itoa(vv)
+		case bool:
+			dest[key] = strconv.FormatBool(vv)
+		case float64:
+			dest[key] = strconv.FormatFloat(vv, 'f', -1, 64)
 		default:
 			dest[key] = fmt.Sprint(v)
 		}

internal/docker/label_test.go

@@ -8,72 +8,248 @@ import (
 )
 
 func TestExpandWildcard(t *testing.T) {
-	labels := map[string]string{
-		"proxy.a.host":                "localhost",
-		"proxy.b.port":                "4444",
-		"proxy.b.scheme":              "http",
-		"proxy.*.port":                "5555",
-		"proxy.*.healthcheck.disable": "true",
-	}
+	t.Run("basic", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.a.host":                "localhost",
+			"proxy.b.port":                "4444",
+			"proxy.b.scheme":              "http",
+			"proxy.*.port":                "5555",
+			"proxy.*.healthcheck.disable": "true",
+		}
+		docker.ExpandWildcard(labels, "a", "b")
+		require.Equal(t, map[string]string{
+			"proxy.#1.host":                "localhost",
+			"proxy.#1.port":                "5555",
+			"proxy.#1.healthcheck.disable": "true",
+			"proxy.#2.port":                "5555",
+			"proxy.#2.scheme":              "http",
+			"proxy.#2.healthcheck.disable": "true",
+		}, labels)
+	})
 
-	docker.ExpandWildcard(labels)
+	t.Run("no wildcards", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.a.host": "localhost",
+			"proxy.b.port": "4444",
+		}
+		docker.ExpandWildcard(labels, "a", "b")
+		require.Equal(t, map[string]string{
+			"proxy.a.host": "localhost",
+			"proxy.b.port": "4444",
+		}, labels)
+	})
 
-	require.Equal(t, map[string]string{
-		"proxy.a.host":                "localhost",
-		"proxy.a.port":                "5555",
-		"proxy.a.healthcheck.disable": "true",
-		"proxy.b.scheme":              "http",
-		"proxy.b.port":                "5555",
-		"proxy.b.healthcheck.disable": "true",
-	}, labels)
-}
+	t.Run("no aliases", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.*.port": "5555",
+		}
+		docker.ExpandWildcard(labels)
+		require.Equal(t, map[string]string{}, labels)
+	})
 
-func TestExpandWildcardWithFQDNAliases(t *testing.T) {
-	labels := map[string]string{
-		"proxy.c.host": "localhost",
-		"proxy.*.port": "5555",
-	}
-	docker.ExpandWildcard(labels, "a.example.com", "b.example.com")
-	require.Equal(t, map[string]string{
-		"proxy.#1.port": "5555",
-		"proxy.#2.port": "5555",
-		"proxy.c.host":  "localhost",
-		"proxy.c.port":  "5555",
-	}, labels)
+	t.Run("empty labels", func(t *testing.T) {
+		labels := map[string]string{}
+		docker.ExpandWildcard(labels, "a", "b")
+		require.Equal(t, map[string]string{}, labels)
+	})
+
+	t.Run("only wildcards no explicit labels", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.*.port":   "5555",
+			"proxy.*.scheme": "https",
+		}
+		docker.ExpandWildcard(labels, "a", "b")
+		require.Equal(t, map[string]string{
+			"proxy.#1.port":   "5555",
+			"proxy.#1.scheme": "https",
+			"proxy.#2.port":   "5555",
+			"proxy.#2.scheme": "https",
+		}, labels)
+	})
+
+	t.Run("non-proxy labels unchanged", func(t *testing.T) {
+		labels := map[string]string{
+			"other.label":    "value",
+			"proxy.*.port":   "5555",
+			"proxy.a.scheme": "http",
+		}
+		docker.ExpandWildcard(labels, "a")
+		require.Equal(t, map[string]string{
+			"other.label":     "value",
+			"proxy.#1.port":   "5555",
+			"proxy.#1.scheme": "http",
+		}, labels)
+	})
+
+	t.Run("single alias multiple labels", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.a.host":   "localhost",
+			"proxy.a.port":   "8080",
+			"proxy.a.scheme": "https",
+			"proxy.*.port":   "5555",
+		}
+		docker.ExpandWildcard(labels, "a")
+		require.Equal(t, map[string]string{
+			"proxy.#1.host":   "localhost",
+			"proxy.#1.port":   "5555",
+			"proxy.#1.scheme": "https",
+		}, labels)
+	})
+
+	t.Run("wildcard partial override", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.a.host":             "localhost",
+			"proxy.a.port":             "8080",
+			"proxy.a.healthcheck.path": "/health",
+			"proxy.*.port":             "5555",
+		}
+		docker.ExpandWildcard(labels, "a")
+		require.Equal(t, map[string]string{
+			"proxy.#1.host":             "localhost",
+			"proxy.#1.port":             "5555",
+			"proxy.#1.healthcheck.path": "/health",
+		}, labels)
+	})
+
+	t.Run("nested suffix distinction", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.a.healthcheck.path":     "/health",
+			"proxy.a.healthcheck.interval": "10s",
+			"proxy.*.healthcheck.disable":  "true",
+		}
+		docker.ExpandWildcard(labels, "a")
+		require.Equal(t, map[string]string{
+			"proxy.#1.healthcheck.path":     "/health",
+			"proxy.#1.healthcheck.interval": "10s",
+			"proxy.#1.healthcheck.disable":  "true",
+		}, labels)
+	})
+
+	t.Run("discovered alias from explicit label", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.c.host": "localhost",
+			"proxy.*.port": "5555",
+		}
+		docker.ExpandWildcard(labels, "a", "b")
+		require.Equal(t, map[string]string{
+			"proxy.#1.port": "5555",
+			"proxy.#2.port": "5555",
+			"proxy.#3.host": "localhost",
+			"proxy.#3.port": "5555",
+		}, labels)
+	})
+
+	t.Run("ref alias not converted", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.#1.host":  "localhost",
+			"proxy.#2.port":  "8080",
+			"proxy.*.scheme": "https",
+		}
+		docker.ExpandWildcard(labels, "a", "b")
+		require.Equal(t, map[string]string{
+			"proxy.#1.host":   "localhost",
+			"proxy.#1.scheme": "https",
+			"proxy.#2.port":   "8080",
+			"proxy.#2.scheme": "https",
+		}, labels)
+	})
+
+	t.Run("mixed ref and named aliases", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.#1.host": "host1",
+			"proxy.a.host":  "host2",
+			"proxy.*.port":  "5555",
+		}
+		docker.ExpandWildcard(labels, "a", "b")
+		require.Equal(t, map[string]string{
+			"proxy.#1.host": "host2",
+			"proxy.#1.port": "5555",
+			"proxy.#2.port": "5555",
+		}, labels)
+	})
 }
 
 func TestExpandWildcardYAML(t *testing.T) {
-	yaml := `
+	t.Run("basic yaml wildcard", func(t *testing.T) {
+		yaml := `
 host: localhost
 port: 5555
 healthcheck:
-	disable: true`
-	labels := map[string]string{
-		"proxy.*":                     yaml[1:],
-		"proxy.a.port":                "4444",
-		"proxy.a.healthcheck.disable": "false",
-		"proxy.a.healthcheck.path":    "/health",
-		"proxy.b.port":                "6666",
-	}
-	docker.ExpandWildcard(labels)
-	require.Equal(t, map[string]string{
-		"proxy.a.host":                "localhost", // set by wildcard
-		"proxy.a.port":                "5555",      // overridden by wildcard
-		"proxy.a.healthcheck.disable": "true",      // overridden by wildcard
-		"proxy.a.healthcheck.path":    "/health",   // own label
-		"proxy.b.host":                "localhost", // set by wildcard
-		"proxy.b.port":                "5555",      // overridden by wildcard
-		"proxy.b.healthcheck.disable": "true",      // overridden by wildcard
-	}, labels)
+	disable: true`[1:]
+		labels := map[string]string{
+			"proxy.*":                     yaml,
+			"proxy.a.port":                "4444",
+			"proxy.a.healthcheck.disable": "false",
+			"proxy.a.healthcheck.path":    "/health",
+			"proxy.b.port":                "6666",
+		}
+		docker.ExpandWildcard(labels, "a", "b")
+		require.Equal(t, map[string]string{
+			"proxy.#1.host":                "localhost",
+			"proxy.#1.port":                "5555",
+			"proxy.#1.healthcheck.disable": "true",
+			"proxy.#1.healthcheck.path":    "/health",
+			"proxy.#2.host":                "localhost",
+			"proxy.#2.port":                "5555",
+			"proxy.#2.healthcheck.disable": "true",
+		}, labels)
+	})
+
+	t.Run("yaml with nested maps", func(t *testing.T) {
+		yaml := `
+middlewares:
+	request:
+		hide_headers: X-Secret
+		add_headers:
+			X-Custom: value`[1:]
+		labels := map[string]string{
+			"proxy.*": yaml,
+			"proxy.a.middlewares.request.set_headers": "X-Override: yes",
+		}
+		docker.ExpandWildcard(labels, "a")
+		require.Equal(t, map[string]string{
+			"proxy.#1.middlewares.request.hide_headers":         "X-Secret",
+			"proxy.#1.middlewares.request.add_headers.X-Custom": "value",
+			"proxy.#1.middlewares.request.set_headers":          "X-Override: yes",
+		}, labels)
+	})
+
+	t.Run("yaml only no explicit labels", func(t *testing.T) {
+		yaml := `
+host: localhost
+port: 8080`[1:]
+		labels := map[string]string{
+			"proxy.*": yaml,
+		}
+		docker.ExpandWildcard(labels, "a", "b")
+		require.Equal(t, map[string]string{
+			"proxy.#1.host": "localhost",
+			"proxy.#1.port": "8080",
+			"proxy.#2.host": "localhost",
+			"proxy.#2.port": "8080",
+		}, labels)
+	})
+
+	t.Run("invalid yaml ignored", func(t *testing.T) {
+		labels := map[string]string{
+			"proxy.*":      "invalid: yaml: content:\n\t\tbad",
+			"proxy.a.port": "8080",
+		}
+		docker.ExpandWildcard(labels, "a")
+		require.Equal(t, map[string]string{
+			"proxy.a.port": "8080",
+		}, labels)
+	})
 }
 
 func BenchmarkParseLabels(b *testing.B) {
+	m := map[string]string{
+		"proxy.a.host":   "localhost",
+		"proxy.b.port":   "4444",
+		"proxy.*.scheme": "http",
+		"proxy.*.middlewares.request.hide_headers": "X-Header1,X-Header2",
+	}
 	for b.Loop() {
-		_, _ = docker.ParseLabels(map[string]string{
-			"proxy.a.host":   "localhost",
-			"proxy.b.port":   "4444",
-			"proxy.*.scheme": "http",
-			"proxy.*.middlewares.request.hide_headers": "X-Header1,X-Header2",
-		})
+		_, _ = docker.ParseLabels(m, "a", "b")
 	}
 }

internal/docker/labels.go

@@ -14,5 +14,18 @@ const (
 	LabelStopSignal    = NSProxy + ".stop_signal"
 	LabelStartEndpoint = NSProxy + ".start_endpoint"
 	LabelDependsOn     = NSProxy + ".depends_on"
+	LabelNoLoadingPage = NSProxy + ".no_loading_page" // No loading page when using idlewatcher
 	LabelNetwork       = NSProxy + ".network"
 )
+
+// key: label, value: key in IdlewatcherConfig
+var idlewatcherLabels = map[string]string{
+	LabelIdleTimeout:   "idle_timeout",
+	LabelWakeTimeout:   "wake_timeout",
+	LabelStopMethod:    "stop_method",
+	LabelStopTimeout:   "stop_timeout",
+	LabelStopSignal:    "stop_signal",
+	LabelStartEndpoint: "start_endpoint",
+	LabelDependsOn:     "depends_on",
+	LabelNoLoadingPage: "no_loading_page",
+}

internal/docker/list_containers.go

@@ -3,11 +3,12 @@ package docker
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
+	"github.com/yusing/godoxy/internal/types"
 )
 
-var listOptions = container.ListOptions{
+var listOptions = client.ContainerListOptions{
 	// created|restarting|running|removing|paused|exited|dead
 	// Filters: filters.NewArgs(
 	// 	filters.Arg("status", "created"),
@@ -19,8 +20,8 @@ var listOptions = container.ListOptions{
 	All: true,
 }
 
-func ListContainers(ctx context.Context, clientHost string) ([]container.Summary, error) {
-	dockerClient, err := NewClient(clientHost)
+func ListContainers(ctx context.Context, dockerCfg types.DockerProviderConfig) ([]container.Summary, error) {
+	dockerClient, err := NewClient(dockerCfg)
 	if err != nil {
 		return nil, err
 	}
@@ -30,7 +31,7 @@ func ListContainers(ctx context.Context, clientHost string) ([]container.Summary
 	if err != nil {
 		return nil, err
 	}
-	return containers, nil
+	return containers.Items, nil
 }
 
 func IsErrConnectionFailed(err error) bool {

internal/entrypoint/entrypoint.go

@@ -19,7 +19,7 @@ import (
 type Entrypoint struct {
 	middleware      *middleware.Middleware
 	notFoundHandler http.Handler
-	accessLogger    *accesslog.AccessLogger
+	accessLogger    accesslog.AccessLogger
 	findRouteFunc   func(host string) types.HTTPRoute
 }
 
@@ -146,11 +146,18 @@ func findRouteAnyDomain(host string) types.HTTPRoute {
 	if r, ok := routes.HTTP.Get(host); ok {
 		return r
 	}
+	// try striping the trailing :port from the host
+	if before, _, ok := strings.Cut(host, ":"); ok {
+		if r, ok := routes.HTTP.Get(before); ok {
+			return r
+		}
+	}
 	return nil
 }
 
 func findRouteByDomains(domains []string) func(host string) types.HTTPRoute {
 	return func(host string) types.HTTPRoute {
+		host, _, _ = strings.Cut(host, ":") // strip the trailing :port
 		for _, domain := range domains {
 			if target, ok := strings.CutSuffix(host, domain); ok {
 				if r, ok := routes.HTTP.Get(target); ok {

internal/entrypoint/entrypoint_benchmark_test.go

@@ -82,7 +82,7 @@ func BenchmarkEntrypointReal(b *testing.B) {
 		Scheme:      routeTypes.SchemeHTTP,
 		Host:        host,
 		Port:        route.Port{Proxy: portInt},
-		HealthCheck: &types.HealthCheckConfig{Disable: true},
+		HealthCheck: types.HealthCheckConfig{Disable: true},
 	}
 
 	err = r.Validate()
@@ -125,7 +125,7 @@ func BenchmarkEntrypoint(b *testing.B) {
 		Port: route.Port{
 			Proxy: 8080,
 		},
-		HealthCheck: &types.HealthCheckConfig{
+		HealthCheck: types.HealthCheckConfig{
 			Disable: true,
 		},
 	}

internal/entrypoint/entrypoint_test.go

@@ -128,3 +128,47 @@ func TestFindRouteByDomainsExactMatch(t *testing.T) {
 
 	run(t, tests, testsNoMatch)
 }
+
+func TestFindRouteWithPort(t *testing.T) {
+	t.Run("AnyDomain", func(t *testing.T) {
+		addRoute("app1")
+		addRoute("app2.com")
+
+		tests := []string{
+			"app1:8080",
+			"app1.domain.com:8080",
+			"app2.com:8080",
+		}
+		testsNoMatch := []string{
+			"app11",
+			"app2.co",
+			"app2.co:8080",
+		}
+		run(t, tests, testsNoMatch)
+	})
+
+	t.Run("ByDomains", func(t *testing.T) {
+		ep.SetFindRouteDomains([]string{
+			".domain.com",
+		})
+		addRoute("app1")
+		addRoute("app2")
+		addRoute("app3.domain.com")
+
+		tests := []string{
+			"app1.domain.com:8080",
+			"app2:8080", // exact match fallback
+			"app3.domain.com:8080",
+		}
+		testsNoMatch := []string{
+			"app11",
+			"app1.domain.co",
+			"app1.domain.co:8080",
+			"app2.co",
+			"app2.co:8080",
+			"app3.domain.co",
+			"app3.domain.co:8080",
+		}
+		run(t, tests, testsNoMatch)
+	})
+}

internal/homepage/favicon.go

@@ -145,23 +145,32 @@ func fetchIcon(ctx context.Context, filename string) (FetchResult, error) {
 	return FetchResultWithErrorf(http.StatusNotFound, "no icon found")
 }
 
-func FindIcon(ctx context.Context, r route, uri string) (FetchResult, error) {
+type contextValue struct {
+	r   httpRoute
+	uri string
+}
+
+func FindIcon(ctx context.Context, r route, uri string, variant IconVariant) (FetchResult, error) {
 	for _, ref := range r.References() {
-		result, err := fetchIcon(ctx, sanitizeName(ref))
+		ref = sanitizeName(ref)
+		if variant != IconVariantNone {
+			ref += "-" + string(variant)
+		}
+		result, err := fetchIcon(ctx, ref)
 		if err == nil {
 			return result, err
 		}
 	}
 	if r, ok := r.(httpRoute); ok {
 		// fallback to parse html
-		return findIconSlowCached(context.WithValue(ctx, "route", r), uri)
+		return findIconSlowCached(context.WithValue(ctx, "route", contextValue{r: r, uri: uri}), r.Key())
 	}
 	return FetchResultWithErrorf(http.StatusNotFound, "no icon found")
 }
 
 var findIconSlowCached = cache.NewKeyFunc(func(ctx context.Context, key string) (FetchResult, error) {
-	r := ctx.Value("route").(httpRoute)
-	return findIconSlow(ctx, r, key, nil)
+	v := ctx.Value("route").(contextValue)
+	return findIconSlow(ctx, v.r, v.uri, nil)
 }).WithMaxEntries(200).Build() // no retries, no ttl
 
 func findIconSlow(ctx context.Context, r httpRoute, uri string, stack []string) (FetchResult, error) {

internal/homepage/homepage.go

@@ -7,6 +7,7 @@ import (
 	"github.com/yusing/ds/ordered"
 	"github.com/yusing/godoxy/internal/homepage/widgets"
 	"github.com/yusing/godoxy/internal/serialization"
+	strutils "github.com/yusing/goutils/strings"
 )
 
 type (
@@ -146,13 +147,13 @@ func (c *Category) sortByClicks() {
 			return 1
 		}
 		// fallback to alphabetical
-		return strings.Compare(a.Name, b.Name)
+		return strings.Compare(strutils.Title(a.Name), strutils.Title(b.Name))
 	})
 }
 
 func (c *Category) sortByAlphabetical() {
 	slices.SortStableFunc(c.Items, func(a, b *Item) int {
-		return strings.Compare(a.Name, b.Name)
+		return strings.Compare(strutils.Title(a.Name), strutils.Title(b.Name))
 	})
 }
 

internal/homepage/icon_url.go

@@ -23,7 +23,8 @@ type (
 		IsDark   bool    `json:"is_dark"`
 	}
 
-	IconSource string
+	IconSource  string
+	IconVariant string
 )
 
 const (
@@ -33,6 +34,12 @@ const (
 	IconSourceSelfhSt   IconSource = "@selfhst"
 )
 
+const (
+	IconVariantNone  IconVariant = ""
+	IconVariantLight IconVariant = "light"
+	IconVariantDark  IconVariant = "dark"
+)
+
 var ErrInvalidIconURL = gperr.New("invalid icon url")
 
 func NewIconURL(source IconSource, refOrName, format string) *IconURL {
@@ -76,6 +83,32 @@ func (u *IconURL) HasIcon() bool {
 	return HasIcon(u)
 }
 
+func (u *IconURL) WithVariant(variant IconVariant) *IconURL {
+	switch u.IconSource {
+	case IconSourceWalkXCode, IconSourceSelfhSt:
+	default:
+		return u // no variant for absolute/relative icons
+	}
+
+	var extra *IconExtra
+	if u.Extra != nil {
+		extra = &IconExtra{
+			Key:      u.Extra.Key,
+			Ref:      u.Extra.Ref,
+			FileType: u.Extra.FileType,
+			IsLight:  variant == IconVariantLight,
+			IsDark:   variant == IconVariantDark,
+		}
+		extra.Ref = strings.TrimSuffix(extra.Ref, "-light")
+		extra.Ref = strings.TrimSuffix(extra.Ref, "-dark")
+	}
+	return &IconURL{
+		IconSource: u.IconSource,
+		FullURL:    u.FullURL,
+		Extra:      extra,
+	}
+}
+
 // Parse implements strutils.Parser.
 func (u *IconURL) Parse(v string) error {
 	return u.parse(v, true)

internal/homepage/list_icons.go

@@ -14,6 +14,7 @@ import (
 	"github.com/yusing/godoxy/internal/common"
 	"github.com/yusing/godoxy/internal/serialization"
 	httputils "github.com/yusing/goutils/http"
+	"github.com/yusing/goutils/intern"
 	strutils "github.com/yusing/goutils/strings"
 	"github.com/yusing/goutils/synk"
 	"github.com/yusing/goutils/task"
@@ -219,8 +220,7 @@ func HasIcon(icon *IconURL) bool {
 	if common.IsTest {
 		return true
 	}
-	key := NewIconKey(icon.IconSource, icon.Extra.Ref)
-	meta, ok := ListAvailableIcons()[key]
+	meta, ok := ListAvailableIcons()[icon.Extra.Key]
 	if !ok {
 		return false
 	}
@@ -332,6 +332,10 @@ func UpdateWalkxCodeIcons(m IconMap) error {
 			if isLight {
 				f = strings.TrimSuffix(f, "-light")
 			}
+			isDark := strings.HasSuffix(f, "-dark")
+			if isDark {
+				f = strings.TrimSuffix(f, "-dark")
+			}
 			key := NewIconKey(IconSourceWalkXCode, f)
 			icon, ok := m[key]
 			if !ok {
@@ -342,6 +346,9 @@ func UpdateWalkxCodeIcons(m IconMap) error {
 			if isLight {
 				icon.Light = true
 			}
+			if isDark {
+				icon.Dark = true
+			}
 		}
 	}
 	return nil
@@ -396,7 +403,7 @@ func UpdateSelfhstIcons(m IconMap) error {
 		}
 		icon := &IconMeta{
 			DisplayName: item.Name,
-			Tag:         tag,
+			Tag:         intern.Make(tag).Value(),
 			SVG:         item.SVG == "Yes",
 			PNG:         item.PNG == "Yes",
 			WebP:        item.WebP == "Yes",

internal/homepage/list_icons_test.go

@@ -10,16 +10,22 @@ const walkxcodeIcons = `{
 	"png": [
 		"app1.png",
 		"app1-light.png",
-		"app2.png"
+		"app2.png",
+		"karakeep.png",
+		"karakeep-dark.png"
 	],
 	"svg": [
 		"app1.svg",
-		"app1-light.svg"
+		"app1-light.svg",
+		"karakeep.svg",
+		"karakeep-dark.svg"
 	],
 	"webp": [
 		"app1.webp",
 		"app1-light.webp",
-		"app2.webp"
+		"app2.webp",
+		"karakeep.webp",
+		"karakeep-dark.webp"
 	]
 }`
 
@@ -98,8 +104,8 @@ func TestListWalkxCodeIcons(t *testing.T) {
 	if err := UpdateWalkxCodeIcons(m); err != nil {
 		t.Fatal(err)
 	}
-	if len(m) != 2 {
-		t.Fatalf("expect 2 icons, got %d", len(m))
+	if len(m) != 3 {
+		t.Fatalf("expect 3 icons, got %d", len(m))
 	}
 	test := []testCases{
 		{
@@ -118,6 +124,15 @@ func TestListWalkxCodeIcons(t *testing.T) {
 				WebP: true,
 			},
 		},
+		{
+			Key: NewIconKey(IconSourceWalkXCode, "karakeep"),
+			IconMeta: IconMeta{
+				SVG:  true,
+				PNG:  true,
+				WebP: true,
+				Dark: true,
+			},
+		},
 	}
 	runTests(t, m, test)
 }

internal/homepage/route.go

@@ -4,7 +4,7 @@ import (
 	"net/http"
 
 	nettypes "github.com/yusing/godoxy/internal/net/types"
-	"github.com/yusing/godoxy/internal/utils/pool"
+	"github.com/yusing/goutils/pool"
 )
 
 type route interface {

internal/idlewatcher/common.go

@@ -1,24 +0,0 @@
-package idlewatcher
-
-import (
-	"context"
-)
-
-func (w *Watcher) canceled(reqCtx context.Context) bool {
-	select {
-	case <-reqCtx.Done():
-		w.l.Debug().AnErr("cause", context.Cause(reqCtx)).Msg("wake canceled")
-		return true
-	default:
-		return false
-	}
-}
-
-func (w *Watcher) waitStarted(reqCtx context.Context) bool {
-	select {
-	case <-reqCtx.Done():
-		return false
-	case <-w.route.Started():
-		return true
-	}
-}

internal/idlewatcher/errors.go

@@ -50,7 +50,7 @@ func (w *Watcher) newDepError(action string, dep *dependency, err error) error {
 	if dErr, ok := err.(*depError); ok { //nolint:errorlint
 		return dErr
 	}
-	return w.newWatcherError(&depError{action: action, dep: dep, err: convertError(err)})
+	return &depError{action: action, dep: dep, err: convertError(err)}
 }
 
 func convertError(err error) error {

internal/idlewatcher/events.go

@@ -0,0 +1,76 @@
+package idlewatcher
+
+import (
+	"fmt"
+	"io"
+	"time"
+
+	"github.com/bytedance/sonic"
+)
+
+type WakeEvent struct {
+	Type      string    `json:"type"`
+	Message   string    `json:"message"`
+	Timestamp time.Time `json:"timestamp"`
+	Error     string    `json:"error,omitempty"`
+}
+
+type WakeEventType string
+
+const (
+	WakeEventStarting      WakeEventType = "starting"
+	WakeEventWakingDep     WakeEventType = "waking_dep"
+	WakeEventDepReady      WakeEventType = "dep_ready"
+	WakeEventContainerWoke WakeEventType = "container_woke"
+	WakeEventWaitingReady  WakeEventType = "waiting_ready"
+	WakeEventReady         WakeEventType = "ready"
+	WakeEventError         WakeEventType = "error"
+)
+
+func (w *Watcher) newWakeEvent(eventType WakeEventType, message string, err error) *WakeEvent {
+	event := &WakeEvent{
+		Type:      string(eventType),
+		Message:   message,
+		Timestamp: time.Now(),
+	}
+	if err != nil {
+		event.Error = err.Error()
+	}
+	return event
+}
+
+func (e *WakeEvent) WriteSSE(w io.Writer) error {
+	data, err := sonic.Marshal(e)
+	if err != nil {
+		return err
+	}
+	_, err = fmt.Fprintf(w, "data: %s\n\n", data)
+	return err
+}
+
+func (w *Watcher) clearEventHistory() {
+	w.eventHistoryMu.Lock()
+	w.eventHistory = w.eventHistory[:0]
+	w.eventHistoryMu.Unlock()
+}
+
+func (w *Watcher) sendEvent(eventType WakeEventType, message string, err error) {
+	// NOTE: events will be cleared on stop/pause
+	event := w.newWakeEvent(eventType, message, err)
+
+	w.l.Debug().Str("event", string(eventType)).Str("message", message).Err(err).Msg("sending event")
+
+	// Store event in history
+	w.eventHistoryMu.Lock()
+	w.eventHistory = append(w.eventHistory, *event)
+	w.eventHistoryMu.Unlock()
+
+	// Broadcast to current subscribers
+	for ch := range w.eventChs.Range {
+		select {
+		case ch <- event:
+		default:
+			// channel full, drop event
+		}
+	}
+}

internal/idlewatcher/handle_http.go

@@ -2,13 +2,15 @@ package idlewatcher
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/http"
 	"strconv"
 
 	"github.com/yusing/godoxy/internal/homepage"
+	idlewatcher "github.com/yusing/godoxy/internal/idlewatcher/types"
+	gperr "github.com/yusing/goutils/errs"
 	httputils "github.com/yusing/goutils/http"
-	"github.com/yusing/goutils/http/httpheaders"
 
 	_ "unsafe"
 )
@@ -43,16 +45,58 @@ func (w *Watcher) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func isFaviconPath(path string) bool {
-	return path == "/favicon.ico"
-}
+func (w *Watcher) handleWakeEventsSSE(rw http.ResponseWriter, r *http.Request) {
+	// Create a dedicated channel for this SSE connection and register it
+	eventCh := make(chan *WakeEvent, 10)
+	w.eventChs.Store(eventCh, struct{}{})
+	// Clean up when done
+	defer func() {
+		w.eventChs.Delete(eventCh)
+		close(eventCh)
+	}()
 
-func (w *Watcher) redirectToStartEndpoint(rw http.ResponseWriter, r *http.Request) {
-	uri := "/"
-	if w.cfg.StartEndpoint != "" {
-		uri = w.cfg.StartEndpoint
+	// Set SSE headers
+	rw.Header().Set("Content-Type", "text/event-stream")
+	rw.Header().Set("Cache-Control", "no-cache")
+	rw.Header().Set("Connection", "keep-alive")
+	rw.Header().Set("Access-Control-Allow-Origin", "*")
+	rw.Header().Set("Access-Control-Allow-Headers", "Cache-Control")
+
+	controller := http.NewResponseController(rw)
+	ctx := r.Context()
+
+	// Send historical events first
+	w.eventHistoryMu.RLock()
+	historicalEvents := make([]WakeEvent, len(w.eventHistory))
+	copy(historicalEvents, w.eventHistory)
+	w.eventHistoryMu.RUnlock()
+
+	for _, event := range historicalEvents {
+		select {
+		case <-ctx.Done():
+			return
+		default:
+			err := errors.Join(event.WriteSSE(rw), controller.Flush())
+			if err != nil {
+				gperr.LogError("Failed to write SSE event", err, &w.l)
+				return
+			}
+		}
+	}
+
+	// Listen for new events and send them to client
+	for {
+		select {
+		case event := <-eventCh:
+			err := errors.Join(event.WriteSSE(rw), controller.Flush())
+			if err != nil {
+				gperr.LogError("Failed to write SSE event", err, &w.l)
+				return
+			}
+		case <-ctx.Done():
+			return
+		}
 	}
-	http.Redirect(rw, r, uri, http.StatusTemporaryRedirect)
 }
 
 func (w *Watcher) getFavIcon(ctx context.Context) (result homepage.FetchResult, err error) {
@@ -60,13 +104,13 @@ func (w *Watcher) getFavIcon(ctx context.Context) (result homepage.FetchResult,
 	hp := r.HomepageItem()
 	if hp.Icon != nil {
 		if hp.Icon.IconSource == homepage.IconSourceRelative {
-			result, err = homepage.FindIcon(ctx, r, *hp.Icon.FullURL)
+			result, err = homepage.FindIcon(ctx, r, *hp.Icon.FullURL, homepage.IconVariantNone)
 		} else {
 			result, err = homepage.FetchFavIconFromURL(ctx, hp.Icon)
 		}
 	} else {
 		// try extract from "link[rel=icon]"
-		result, err = homepage.FindIcon(ctx, r, "/")
+		result, err = homepage.FindIcon(ctx, r, "/", homepage.IconVariantNone)
 	}
 	if result.StatusCode == 0 {
 		result.StatusCode = http.StatusOK
@@ -74,26 +118,43 @@ func (w *Watcher) getFavIcon(ctx context.Context) (result homepage.FetchResult,
 	return result, err
 }
 
+func serveStaticContent(rw http.ResponseWriter, status int, contentType string, content []byte) {
+	rw.Header().Set("Content-Type", contentType)
+	rw.Header().Set("Content-Length", strconv.Itoa(len(content)))
+	rw.WriteHeader(status)
+	rw.Write(content)
+}
+
 func (w *Watcher) wakeFromHTTP(rw http.ResponseWriter, r *http.Request) (shouldNext bool) {
 	w.resetIdleTimer()
 
-	// pass through if container is already ready
-	if w.ready() {
-		return true
-	}
-
-	// handle favicon request
-	if isFaviconPath(r.URL.Path) {
+	// handle static files
+	switch r.URL.Path {
+	case idlewatcher.FavIconPath:
 		result, err := w.getFavIcon(r.Context())
 		if err != nil {
 			rw.WriteHeader(result.StatusCode)
 			fmt.Fprint(rw, err)
 			return false
 		}
-		rw.Header().Set("Content-Type", result.ContentType())
-		rw.WriteHeader(result.StatusCode)
-		rw.Write(result.Icon)
+		serveStaticContent(rw, result.StatusCode, result.ContentType(), result.Icon)
 		return false
+	case idlewatcher.LoadingPageCSSPath:
+		serveStaticContent(rw, http.StatusOK, "text/css", cssBytes)
+		return false
+	case idlewatcher.LoadingPageJSPath:
+		serveStaticContent(rw, http.StatusOK, "application/javascript", jsBytes)
+		return false
+	case idlewatcher.WakeEventsPath:
+		w.handleWakeEventsSSE(rw, r)
+		return false
+	}
+
+	// Allow request to proceed if the container is already ready.
+	// This check occurs after serving static files because a container can become ready quickly;
+	// otherwise, requests for assets may get a 404, leaving the user stuck on the loading screen.
+	if w.ready() {
+		return true
 	}
 
 	// Check if start endpoint is configured and request path matches
@@ -105,54 +166,32 @@ func (w *Watcher) wakeFromHTTP(rw http.ResponseWriter, r *http.Request) (shouldN
 	accept := httputils.GetAccept(r.Header)
 	acceptHTML := (r.Method == http.MethodGet && accept.AcceptHTML() || r.RequestURI == "/" && accept.IsEmpty())
 
-	isCheckRedirect := r.Header.Get(httpheaders.HeaderGoDoxyCheckRedirect) != ""
-	if !isCheckRedirect && acceptHTML {
-		// Send a loading response to the client
-		body := w.makeLoadingPageBody()
-		rw.Header().Set("Content-Type", "text/html; charset=utf-8")
-		rw.Header().Set("Content-Length", strconv.Itoa(len(body)))
-		rw.Header().Set("Cache-Control", "no-cache")
-		rw.Header().Add("Cache-Control", "no-store")
-		rw.Header().Add("Cache-Control", "must-revalidate")
-		rw.Header().Add("Connection", "close")
-		if _, err := rw.Write(body); err != nil {
+	err := w.Wake(r.Context())
+	if err != nil {
+		gperr.LogError("Failed to wake container", err, &w.l)
+		if !acceptHTML {
+			http.Error(rw, "Failed to wake container", http.StatusInternalServerError)
 			return false
 		}
-		return false
 	}
 
-	ctx := r.Context()
-	if w.canceled(ctx) {
-		w.redirectToStartEndpoint(rw, r)
-		return false
-	}
-
-	w.l.Trace().Msg("signal received")
-	err := w.Wake(ctx)
-	if err != nil {
-		http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
-		httputils.LogError(r).Msg(fmt.Sprintf("failed to wake: %v", err))
-		return false
-	}
-
-	// Wait for route to be started
-	if !w.waitStarted(ctx) {
-		return false
-	}
-
-	// Wait for container to become ready
-	if !w.waitForReady(ctx) {
-		if w.canceled(ctx) {
-			w.redirectToStartEndpoint(rw, r)
+	if !acceptHTML || w.cfg.NoLoadingPage {
+		// send a continue response to prevent client wait-header timeout
+		rw.WriteHeader(http.StatusContinue)
+		ready := w.waitForReady(r.Context())
+		if !ready {
+			serveStaticContent(rw, http.StatusInternalServerError, "text/plain", []byte("Timeout waiting for container to become ready"))
+			return false
 		}
-		return false
+		return true
 	}
 
-	if isCheckRedirect {
-		w.l.Debug().Stringer("url", w.hc.URL()).Msg("container is ready, redirecting")
-		rw.WriteHeader(http.StatusOK)
-		return false
-	}
-	w.l.Debug().Stringer("url", w.hc.URL()).Msg("container is ready, passing through")
-	return true
+	// Send a loading response to the client
+	rw.Header().Set("Content-Type", "text/html; charset=utf-8")
+	rw.Header().Set("Cache-Control", "no-cache")
+	rw.Header().Add("Cache-Control", "no-store")
+	rw.Header().Add("Cache-Control", "must-revalidate")
+	rw.Header().Add("Connection", "close")
+	_ = w.writeLoadingPage(rw)
+	return false
 }

internal/idlewatcher/handle_http_debug.go

@@ -0,0 +1,73 @@
+//go:build !production
+
+package idlewatcher
+
+import (
+	"math/rand/v2"
+	"net/http"
+	"time"
+
+	"github.com/puzpuzpuz/xsync/v4"
+	idlewatcher "github.com/yusing/godoxy/internal/idlewatcher/types"
+	"github.com/yusing/godoxy/internal/types"
+)
+
+func DebugHandler(rw http.ResponseWriter, r *http.Request) {
+	w := &Watcher{
+		eventChs: xsync.NewMap[chan *WakeEvent, struct{}](),
+		cfg: &types.IdlewatcherConfig{
+			IdlewatcherProviderConfig: types.IdlewatcherProviderConfig{
+				Docker: &types.DockerConfig{
+					ContainerName: "test",
+				},
+			},
+		},
+	}
+
+	switch r.URL.Path {
+	case idlewatcher.LoadingPageCSSPath:
+		serveStaticContent(rw, http.StatusOK, "text/css", cssBytes)
+	case idlewatcher.LoadingPageJSPath:
+		serveStaticContent(rw, http.StatusOK, "application/javascript", jsBytes)
+	case idlewatcher.WakeEventsPath:
+		go w.handleWakeEventsSSE(rw, r)
+		ticker := time.NewTicker(1 * time.Second)
+		defer ticker.Stop()
+		events := []WakeEventType{
+			WakeEventStarting,
+			WakeEventWakingDep,
+			WakeEventDepReady,
+			WakeEventContainerWoke,
+			WakeEventWaitingReady,
+			WakeEventError,
+			WakeEventReady,
+		}
+		messages := []string{
+			"Starting",
+			"Waking dependency",
+			"Dependency ready",
+			"Container woke",
+			"Waiting for ready",
+			"Error",
+			"Ready",
+		}
+
+		for {
+			select {
+			case <-r.Context().Done():
+				return
+			case <-ticker.C:
+				idx := rand.IntN(len(events))
+				for ch := range w.eventChs.Range {
+					ch <- &WakeEvent{
+						Type:      string(events[idx]),
+						Message:   messages[idx],
+						Timestamp: time.Now(),
+					}
+				}
+			}
+		}
+	default:
+		w.writeLoadingPage(rw)
+	}
+}

internal/idlewatcher/health.go

@@ -154,9 +154,12 @@ func (w *Watcher) checkUpdateState() (ready bool, err error) {
 	// log every 3 seconds
 	const everyN = int(3 * time.Second / idleWakerCheckInterval)
 	if newHealthTries%everyN == 0 {
+		url := w.hc.URL()
 		w.l.Debug().
 			Int("health_tries", newHealthTries).
 			Dur("elapsed", time.Since(state.startedAt)).
+			Str("url", url.String()).
+			Str("detail", res.Detail).
 			Msg("health check failed, still starting")
 	}
 

internal/idlewatcher/html/loading.js

@@ -0,0 +1,115 @@
+let ready = false;
+
+window.onload = async function () {
+  const consoleEl = document.getElementById("console");
+  const loadingDotsEl = document.getElementById("loading-dots");
+
+  if (!consoleEl || !loadingDotsEl) {
+    console.error("Required DOM elements not found");
+    return;
+  }
+
+  function formatTimestamp(timestamp) {
+    const date = new Date(timestamp);
+    return date.toLocaleTimeString("en-US", {
+      hour12: false,
+      hour: "2-digit",
+      minute: "2-digit",
+      second: "2-digit",
+      fractionalSecondDigits: 3,
+    });
+  }
+
+  function addConsoleLine(type, message, timestamp) {
+    const line = document.createElement("div");
+    line.className = `console-line ${type}`;
+
+    const timestampEl = document.createElement("span");
+    timestampEl.className = "console-timestamp";
+    timestampEl.textContent = formatTimestamp(timestamp);
+
+    const messageEl = document.createElement("span");
+    messageEl.className = "console-message";
+    messageEl.textContent = message;
+
+    line.appendChild(timestampEl);
+    line.appendChild(messageEl);
+
+    consoleEl.appendChild(line);
+    consoleEl.scrollTop = consoleEl.scrollHeight;
+  }
+
+  if (typeof wakeEventsPath === "undefined" || !wakeEventsPath) {
+    addConsoleLine(
+      "error",
+      "Configuration error: wakeEventsPath not defined",
+      new Date().toISOString()
+    );
+    loadingDotsEl.style.display = "none";
+    return;
+  }
+
+  if (typeof EventSource === "undefined") {
+    addConsoleLine(
+      "error",
+      "Browser does not support Server-Sent Events",
+      new Date().toISOString()
+    );
+    loadingDotsEl.style.display = "none";
+    return;
+  }
+
+  // Connect to SSE endpoint
+  const eventSource = new EventSource(wakeEventsPath);
+
+  eventSource.onmessage = function (event) {
+    let data;
+    try {
+      data = JSON.parse(event.data);
+    } catch (error) {
+      addConsoleLine(
+        "error",
+        "Invalid event data: " + event.data,
+        new Date().toISOString()
+      );
+      return;
+    }
+
+    if (data.type === "ready") {
+      ready = true;
+      // Container is ready, hide loading dots and refresh
+      loadingDotsEl.style.display = "none";
+      addConsoleLine(
+        data.type,
+        "Container is ready, refreshing...",
+        data.timestamp
+      );
+      setTimeout(() => {
+        window.location.reload();
+      }, 200);
+    } else if (data.type === "error") {
+      // Show error message and hide loading dots
+      const errorMessage = data.error || data.message;
+      addConsoleLine(data.type, errorMessage, data.timestamp);
+      loadingDotsEl.style.display = "none";
+      eventSource.close();
+    } else {
+      // Show other message types
+      addConsoleLine(data.type, data.message, data.timestamp);
+    }
+  };
+
+  eventSource.onerror = function (event) {
+    if (ready) {
+      // event will be closed by the server
+      return;
+    }
+    addConsoleLine(
+      "error",
+      "Connection lost. Please refresh the page.",
+      new Date().toISOString()
+    );
+    loadingDotsEl.style.display = "none";
+    eventSource.close();
+  };
+};

internal/idlewatcher/html/loading_page.html

@@ -1,138 +1,32 @@
-<!doctype html>
+<!DOCTYPE html>
 <html lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>{{.Title}}</title>
-    <style>
-      /* size variables */
-      :root {
-        --dot-size: 12px;
-        --logo-size: 100px;
-      }
-      /* Global Styles */
-      * {
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-      }
-      body {
-        font-family:
-          "Inter",
-          -apple-system,
-          BlinkMacSystemFont,
-          "Segoe UI",
-          Roboto,
-          Oxygen,
-          Ubuntu,
-          Cantarell,
-          "Open Sans",
-          "Helvetica Neue",
-          sans-serif;
-        font-size: 16px;
-        line-height: 1.5;
-        color: #f8f9fa;
-        display: flex;
-        flex-direction: column;
-        justify-content: center;
-        align-items: center;
-        height: 100vh;
-        margin: 0;
-        gap: 32px;
-        background: linear-gradient(135deg, #121212 0%, #1e1e1e 100%);
-      }
-
-      /* Container */
-      .container {
-        display: flex;
-        flex-direction: column;
-        align-items: center;
-        justify-content: center;
-        padding: 48px;
-        border-radius: 16px;
-        background-color: rgba(30, 30, 30, 0.6);
-        box-shadow: 0 8px 32px rgba(0, 0, 0, 0.2);
-        backdrop-filter: blur(8px);
-        max-width: 90%;
-        transition: all 0.3s ease;
-      }
-
-      /* Spinner Styles */
-      .loading-dots {
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        gap: 8px;
-        padding-top: 20px;
-        padding-bottom: 6px;
-      }
-      .dot {
-        width: var(--dot-size);
-        height: var(--dot-size);
-        background-color: #66d9ef;
-        border-radius: 50%;
-        animation: bounce 1.3s infinite ease-in-out;
-      }
-      .dot:nth-child(1) {
-        animation-delay: -0.32s;
-      }
-      .dot:nth-child(2) {
-        animation-delay: -0.16s;
-      }
-      @keyframes bounce {
-        0%,
-        80%,
-        100% {
-          transform: translateY(0);
-        }
-        40% {
-          transform: translateY(-10px);
-        }
-      }
-
-      /* Message Styles */
-      .message {
-        font-size: 20px;
-        font-weight: 500;
-        text-align: center;
-        color: #f8f9fa;
-        max-width: 500px;
-        letter-spacing: 0.3px;
-        white-space: nowrap;
-      }
-
-      /* Logo */
-      .logo {
-        width: var(--logo-size);
-        height: var(--logo-size);
-      }
-    </style>
+    <link rel="stylesheet" href="{{.LoadingPageCSSPath}}" />
+    <link rel="icon" href="{{.FavIconPath}}" />
+    <link rel="preconnect" href="https://fonts.googleapis.com" />
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+    <link
+      href="https://fonts.googleapis.com/css2?family=Fira+Code:wght@400;500;600&display=swap"
+      rel="stylesheet"
+    />
   </head>
   <body>
+    <script>
+      const wakeEventsPath = "{{.WakeEventsPath}}";
+    </script>
+    <script src="{{.LoadingPageJSPath}}" defer></script>
     <div class="container">
       <!-- icon handled by waker_http -->
-      <img class="logo" src="/favicon.ico" />
+      <img class="logo" src="{{.FavIconPath}}" />
       <div id="loading-dots" class="loading-dots">
         <div class="dot"></div>
         <div class="dot"></div>
         <div class="dot"></div>
       </div>
-      <div id="message" class="message">{{.Message}}</div>
+      <div id="console" class="console"></div>
     </div>
-    <script>
-      window.onload = async function () {
-        let resp = await fetch(window.location.href, {
-          headers: {
-            "{{.CheckRedirectHeader}}": "1",
-          },
-        });
-        if (resp.ok) {
-          window.location.href = resp.url;
-        } else {
-          document.getElementById("message").innerText = await resp.text();
-          document.getElementById("loading-dots").remove();
-        }
-      };
-    </script>
   </body>
 </html>

internal/idlewatcher/html/style.css

@@ -0,0 +1,194 @@
+/* size variables */
+:root {
+  --dot-size: 12px;
+  --logo-size: 100px;
+}
+/* Global Styles */
+* {
+  box-sizing: border-box;
+  margin: 0;
+  padding: 0;
+}
+body {
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen,
+    Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;
+  font-size: 16px;
+  line-height: 1.5;
+  color: #f8f9fa;
+  display: flex;
+  flex-direction: column;
+  justify-content: center;
+  align-items: center;
+  height: 100vh;
+  margin: 0;
+  background: linear-gradient(135deg, #121212 0%, #1e1e1e 100%);
+}
+
+/* Container */
+.container {
+  display: flex;
+  flex-direction: column;
+  gap: 32px;
+  align-items: center;
+  justify-content: center;
+  padding: 32px;
+  border-radius: 16px;
+  background-color: rgba(30, 30, 30, 0.9);
+  box-shadow: 0 16px 64px rgba(0, 0, 0, 0.4), 0 4px 16px rgba(0, 0, 0, 0.2);
+  backdrop-filter: blur(12px);
+  max-width: 90%;
+  transition: all 0.3s ease;
+  min-width: 600px;
+  min-height: 400px;
+}
+
+@media (max-width: 768px) {
+  .container {
+    min-width: auto;
+    max-width: 90%;
+  }
+}
+
+/* Spinner Styles */
+.loading-dots {
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  gap: 8px;
+}
+.dot {
+  width: var(--dot-size);
+  height: var(--dot-size);
+  background-color: #66d9ef;
+  border-radius: 50%;
+  animation: bounce 1.3s infinite ease-in-out;
+}
+.dot:nth-child(1) {
+  animation-delay: -0.32s;
+}
+.dot:nth-child(2) {
+  animation-delay: -0.16s;
+}
+@keyframes bounce {
+  0%,
+  80%,
+  100% {
+    transform: translateY(0);
+  }
+  40% {
+    transform: translateY(-10px);
+  }
+}
+
+/* Message Styles */
+.message {
+  font-size: 18px;
+  font-weight: 500;
+  text-align: left;
+  color: #f8f9fa;
+  max-width: 100%;
+  letter-spacing: 0.3px;
+}
+
+/* Console Styles */
+.console {
+  font-family: "Fira Code", "Consolas", "Monaco", "Courier New", monospace;
+  font-size: 14px;
+  background-color: #1a1a1a;
+  border: 1px solid #333;
+  border-radius: 8px;
+  padding: 16px;
+  color: #e0e0e0;
+  overflow-y: auto;
+  max-height: 300px;
+  min-height: 200px;
+  width: 100%;
+  box-shadow: inset 0 2px 8px rgba(0, 0, 0, 0.3);
+}
+
+.console-line {
+  display: flex;
+  align-items: flex-start;
+  margin-bottom: 4px;
+  padding: 2px 0;
+  border-bottom: 1px solid rgba(255, 255, 255, 0.05);
+}
+
+.console-line:last-child {
+  border-bottom: none;
+  margin-bottom: 0;
+}
+
+.console-timestamp {
+  color: #66d9ef;
+  margin-right: 12px;
+  font-weight: 500;
+  flex-shrink: 0;
+  min-width: 80px;
+}
+
+.console-message {
+  flex: 1;
+  word-break: break-word;
+  white-space: pre-wrap;
+}
+
+.console-line.starting .console-message {
+  color: #f9f871;
+}
+
+.console-line.waking_dep .console-message {
+  color: #66d9ef;
+}
+
+.console-line.dep_ready .console-message {
+  color: #a6e22e;
+}
+
+.console-line.container_woke .console-message {
+  color: #a6e22e;
+}
+
+.console-line.waiting_ready .console-message {
+  color: #fd971f;
+}
+
+.console-line.ready .console-message {
+  color: #a6e22e;
+  font-weight: bold;
+}
+
+.console-line.error .console-message {
+  color: #f92672;
+  font-weight: bold;
+}
+
+/* Loading dots in console */
+.console-loading {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  margin-left: 8px;
+}
+
+.console-loading-dot {
+  width: 6px;
+  height: 6px;
+  background-color: #66d9ef;
+  border-radius: 50%;
+  animation: bounce 1.3s infinite ease-in-out;
+}
+
+.console-loading-dot:nth-child(1) {
+  animation-delay: -0.32s;
+}
+
+.console-loading-dot:nth-child(2) {
+  animation-delay: -0.16s;
+}
+
+/* Logo */
+.logo {
+  width: var(--logo-size);
+  height: var(--logo-size);
+}

internal/idlewatcher/loading_page.go

@@ -1,35 +1,49 @@
 package idlewatcher
 
 import (
-	"bytes"
 	_ "embed"
-	"text/template"
+	"html/template"
+	"net/http"
 
-	"github.com/yusing/goutils/http/httpheaders"
+	idlewatcher "github.com/yusing/godoxy/internal/idlewatcher/types"
 )
 
 type templateData struct {
-	CheckRedirectHeader string
-	Title               string
-	Message             string
+	Title   string
+	Message string
+
+	FavIconPath        string
+	LoadingPageCSSPath string
+	LoadingPageJSPath  string
+	WakeEventsPath     string
 }
 
 //go:embed html/loading_page.html
 var loadingPage []byte
 var loadingPageTmpl = template.Must(template.New("loading_page").Parse(string(loadingPage)))
 
-func (w *Watcher) makeLoadingPageBody() []byte {
+//go:embed html/style.css
+var cssBytes []byte
+
+//go:embed html/loading.js
+var jsBytes []byte
+
+func (w *Watcher) writeLoadingPage(rw http.ResponseWriter) error {
 	msg := w.cfg.ContainerName() + " is starting..."
 
 	data := new(templateData)
-	data.CheckRedirectHeader = httpheaders.HeaderGoDoxyCheckRedirect
 	data.Title = w.cfg.ContainerName()
 	data.Message = msg
+	data.FavIconPath = idlewatcher.FavIconPath
+	data.LoadingPageCSSPath = idlewatcher.LoadingPageCSSPath
+	data.LoadingPageJSPath = idlewatcher.LoadingPageJSPath
+	data.WakeEventsPath = idlewatcher.WakeEventsPath
 
-	buf := bytes.NewBuffer(make([]byte, len(loadingPage)+len(data.Title)+len(data.Message)+len(httpheaders.HeaderGoDoxyCheckRedirect)))
-	err := loadingPageTmpl.Execute(buf, data)
-	if err != nil { // should never happen in production
-		panic(err)
-	}
-	return buf.Bytes()
+	rw.Header().Set("Content-Type", "text/html; charset=utf-8")
+	rw.Header().Set("Cache-Control", "no-cache")
+	rw.Header().Add("Cache-Control", "no-store")
+	rw.Header().Add("Cache-Control", "must-revalidate")
+	rw.Header().Add("Connection", "close")
+	err := loadingPageTmpl.Execute(rw, data)
+	return err
 }

internal/idlewatcher/provider/docker.go

@@ -3,7 +3,8 @@ package provider
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	idlewatcher "github.com/yusing/godoxy/internal/idlewatcher/types"
 	"github.com/yusing/godoxy/internal/types"
@@ -17,62 +18,69 @@ type DockerProvider struct {
 	containerID string
 }
 
-var startOptions = container.StartOptions{}
+var startOptions = client.ContainerStartOptions{}
 
-func NewDockerProvider(dockerHost, containerID string) (idlewatcher.Provider, error) {
-	client, err := docker.NewClient(dockerHost)
+func NewDockerProvider(dockerCfg types.DockerProviderConfig, containerID string) (idlewatcher.Provider, error) {
+	client, err := docker.NewClient(dockerCfg)
 	if err != nil {
 		return nil, err
 	}
 	return &DockerProvider{
 		client:      client,
-		watcher:     watcher.NewDockerWatcher(dockerHost),
+		watcher:     watcher.NewDockerWatcher(dockerCfg),
 		containerID: containerID,
 	}, nil
 }
 
 func (p *DockerProvider) ContainerPause(ctx context.Context) error {
-	return p.client.ContainerPause(ctx, p.containerID)
+	_, err := p.client.ContainerPause(ctx, p.containerID, client.ContainerPauseOptions{})
+	return err
 }
 
 func (p *DockerProvider) ContainerUnpause(ctx context.Context) error {
-	return p.client.ContainerUnpause(ctx, p.containerID)
+	_, err := p.client.ContainerUnpause(ctx, p.containerID, client.ContainerUnpauseOptions{})
+	return err
 }
 
 func (p *DockerProvider) ContainerStart(ctx context.Context) error {
-	return p.client.ContainerStart(ctx, p.containerID, startOptions)
+	_, err := p.client.ContainerStart(ctx, p.containerID, startOptions)
+	return err
 }
 
 func (p *DockerProvider) ContainerStop(ctx context.Context, signal types.ContainerSignal, timeout int) error {
-	return p.client.ContainerStop(ctx, p.containerID, container.StopOptions{
+	_, err := p.client.ContainerStop(ctx, p.containerID, client.ContainerStopOptions{
 		Signal:  string(signal),
 		Timeout: &timeout,
 	})
+	return err
 }
 
 func (p *DockerProvider) ContainerKill(ctx context.Context, signal types.ContainerSignal) error {
-	return p.client.ContainerKill(ctx, p.containerID, string(signal))
+	_, err := p.client.ContainerKill(ctx, p.containerID, client.ContainerKillOptions{
+		Signal: string(signal),
+	})
+	return err
 }
 
 func (p *DockerProvider) ContainerStatus(ctx context.Context) (idlewatcher.ContainerStatus, error) {
-	status, err := p.client.ContainerInspect(ctx, p.containerID)
+	status, err := p.client.ContainerInspect(ctx, p.containerID, client.ContainerInspectOptions{})
 	if err != nil {
 		return idlewatcher.ContainerStatusError, err
 	}
-	switch status.State.Status {
-	case "running":
+	switch status.Container.State.Status {
+	case container.StateRunning:
 		return idlewatcher.ContainerStatusRunning, nil
-	case "exited", "dead", "restarting":
+	case container.StateExited, container.StateDead, container.StateRestarting:
 		return idlewatcher.ContainerStatusStopped, nil
-	case "paused":
+	case container.StatePaused:
 		return idlewatcher.ContainerStatusPaused, nil
 	}
-	return idlewatcher.ContainerStatusError, idlewatcher.ErrUnexpectedContainerStatus.Subject(status.State.Status)
+	return idlewatcher.ContainerStatusError, idlewatcher.ErrUnexpectedContainerStatus.Subject(string(status.Container.State.Status))
 }
 
 func (p *DockerProvider) Watch(ctx context.Context) (eventCh <-chan watcher.Event, errCh <-chan gperr.Error) {
 	return p.watcher.EventsWithOptions(ctx, watcher.DockerListOptions{
-		Filters: watcher.NewDockerFilter(
+		Filters: watcher.NewDockerFilters(
 			watcher.DockerFilterContainer,
 			watcher.DockerFilterContainerNameID(p.containerID),
 			watcher.DockerFilterStart,

internal/idlewatcher/state.go

@@ -24,6 +24,8 @@ func (w *Watcher) setReady() {
 		status: idlewatcher.ContainerStatusRunning,
 		ready:  true,
 	})
+	// Send ready event via SSE
+	w.sendEvent(WakeEventReady, w.cfg.ContainerName()+" is ready!", nil)
 	// Notify waiting handlers that container is ready
 	select {
 	case w.readyNotifyCh <- struct{}{}:
@@ -42,6 +44,7 @@ func (w *Watcher) setStarting() {
 }
 
 func (w *Watcher) setNapping(status idlewatcher.ContainerStatus) {
+	w.clearEventHistory() // Clear events on stop/pause
 	w.state.Store(&containerState{
 		status:      status,
 		ready:       false,
@@ -51,6 +54,7 @@ func (w *Watcher) setNapping(status idlewatcher.ContainerStatus) {
 }
 
 func (w *Watcher) setError(err error) {
+	w.sendEvent(WakeEventError, "Container error", err)
 	w.state.Store(&containerState{
 		status:      idlewatcher.ContainerStatusError,
 		ready:       false,
@@ -71,8 +75,17 @@ func (w *Watcher) waitForReady(ctx context.Context) bool {
 	// Wait for ready notification or context cancellation
 	select {
 	case <-w.readyNotifyCh:
-		return w.ready() // double-check in case of race condition
+		return true
 	case <-ctx.Done():
 		return false
 	}
 }
+
+func (w *Watcher) waitStarted(reqCtx context.Context) bool {
+	select {
+	case <-reqCtx.Done():
+		return false
+	case <-w.route.Started():
+		return true
+	}
+}

internal/idlewatcher/types/paths.go

@@ -0,0 +1,9 @@
+package idlewatcher
+
+const (
+	FavIconPath        = "/favicon.ico"
+	PathPrefix         = "/$godoxy/"
+	LoadingPageCSSPath = PathPrefix + "style.css"
+	LoadingPageJSPath  = PathPrefix + "loading.js"
+	WakeEventsPath     = PathPrefix + "wake-events"
+)

internal/idlewatcher/types/waker.go

@@ -1,6 +1,7 @@
 package idlewatcher
 
 import (
+	"context"
 	"net/http"
 
 	nettypes "github.com/yusing/godoxy/internal/net/types"
@@ -11,5 +12,5 @@ type Waker interface {
 	types.HealthMonitor
 	http.Handler
 	nettypes.Stream
-	Wake() error
+	Wake(ctx context.Context) error
 }

internal/idlewatcher/watcher.go

@@ -8,6 +8,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/puzpuzpuz/xsync/v4"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/ds/ordered"
@@ -23,6 +24,7 @@ import (
 	"github.com/yusing/godoxy/internal/watcher/health/monitor"
 	gperr "github.com/yusing/goutils/errs"
 	"github.com/yusing/goutils/http/reverseproxy"
+	strutils "github.com/yusing/goutils/strings"
 	"github.com/yusing/goutils/synk"
 	"github.com/yusing/goutils/task"
 	"golang.org/x/sync/errgroup"
@@ -53,7 +55,7 @@ type (
 
 		cfg *types.IdlewatcherConfig
 
-		provider idlewatcher.Provider
+		provider synk.Value[idlewatcher.Provider]
 
 		state     synk.Value[*containerState]
 		lastReset synk.Value[time.Time]
@@ -63,6 +65,12 @@ type (
 		readyNotifyCh chan struct{} // notifies when container becomes ready
 		task          *task.Task
 
+		// SSE event broadcasting, HTTP routes only
+		eventChs       *xsync.Map[chan *WakeEvent, struct{}]
+		eventHistory   []WakeEvent  // Global event history buffer
+		eventHistoryMu sync.RWMutex // Mutex for event history
+
+		// FIXME: missing dependencies
 		dependsOn []*dependency
 	}
 
@@ -77,6 +85,8 @@ type (
 
 const ContextKey = "idlewatcher.watcher"
 
+var _ idlewatcher.Waker = (*Watcher)(nil)
+
 var (
 	watcherMap   = make(map[string]*Watcher)
 	watcherMapMu sync.RWMutex
@@ -115,11 +125,16 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *types.IdlewatcherConfig)
 		}
 		cfg = w.cfg
 		w.resetIdleTimer()
+		// Update health monitor URL with current route info on reload
+		if targetURL := r.TargetURL(); targetURL != nil {
+			w.hc.UpdateURL(&targetURL.URL)
+		}
 	} else {
 		w = &Watcher{
 			idleTicker:    time.NewTicker(cfg.IdleTimeout),
 			healthTicker:  time.NewTicker(idleWakerCheckInterval),
 			readyNotifyCh: make(chan struct{}, 1), // buffered to avoid blocking
+			eventChs:      xsync.NewMap[chan *WakeEvent, struct{}](),
 			cfg:           cfg,
 			routeHelper: routeHelper{
 				hc: monitor.NewMonitor(r),
@@ -185,7 +200,7 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *types.IdlewatcherConfig)
 			depCfg = new(types.IdlewatcherConfig)
 			depCfg.IdlewatcherConfigBase = cfg.IdlewatcherConfigBase
 			depCfg.IdleTimeout = neverTick // disable auto sleep for dependencies
-		} else if depCfg.IdleTimeout > 0 {
+		} else if depCfg.IdleTimeout > 0 && depCfg.IdleTimeout != neverTick {
 			depErrors.Addf("dependency %q has positive idle timeout %s", dep, depCfg.IdleTimeout)
 			continue
 		}
@@ -194,7 +209,7 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *types.IdlewatcherConfig)
 			depCont := depRoute.ContainerInfo()
 			if depCont != nil {
 				depCfg.Docker = &types.DockerConfig{
-					DockerHost:    depCont.DockerHost,
+					DockerCfg:     depCont.DockerCfg,
 					ContainerID:   depCont.ContainerID,
 					ContainerName: depCont.ContainerName,
 				}
@@ -223,8 +238,8 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *types.IdlewatcherConfig)
 		})
 	}
 
-	if w.provider != nil { // it's a reload, close the old provider
-		w.provider.Close()
+	if pOld := w.provider.Load(); pOld != nil { // it's a reload, close the old provider
+		pOld.Close()
 	}
 
 	if depErrors.HasError() {
@@ -241,25 +256,30 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *types.IdlewatcherConfig)
 	var kind string
 	switch {
 	case cfg.Docker != nil:
-		p, err = provider.NewDockerProvider(cfg.Docker.DockerHost, cfg.Docker.ContainerID)
+		p, err = provider.NewDockerProvider(cfg.Docker.DockerCfg, cfg.Docker.ContainerID)
 		kind = "docker"
 	default:
 		p, err = provider.NewProxmoxProvider(cfg.Proxmox.Node, cfg.Proxmox.VMID)
 		kind = "proxmox"
 	}
+	targetURL := r.TargetURL()
+	if targetURL == nil {
+		return nil, errors.New("target URL is not set")
+	}
 	w.l = log.With().
 		Str("kind", kind).
 		Str("container", cfg.ContainerName()).
+		Str("url", targetURL.String()).
 		Logger()
 
 	if cfg.IdleTimeout != neverTick {
-		w.l = w.l.With().Stringer("idle_timeout", cfg.IdleTimeout).Logger()
+		w.l = w.l.With().Str("idle_timeout", strutils.FormatDuration(cfg.IdleTimeout)).Logger()
 	}
 
 	if err != nil {
 		return nil, err
 	}
-	w.provider = p
+	w.provider.Store(p)
 
 	switch r := r.(type) {
 	case types.ReverseProxyRoute:
@@ -267,22 +287,22 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *types.IdlewatcherConfig)
 	case types.StreamRoute:
 		w.stream = r.Stream()
 	default:
-		w.provider.Close()
+		p.Close()
 		return nil, w.newWatcherError(gperr.Errorf("unexpected route type: %T", r))
 	}
 	w.route = r
 
 	ctx, cancel := context.WithTimeout(parent.Context(), reqTimeout)
 	defer cancel()
-	status, err := w.provider.ContainerStatus(ctx)
+	status, err := p.ContainerStatus(ctx)
 	if err != nil {
-		w.provider.Close()
+		p.Close()
 		return nil, w.newWatcherError(err)
 	}
 	w.state.Store(&containerState{status: status})
 
 	// when more providers are added, we need to add a new case here.
-	switch p := w.provider.(type) { //nolint:gocritic
+	switch p := p.(type) { //nolint:gocritic
 	case *provider.ProxmoxProvider:
 		shutdownTimeout := max(time.Second, cfg.StopTimeout-idleWakerCheckTimeout)
 		err = p.LXCSetShutdownTimeout(ctx, cfg.Proxmox.VMID, shutdownTimeout)
@@ -302,16 +322,18 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *types.IdlewatcherConfig)
 			delete(watcherMap, key)
 			watcherMapMu.Unlock()
 
-			if errors.Is(cause, causeContainerDestroy) || errors.Is(cause, task.ErrProgramExiting) || errors.Is(cause, config.ErrConfigChanged) {
+			if errors.Is(cause, causeReload) {
+				// no log
+			} else if errors.Is(cause, causeContainerDestroy) || errors.Is(cause, task.ErrProgramExiting) || errors.Is(cause, config.ErrConfigChanged) {
 				w.l.Info().Msg("idlewatcher stopped")
-			} else if !errors.Is(cause, causeReload) {
+			} else {
 				gperr.LogError("idlewatcher stopped unexpectedly", cause, &w.l)
 			}
 
 			w.idleTicker.Stop()
 			w.healthTicker.Stop()
+			w.setReady()
 			close(w.readyNotifyCh)
-			w.provider.Close()
 			w.task.Finish(cause)
 		}()
 	}
@@ -353,13 +375,27 @@ func (w *Watcher) Key() string {
 func (w *Watcher) Wake(ctx context.Context) error {
 	// wake dependencies first.
 	if err := w.wakeDependencies(ctx); err != nil {
+		w.sendEvent(WakeEventError, "Failed to wake dependencies", err)
 		return w.newWatcherError(err)
 	}
 
+	if w.wakeInProgress() {
+		w.l.Debug().Msg("already starting, ignoring duplicate start event")
+		return nil
+	}
+
 	// wake itself.
 	// use container name instead of Key() here as the container id will change on restart (docker).
-	_, err, _ := singleFlight.Do(w.cfg.ContainerName(), func() (any, error) {
-		return nil, w.wakeIfStopped(ctx)
+	containerName := w.cfg.ContainerName()
+	_, err, _ := singleFlight.Do(containerName, func() (any, error) {
+		err := w.wakeIfStopped(ctx)
+		if err != nil {
+			w.sendEvent(WakeEventError, "Failed to start "+containerName, err)
+		} else {
+			w.sendEvent(WakeEventContainerWoke, containerName+" started successfully", nil)
+			w.sendEvent(WakeEventWaitingReady, "Waiting for "+containerName+" to be ready...", nil)
+		}
+		return nil, err
 	})
 	if err != nil {
 		return w.newWatcherError(err)
@@ -368,6 +404,14 @@ func (w *Watcher) Wake(ctx context.Context) error {
 	return nil
 }
 
+func (w *Watcher) wakeInProgress() bool {
+	state := w.state.Load()
+	if state == nil {
+		return false
+	}
+	return !state.startedAt.IsZero()
+}
+
 func (w *Watcher) wakeDependencies(ctx context.Context) error {
 	if len(w.dependsOn) == 0 {
 		return nil
@@ -375,10 +419,16 @@ func (w *Watcher) wakeDependencies(ctx context.Context) error {
 
 	errs := errgroup.Group{}
 	for _, dep := range w.dependsOn {
+		if dep.wakeInProgress() {
+			w.l.Debug().Str("dep", dep.cfg.ContainerName()).Msg("dependency already starting, ignoring duplicate start event")
+			continue
+		}
 		errs.Go(func() error {
+			w.sendEvent(WakeEventWakingDep, "Waking dependency: "+dep.cfg.ContainerName(), nil)
 			if err := dep.Wake(ctx); err != nil {
 				return err
 			}
+			w.sendEvent(WakeEventDepReady, "Dependency woke: "+dep.cfg.ContainerName(), nil)
 			if dep.waitHealthy {
 				// initial health check before starting the ticker
 				if h, err := dep.hc.CheckHealth(); err != nil {
@@ -417,13 +467,17 @@ func (w *Watcher) wakeIfStopped(ctx context.Context) error {
 
 	ctx, cancel := context.WithTimeout(ctx, w.cfg.WakeTimeout)
 	defer cancel()
+	p := w.provider.Load()
+	if p == nil {
+		return gperr.Errorf("provider not set")
+	}
 	switch state.status {
 	case idlewatcher.ContainerStatusStopped:
-		w.l.Info().Msg("starting container")
-		return w.provider.ContainerStart(ctx)
+		w.sendEvent(WakeEventStarting, w.cfg.ContainerName()+" is starting...", nil)
+		return p.ContainerStart(ctx)
 	case idlewatcher.ContainerStatusPaused:
-		w.l.Info().Msg("unpausing container")
-		return w.provider.ContainerUnpause(ctx)
+		w.sendEvent(WakeEventStarting, w.cfg.ContainerName()+" is unpausing...", nil)
+		return p.ContainerUnpause(ctx)
 	default:
 		return gperr.Errorf("unexpected container status: %s", state.status)
 	}
@@ -458,13 +512,17 @@ func (w *Watcher) stopByMethod() error {
 
 	// stop itself first.
 	var err error
+	p := w.provider.Load()
+	if p == nil {
+		return gperr.New("provider not set")
+	}
 	switch cfg.StopMethod {
 	case types.ContainerStopMethodPause:
-		err = w.provider.ContainerPause(ctx)
+		err = p.ContainerPause(ctx)
 	case types.ContainerStopMethodStop:
-		err = w.provider.ContainerStop(ctx, cfg.StopSignal, int(math.Ceil(cfg.StopTimeout.Seconds())))
+		err = p.ContainerStop(ctx, cfg.StopSignal, int(math.Ceil(cfg.StopTimeout.Seconds())))
 	case types.ContainerStopMethodKill:
-		err = w.provider.ContainerKill(ctx, cfg.StopSignal)
+		err = p.ContainerKill(ctx, cfg.StopSignal)
 	default:
 		err = w.newWatcherError(gperr.Errorf("unexpected stop method: %q", cfg.StopMethod))
 	}
@@ -506,7 +564,12 @@ func (w *Watcher) expires() time.Time {
 // it exits only if the context is canceled, the container is destroyed,
 // errors occurred on docker client, or route provider died (mainly caused by config reload).
 func (w *Watcher) watchUntilDestroy() (returnCause error) {
-	eventCh, errCh := w.provider.Watch(w.Task().Context())
+	p := w.provider.Load()
+	if p == nil {
+		return gperr.Errorf("provider not set")
+	}
+	defer p.Close()
+	eventCh, errCh := p.Watch(w.Task().Context())
 
 	for {
 		select {

internal/logging/accesslog/access_logger.go

@@ -7,6 +7,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/puzpuzpuz/xsync/v4"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	maxmind "github.com/yusing/godoxy/internal/maxmind/types"
@@ -19,15 +20,24 @@ import (
 )
 
 type (
-	AccessLogger struct {
+	AccessLogger interface {
+		Log(req *http.Request, res *http.Response)
+		LogError(req *http.Request, err error)
+		LogACL(info *maxmind.IPInfo, blocked bool)
+
+		Config() *Config
+
+		Flush()
+		Close() error
+	}
+
+	accessLogger struct {
 		task *task.Task
 		cfg  *Config
 
-		rawWriter     io.Writer
-		closer        io.Closer
-		supportRotate supportRotate
-		writer        *ioutils.BufferedWriter
-		writeLock     sync.Mutex
+		writer        BufferedWriter
+		supportRotate SupportRotate
+		writeLock     *sync.Mutex
 		closed        bool
 
 		writeCount int64
@@ -41,8 +51,9 @@ type (
 		ACLFormatter
 	}
 
-	WriterWithName interface {
+	Writer interface {
 		io.WriteCloser
+		ShouldBeBuffered() bool
 		Name() string // file name or path
 	}
 
@@ -52,6 +63,10 @@ type (
 		Name() string
 	}
 
+	AccessLogRotater interface {
+		Rotate(result *RotateResult) (rotated bool, err error)
+	}
+
 	RequestFormatter interface {
 		// AppendRequestLog appends a log line to line with or without a trailing newline
 		AppendRequestLog(line []byte, req *http.Request, res *http.Response) []byte
@@ -62,6 +77,8 @@ type (
 	}
 )
 
+var writerLocks = xsync.NewMap[string, *sync.Mutex]()
+
 const (
 	InitialBufferSize = 4 * kilobyte
 	MaxBufferSize     = 8 * megabyte
@@ -77,42 +94,45 @@ const (
 )
 
 var bytesPool = synk.GetUnsizedBytesPool()
+var sizedPool = synk.GetSizedBytesPool()
 
-func NewAccessLogger(parent task.Parent, cfg AnyConfig) (*AccessLogger, error) {
-	io, err := cfg.IO()
+func NewAccessLogger(parent task.Parent, cfg AnyConfig) (AccessLogger, error) {
+	writers, err := cfg.Writers()
 	if err != nil {
 		return nil, err
 	}
-	return NewAccessLoggerWithIO(parent, io, cfg), nil
+
+	return NewMultiAccessLogger(parent, cfg, writers), nil
 }
 
-func NewMockAccessLogger(parent task.Parent, cfg *RequestLoggerConfig) *AccessLogger {
-	return NewAccessLoggerWithIO(parent, NewMockFile(), cfg)
+func NewMockAccessLogger(parent task.Parent, cfg *RequestLoggerConfig) AccessLogger {
+	return NewAccessLoggerWithIO(parent, NewMockFile(true), cfg)
 }
 
-func NewAccessLoggerWithIO(parent task.Parent, writer WriterWithName, anyCfg AnyConfig) *AccessLogger {
+func NewAccessLoggerWithIO(parent task.Parent, writer Writer, anyCfg AnyConfig) AccessLogger {
 	cfg := anyCfg.ToConfig()
 	if cfg.RotateInterval == 0 {
 		cfg.RotateInterval = defaultRotateInterval
 	}
 
-	l := &AccessLogger{
+	l := &accessLogger{
 		task:           parent.Subtask("accesslog."+writer.Name(), true),
 		cfg:            cfg,
-		rawWriter:      writer,
 		bufSize:        InitialBufferSize,
 		errRateLimiter: rate.NewLimiter(rate.Every(errRateLimit), errBurst),
 		logger:         log.With().Str("file", writer.Name()).Logger(),
 	}
 
-	if writer != nil {
+	l.writeLock, _ = writerLocks.LoadOrStore(writer.Name(), &sync.Mutex{})
+
+	if writer.ShouldBeBuffered() {
 		l.writer = ioutils.NewBufferedWriter(writer, InitialBufferSize)
-		if supportRotate, ok := writer.(SupportRotate); ok {
-			l.supportRotate = supportRotate
-		}
-		if closer, ok := writer.(io.Closer); ok {
-			l.closer = closer
-		}
+	} else {
+		l.writer = NewUnbufferedWriter(writer)
+	}
+
+	if supportRotate, ok := writer.(SupportRotate); ok {
+		l.supportRotate = supportRotate
 	}
 
 	if cfg.req != nil {
@@ -131,17 +151,15 @@ func NewAccessLoggerWithIO(parent task.Parent, writer WriterWithName, anyCfg Any
 		l.ACLFormatter = ACLLogFormatter{}
 	}
 
-	if l.writer != nil {
-		go l.start()
-	} // otherwise stdout only
+	go l.start()
 	return l
 }
 
-func (l *AccessLogger) Config() *Config {
+func (l *accessLogger) Config() *Config {
 	return l.cfg
 }
 
-func (l *AccessLogger) shouldLog(req *http.Request, res *http.Response) bool {
+func (l *accessLogger) shouldLog(req *http.Request, res *http.Response) bool {
 	if !l.cfg.req.Filters.StatusCodes.CheckKeep(req, res) ||
 		!l.cfg.req.Filters.Method.CheckKeep(req, res) ||
 		!l.cfg.req.Filters.Headers.CheckKeep(req, res) ||
@@ -151,7 +169,7 @@ func (l *AccessLogger) shouldLog(req *http.Request, res *http.Response) bool {
 	return true
 }
 
-func (l *AccessLogger) Log(req *http.Request, res *http.Response) {
+func (l *accessLogger) Log(req *http.Request, res *http.Response) {
 	if !l.shouldLog(req, res) {
 		return
 	}
@@ -165,11 +183,11 @@ func (l *AccessLogger) Log(req *http.Request, res *http.Response) {
 	bytesPool.Put(line)
 }
 
-func (l *AccessLogger) LogError(req *http.Request, err error) {
+func (l *accessLogger) LogError(req *http.Request, err error) {
 	l.Log(req, &http.Response{StatusCode: http.StatusInternalServerError, Status: err.Error()})
 }
 
-func (l *AccessLogger) LogACL(info *maxmind.IPInfo, blocked bool) {
+func (l *accessLogger) LogACL(info *maxmind.IPInfo, blocked bool) {
 	line := bytesPool.Get()
 	line = l.AppendACLLog(line, info, blocked)
 	if line[len(line)-1] != '\n' {
@@ -179,16 +197,16 @@ func (l *AccessLogger) LogACL(info *maxmind.IPInfo, blocked bool) {
 	bytesPool.Put(line)
 }
 
-func (l *AccessLogger) ShouldRotate() bool {
+func (l *accessLogger) ShouldRotate() bool {
 	return l.supportRotate != nil && l.cfg.Retention.IsValid()
 }
 
-func (l *AccessLogger) Rotate(result *RotateResult) (rotated bool, err error) {
+func (l *accessLogger) Rotate(result *RotateResult) (rotated bool, err error) {
 	if !l.ShouldRotate() {
 		return false, nil
 	}
 
-	l.writer.Flush()
+	l.Flush()
 	l.writeLock.Lock()
 	defer l.writeLock.Unlock()
 
@@ -196,7 +214,7 @@ func (l *AccessLogger) Rotate(result *RotateResult) (rotated bool, err error) {
 	return
 }
 
-func (l *AccessLogger) handleErr(err error) {
+func (l *accessLogger) handleErr(err error) {
 	if l.errRateLimiter.Allow() {
 		gperr.LogError("failed to write access log", err, &l.logger)
 	} else {
@@ -205,7 +223,7 @@ func (l *AccessLogger) handleErr(err error) {
 	}
 }
 
-func (l *AccessLogger) start() {
+func (l *accessLogger) start() {
 	defer func() {
 		l.Flush()
 		l.Close()
@@ -241,52 +259,42 @@ func (l *AccessLogger) start() {
 	}
 }
 
-func (l *AccessLogger) Close() error {
+func (l *accessLogger) Close() error {
 	l.writeLock.Lock()
 	defer l.writeLock.Unlock()
 	if l.closed {
 		return nil
 	}
-	if l.closer != nil {
-		l.closer.Close()
-	}
-	l.writer.Release()
+	l.writer.Flush()
 	l.closed = true
-	return nil
+	return l.writer.Close()
 }
 
-func (l *AccessLogger) Flush() {
+func (l *accessLogger) Flush() {
 	l.writeLock.Lock()
 	defer l.writeLock.Unlock()
 	if l.closed {
 		return
 	}
-	if err := l.writer.Flush(); err != nil {
+	l.writer.Flush()
+}
+
+func (l *accessLogger) write(data []byte) {
+	l.writeLock.Lock()
+	defer l.writeLock.Unlock()
+	if l.closed {
+		return
+	}
+	n, err := l.writer.Write(data)
+	if err != nil {
 		l.handleErr(err)
+	} else if n < len(data) {
+		l.handleErr(gperr.Errorf("%w, writing %d bytes, only %d written", io.ErrShortWrite, len(data), n))
 	}
+	atomic.AddInt64(&l.writeCount, int64(n))
 }
 
-func (l *AccessLogger) write(data []byte) {
-	if l.writer != nil {
-		l.writeLock.Lock()
-		defer l.writeLock.Unlock()
-		if l.closed {
-			return
-		}
-		n, err := l.writer.Write(data)
-		if err != nil {
-			l.handleErr(err)
-		} else if n < len(data) {
-			l.handleErr(gperr.Errorf("%w, writing %d bytes, only %d written", io.ErrShortWrite, len(data), n))
-		}
-		atomic.AddInt64(&l.writeCount, int64(n))
-	}
-	if l.cfg.Stdout {
-		log.Logger.Write(data) // write to stdout immediately
-	}
-}
-
-func (l *AccessLogger) adjustBuffer() {
+func (l *accessLogger) adjustBuffer() {
 	wps := int(atomic.SwapInt64(&l.writeCount, 0)) / int(bufferAdjustInterval.Seconds())
 	origBufSize := l.bufSize
 	newBufSize := origBufSize

internal/logging/accesslog/access_logger_test.go

@@ -9,7 +9,7 @@ import (
 	"time"
 
 	. "github.com/yusing/godoxy/internal/logging/accesslog"
-	"github.com/yusing/godoxy/internal/utils"
+	"github.com/yusing/goutils/mockable"
 	"github.com/yusing/goutils/task"
 	expect "github.com/yusing/goutils/testing"
 )
@@ -57,8 +57,8 @@ func fmtLog(cfg *RequestLoggerConfig) (ts string, line string) {
 
 	t := time.Now()
 	logger := NewMockAccessLogger(testTask, cfg)
-	utils.MockTimeNow(t)
-	buf = logger.AppendRequestLog(buf, req, resp)
+	mockable.MockTimeNow(t)
+	buf = logger.(RequestFormatter).AppendRequestLog(buf, req, resp)
 	return t.Format(LogTimeFormat), string(buf)
 }
 

internal/logging/accesslog/back_scanner_test.go

@@ -61,7 +61,7 @@ func TestBackScanner(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			// Setup mock file
-			mockFile := NewMockFile()
+			mockFile := NewMockFile(false)
 			_, err := mockFile.Write([]byte(tt.input))
 			if err != nil {
 				t.Fatalf("failed to write to mock file: %v", err)
@@ -103,7 +103,7 @@ func TestBackScannerWithVaryingChunkSizes(t *testing.T) {
 
 	for _, chunkSize := range chunkSizes {
 		t.Run(fmt.Sprintf("chunk_size_%d", chunkSize), func(t *testing.T) {
-			mockFile := NewMockFile()
+			mockFile := NewMockFile(false)
 			_, err := mockFile.Write([]byte(input))
 			if err != nil {
 				t.Fatalf("failed to write to mock file: %v", err)
@@ -149,7 +149,7 @@ func logEntry() []byte {
 	res := httptest.NewRecorder()
 	// server the request
 	srv.Config.Handler.ServeHTTP(res, req)
-	b := accesslog.AppendRequestLog(nil, req, res.Result())
+	b := accesslog.(RequestFormatter).AppendRequestLog(nil, req, res.Result())
 	if b[len(b)-1] != '\n' {
 		b = append(b, '\n')
 	}
@@ -197,7 +197,7 @@ func TestReset(t *testing.T) {
 
 // 100000 log entries.
 func BenchmarkBackScanner(b *testing.B) {
-	mockFile := NewMockFile()
+	mockFile := NewMockFile(false)
 	line := logEntry()
 	for range 100000 {
 		_, _ = mockFile.Write(line)

internal/logging/accesslog/config.go

@@ -32,7 +32,7 @@ type (
 	}
 	AnyConfig interface {
 		ToConfig() *Config
-		IO() (WriterWithName, error)
+		Writers() ([]Writer, error)
 	}
 
 	Format  string
@@ -65,17 +65,20 @@ func (cfg *ConfigBase) Validate() gperr.Error {
 	return nil
 }
 
-// IO returns a writer for the config.
-// If only stdout is enabled, it returns nil, nil.
-func (cfg *ConfigBase) IO() (WriterWithName, error) {
+// Writers returns a list of writers for the config.
+func (cfg *ConfigBase) Writers() ([]Writer, error) {
+	writers := make([]Writer, 0, 2)
 	if cfg.Path != "" {
 		io, err := NewFileIO(cfg.Path)
 		if err != nil {
 			return nil, err
 		}
-		return io, nil
+		writers = append(writers, io)
 	}
-	return nil, nil
+	if cfg.Stdout {
+		writers = append(writers, NewStdout())
+	}
+	return writers, nil
 }
 
 func (cfg *ACLLoggerConfig) ToConfig() *Config {

internal/logging/accesslog/file_logger.go

@@ -29,12 +29,19 @@ var (
 // NewFileIO creates a new file writer with cleaned path.
 //
 // If the file is already opened, it will be returned.
-func NewFileIO(path string) (WriterWithName, error) {
+func NewFileIO(path string) (Writer, error) {
 	openedFilesMu.Lock()
 	defer openedFilesMu.Unlock()
 
 	var file *File
-	path = filepath.Clean(path)
+	var err error
+
+	// make it absolute path, so that we can use it as key of `openedFiles` and shared lock
+	path, err = filepath.Abs(path)
+	if err != nil {
+		return nil, fmt.Errorf("access log path error: %w", err)
+	}
+
 	if opened, ok := openedFiles[path]; ok {
 		opened.refCount.Add()
 		return opened, nil
@@ -54,8 +61,13 @@ func NewFileIO(path string) (WriterWithName, error) {
 	return file, nil
 }
 
+// Name returns the absolute path of the file.
 func (f *File) Name() string {
-	return f.f.Name()
+	return f.path
+}
+
+func (f *File) ShouldBeBuffered() bool {
+	return true
 }
 
 func (f *File) Write(p []byte) (n int, err error) {

internal/logging/accesslog/file_logger_test.go

@@ -1,89 +1,96 @@
 package accesslog
 
 import (
+	"fmt"
+	"math/rand/v2"
 	"net/http"
 	"os"
+	"runtime"
 	"sync"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/yusing/goutils/task"
-	expect "github.com/yusing/goutils/testing"
 )
 
 func TestConcurrentFileLoggersShareSameAccessLogIO(t *testing.T) {
-	var wg sync.WaitGroup
-
 	cfg := DefaultRequestLoggerConfig()
 	cfg.Path = "test.log"
 
-	loggerCount := 10
-	accessLogIOs := make([]WriterWithName, loggerCount)
+	loggerCount := runtime.GOMAXPROCS(0)
+	accessLogIOs := make([]Writer, loggerCount)
 
 	// make test log file
 	file, err := os.Create(cfg.Path)
-	expect.NoError(t, err)
+	assert.NoError(t, err)
 	file.Close()
 	t.Cleanup(func() {
-		expect.NoError(t, os.Remove(cfg.Path))
+		assert.NoError(t, os.Remove(cfg.Path))
 	})
 
+	var wg sync.WaitGroup
 	for i := range loggerCount {
-		wg.Add(1)
-		go func(index int) {
-			defer wg.Done()
+		wg.Go(func() {
 			file, err := NewFileIO(cfg.Path)
-			expect.NoError(t, err)
-			accessLogIOs[index] = file
-		}(i)
+			assert.NoError(t, err)
+			accessLogIOs[i] = file
+		})
 	}
 
 	wg.Wait()
 
 	firstIO := accessLogIOs[0]
 	for _, io := range accessLogIOs {
-		expect.Equal(t, io, firstIO)
+		assert.Equal(t, firstIO, io)
 	}
 }
 
 func TestConcurrentAccessLoggerLogAndFlush(t *testing.T) {
-	file := NewMockFile()
+	for _, buffered := range []bool{false, true} {
+		t.Run(fmt.Sprintf("buffered=%t", buffered), func(t *testing.T) {
+			file := NewMockFile(buffered)
 
-	cfg := DefaultRequestLoggerConfig()
-	parent := task.RootTask("test", false)
+			cfg := DefaultRequestLoggerConfig()
+			parent := task.RootTask("test", false)
 
-	loggerCount := 5
-	logCountPerLogger := 10
-	loggers := make([]*AccessLogger, loggerCount)
+			loggerCount := runtime.GOMAXPROCS(0)
+			logCountPerLogger := 10
+			loggers := make([]AccessLogger, loggerCount)
 
-	for i := range loggerCount {
-		loggers[i] = NewAccessLoggerWithIO(parent, file, cfg)
+			for i := range loggerCount {
+				loggers[i] = NewAccessLoggerWithIO(parent, file, cfg)
+			}
+
+			req, _ := http.NewRequest(http.MethodGet, "http://example.com", nil)
+			resp := &http.Response{StatusCode: http.StatusOK}
+
+			var wg sync.WaitGroup
+			for _, logger := range loggers {
+				wg.Go(func() {
+					concurrentLog(logger, req, resp, logCountPerLogger)
+				})
+			}
+			wg.Wait()
+
+			for _, logger := range loggers {
+				logger.Close()
+			}
+
+			expected := loggerCount * logCountPerLogger
+			actual := file.NumLines()
+			assert.Equal(t, expected, actual)
+		})
 	}
-
-	var wg sync.WaitGroup
-	req, _ := http.NewRequest(http.MethodGet, "http://example.com", nil)
-	resp := &http.Response{StatusCode: http.StatusOK}
-
-	wg.Add(len(loggers))
-	for _, logger := range loggers {
-		go func(l *AccessLogger) {
-			defer wg.Done()
-			parallelLog(l, req, resp, logCountPerLogger)
-			l.Flush()
-		}(logger)
-	}
-
-	wg.Wait()
-
-	expected := loggerCount * logCountPerLogger
-	actual := file.NumLines()
-	expect.Equal(t, actual, expected)
 }
 
-func parallelLog(logger *AccessLogger, req *http.Request, resp *http.Response, n int) {
+func concurrentLog(logger AccessLogger, req *http.Request, resp *http.Response, n int) {
 	var wg sync.WaitGroup
 	for range n {
 		wg.Go(func() {
 			logger.Log(req, resp)
+			if rand.IntN(2) == 0 {
+				logger.Flush()
+			}
 		})
 	}
 	wg.Wait()

internal/logging/accesslog/formatter.go

@@ -9,7 +9,7 @@ import (
 
 	"github.com/rs/zerolog"
 	maxmind "github.com/yusing/godoxy/internal/maxmind/types"
-	"github.com/yusing/godoxy/internal/utils"
+	"github.com/yusing/goutils/mockable"
 )
 
 type (
@@ -67,7 +67,7 @@ func (f *CommonFormatter) AppendRequestLog(line []byte, req *http.Request, res *
 	line = append(line, clientIP(req)...)
 	line = append(line, " - - ["...)
 
-	line = utils.TimeNow().AppendFormat(line, LogTimeFormat)
+	line = mockable.TimeNow().AppendFormat(line, LogTimeFormat)
 	line = append(line, `] "`...)
 
 	line = append(line, req.Method...)
@@ -103,7 +103,7 @@ func (f *JSONFormatter) AppendRequestLog(line []byte, req *http.Request, res *ht
 	writer := bytes.NewBuffer(line)
 	logger := zerolog.New(writer)
 	event := logger.Info().
-		Str("time", utils.TimeNow().Format(LogTimeFormat)).
+		Str("time", mockable.TimeNow().Format(LogTimeFormat)).
 		Str("ip", clientIP(req)).
 		Str("method", req.Method).
 		Str("scheme", scheme(req)).
@@ -136,7 +136,7 @@ func (f ACLLogFormatter) AppendACLLog(line []byte, info *maxmind.IPInfo, blocked
 	writer := bytes.NewBuffer(line)
 	logger := zerolog.New(writer)
 	event := logger.Info().
-		Str("time", utils.TimeNow().Format(LogTimeFormat)).
+		Str("time", mockable.TimeNow().Format(LogTimeFormat)).
 		Str("ip", info.Str)
 	if blocked {
 		event.Str("action", "block")

internal/logging/accesslog/mock_file.go

@@ -7,26 +7,27 @@ import (
 	"github.com/spf13/afero"
 )
 
-type noLock struct{}
-
-func (noLock) Lock()   {}
-func (noLock) Unlock() {}
-
 type MockFile struct {
 	afero.File
-	noLock
+
+	buffered bool
 }
 
 var _ SupportRotate = (*MockFile)(nil)
 
-func NewMockFile() *MockFile {
+func NewMockFile(buffered bool) *MockFile {
 	f, _ := afero.TempFile(afero.NewMemMapFs(), "", "")
 	f.Seek(0, io.SeekEnd)
 	return &MockFile{
-		File: f,
+		File:     f,
+		buffered: buffered,
 	}
 }
 
+func (m *MockFile) ShouldBeBuffered() bool {
+	return m.buffered
+}
+
 func (m *MockFile) Len() int64 {
 	filesize, _ := m.Seek(0, io.SeekEnd)
 	_, _ = m.Seek(0, io.SeekStart)
@@ -60,3 +61,7 @@ func (m *MockFile) MustSize() int64 {
 	size, _ := m.Size()
 	return size
 }
+
+func (m *MockFile) Close() error {
+	return nil
+}

internal/logging/accesslog/multi_access_logger.go

@@ -0,0 +1,63 @@
+package accesslog
+
+import (
+	"net/http"
+
+	maxmind "github.com/yusing/godoxy/internal/maxmind/types"
+	"github.com/yusing/goutils/task"
+)
+
+type MultiAccessLogger struct {
+	accessLoggers []AccessLogger
+}
+
+// NewMultiAccessLogger creates a new AccessLogger that writes to multiple writers.
+//
+// If there is only one writer, it will return a single AccessLogger.
+// Otherwise, it will return a MultiAccessLogger that writes to all the writers.
+func NewMultiAccessLogger(parent task.Parent, cfg AnyConfig, writers []Writer) AccessLogger {
+	if len(writers) == 1 {
+		return NewAccessLoggerWithIO(parent, writers[0], cfg)
+	}
+
+	accessLoggers := make([]AccessLogger, len(writers))
+	for i, writer := range writers {
+		accessLoggers[i] = NewAccessLoggerWithIO(parent, writer, cfg)
+	}
+	return &MultiAccessLogger{accessLoggers}
+}
+
+func (m *MultiAccessLogger) Config() *Config {
+	return m.accessLoggers[0].Config()
+}
+
+func (m *MultiAccessLogger) Log(req *http.Request, res *http.Response) {
+	for _, accessLogger := range m.accessLoggers {
+		accessLogger.Log(req, res)
+	}
+}
+
+func (m *MultiAccessLogger) LogError(req *http.Request, err error) {
+	for _, accessLogger := range m.accessLoggers {
+		accessLogger.LogError(req, err)
+	}
+}
+
+func (m *MultiAccessLogger) LogACL(info *maxmind.IPInfo, blocked bool) {
+	for _, accessLogger := range m.accessLoggers {
+		accessLogger.LogACL(info, blocked)
+	}
+}
+
+func (m *MultiAccessLogger) Flush() {
+	for _, accessLogger := range m.accessLoggers {
+		accessLogger.Flush()
+	}
+}
+
+func (m *MultiAccessLogger) Close() error {
+	for _, accessLogger := range m.accessLoggers {
+		accessLogger.Close()
+	}
+	return nil
+}

internal/logging/accesslog/multi_access_logger_test.go

@@ -0,0 +1,261 @@
+package accesslog
+
+import (
+	"errors"
+	"net"
+	"net/http"
+	"net/url"
+	"testing"
+
+	maxmind "github.com/yusing/godoxy/internal/maxmind/types"
+	"github.com/yusing/goutils/task"
+	expect "github.com/yusing/goutils/testing"
+)
+
+func TestNewMultiAccessLogger(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultRequestLoggerConfig()
+
+	writers := []Writer{
+		NewMockFile(true),
+		NewMockFile(true),
+	}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+	expect.NotNil(t, logger)
+}
+
+func TestMultiAccessLoggerConfig(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultRequestLoggerConfig()
+	cfg.Format = FormatCommon
+
+	writers := []Writer{
+		NewMockFile(true),
+		NewMockFile(true),
+	}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+	retrievedCfg := logger.Config()
+
+	expect.Equal(t, retrievedCfg.req.Format, FormatCommon)
+}
+
+func TestMultiAccessLoggerLog(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultRequestLoggerConfig()
+	cfg.Format = FormatCommon
+
+	writer1 := NewMockFile(true)
+	writer2 := NewMockFile(true)
+	writers := []Writer{writer1, writer2}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+
+	testURL, _ := url.Parse("http://example.com/test")
+	req := &http.Request{
+		RemoteAddr: "192.168.1.1",
+		Method:     http.MethodGet,
+		Proto:      "HTTP/1.1",
+		Host:       "example.com",
+		URL:        testURL,
+		Header: http.Header{
+			"User-Agent": []string{"test-agent"},
+		},
+	}
+	resp := &http.Response{
+		StatusCode:    http.StatusOK,
+		ContentLength: 100,
+	}
+
+	logger.Log(req, resp)
+	logger.Flush()
+
+	expect.Equal(t, writer1.NumLines(), 1)
+	expect.Equal(t, writer2.NumLines(), 1)
+}
+
+func TestMultiAccessLoggerLogError(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultRequestLoggerConfig()
+
+	writer1 := NewMockFile(true)
+	writer2 := NewMockFile(true)
+	writers := []Writer{writer1, writer2}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+
+	testURL, _ := url.Parse("http://example.com/test")
+	req := &http.Request{
+		RemoteAddr: "192.168.1.1",
+		Method:     http.MethodGet,
+		URL:        testURL,
+	}
+	testErr := errors.New("test error")
+
+	logger.LogError(req, testErr)
+	logger.Flush()
+
+	expect.Equal(t, writer1.NumLines(), 1)
+	expect.Equal(t, writer2.NumLines(), 1)
+}
+
+func TestMultiAccessLoggerLogACL(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultACLLoggerConfig()
+	cfg.LogAllowed = true
+
+	writer1 := NewMockFile(true)
+	writer2 := NewMockFile(true)
+	writers := []Writer{writer1, writer2}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+
+	info := &maxmind.IPInfo{
+		IP:  net.ParseIP("192.168.1.1"),
+		Str: "192.168.1.1",
+	}
+
+	logger.LogACL(info, false)
+	logger.Flush()
+
+	expect.Equal(t, writer1.NumLines(), 1)
+	expect.Equal(t, writer2.NumLines(), 1)
+}
+
+func TestMultiAccessLoggerFlush(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultRequestLoggerConfig()
+
+	writer1 := NewMockFile(true)
+	writer2 := NewMockFile(true)
+	writers := []Writer{writer1, writer2}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+
+	testURL, _ := url.Parse("http://example.com/test")
+	req := &http.Request{
+		RemoteAddr: "192.168.1.1",
+		Method:     http.MethodGet,
+		URL:        testURL,
+	}
+	resp := &http.Response{
+		StatusCode: http.StatusOK,
+	}
+
+	logger.Log(req, resp)
+	logger.Flush()
+
+	expect.Equal(t, writer1.NumLines(), 1)
+	expect.Equal(t, writer2.NumLines(), 1)
+}
+
+func TestMultiAccessLoggerClose(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultRequestLoggerConfig()
+
+	writer1 := NewMockFile(true)
+	writer2 := NewMockFile(true)
+	writers := []Writer{writer1, writer2}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+
+	err := logger.Close()
+	expect.Nil(t, err)
+}
+
+func TestMultiAccessLoggerMultipleLogs(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultRequestLoggerConfig()
+
+	writer1 := NewMockFile(true)
+	writer2 := NewMockFile(true)
+	writers := []Writer{writer1, writer2}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+
+	testURL, _ := url.Parse("http://example.com/test")
+
+	for range 3 {
+		req := &http.Request{
+			RemoteAddr: "192.168.1.1",
+			Method:     http.MethodGet,
+			URL:        testURL,
+		}
+		resp := &http.Response{
+			StatusCode: http.StatusOK,
+		}
+		logger.Log(req, resp)
+	}
+
+	logger.Flush()
+
+	expect.Equal(t, writer1.NumLines(), 3)
+	expect.Equal(t, writer2.NumLines(), 3)
+}
+
+func TestMultiAccessLoggerSingleWriter(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultRequestLoggerConfig()
+
+	writer := NewMockFile(true)
+	writers := []Writer{writer}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+	expect.NotNil(t, logger)
+
+	testURL, _ := url.Parse("http://example.com/test")
+	req := &http.Request{
+		RemoteAddr: "192.168.1.1",
+		Method:     http.MethodGet,
+		URL:        testURL,
+	}
+	resp := &http.Response{
+		StatusCode: http.StatusOK,
+	}
+
+	logger.Log(req, resp)
+	logger.Flush()
+
+	expect.Equal(t, writer.NumLines(), 1)
+}
+
+func TestMultiAccessLoggerMixedOperations(t *testing.T) {
+	testTask := task.RootTask("test", false)
+	cfg := DefaultRequestLoggerConfig()
+
+	writer1 := NewMockFile(true)
+	writer2 := NewMockFile(true)
+	writers := []Writer{writer1, writer2}
+
+	logger := NewMultiAccessLogger(testTask, cfg, writers)
+
+	testURL, _ := url.Parse("http://example.com/test")
+
+	req := &http.Request{
+		RemoteAddr: "192.168.1.1",
+		Method:     http.MethodGet,
+		URL:        testURL,
+	}
+	resp := &http.Response{
+		StatusCode: http.StatusOK,
+	}
+
+	logger.Log(req, resp)
+	logger.Flush()
+
+	info := &maxmind.IPInfo{
+		IP:  net.ParseIP("192.168.1.1"),
+		Str: "192.168.1.1",
+	}
+
+	cfg2 := DefaultACLLoggerConfig()
+	cfg2.LogAllowed = true
+	aclLogger := NewMultiAccessLogger(testTask, cfg2, writers)
+	aclLogger.LogACL(info, false)
+
+	logger.Flush()
+
+	expect.Equal(t, writer1.NumLines(), 1)
+	expect.Equal(t, writer2.NumLines(), 1)
+}

internal/logging/accesslog/rotate.go

@@ -3,13 +3,12 @@ package accesslog
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"io"
-	"slices"
 	"time"
 
 	"github.com/rs/zerolog"
-	"github.com/yusing/godoxy/internal/utils"
-	gperr "github.com/yusing/goutils/errs"
+	"github.com/yusing/goutils/mockable"
 	strutils "github.com/yusing/goutils/strings"
 )
 
@@ -81,14 +80,14 @@ func rotateLogFile(file supportRotate, config *Retention, result *RotateResult)
 
 func rotateLogFileByPolicy(file supportRotate, config *Retention, result *RotateResult) (rotated bool, err error) {
 	var shouldStop func() bool
-	t := utils.TimeNow()
+	t := mockable.TimeNow()
 
 	switch {
 	case config.Last > 0:
 		shouldStop = func() bool { return result.NumLinesKeep-result.NumLinesInvalid == int(config.Last) }
 		// not needed to parse time for last N lines
 	case config.Days > 0:
-		cutoff := utils.TimeNow().AddDate(0, 0, -int(config.Days)+1)
+		cutoff := mockable.TimeNow().AddDate(0, 0, -int(config.Days)+1)
 		shouldStop = func() bool { return t.Before(cutoff) }
 	default:
 		return false, nil // should not happen
@@ -164,31 +163,14 @@ func rotateLogFileByPolicy(file supportRotate, config *Retention, result *Rotate
 
 	// Read each line and write it to the beginning of the file
 	writePos := int64(0)
-	buf := bytesPool.Get()
-	defer func() {
-		bytesPool.Put(buf)
-	}()
-
 	// in reverse order to keep the order of the lines (from old to new)
 	for i := len(linesToKeep) - 1; i >= 0; i-- {
 		line := linesToKeep[i]
 		n := line.Size
-		if cap(buf) < int(n) {
-			buf = slices.Grow(buf, int(n)-cap(buf))
-		}
-		buf = buf[:n]
 
-		// Read the line from its original position
-		if _, err := file.ReadAt(buf, line.Pos); err != nil {
+		if err := fileContentMove(file, line.Pos, writePos, int(n)); err != nil {
 			return false, err
 		}
-
-		// Write it to the new position
-		if _, err := file.WriteAt(buf, writePos); err != nil {
-			return false, err
-		} else if n < line.Size {
-			return false, gperr.Errorf("%w, writing %d bytes, only %d written", io.ErrShortWrite, line.Size, n)
-		}
 		writePos += n
 	}
 
@@ -199,6 +181,34 @@ func rotateLogFileByPolicy(file supportRotate, config *Retention, result *Rotate
 	return true, nil
 }
 
+// fileContentMove moves the content of the file from the source position to the destination position.
+//
+// this is only used for moving from the back to the front of the file.
+func fileContentMove(file supportRotate, srcPos, dstPos int64, size int) error {
+	buf := sizedPool.GetSized(size)
+	defer sizedPool.Put(buf)
+
+	// Read the line from its original position
+	nRead, err := file.ReadAt(buf, srcPos)
+	if err != nil {
+		return err
+	}
+	if nRead != size {
+		return fmt.Errorf("%w, reading %d bytes, only %d read", io.ErrShortBuffer, size, nRead)
+	}
+
+	// Write it to the new position
+	nWritten, err := file.WriteAt(buf, dstPos)
+	if err != nil {
+		return err
+	}
+	if nWritten != size {
+		return fmt.Errorf("%w, writing %d bytes, only %d written", io.ErrShortWrite, size, nWritten)
+	}
+
+	return nil
+}
+
 // rotateLogFileBySize rotates the log file by size.
 // It returns the result of the rotation and an error if any.
 //

internal/logging/accesslog/rotate_test.go

@@ -7,7 +7,7 @@ import (
 	"time"
 
 	. "github.com/yusing/godoxy/internal/logging/accesslog"
-	"github.com/yusing/godoxy/internal/utils"
+	"github.com/yusing/goutils/mockable"
 	strutils "github.com/yusing/goutils/strings"
 	"github.com/yusing/goutils/task"
 	expect "github.com/yusing/goutils/testing"
@@ -55,8 +55,8 @@ func TestParseLogTime(t *testing.T) {
 func TestRotateKeepLast(t *testing.T) {
 	for _, format := range ReqLoggerFormats {
 		t.Run(string(format)+" keep last", func(t *testing.T) {
-			file := NewMockFile()
-			utils.MockTimeNow(testTime)
+			file := NewMockFile(true)
+			mockable.MockTimeNow(testTime)
 			logger := NewAccessLoggerWithIO(task.RootTask("test", false), file, &RequestLoggerConfig{
 				Format: format,
 			})
@@ -77,7 +77,7 @@ func TestRotateKeepLast(t *testing.T) {
 			logger.Config().Retention = retention
 
 			var result RotateResult
-			rotated, err := logger.Rotate(&result)
+			rotated, err := logger.(AccessLogRotater).Rotate(&result)
 			expect.NoError(t, err)
 			expect.Equal(t, rotated, true)
 			expect.Equal(t, file.NumLines(), int(retention.Last))
@@ -86,14 +86,14 @@ func TestRotateKeepLast(t *testing.T) {
 		})
 
 		t.Run(string(format)+" keep days", func(t *testing.T) {
-			file := NewMockFile()
+			file := NewMockFile(true)
 			logger := NewAccessLoggerWithIO(task.RootTask("test", false), file, &RequestLoggerConfig{
 				Format: format,
 			})
 			expect.Nil(t, logger.Config().Retention)
 			nLines := 10
 			for i := range nLines {
-				utils.MockTimeNow(testTime.AddDate(0, 0, -nLines+i+1))
+				mockable.MockTimeNow(testTime.AddDate(0, 0, -nLines+i+1))
 				logger.Log(req, resp)
 			}
 			logger.Flush()
@@ -105,9 +105,9 @@ func TestRotateKeepLast(t *testing.T) {
 			expect.Equal(t, retention.KeepSize, 0)
 			logger.Config().Retention = retention
 
-			utils.MockTimeNow(testTime)
+			mockable.MockTimeNow(testTime)
 			var result RotateResult
-			rotated, err := logger.Rotate(&result)
+			rotated, err := logger.(AccessLogRotater).Rotate(&result)
 			expect.NoError(t, err)
 			expect.Equal(t, rotated, true)
 			expect.Equal(t, file.NumLines(), int(retention.Days))
@@ -132,14 +132,14 @@ func TestRotateKeepLast(t *testing.T) {
 func TestRotateKeepFileSize(t *testing.T) {
 	for _, format := range ReqLoggerFormats {
 		t.Run(string(format)+" keep size no rotation", func(t *testing.T) {
-			file := NewMockFile()
+			file := NewMockFile(true)
 			logger := NewAccessLoggerWithIO(task.RootTask("test", false), file, &RequestLoggerConfig{
 				Format: format,
 			})
 			expect.Nil(t, logger.Config().Retention)
 			nLines := 10
 			for i := range nLines {
-				utils.MockTimeNow(testTime.AddDate(0, 0, -nLines+i+1))
+				mockable.MockTimeNow(testTime.AddDate(0, 0, -nLines+i+1))
 				logger.Log(req, resp)
 			}
 			logger.Flush()
@@ -151,9 +151,9 @@ func TestRotateKeepFileSize(t *testing.T) {
 			expect.Equal(t, retention.Last, 0)
 			logger.Config().Retention = retention
 
-			utils.MockTimeNow(testTime)
+			mockable.MockTimeNow(testTime)
 			var result RotateResult
-			rotated, err := logger.Rotate(&result)
+			rotated, err := logger.(AccessLogRotater).Rotate(&result)
 			expect.NoError(t, err)
 
 			// file should be untouched as 100KB > 10 lines * bytes per line
@@ -164,14 +164,14 @@ func TestRotateKeepFileSize(t *testing.T) {
 	}
 
 	t.Run("keep size with rotation", func(t *testing.T) {
-		file := NewMockFile()
+		file := NewMockFile(true)
 		logger := NewAccessLoggerWithIO(task.RootTask("test", false), file, &RequestLoggerConfig{
 			Format: FormatJSON,
 		})
 		expect.Nil(t, logger.Config().Retention)
 		nLines := 100
 		for i := range nLines {
-			utils.MockTimeNow(testTime.AddDate(0, 0, -nLines+i+1))
+			mockable.MockTimeNow(testTime.AddDate(0, 0, -nLines+i+1))
 			logger.Log(req, resp)
 		}
 		logger.Flush()
@@ -183,9 +183,9 @@ func TestRotateKeepFileSize(t *testing.T) {
 		expect.Equal(t, retention.Last, 0)
 		logger.Config().Retention = retention
 
-		utils.MockTimeNow(testTime)
+		mockable.MockTimeNow(testTime)
 		var result RotateResult
-		rotated, err := logger.Rotate(&result)
+		rotated, err := logger.(AccessLogRotater).Rotate(&result)
 		expect.NoError(t, err)
 		expect.Equal(t, rotated, true)
 		expect.Equal(t, result.NumBytesKeep, int64(retention.KeepSize))
@@ -198,14 +198,14 @@ func TestRotateKeepFileSize(t *testing.T) {
 func TestRotateSkipInvalidTime(t *testing.T) {
 	for _, format := range ReqLoggerFormats {
 		t.Run(string(format), func(t *testing.T) {
-			file := NewMockFile()
+			file := NewMockFile(true)
 			logger := NewAccessLoggerWithIO(task.RootTask("test", false), file, &RequestLoggerConfig{
 				Format: format,
 			})
 			expect.Nil(t, logger.Config().Retention)
 			nLines := 10
 			for i := range nLines {
-				utils.MockTimeNow(testTime.AddDate(0, 0, -nLines+i+1))
+				mockable.MockTimeNow(testTime.AddDate(0, 0, -nLines+i+1))
 				logger.Log(req, resp)
 				logger.Flush()
 
@@ -221,7 +221,7 @@ func TestRotateSkipInvalidTime(t *testing.T) {
 			logger.Config().Retention = retention
 
 			var result RotateResult
-			rotated, err := logger.Rotate(&result)
+			rotated, err := logger.(AccessLogRotater).Rotate(&result)
 			expect.NoError(t, err)
 			expect.Equal(t, rotated, true)
 			// should read one invalid line after every valid line
@@ -240,7 +240,7 @@ func BenchmarkRotate(b *testing.B) {
 	}
 	for _, retention := range tests {
 		b.Run(fmt.Sprintf("retention_%s", retention.String()), func(b *testing.B) {
-			file := NewMockFile()
+			file := NewMockFile(true)
 			logger := NewAccessLoggerWithIO(task.RootTask("test", false), file, &RequestLoggerConfig{
 				ConfigBase: ConfigBase{
 					Retention: retention,
@@ -248,7 +248,7 @@ func BenchmarkRotate(b *testing.B) {
 				Format: FormatJSON,
 			})
 			for i := range 100 {
-				utils.MockTimeNow(testTime.AddDate(0, 0, -100+i+1))
+				mockable.MockTimeNow(testTime.AddDate(0, 0, -100+i+1))
 				logger.Log(req, resp)
 			}
 			logger.Flush()
@@ -256,11 +256,11 @@ func BenchmarkRotate(b *testing.B) {
 			b.ResetTimer()
 			for b.Loop() {
 				b.StopTimer()
-				file = NewMockFile()
+				file = NewMockFile(true)
 				_, _ = file.Write(content)
 				b.StartTimer()
 				var result RotateResult
-				_, _ = logger.Rotate(&result)
+				_, _ = logger.(AccessLogRotater).Rotate(&result)
 			}
 		})
 	}
@@ -274,7 +274,7 @@ func BenchmarkRotateWithInvalidTime(b *testing.B) {
 	}
 	for _, retention := range tests {
 		b.Run(fmt.Sprintf("retention_%s", retention.String()), func(b *testing.B) {
-			file := NewMockFile()
+			file := NewMockFile(true)
 			logger := NewAccessLoggerWithIO(task.RootTask("test", false), file, &RequestLoggerConfig{
 				ConfigBase: ConfigBase{
 					Retention: retention,
@@ -282,7 +282,7 @@ func BenchmarkRotateWithInvalidTime(b *testing.B) {
 				Format: FormatJSON,
 			})
 			for i := range 10000 {
-				utils.MockTimeNow(testTime.AddDate(0, 0, -10000+i+1))
+				mockable.MockTimeNow(testTime.AddDate(0, 0, -10000+i+1))
 				logger.Log(req, resp)
 				if i%10 == 0 {
 					_, _ = file.Write([]byte("invalid time\n"))
@@ -293,11 +293,11 @@ func BenchmarkRotateWithInvalidTime(b *testing.B) {
 			b.ResetTimer()
 			for b.Loop() {
 				b.StopTimer()
-				file = NewMockFile()
+				file = NewMockFile(true)
 				_, _ = file.Write(content)
 				b.StartTimer()
 				var result RotateResult
-				_, _ = logger.Rotate(&result)
+				_, _ = logger.(AccessLogRotater).Rotate(&result)
 			}
 		})
 	}

internal/logging/accesslog/stdout.go

@@ -0,0 +1,32 @@
+package accesslog
+
+import (
+	"os"
+
+	"github.com/rs/zerolog"
+	"github.com/yusing/godoxy/internal/logging"
+)
+
+type Stdout struct {
+	logger zerolog.Logger
+}
+
+func NewStdout() Writer {
+	return &Stdout{logger: logging.NewLoggerWithFixedLevel(zerolog.InfoLevel, os.Stdout)}
+}
+
+func (s Stdout) Name() string {
+	return "stdout"
+}
+
+func (s Stdout) ShouldBeBuffered() bool {
+	return false
+}
+
+func (s Stdout) Write(p []byte) (n int, err error) {
+	return s.logger.Write(p)
+}
+
+func (s Stdout) Close() error {
+	return nil
+}

internal/logging/accesslog/writer.go

@@ -0,0 +1,47 @@
+package accesslog
+
+import (
+	"io"
+)
+
+type BufferedWriter interface {
+	io.Writer
+	io.Closer
+	Flush() error
+	Resize(size int) error
+}
+
+type unbufferedWriter struct {
+	w io.Writer
+}
+
+func NewUnbufferedWriter(w io.Writer) BufferedWriter {
+	return unbufferedWriter{w: w}
+}
+
+func (w unbufferedWriter) Write(p []byte) (n int, err error) {
+	return w.w.Write(p)
+}
+
+func (w unbufferedWriter) Close() error {
+	if closer, ok := w.w.(io.Closer); ok {
+		return closer.Close()
+	}
+	return nil
+}
+
+func (w unbufferedWriter) Flush() error {
+	if flusher, ok := w.w.(interface{ Flush() }); ok {
+		flusher.Flush()
+	} else if errFlusher, ok := w.w.(interface{ FlushError() error }); ok {
+		return errFlusher.FlushError()
+	} else if errFlusher2, ok := w.w.(interface{ Flush() error }); ok {
+		return errFlusher2.Flush()
+	}
+	return nil
+}
+
+func (w unbufferedWriter) Resize(size int) error {
+	// No-op for unbuffered writer
+	return nil
+}

internal/maxmind/maxmind.go

@@ -178,7 +178,7 @@ func (cfg *MaxMind) doReq(method string) (*http.Response, error) {
 	if err != nil {
 		return nil, err
 	}
-	req.SetBasicAuth(cfg.AccountID, cfg.LicenseKey)
+	req.SetBasicAuth(cfg.AccountID, cfg.LicenseKey.String())
 	resp, err := doReq(req)
 	if err != nil {
 		return nil, err

internal/maxmind/types/config.go

@@ -4,14 +4,15 @@ import (
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )
 
 type (
 	DatabaseType string
 	Config       struct {
-		AccountID  string       `json:"account_id" validate:"required"`
-		LicenseKey string       `json:"license_key" validate:"required"`
-		Database   DatabaseType `json:"database" validate:"omitempty,oneof=geolite geoip2"`
+		AccountID  string            `json:"account_id" validate:"required"`
+		LicenseKey strutils.Redacted `json:"license_key" validate:"required"`
+		Database   DatabaseType      `json:"database" validate:"omitempty,oneof=geolite geoip2"`
 	}
 )
 

internal/metrics/systeminfo/system_info_test.go

@@ -11,7 +11,7 @@ import (
 	"github.com/shirou/gopsutil/v4/mem"
 	"github.com/shirou/gopsutil/v4/net"
 	"github.com/shirou/gopsutil/v4/sensors"
-	"github.com/yusing/goutils/num"
+	"github.com/yusing/goutils/intern"
 	expect "github.com/yusing/goutils/testing"
 )
 
@@ -22,32 +22,26 @@ var (
 		Timestamp:  123456,
 		CPUAverage: &cpuAvg,
 		Memory: mem.VirtualMemoryStat{
-			Total:       16000000000,
-			Available:   8000000000,
-			Used:        8000000000,
-			UsedPercent: 50.0,
+			Available: 8000000000,
+			Used:      8000000000,
 		},
 		Disks: map[string]disk.UsageStat{
 			"sda": {
-				Path:        "/",
-				Fstype:      "ext4",
-				Total:       500000000000,
-				Free:        250000000000,
-				Used:        250000000000,
-				UsedPercent: 50.0,
+				Path:   intern.Make("/"),
+				Fstype: intern.Make("ext4"),
+				Free:   250000000000,
+				Used:   250000000000,
 			},
 			"nvme0n1": {
-				Path:        "/",
-				Fstype:      "zfs",
-				Total:       500000000000,
-				Free:        250000000000,
-				Used:        250000000000,
-				UsedPercent: 50.0,
+				Path:   intern.Make("/"),
+				Fstype: intern.Make("zfs"),
+				Free:   250000000000,
+				Used:   250000000000,
 			},
 		},
 		DisksIO: map[string]*disk.IOCountersStat{
 			"media": {
-				Name:       "media",
+				Name:       intern.Make("media"),
 				ReadBytes:  1000000,
 				WriteBytes: 2000000,
 				IOCountersStatExtra: disk.IOCountersStatExtra{
@@ -57,7 +51,7 @@ var (
 				},
 			},
 			"nvme0n1": {
-				Name:       "nvme0n1",
+				Name:       intern.Make("nvme0n1"),
 				ReadBytes:  1000000,
 				WriteBytes: 2000000,
 				IOCountersStatExtra: disk.IOCountersStatExtra{
@@ -75,16 +69,12 @@ var (
 		},
 		Sensors: []sensors.TemperatureStat{
 			{
-				SensorKey:   "cpu_temp",
-				Temperature: num.NewPercentage(30.0),
-				High:        num.NewPercentage(40.0),
-				Critical:    num.NewPercentage(50.0),
+				SensorKey:   intern.Make("cpu_temp"),
+				Temperature: 30.0,
 			},
 			{
-				SensorKey:   "gpu_temp",
-				Temperature: num.NewPercentage(40.0),
-				High:        num.NewPercentage(50.0),
-				Critical:    num.NewPercentage(60.0),
+				SensorKey:   intern.Make("gpu_temp"),
+				Temperature: 40.0,
 			},
 		},
 	}
@@ -141,10 +131,10 @@ func TestSerialize(t *testing.T) {
 			expect.NoError(t, err)
 			var v []map[string]any
 			expect.NoError(t, json.Unmarshal(s, &v))
-			expect.Equal(t, len(v), len(result.Entries))
+			expect.Equal(t, len(v), len(result))
 			for i, m := range v {
 				for k, v := range m {
-					vv := reflect.ValueOf(result.Entries[i][k])
+					vv := reflect.ValueOf(result[i][k])
 					expect.Equal(t, reflect.ValueOf(v).Interface(), vv.Interface())
 				}
 			}

internal/metrics/uptime/uptime.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/bytedance/sonic"
 	"github.com/lithammer/fuzzysearch/fuzzy"
-	statequery "github.com/yusing/godoxy/internal/config/query"
 	"github.com/yusing/godoxy/internal/metrics/period"
 	metricsutils "github.com/yusing/godoxy/internal/metrics/utils"
 	"github.com/yusing/godoxy/internal/route/routes"
@@ -34,6 +33,7 @@ type (
 		Idle          float32            `json:"idle"`
 		AvgLatency    float32            `json:"avg_latency"`
 		IsDocker      bool               `json:"is_docker"`
+		IsExcluded    bool               `json:"is_excluded"`
 		CurrentStatus types.HealthStatus `json:"current_status" swaggertype:"string" enums:"healthy,unhealthy,unknown,napping,starting"`
 		Statuses      []Status           `json:"statuses"`
 	} // @name RouteUptimeAggregate
@@ -133,7 +133,7 @@ func (rs RouteStatuses) aggregate(limit int, offset int) Aggregated {
 		r, ok := routes.Get(alias)
 		if !ok {
 			// also search for excluded routes
-			r = statequery.SearchRoute(alias)
+			r, ok = routes.Excluded.Get(alias)
 		}
 		if r != nil {
 			displayName = r.DisplayName()
@@ -157,6 +157,7 @@ func (rs RouteStatuses) aggregate(limit int, offset int) Aggregated {
 			CurrentStatus: status,
 			Statuses:      statuses,
 			IsDocker:      r != nil && r.IsDocker(),
+			IsExcluded:    r == nil || r.ShouldExclude(),
 		}
 	}
 	return result

internal/net/gphttp/loadbalancer/ip_hash.go

@@ -1,11 +1,12 @@
 package loadbalancer
 
 import (
-	"hash/fnv"
 	"net"
 	"net/http"
+	"slices"
 	"sync"
 
+	"github.com/bytedance/gopkg/util/xxhash3"
 	"github.com/yusing/godoxy/internal/net/gphttp/middleware"
 	"github.com/yusing/godoxy/internal/types"
 	gperr "github.com/yusing/goutils/errs"
@@ -19,6 +20,9 @@ type ipHash struct {
 	mu     sync.Mutex
 }
 
+var _ impl = (*ipHash)(nil)
+var _ customServeHTTP = (*ipHash)(nil)
+
 func (lb *LoadBalancer) newIPHash() impl {
 	impl := &ipHash{LoadBalancer: lb}
 	if len(lb.Options) == 0 {
@@ -36,16 +40,6 @@ func (impl *ipHash) OnAddServer(srv types.LoadBalancerServer) {
 	impl.mu.Lock()
 	defer impl.mu.Unlock()
 
-	for i, s := range impl.pool {
-		if s == srv {
-			return
-		}
-		if s == nil {
-			impl.pool[i] = srv
-			return
-		}
-	}
-
 	impl.pool = append(impl.pool, srv)
 }
 
@@ -55,7 +49,7 @@ func (impl *ipHash) OnRemoveServer(srv types.LoadBalancerServer) {
 
 	for i, s := range impl.pool {
 		if s == srv {
-			impl.pool[i] = nil
+			impl.pool = slices.Delete(impl.pool, i, 1)
 			return
 		}
 	}
@@ -63,30 +57,32 @@ func (impl *ipHash) OnRemoveServer(srv types.LoadBalancerServer) {
 
 func (impl *ipHash) ServeHTTP(_ types.LoadBalancerServers, rw http.ResponseWriter, r *http.Request) {
 	if impl.realIP != nil {
-		impl.realIP.ModifyRequest(impl.serveHTTP, rw, r)
-	} else {
-		impl.serveHTTP(rw, r)
+		// resolve real client IP
+		if proceed := impl.realIP.TryModifyRequest(rw, r); !proceed {
+			return
+		}
 	}
-}
 
-func (impl *ipHash) serveHTTP(rw http.ResponseWriter, r *http.Request) {
-	ip, _, err := net.SplitHostPort(r.RemoteAddr)
-	if err != nil {
-		http.Error(rw, "Internal error", http.StatusInternalServerError)
-		impl.l.Err(err).Msg("invalid remote address " + r.RemoteAddr)
-		return
-	}
-	idx := hashIP(ip) % uint32(len(impl.pool))
-
-	srv := impl.pool[idx]
+	srv := impl.ChooseServer(impl.pool, r)
 	if srv == nil || srv.Status().Bad() {
 		http.Error(rw, "Service unavailable", http.StatusServiceUnavailable)
+		return
 	}
+
 	srv.ServeHTTP(rw, r)
 }
 
-func hashIP(ip string) uint32 {
-	h := fnv.New32a()
-	h.Write([]byte(ip))
-	return h.Sum32()
+func (impl *ipHash) ChooseServer(_ types.LoadBalancerServers, r *http.Request) types.LoadBalancerServer {
+	impl.mu.Lock()
+	defer impl.mu.Unlock()
+
+	if len(impl.pool) == 0 {
+		return nil
+	}
+
+	ip, _, err := net.SplitHostPort(r.RemoteAddr)
+	if err != nil {
+		ip = r.RemoteAddr
+	}
+	return impl.pool[xxhash3.HashString(ip)%uint64(len(impl.pool))]
 }