fix(rules): remove empty segments from splitPipe output

Refactored splitPipe function to use forEachPipePart helper, which filters
out empty segments instead of including them in the result. Updated test
expectation to match the new behavior where empty parts between pipes
are no longer included.

.github/workflows/cli-binary.yml

@@ -47,20 +47,14 @@ jobs:
 
       - name: Build CLI
         run: |
-          make cli=1 NAME=${{ matrix.binary_name }} build
+          make CLI_BIN_PATH=bin/${{ matrix.binary_name }} build-cli
 
       - name: Check binary
         run: |
           file bin/${{ matrix.binary_name }}
 
-      - name: Upload
+      - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.binary_name }}
           path: bin/${{ matrix.binary_name }}
-
-      - name: Upload to release
-        uses: softprops/action-gh-release@v2
-        if: startsWith(github.ref, 'refs/tags/')
-        with:
-          files: bin/${{ matrix.binary_name }}

.github/workflows/merge-main-into-compat.yml

@@ -1,4 +1,4 @@
-name: Refresh Compat from Main Patch
+name: Cherry-pick into Compat
 
 on:
   push:
@@ -8,7 +8,7 @@ on:
       - ".github/workflows/merge-main-into-compat.yml"
 
 jobs:
-  refresh-compat:
+  cherry-pick:
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -20,9 +20,20 @@ jobs:
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
-      - name: Refresh compat with single patch commit
+      - name: Cherry-pick commits from last tag
         run: |
-          ./scripts/refresh-compat.sh
+          git fetch origin compat
+          git checkout compat
+          CURRENT_TAG=${{ github.ref_name }}
+          PREV_TAG=$(git describe --tags --abbrev=0 $CURRENT_TAG^ 2>/dev/null || echo "")
+
+          if [ -z "$PREV_TAG" ]; then
+            echo "No previous tag found. Cherry-picking all commits up to $CURRENT_TAG"
+            git rev-list --reverse --no-merges $CURRENT_TAG | xargs -r git cherry-pick
+          else
+            echo "Cherry-picking commits from $PREV_TAG to $CURRENT_TAG"
+            git rev-list --reverse --no-merges $PREV_TAG..$CURRENT_TAG | xargs -r git cherry-pick
+          fi
       - name: Push compat
         run: |
-          git push origin compat --force
+          git push origin compat

AGENTS.md

@@ -1,32 +0,0 @@
-# AGENTS.md
-
-## Development Commands
-
-- Build: You should not run build command.
-- Test: `go test -ldflags="-checklinkname=0" ...`
-
-## Documentation
-
-Update package level `README.md` if exists after making significant changes.
-
-## Go Guidelines
-
-1. Use builtin `min` and `max` functions instead of creating custom ones
-2. Prefer `for i := range 10` over `for i := 0; i < 10; i++`
-3. Beware of variable shadowing when making edits
-4. Use `internal/task/task.go` for lifetime management:
-   - `task.RootTask()` for background operations
-   - `parent.Subtask()` for nested tasks
-   - `OnFinished()` and `OnCancel()` callbacks for cleanup
-5. Use `gperr "goutils/errs"` to build pretty nested errors:
-   - `gperr.Multiline()` for multiple operation attempts
-   - `gperr.NewBuilder()` to collect errors
-   - `gperr.NewGroup() + group.Go()` to collect errors of multiple concurrent operations
-   - `gperr.PrependSubject()` to prepend subject to errors
-6. Use `github.com/puzpuzpuz/xsync/v4` for lock-free thread safe maps
-7. Use `goutils/synk` to retrieve and put byte buffer
-
-## Testing
-
-- Run scoped tests instead of `./...`
-- Use `testify`, no manual assertions.

Dockerfile

@@ -1,5 +1,5 @@
 # Stage 1: deps
-FROM golang:1.26.1-alpine AS deps
+FROM golang:1.26.0-alpine AS deps
 HEALTHCHECK NONE
 
 # package version does not matter

Makefile

@@ -6,8 +6,8 @@ export GOOS = linux
 
 REPO_URL ?= https://github.com/yusing/godoxy
 
-WEBUI_DIR ?= $(shell pwd)/../godoxy-webui
-DOCS_DIR ?= ${WEBUI_DIR}/wiki
+WEBUI_DIR ?= ../godoxy-webui
+DOCS_DIR ?= wiki
 
 ifneq ($(BRANCH), compat)
 	GO_TAGS = sonic
@@ -17,22 +17,15 @@ endif
 
 LDFLAGS = -X github.com/yusing/goutils/version.version=${VERSION} -checklinkname=0
 
-PACKAGE ?= ./cmd
-
 ifeq ($(agent), 1)
 	NAME = godoxy-agent
 	PWD = ${shell pwd}/agent
 else ifeq ($(socket-proxy), 1)
 	NAME = godoxy-socket-proxy
 	PWD = ${shell pwd}/socket-proxy
-else ifeq ($(cli), 1)
-	NAME = godoxy-cli
-	PWD = ${shell pwd}/cmd/cli
-	PACKAGE = .
 else
 	NAME = godoxy
 	PWD = ${shell pwd}
-	godoxy = 1
 endif
 
 ifeq ($(trace), 1)
@@ -65,6 +58,7 @@ endif
 
 BUILD_FLAGS += -tags '$(GO_TAGS)' -ldflags='$(LDFLAGS)'
 BIN_PATH := $(shell pwd)/bin/${NAME}
+CLI_BIN_PATH ?= $(shell pwd)/bin/godoxy-cli
 
 export NAME
 export CGO_ENABLED
@@ -82,11 +76,7 @@ endif
 
 
 # CAP_NET_BIND_SERVICE: permission for binding to :80 and :443
-POST_BUILD = echo;
-
-ifeq ($(godoxy), 1)
-	POST_BUILD += $(SETCAP_CMD) CAP_NET_BIND_SERVICE=+ep ${BIN_PATH};
-endif
+POST_BUILD = $(SETCAP_CMD) CAP_NET_BIND_SERVICE=+ep ${BIN_PATH};
 ifeq ($(docker), 1)
 	POST_BUILD += mkdir -p /app && mv ${BIN_PATH} /app/run;
 endif
@@ -143,18 +133,13 @@ minify-js:
 		done \
 	fi
 
-build:
-	@if [ "${godoxy}" = "1" ]; then \
-		make minify-js; \
-	elif [ "${cli}" = "1" ]; then \
-		make gen-cli; \
-	fi
+build: minify-js
 	mkdir -p $(shell dirname ${BIN_PATH})
-	go build -C ${PWD} ${BUILD_FLAGS} -o ${BIN_PATH} ${PACKAGE}
+	go build -C ${PWD} ${BUILD_FLAGS} -o ${BIN_PATH} ./cmd
 	${POST_BUILD}
 
 run: minify-js
-	cd ${PWD} && [ -f .env ] && godotenv -f .env go run ${BUILD_FLAGS} ${PACKAGE}
+	cd ${PWD} && [ -f .env ] && godotenv -f .env go run ${BUILD_FLAGS} ./cmd
 
 dev:
 	docker compose -f dev.compose.yml $(args)
@@ -201,10 +186,13 @@ gen-api-types: gen-swagger
 	bunx --bun swagger-typescript-api generate --sort-types --generate-union-enums --axios --add-readonly --route-types \
 		 --responses -o ${WEBUI_DIR}/src/lib -n api.ts -p internal/api/v1/docs/swagger.json
 
-.PHONY: gen-cli build-cli update-wiki
-
 gen-cli:
 	cd cmd/cli && go run ./gen
 
+build-cli: gen-cli
+	mkdir -p $(shell dirname ${CLI_BIN_PATH})
+	go build -C cmd/cli -o ${CLI_BIN_PATH} .
+
+.PHONY: gen-cli build-cli update-wiki
 update-wiki:
 	DOCS_DIR=${DOCS_DIR} REPO_URL=${REPO_URL} bun --bun scripts/update-wiki/main.ts

agent/go.mod

@@ -1,12 +1,10 @@
 module github.com/yusing/godoxy/agent
 
-go 1.26.1
+go 1.26.0
 
 exclude (
 	github.com/moby/moby/api v1.53.0 // allow older daemon versions
-	github.com/moby/moby/api v1.54.0 // allow older daemon versions
 	github.com/moby/moby/client v0.2.2 // allow older daemon versions
-	github.com/moby/moby/client v0.3.0 // allow older daemon versions
 )
 
 replace (
@@ -22,23 +20,22 @@ replace (
 exclude github.com/containerd/nerdctl/mod/tigron v0.0.0
 
 require (
-	github.com/gin-gonic/gin v1.12.0
+	github.com/bytedance/sonic v1.15.0
+	github.com/gin-gonic/gin v1.11.0
 	github.com/gorilla/websocket v1.5.3
 	github.com/pion/dtls/v3 v3.1.2
 	github.com/pion/transport/v3 v3.1.1
 	github.com/rs/zerolog v1.34.0
 	github.com/stretchr/testify v1.11.1
-	github.com/yusing/godoxy v0.27.5
+	github.com/yusing/godoxy v0.26.0
 	github.com/yusing/godoxy/socketproxy v0.0.0-00010101000000-000000000000
 	github.com/yusing/goutils v0.7.0
 )
 
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
-	github.com/bytedance/gopkg v0.1.4 // indirect
-	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
 	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
@@ -46,11 +43,10 @@ require (
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/cli v29.3.0+incompatible // indirect
-	github.com/docker/docker v28.5.2+incompatible // indirect
+	github.com/docker/cli v29.2.1+incompatible // indirect
 	github.com/docker/go-connections v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/ebitengine/purego v0.10.0 // indirect
+	github.com/ebitengine/purego v0.9.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
@@ -60,11 +56,11 @@ require (
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.30.1 // indirect
-	github.com/goccy/go-json v0.10.6 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 // indirect
-	github.com/klauspost/compress v1.18.5 // indirect
+	github.com/klauspost/compress v1.18.4 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 // indirect
@@ -72,7 +68,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/moby/api v1.52.0 // indirect
-	github.com/moby/sys/sequential v0.6.0 // indirect
+	github.com/moby/moby/client v0.2.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
@@ -80,13 +76,12 @@ require (
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pion/logging v0.2.4 // indirect
 	github.com/pion/transport/v4 v4.0.1 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/puzpuzpuz/xsync/v4 v4.4.0 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/quic-go/quic-go v0.59.0 // indirect
-	github.com/shirou/gopsutil/v4 v4.26.2 // indirect
+	github.com/shirou/gopsutil/v4 v4.26.1 // indirect
 	github.com/sirupsen/logrus v1.9.4 // indirect
 	github.com/tklauser/go-sysconf v0.3.16 // indirect
 	github.com/tklauser/numcpus v0.11.0 // indirect
@@ -96,22 +91,19 @@ require (
 	github.com/valyala/fasthttp v1.69.0 // indirect
 	github.com/yusing/ds v0.4.1 // indirect
 	github.com/yusing/gointernals v0.2.0 // indirect
-	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260319022356-c0bbdc984e13 // indirect
-	github.com/yusing/goutils/http/websocket v0.0.0-20260319022356-c0bbdc984e13 // indirect
+	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260218062549-0b0fa3a059ec // indirect
+	github.com/yusing/goutils/http/websocket v0.0.0-20260218062549-0b0fa3a059ec // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect
-	go.opentelemetry.io/otel v1.42.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0 // indirect
-	go.opentelemetry.io/otel/metric v1.42.0 // indirect
-	go.opentelemetry.io/otel/trace v1.42.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.10.0 // indirect
-	golang.org/x/arch v0.25.0 // indirect
-	golang.org/x/crypto v0.49.0 // indirect
-	golang.org/x/net v0.52.0 // indirect
-	golang.org/x/sys v0.42.0 // indirect
-	golang.org/x/text v0.35.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect
+	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel/metric v1.40.0 // indirect
+	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	golang.org/x/arch v0.24.0 // indirect
+	golang.org/x/crypto v0.48.0 // indirect
+	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

agent/go.sum

@@ -1,17 +1,15 @@
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/PuerkitoBio/goquery v1.12.0 h1:pAcL4g3WRXekcB9AU/y1mbKez2dbY2AajVhtkO8RIBo=
-github.com/PuerkitoBio/goquery v1.12.0/go.mod h1:802ej+gV2y7bbIhOIoPY5sT183ZW0YFofScC4q/hIpQ=
+github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
+github.com/PuerkitoBio/goquery v1.11.0/go.mod h1:wQHgxUOU3JGuj3oD/QFfxUdlzW6xPHfqyHre6VMY4DQ=
 github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
 github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/andybalholm/cascadia v1.3.3 h1:AG2YHrzJIm4BZ19iwJ/DAua6Btl3IwJX+VI4kktS1LM=
 github.com/andybalholm/cascadia v1.3.3/go.mod h1:xNd9bqTn98Ln4DwST8/nG+H0yuB8Hmgu1YHNnWw0GeA=
 github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY=
 github.com/buger/goterm v1.0.4/go.mod h1:HiFWV3xnkolgrBV3mY8m0X0Pumt4zg4QhbdOzQtB8tE=
-github.com/bytedance/gopkg v0.1.4 h1:oZnQwnX82KAIWb7033bEwtxvTqXcYMxDBaQxo5JJHWM=
-github.com/bytedance/gopkg v0.1.4/go.mod h1:v1zWfPm21Fb+OsyXN2VAHdL6TBb2L88anLQgdyje6R4=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
 github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
 github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
 github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
@@ -26,8 +24,6 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
 github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
@@ -35,22 +31,20 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/diskfs/go-diskfs v1.8.0 h1:YynvepHpU7xpl8z2RqiV/x3NPAj3zU0ki0vdjPty0U4=
-github.com/diskfs/go-diskfs v1.8.0/go.mod h1:rW9+4MPN1tbMpQqRZlcM3YQsh3Ucc+Q1k1iIqzzmZcg=
+github.com/diskfs/go-diskfs v1.7.0 h1:vonWmt5CMowXwUc79jWyGrf2DIMeoOjkLlMnQYGVOs8=
+github.com/diskfs/go-diskfs v1.7.0/go.mod h1:LhQyXqOugWFRahYUSw47NyZJPezFzB9UELwhpszLP/k=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
-github.com/docker/cli v29.3.0+incompatible h1:z3iWveU7h19Pqx7alZES8j+IeFQZ1lhTwb2F+V9SVvk=
-github.com/docker/cli v29.3.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
-github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/cli v29.2.1+incompatible h1:n3Jt0QVCN65eiVBoUTZQM9mcQICCJt3akW4pKAbKdJg=
+github.com/docker/cli v29.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/ebitengine/purego v0.10.0 h1:QIw4xfpWT6GWTzaW5XEKy3HXoqrJGx1ijYHzTF0/ISU=
-github.com/ebitengine/purego v0.10.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
+github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
@@ -59,10 +53,10 @@ github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9
 github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
-github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8=
-github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc=
-github.com/go-acme/lego/v4 v4.33.0 h1:2KrRKieG+VczT4zvVXKAY7Tp/S3XLvh/QImofBALRAM=
-github.com/go-acme/lego/v4 v4.33.0/go.mod h1:lI2fZNdgeM/ymf9xQ9YKbgZm6MeDuf91UrohMQE4DhI=
+github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
+github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
+github.com/go-acme/lego/v4 v4.32.0 h1:z7Ss7aa1noabhKj+DBzhNCO2SM96xhE3b0ucVW3x8Tc=
+github.com/go-acme/lego/v4 v4.32.0/go.mod h1:lI2fZNdgeM/ymf9xQ9YKbgZm6MeDuf91UrohMQE4DhI=
 github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
 github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -83,8 +77,8 @@ github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy0
 github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/goccy/go-json v0.10.6 h1:p8HrPJzOakx/mn/bQtjgNjdTcN+/S6FcG2CTtQOrHVU=
-github.com/goccy/go-json v0.10.6/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
 github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -99,16 +93,14 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gotify/server/v2 v2.9.1 h1:wsQUCdYJ4ZvP7RIRKDLtAtmFQc3kxbrv3QqccO5RWzs=
-github.com/gotify/server/v2 v2.9.1/go.mod h1:8scw0hiExomp4rJDrXBwRIcgQm7kv74P4Z4B+iM4l8w=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c=
+github.com/gotify/server/v2 v2.9.0 h1:2zRCl28wkq0oc6YNbyJS2n0dDOOVvOS3Oez5AG2ij54=
+github.com/gotify/server/v2 v2.9.0/go.mod h1:249wwlUqHTr0QsiKARGtFVqds0pNLIMjYLinHyMACdQ=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/Kgo2/7xNSUuC5G28VR8ljfrLKU2G4IjU=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12/go.mod h1:TBzl5BIHNXfS9+C35ZyJaklL7mLDbgUkcgXzSLa8Tk0=
-github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE=
-github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
+github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
+github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -123,8 +115,8 @@ github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 h1:PTw+yKnXcOFCR6
 github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
 github.com/luthermonson/go-proxmox v0.4.0 h1:LKXpG9d64zTaQF79wV0kfOnnSwIcdG39m7sc4ga+XZs=
 github.com/luthermonson/go-proxmox v0.4.0/go.mod h1:U6dAkJ+iiwaeb1g/LMWpWuWN4nmvWeXhmoMuYJMumS4=
-github.com/magefile/mage v1.16.1 h1:j5UwkdA48xTlGs0Hcm1Q3sSAcxBorntQjiewDNMsqlo=
-github.com/magefile/mage v1.16.1/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
+github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
+github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -138,19 +130,13 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
 github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
-github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
-github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
-github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
+github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.1.0 h1:vBBl0pUnvi/Je71dsRrhMBtreIqNMYErSAbEeb8jrXQ=
-github.com/morikuni/aec v1.1.0/go.mod h1:xDRgiq/iw5l+zkao76YTKzKttOp2cwPEne25HDkJnBw=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -169,7 +155,6 @@ github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k
 github.com/pion/transport/v4 v4.0.1/go.mod h1:nEuEA4AD5lPdcIegQDpVLgNoDGreqM/YqmEx3ovP4jM=
 github.com/pires/go-proxyproto v0.11.0 h1:gUQpS85X/VJMdUsYyEgyn59uLJvGqPhJV5YvG68wXH4=
 github.com/pires/go-proxyproto v0.11.0/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
@@ -187,8 +172,8 @@ github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
-github.com/samber/lo v1.53.0 h1:t975lj2py4kJPQ6haz1QMgtId2gtmfktACxIXArw3HM=
-github.com/samber/lo v1.53.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
+github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw=
+github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
 github.com/samber/slog-common v0.20.0 h1:WaLnm/aCvBJSk5nR5aXZTFBaV0B47A+AEaEOiZDeUnc=
 github.com/samber/slog-common v0.20.0/go.mod h1:+Ozat1jgnnE59UAlmNX1IF3IByHsODnnwf9jUcBZ+m8=
 github.com/samber/slog-zerolog/v2 v2.9.1 h1:RMOq8XqzfuGx1X0TEIlS9OXbbFmqLY2/wJppghz66YY=
@@ -229,65 +214,50 @@ github.com/yusing/gointernals v0.2.0 h1:jyWB3kdUPkuU6s0r8QY/sS5h2WNBF4Kfisly8dtS
 github.com/yusing/gointernals v0.2.0/go.mod h1:xGzNbPGMm5Z8kG0t4JYISMscw+gMQlgghkLxlgRZv5Y=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE=
-go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg=
-go.opentelemetry.io/otel v1.42.0 h1:lSQGzTgVR3+sgJDAU/7/ZMjN9Z+vUip7leaqBKy4sho=
-go.opentelemetry.io/otel v1.42.0/go.mod h1:lJNsdRMxCUIWuMlVJWzecSMuNjE7dOYyWlqOXWkdqCc=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0 h1:THuZiwpQZuHPul65w4WcwEnkX2QIuMT+UFoOrygtoJw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0/go.mod h1:J2pvYM5NGHofZ2/Ru6zw/TNWnEQp5crgyDeSrYpXkAw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0 h1:uLXP+3mghfMf7XmV4PkGfFhFKuNWoCvvx5wP/wOXo0o=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0/go.mod h1:v0Tj04armyT59mnURNUJf7RCKcKzq+lgJs6QSjHjaTc=
-go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUlaFdF/4=
-go.opentelemetry.io/otel/metric v1.42.0/go.mod h1:RlUN/7vTU7Ao/diDkEpQpnz3/92J9ko05BIwxYa2SSI=
-go.opentelemetry.io/otel/sdk v1.42.0 h1:LyC8+jqk6UJwdrI/8VydAq/hvkFKNHZVIWuslJXYsDo=
-go.opentelemetry.io/otel/sdk v1.42.0/go.mod h1:rGHCAxd9DAph0joO4W6OPwxjNTYWghRWmkHuGbayMts=
-go.opentelemetry.io/otel/sdk/metric v1.42.0 h1:D/1QR46Clz6ajyZ3G8SgNlTJKBdGp84q9RKCAZ3YGuA=
-go.opentelemetry.io/otel/sdk/metric v1.42.0/go.mod h1:Ua6AAlDKdZ7tdvaQKfSmnFTdHx37+J4ba8MwVCYM5hc=
-go.opentelemetry.io/otel/trace v1.42.0 h1:OUCgIPt+mzOnaUTpOQcBiM/PLQ/Op7oq6g4LenLmOYY=
-go.opentelemetry.io/otel/trace v1.42.0/go.mod h1:f3K9S+IFqnumBkKhRJMeaZeNk9epyhnCmQh/EysQCdc=
-go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g=
-go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0=
+go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
+go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
+go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
+go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
+go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
+go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
+go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
+go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
+go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
+go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
-go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
-golang.org/x/arch v0.25.0 h1:qnk6Ksugpi5Bz32947rkUgDt9/s5qvqDPl/gBKdMJLE=
-golang.org/x/arch v0.25.0/go.mod h1:0X+GdSIP+kL5wPmpK7sdkEVTt2XoYP0cSjQSbZBwOi8=
-golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
-golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
-golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI=
-golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY=
-golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
-golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
-golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
-golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
-golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
-golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
+go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
+golang.org/x/arch v0.24.0 h1:qlJ3M9upxvFfwRM51tTg3Yl+8CP9vCC1E7vlFpgv99Y=
+golang.org/x/arch v0.24.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
+golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
+golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
+golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
-golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
-golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
-golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
-golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
-golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s=
-golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0=
-google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 h1:JLQynH/LBHfCTSbDWl+py8C+Rg/k1OVH3xfcaiANuF0=
-google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:kSJwQxqmFXeo79zOmbrALdflXQeAYcUbgS7PbpMknCY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 h1:ndE4FoJqsIceKP2oYSnUZqhTdYufCYYkqwtFzfrhI7w=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
-google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
-google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
+golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -298,3 +268,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

agent/pkg/agent/config.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
-	"encoding/json"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -16,6 +15,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent/common"
@@ -366,7 +366,7 @@ func (cfg *AgentConfig) fetchJSON(ctx context.Context, endpoint string, out any)
 		return resp.StatusCode, nil
 	}
 
-	err = json.Unmarshal(data, out)
+	err = sonic.Unmarshal(data, out)
 	if err != nil {
 		return 0, err
 	}

agent/pkg/agentproxy/config.go

@@ -2,11 +2,11 @@ package agentproxy
 
 import (
 	"encoding/base64"
-	"encoding/json"
 	"net/http"
 	"strconv"
 	"time"
 
+	"github.com/bytedance/sonic"
 	route "github.com/yusing/godoxy/internal/route/types"
 )
 
@@ -53,7 +53,7 @@ func proxyConfigFromHeaders(h http.Header) (cfg Config, err error) {
 		return cfg, err
 	}
 
-	err = json.Unmarshal(cfgJSON, &cfg)
+	err = sonic.Unmarshal(cfgJSON, &cfg)
 	return cfg, err
 }
 
@@ -67,7 +67,7 @@ func (cfg *Config) SetAgentProxyConfigHeadersLegacy(h http.Header) {
 func (cfg *Config) SetAgentProxyConfigHeaders(h http.Header) {
 	h.Set(HeaderXProxyHost, cfg.Host)
 	h.Set(HeaderXProxyScheme, string(cfg.Scheme))
-	cfgJSON, _ := json.Marshal(cfg.HTTPConfig)
+	cfgJSON, _ := sonic.Marshal(cfg.HTTPConfig)
 	cfgBase64 := base64.StdEncoding.EncodeToString(cfgJSON)
 	h.Set(HeaderXProxyConfig, cfgBase64)
 }

agent/pkg/handler/check_health.go

@@ -1,7 +1,6 @@
 package handler
 
 import (
-	"encoding/json"
 	"net"
 	"net/http"
 	"net/url"
@@ -9,6 +8,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/bytedance/sonic"
 	healthcheck "github.com/yusing/godoxy/internal/health/check"
 	"github.com/yusing/godoxy/internal/types"
 )
@@ -73,7 +73,7 @@ func CheckHealth(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-	json.NewEncoder(w).Encode(result)
+	sonic.ConfigDefault.NewEncoder(w).Encode(result)
 }
 
 func parseMsOrDefault(msStr string) time.Duration {

agent/pkg/handler/handler.go

@@ -1,9 +1,9 @@
 package handler
 
 import (
-	"encoding/json"
 	"net/http"
 
+	"github.com/bytedance/sonic"
 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/websocket"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -51,7 +51,7 @@ func NewAgentHandler() http.Handler {
 			Runtime: env.Runtime,
 		}
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(agentInfo)
+		sonic.ConfigDefault.NewEncoder(w).Encode(agentInfo)
 	})
 	mux.HandleEndpoint("GET", agent.EndpointHealth, CheckHealth)
 	mux.HandleEndpoint("GET", agent.EndpointSystemInfo, metricsHandler.ServeHTTP)

cmd/bench_server/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.26.1-alpine AS builder
+FROM golang:1.26.0-alpine AS builder
 
 HEALTHCHECK NONE
 

cmd/bench_server/go.mod

@@ -1,3 +1,3 @@
 module github.com/yusing/godoxy/cmd/bench_server
 
-go 1.26.1
+go 1.26.0

cmd/cli/go.mod

@@ -1,6 +1,6 @@
 module github.com/yusing/godoxy/cli
 
-go 1.26.1
+go 1.26.0
 
 require (
 	github.com/gorilla/websocket v1.5.3

cmd/h2c_test_server/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.26.1-alpine AS builder
+FROM golang:1.26.0-alpine AS builder
 
 HEALTHCHECK NONE
 

cmd/h2c_test_server/go.mod

@@ -1,7 +1,7 @@
 module github.com/yusing/godoxy/cmd/h2c_test_server
 
-go 1.26.1
+go 1.26.0
 
-require golang.org/x/net v0.52.0
+require golang.org/x/net v0.50.0
 
-require golang.org/x/text v0.35.0 // indirect
+require golang.org/x/text v0.34.0 // indirect

cmd/h2c_test_server/go.sum

@@ -1,4 +1,4 @@
-golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
-golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
-golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
-golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=

config.example.yml

@@ -52,9 +52,6 @@ entrypoint:
   # Note that HTTP/3 with proxy protocol is not supported yet.
   support_proxy_protocol: false
 
-  # To relay the client address to a TCP upstream, enable `relay_proxy_protocol_header: true`
-  # on that specific TCP route. UDP relay is not supported yet.
-
   # Below define an example of middleware config
   # 1. set security headers
   # 2. block non local IP connections

examples/docker-compose/netbird.yml

@@ -1,46 +0,0 @@
-services:
-  netbird-dashboard:
-    image: netbirdio/dashboard:latest
-    container_name: netbird-dashboard
-    restart: unless-stopped
-    networks: [netbird-net]
-    env_file: dashboard.env
-    labels:
-      proxy.aliases: netbird
-      proxy.#1.port: 80
-      proxy.#1.scheme: http
-      proxy.#1.homepage.name: NetBird
-      proxy.#1.homepage.icon: "@selfhst/netbird.svg"
-      proxy.#1.homepage.category: networking
-      proxy.#1.rules: | # https://docs.netbird.io/selfhosted/configuration-files
-        path glob(/signalexchange.SignalExchange/**) | path glob(/management.ManagementService/**) | path glob(/management.ProxyService/**) {
-          route netbird-grpc
-        }
-        path glob(/relay*) | path glob(/ws-proxy/**) | path glob(/api*) | path glob(/oauth2*) {
-          route netbird-api
-        }
-        default {
-          pass
-        }
-  netbird-server:
-    image: netbirdio/netbird-server:latest
-    container_name: netbird-server
-    restart: unless-stopped
-    networks:
-      - netbird-net
-    volumes:
-      - netbird_data:/var/lib/netbird
-      - ./config.yaml:/etc/netbird/config.yaml
-    command: ["--config", "/etc/netbird/config.yaml"]
-    labels:
-      proxy.aliases: netbird-api, netbird-grpc
-      proxy.*.port: 80
-      proxy.*.homepage.show: false
-      proxy.#1.scheme: http
-      proxy.#2.scheme: h2c
-
-networks:
-  netbird-net:
-
-volumes:
-  netbird_data:

go.mod

@@ -1,12 +1,10 @@
 module github.com/yusing/godoxy
 
-go 1.26.1
+go 1.26.0
 
 exclude (
 	github.com/moby/moby/api v1.53.0 // allow older daemon versions
-	github.com/moby/moby/api v1.54.0 // allow older daemon versions
 	github.com/moby/moby/client v0.2.2 // allow older daemon versions
-	github.com/moby/moby/client v0.3.0 // allow older daemon versions
 )
 
 replace (
@@ -22,50 +20,51 @@ replace (
 )
 
 require (
-	github.com/PuerkitoBio/goquery v1.12.0 // parsing HTML for extract fav icon; modify_html middleware
+	github.com/PuerkitoBio/goquery v1.11.0 // parsing HTML for extract fav icon; modify_html middleware
 	github.com/cenkalti/backoff/v5 v5.0.3 // backoff for retrying operations
 	github.com/coreos/go-oidc/v3 v3.17.0 // oidc authentication
 	github.com/fsnotify/fsnotify v1.9.0 // file watcher
-	github.com/gin-gonic/gin v1.12.0 // api server
-	github.com/go-acme/lego/v4 v4.33.0 // acme client
+	github.com/gin-gonic/gin v1.11.0 // api server
+	github.com/go-acme/lego/v4 v4.32.0 // acme client
 	github.com/go-playground/validator/v10 v10.30.1 // validator
 	github.com/gobwas/glob v0.2.3 // glob matcher for route rules
 	github.com/gorilla/websocket v1.5.3 // websocket for API and agent
-	github.com/gotify/server/v2 v2.9.1 // reference the Message struct for json response
+	github.com/gotify/server/v2 v2.9.0 // reference the Message struct for json response
 	github.com/lithammer/fuzzysearch v1.1.8 // fuzzy search for searching icons and filtering metrics
 	github.com/pires/go-proxyproto v0.11.0 // proxy protocol support
 	github.com/puzpuzpuz/xsync/v4 v4.4.0 // lock free map for concurrent operations
 	github.com/rs/zerolog v1.34.0 // logging
 	github.com/vincent-petithory/dataurl v1.0.0 // data url for fav icon
-	golang.org/x/crypto v0.49.0 // encrypting password with bcrypt
-	golang.org/x/net v0.52.0 // HTTP header utilities
-	golang.org/x/oauth2 v0.36.0 // oauth2 authentication
-	golang.org/x/sync v0.20.0 // errgroup and singleflight for concurrent operations
-	golang.org/x/time v0.15.0 // time utilities
+	golang.org/x/crypto v0.48.0 // encrypting password with bcrypt
+	golang.org/x/net v0.50.0 // HTTP header utilities
+	golang.org/x/oauth2 v0.35.0 // oauth2 authentication
+	golang.org/x/sync v0.19.0 // errgroup and singleflight for concurrent operations
+	golang.org/x/time v0.14.0 // time utilities
 )
 
 require (
-	github.com/bytedance/gopkg v0.1.4 // xxhash64 for fast hash
-	github.com/bytedance/sonic v1.15.0 // indirect; fast json parsing
-	github.com/docker/cli v29.3.0+incompatible // needs docker/cli/cli/connhelper connection helper for docker client
+	github.com/bytedance/gopkg v0.1.3 // xxhash64 for fast hash
+	github.com/bytedance/sonic v1.15.0 // fast json parsing
+	github.com/docker/cli v29.2.1+incompatible // needs docker/cli/cli/connhelper connection helper for docker client
 	github.com/goccy/go-yaml v1.19.2 // yaml parsing for different config files
 	github.com/golang-jwt/jwt/v5 v5.3.1 // jwt authentication
 	github.com/luthermonson/go-proxmox v0.4.0 // proxmox API client
 	github.com/moby/moby/api v1.52.0 // docker API
+	github.com/moby/moby/client v0.2.1 // docker client
 	github.com/oschwald/maxminddb-golang v1.13.1 // maxminddb for geoip database
 	github.com/quic-go/quic-go v0.59.0 // http3 support
-	github.com/shirou/gopsutil/v4 v4.26.2 // system information
+	github.com/shirou/gopsutil/v4 v4.26.1 // system information
 	github.com/spf13/afero v1.15.0 // afero for file system operations
 	github.com/stretchr/testify v1.11.1 // testing framework
 	github.com/valyala/fasthttp v1.69.0 // fast http for health check
 	github.com/yusing/ds v0.4.1 // data structures and algorithms
-	github.com/yusing/godoxy/agent v0.0.0-20260321022848-11e3a9231f23
-	github.com/yusing/godoxy/internal/dnsproviders v0.0.0-20260321022848-11e3a9231f23
+	github.com/yusing/godoxy/agent v0.0.0-20260218101334-add7884a365e
+	github.com/yusing/godoxy/internal/dnsproviders v0.0.0-20260218101334-add7884a365e
 	github.com/yusing/gointernals v0.2.0
 	github.com/yusing/goutils v0.7.0
-	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260319022356-c0bbdc984e13
-	github.com/yusing/goutils/http/websocket v0.0.0-20260319022356-c0bbdc984e13
-	github.com/yusing/goutils/server v0.0.0-20260319022356-c0bbdc984e13
+	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260218062549-0b0fa3a059ec
+	github.com/yusing/goutils/http/websocket v0.0.0-20260218062549-0b0fa3a059ec
+	github.com/yusing/goutils/server v0.0.0-20260218062549-0b0fa3a059ec
 )
 
 require (
@@ -78,18 +77,18 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/andybalholm/cascadia v1.3.3 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/buger/goterm v1.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/diskfs/go-diskfs v1.8.0 // indirect
+	github.com/diskfs/go-diskfs v1.7.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/djherbis/times v1.6.0 // indirect
 	github.com/docker/go-connections v0.6.0
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/ebitengine/purego v0.10.0 // indirect
+	github.com/ebitengine/purego v0.9.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
@@ -100,15 +99,15 @@ require (
 	github.com/gofrs/flock v0.13.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect
-	github.com/googleapis/gax-go/v2 v2.19.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.12 // indirect
+	github.com/googleapis/gax-go/v2 v2.17.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/jinzhu/copier v0.4.0 // indirect
 	github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/magefile/mage v1.16.1 // indirect
+	github.com/magefile/mage v1.15.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/miekg/dns v1.1.72 // indirect
@@ -125,7 +124,7 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
-	github.com/samber/lo v1.53.0 // indirect
+	github.com/samber/lo v1.52.0 // indirect
 	github.com/samber/slog-common v0.20.0 // indirect
 	github.com/samber/slog-zerolog/v2 v2.9.1 // indirect
 	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 // indirect
@@ -133,19 +132,19 @@ require (
 	github.com/sony/gobreaker v1.0.0 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0
-	go.opentelemetry.io/otel v1.42.0 // indirect
-	go.opentelemetry.io/otel/metric v1.42.0 // indirect
-	go.opentelemetry.io/otel/trace v1.42.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0
+	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel/metric v1.40.0 // indirect
+	go.opentelemetry.io/otel/trace v1.40.0 // indirect
 	go.uber.org/atomic v1.11.0
 	go.uber.org/ratelimit v0.3.1 // indirect
-	golang.org/x/mod v0.34.0 // indirect
-	golang.org/x/sys v0.42.0 // indirect
-	golang.org/x/text v0.35.0 // indirect
-	golang.org/x/tools v0.43.0 // indirect
-	google.golang.org/api v0.272.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 // indirect
-	google.golang.org/grpc v1.79.3 // indirect
+	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	golang.org/x/tools v0.42.0 // indirect
+	google.golang.org/api v0.267.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260217215200-42d3e9bedb6d // indirect
+	google.golang.org/grpc v1.79.1 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
@@ -161,7 +160,6 @@ require (
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
-	github.com/docker/docker v28.5.2+incompatible
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
@@ -169,16 +167,16 @@ require (
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0 // indirect
 	github.com/go-resty/resty/v2 v2.17.2 // indirect
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
-	github.com/goccy/go-json v0.10.6 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/go-querystring v1.2.0 // indirect
-	github.com/klauspost/compress v1.18.5 // indirect
+	github.com/klauspost/compress v1.18.4 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
-	github.com/linode/linodego v1.66.0 // indirect
+	github.com/linode/linodego v1.65.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 // indirect
 	github.com/nrdcg/goinwx v0.12.0 // indirect
-	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.109.2 // indirect
-	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.109.2 // indirect
+	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.2 // indirect
+	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.2 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pion/dtls/v3 v3.1.2 // indirect
 	github.com/pion/logging v0.2.4 // indirect
@@ -190,18 +188,9 @@ require (
 	github.com/tklauser/numcpus v0.11.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.1 // indirect
+	github.com/ulikunitz/xz v0.5.15 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/vultr/govultr/v3 v3.28.1 // indirect
+	github.com/vultr/govultr/v3 v3.27.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
-	golang.org/x/arch v0.25.0 // indirect
-)
-
-require (
-	github.com/containerd/log v0.1.0 // indirect
-	github.com/moby/sys/atomicwriter v0.1.0 // indirect
-	github.com/moby/term v0.5.2 // indirect
-	github.com/morikuni/aec v1.1.0 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0 // indirect
+	golang.org/x/arch v0.24.0 // indirect
 )

go.sum

@@ -23,16 +23,14 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourceg
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0/go.mod h1:wVEOJfGTj0oPAUGA1JuRAvz/lxXQsWW16axmHPP47Bk=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0 h1:4iB+IesclUXdP0ICgAabvq2FYLXrJWKx1fJQ+GxSo3Y=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/PuerkitoBio/goquery v1.12.0 h1:pAcL4g3WRXekcB9AU/y1mbKez2dbY2AajVhtkO8RIBo=
-github.com/PuerkitoBio/goquery v1.12.0/go.mod h1:802ej+gV2y7bbIhOIoPY5sT183ZW0YFofScC4q/hIpQ=
+github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
+github.com/PuerkitoBio/goquery v1.11.0/go.mod h1:wQHgxUOU3JGuj3oD/QFfxUdlzW6xPHfqyHre6VMY4DQ=
 github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 h1:h/33OxYLqBk0BYmEbSUy7MlvgQR/m1w1/7OJFKoPL1I=
 github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0/go.mod h1:rvh3imDA6EaQi+oM/GQHkQAOHbXPKJ7EWJvfjuw141Q=
 github.com/anchore/go-lzo v0.1.0 h1:NgAacnzqPeGH49Ky19QKLBZEuFRqtTG9cdaucc3Vncs=
@@ -51,8 +49,8 @@ github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVk
 github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY=
 github.com/buger/goterm v1.0.4/go.mod h1:HiFWV3xnkolgrBV3mY8m0X0Pumt4zg4QhbdOzQtB8tE=
-github.com/bytedance/gopkg v0.1.4 h1:oZnQwnX82KAIWb7033bEwtxvTqXcYMxDBaQxo5JJHWM=
-github.com/bytedance/gopkg v0.1.4/go.mod h1:v1zWfPm21Fb+OsyXN2VAHdL6TBb2L88anLQgdyje6R4=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
 github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
 github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
 github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
@@ -67,29 +65,25 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/diskfs/go-diskfs v1.8.0 h1:YynvepHpU7xpl8z2RqiV/x3NPAj3zU0ki0vdjPty0U4=
-github.com/diskfs/go-diskfs v1.8.0/go.mod h1:rW9+4MPN1tbMpQqRZlcM3YQsh3Ucc+Q1k1iIqzzmZcg=
+github.com/diskfs/go-diskfs v1.7.0 h1:vonWmt5CMowXwUc79jWyGrf2DIMeoOjkLlMnQYGVOs8=
+github.com/diskfs/go-diskfs v1.7.0/go.mod h1:LhQyXqOugWFRahYUSw47NyZJPezFzB9UELwhpszLP/k=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
-github.com/docker/cli v29.3.0+incompatible h1:z3iWveU7h19Pqx7alZES8j+IeFQZ1lhTwb2F+V9SVvk=
-github.com/docker/cli v29.3.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
-github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/cli v29.2.1+incompatible h1:n3Jt0QVCN65eiVBoUTZQM9mcQICCJt3akW4pKAbKdJg=
+github.com/docker/cli v29.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/ebitengine/purego v0.10.0 h1:QIw4xfpWT6GWTzaW5XEKy3HXoqrJGx1ijYHzTF0/ISU=
-github.com/ebitengine/purego v0.10.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
+github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
 github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab h1:h1UgjJdAAhj+uPL68n7XASS6bU+07ZX1WJvVS2eyoeY=
 github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab/go.mod h1:GLo/8fDswSAniFG+BFIaiSPcK610jyzgEhWYPQwuQdw=
 github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
@@ -104,10 +98,10 @@ github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9
 github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
-github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8=
-github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc=
-github.com/go-acme/lego/v4 v4.33.0 h1:2KrRKieG+VczT4zvVXKAY7Tp/S3XLvh/QImofBALRAM=
-github.com/go-acme/lego/v4 v4.33.0/go.mod h1:lI2fZNdgeM/ymf9xQ9YKbgZm6MeDuf91UrohMQE4DhI=
+github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
+github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
+github.com/go-acme/lego/v4 v4.32.0 h1:z7Ss7aa1noabhKj+DBzhNCO2SM96xhE3b0ucVW3x8Tc=
+github.com/go-acme/lego/v4 v4.32.0/go.mod h1:lI2fZNdgeM/ymf9xQ9YKbgZm6MeDuf91UrohMQE4DhI=
 github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
 github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -136,8 +130,8 @@ github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPE
 github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/goccy/go-json v0.10.6 h1:p8HrPJzOakx/mn/bQtjgNjdTcN+/S6FcG2CTtQOrHVU=
-github.com/goccy/go-json v0.10.6/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
 github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -157,16 +151,14 @@ github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.14 h1:yh8ncqsbUY4shRD5dA6RlzjJaT4hi3kII+zYw8wmLb8=
-github.com/googleapis/enterprise-certificate-proxy v0.3.14/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg=
-github.com/googleapis/gax-go/v2 v2.19.0 h1:fYQaUOiGwll0cGj7jmHT/0nPlcrZDFPrZRhTsoCr8hE=
-github.com/googleapis/gax-go/v2 v2.19.0/go.mod h1:w2ROXVdfGEVFXzmlciUU4EdjHgWvB5h2n6x/8XSTTJA=
+github.com/googleapis/enterprise-certificate-proxy v0.3.12 h1:Fg+zsqzYEs1ZnvmcztTYxhgCBsx3eEhEwQ1W/lHq/sQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.12/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg=
+github.com/googleapis/gax-go/v2 v2.17.0 h1:RksgfBpxqff0EZkDWYuz9q/uWsTVz+kf43LsZ1J6SMc=
+github.com/googleapis/gax-go/v2 v2.17.0/go.mod h1:mzaqghpQp4JDh3HvADwrat+6M3MOIDp5YKHhb9PAgDY=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gotify/server/v2 v2.9.1 h1:wsQUCdYJ4ZvP7RIRKDLtAtmFQc3kxbrv3QqccO5RWzs=
-github.com/gotify/server/v2 v2.9.1/go.mod h1:8scw0hiExomp4rJDrXBwRIcgQm7kv74P4Z4B+iM4l8w=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c=
+github.com/gotify/server/v2 v2.9.0 h1:2zRCl28wkq0oc6YNbyJS2n0dDOOVvOS3Oez5AG2ij54=
+github.com/gotify/server/v2 v2.9.0/go.mod h1:249wwlUqHTr0QsiKARGtFVqds0pNLIMjYLinHyMACdQ=
 github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE=
 github.com/h2non/gock v1.2.0/go.mod h1:tNhoxHYW2W42cYkYb1WqzdbYIieALC99kpYr7rH/BQk=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
@@ -185,8 +177,8 @@ github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12/go.mod h1:TBzl5BIHNXfS9+C35ZyJaklL7mLDbgUkcgXzSLa8Tk0=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
-github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE=
-github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
+github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
+github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
@@ -199,14 +191,14 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/linode/linodego v1.66.0 h1:rK8QJFaV53LWOEJvb/evhTg/dP5ElvtuZmx4iv4RJds=
-github.com/linode/linodego v1.66.0/go.mod h1:12ykGs9qsvxE+OU3SXuW2w+DTruWF35FPlXC7gGk2tU=
+github.com/linode/linodego v1.65.0 h1:SdsuGD8VSsPWeShXpE7ihl5vec+fD3MgwhnfYC/rj7k=
+github.com/linode/linodego v1.65.0/go.mod h1:tOFiTErdjkbVnV+4S0+NmIE9dqqZUEM2HsJaGu8wMh8=
 github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8LFgLN4=
 github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ5ajtkr5xPLts4=
 github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 h1:PTw+yKnXcOFCR6+8hHTyWBeQ/P4Nb7dd4/0ohEcWQuM=
 github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
-github.com/magefile/mage v1.16.1 h1:j5UwkdA48xTlGs0Hcm1Q3sSAcxBorntQjiewDNMsqlo=
-github.com/magefile/mage v1.16.1/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
+github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
+github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -224,27 +216,21 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
 github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
-github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
-github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
-github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
+github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.1.0 h1:vBBl0pUnvi/Je71dsRrhMBtreIqNMYErSAbEeb8jrXQ=
-github.com/morikuni/aec v1.1.0/go.mod h1:xDRgiq/iw5l+zkao76YTKzKttOp2cwPEne25HDkJnBw=
 github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0=
 github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
 github.com/nrdcg/goinwx v0.12.0 h1:ujdUqDBnaRSFwzVnImvPHYw3w3m9XgmGImNUw1GyMb4=
 github.com/nrdcg/goinwx v0.12.0/go.mod h1:IrVKd3ZDbFiMjdPgML4CSxZAY9wOoqLvH44zv3NodJ0=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.109.2 h1:SlJJlU2lgrB8dB9UFopLUNaO+JxtzLK4UWHYY3e3gvo=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.109.2/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.109.2 h1:c8B4nduK77OvP6WnsfzfZgnK6uHhZETZGYnxNfu23Go=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.109.2/go.mod h1:twxIRVoHRrrMZp1A8Mh46CqCG/gyzLnImEb4dpzleIE=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.2 h1:OWijzl3nHUApvTivl+3+78dbBwmyEHOnb+W9m6ixGbk=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.2/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.2 h1:9LsjN/zaIN7H8JE61NHpbWhxF0UGY96+kMlk3g8OvGU=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.2/go.mod h1:32vZH06TuwZSn+IDMO1qcDvC2vHVlzUALCwXGWPA+dc=
 github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
 github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -269,10 +255,9 @@ github.com/pires/go-proxyproto v0.11.0 h1:gUQpS85X/VJMdUsYyEgyn59uLJvGqPhJV5YvG6
 github.com/pires/go-proxyproto v0.11.0/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/xattr v0.4.12 h1:rRTkSyFNTRElv6pkA3zpjHpQ90p/OdHQC1GmGh1aTjM=
-github.com/pkg/xattr v0.4.12/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
+github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
+github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -291,8 +276,8 @@ github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
-github.com/samber/lo v1.53.0 h1:t975lj2py4kJPQ6haz1QMgtId2gtmfktACxIXArw3HM=
-github.com/samber/lo v1.53.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
+github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw=
+github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
 github.com/samber/slog-common v0.20.0 h1:WaLnm/aCvBJSk5nR5aXZTFBaV0B47A+AEaEOiZDeUnc=
 github.com/samber/slog-common v0.20.0/go.mod h1:+Ozat1jgnnE59UAlmNX1IF3IByHsODnnwf9jUcBZ+m8=
 github.com/samber/slog-zerolog/v2 v2.9.1 h1:RMOq8XqzfuGx1X0TEIlS9OXbbFmqLY2/wJppghz66YY=
@@ -335,8 +320,8 @@ github.com/valyala/fasthttp v1.69.0 h1:fNLLESD2SooWeh2cidsuFtOcrEi4uB4m1mPrkJMZy
 github.com/valyala/fasthttp v1.69.0/go.mod h1:4wA4PfAraPlAsJ5jMSqCE2ug5tqUPwKXxVj8oNECGcw=
 github.com/vincent-petithory/dataurl v1.0.0 h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI=
 github.com/vincent-petithory/dataurl v1.0.0/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U=
-github.com/vultr/govultr/v3 v3.28.1 h1:KR3LhppYARlBujY7+dcrE7YKL0Yo9qXL+msxykKQrLI=
-github.com/vultr/govultr/v3 v3.28.1/go.mod h1:2zyUw9yADQaGwKnwDesmIOlBNLrm7edsCfWHFJpWKf8=
+github.com/vultr/govultr/v3 v3.27.0 h1:J8etMyu/Jh5+idMsu2YZpOWmDXXHeW4VZnkYXmJYHx8=
+github.com/vultr/govultr/v3 v3.27.0/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
@@ -348,53 +333,45 @@ github.com/yusing/gointernals v0.2.0 h1:jyWB3kdUPkuU6s0r8QY/sS5h2WNBF4Kfisly8dtS
 github.com/yusing/gointernals v0.2.0/go.mod h1:xGzNbPGMm5Z8kG0t4JYISMscw+gMQlgghkLxlgRZv5Y=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE=
-go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg=
-go.opentelemetry.io/otel v1.42.0 h1:lSQGzTgVR3+sgJDAU/7/ZMjN9Z+vUip7leaqBKy4sho=
-go.opentelemetry.io/otel v1.42.0/go.mod h1:lJNsdRMxCUIWuMlVJWzecSMuNjE7dOYyWlqOXWkdqCc=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0 h1:THuZiwpQZuHPul65w4WcwEnkX2QIuMT+UFoOrygtoJw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0/go.mod h1:J2pvYM5NGHofZ2/Ru6zw/TNWnEQp5crgyDeSrYpXkAw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0 h1:uLXP+3mghfMf7XmV4PkGfFhFKuNWoCvvx5wP/wOXo0o=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0/go.mod h1:v0Tj04armyT59mnURNUJf7RCKcKzq+lgJs6QSjHjaTc=
-go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUlaFdF/4=
-go.opentelemetry.io/otel/metric v1.42.0/go.mod h1:RlUN/7vTU7Ao/diDkEpQpnz3/92J9ko05BIwxYa2SSI=
-go.opentelemetry.io/otel/sdk v1.42.0 h1:LyC8+jqk6UJwdrI/8VydAq/hvkFKNHZVIWuslJXYsDo=
-go.opentelemetry.io/otel/sdk v1.42.0/go.mod h1:rGHCAxd9DAph0joO4W6OPwxjNTYWghRWmkHuGbayMts=
-go.opentelemetry.io/otel/sdk/metric v1.42.0 h1:D/1QR46Clz6ajyZ3G8SgNlTJKBdGp84q9RKCAZ3YGuA=
-go.opentelemetry.io/otel/sdk/metric v1.42.0/go.mod h1:Ua6AAlDKdZ7tdvaQKfSmnFTdHx37+J4ba8MwVCYM5hc=
-go.opentelemetry.io/otel/trace v1.42.0 h1:OUCgIPt+mzOnaUTpOQcBiM/PLQ/Op7oq6g4LenLmOYY=
-go.opentelemetry.io/otel/trace v1.42.0/go.mod h1:f3K9S+IFqnumBkKhRJMeaZeNk9epyhnCmQh/EysQCdc=
-go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g=
-go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0=
+go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
+go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
+go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
+go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
+go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
+go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
+go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
+go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
+go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
+go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
-go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
+go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
+go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
 go.uber.org/ratelimit v0.3.1 h1:K4qVE+byfv/B3tC+4nYWP7v/6SimcO7HzHekoMNBma0=
 go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJhRk=
-golang.org/x/arch v0.25.0 h1:qnk6Ksugpi5Bz32947rkUgDt9/s5qvqDPl/gBKdMJLE=
-golang.org/x/arch v0.25.0/go.mod h1:0X+GdSIP+kL5wPmpK7sdkEVTt2XoYP0cSjQSbZBwOi8=
+golang.org/x/arch v0.24.0 h1:qlJ3M9upxvFfwRM51tTg3Yl+8CP9vCC1E7vlFpgv99Y=
+golang.org/x/arch v0.24.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
-golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
+golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
+golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI=
-golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@@ -404,10 +381,10 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
-golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
-golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
-golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
+golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
+golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -415,8 +392,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
-golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -435,8 +412,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
-golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -455,31 +432,31 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
-golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
-golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
-golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
+golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s=
-golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.272.0 h1:eLUQZGnAS3OHn31URRf9sAmRk3w2JjMx37d2k8AjJmA=
-google.golang.org/api v0.272.0/go.mod h1:wKjowi5LNJc5qarNvDCvNQBn3rVK8nSy6jg2SwRwzIA=
-google.golang.org/genproto v0.0.0-20260316180232-0b37fe3546d5 h1:JNfk58HZ8lfmXbYK2vx/UvsqIL59TzByCxPIX4TDmsE=
-google.golang.org/genproto v0.0.0-20260316180232-0b37fe3546d5/go.mod h1:x5julN69+ED4PcFk/XWayw35O0lf/nGa4aNgODCmNmw=
-google.golang.org/genproto/googleapis/api v0.0.0-20260316180232-0b37fe3546d5 h1:CogIeEXn4qWYzzQU0QqvYBM8yDF9cFYzDq9ojSpv0Js=
-google.golang.org/genproto/googleapis/api v0.0.0-20260316180232-0b37fe3546d5/go.mod h1:EIQZ5bFCfRQDV4MhRle7+OgjNtZ6P1PiZBgAKuxXu/Y=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 h1:ndE4FoJqsIceKP2oYSnUZqhTdYufCYYkqwtFzfrhI7w=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
-google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
-google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+google.golang.org/api v0.267.0 h1:w+vfWPMPYeRs8qH1aYYsFX68jMls5acWl/jocfLomwE=
+google.golang.org/api v0.267.0/go.mod h1:Jzc0+ZfLnyvXma3UtaTl023TdhZu6OMBP9tJ+0EmFD0=
+google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 h1:VQZ/yAbAtjkHgH80teYd2em3xtIkkHd7ZhqfH2N9CsM=
+google.golang.org/genproto v0.0.0-20260128011058-8636f8732409/go.mod h1:rxKD3IEILWEu3P44seeNOAwZN4SaoKaQ/2eTg4mM6EM=
+google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 h1:merA0rdPeUV3YIIfHHcH4qBkiQAc1nfCKSI7lB4cV2M=
+google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409/go.mod h1:fl8J1IvUjCilwZzQowmw2b7HQB2eAuYBabMXzWurF+I=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260217215200-42d3e9bedb6d h1:t/LOSXPJ9R0B6fnZNyALBRfZBH0Uy0gT+uR+SJ6syqQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260217215200-42d3e9bedb6d/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
+google.golang.org/grpc v1.79.1 h1:zGhSi45ODB9/p3VAawt9a+O/MULLl9dpizzNNpq7flY=
+google.golang.org/grpc v1.79.1/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -495,3 +472,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

internal/agentpool/http_requests.go

@@ -2,12 +2,12 @@ package agentpool
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/gorilla/websocket"
 	"github.com/valyala/fasthttp"
 	agentPkg "github.com/yusing/godoxy/agent/pkg/agent"
@@ -63,7 +63,7 @@ func (agent *Agent) DoHealthCheck(timeout time.Duration, query string) (ret Heal
 		ret.Detail = fmt.Sprintf("HTTP %d %s", status, resp.Body())
 		return ret, nil
 	} else {
-		err = json.Unmarshal(resp.Body(), &ret)
+		err = sonic.Unmarshal(resp.Body(), &ret)
 		if err != nil {
 			return ret, err
 		}

internal/api/csrf.go

@@ -1,109 +0,0 @@
-package api
-
-import (
-	"net"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/auth"
-	apitypes "github.com/yusing/goutils/apitypes"
-)
-
-// CSRFMiddleware implements the Signed Double Submit Cookie pattern.
-//
-// Safe methods (GET/HEAD/OPTIONS): ensure a signed CSRF cookie exists.
-// Unsafe methods (POST/PUT/DELETE/PATCH): require X-CSRF-Token header
-// matching the cookie value, with a valid HMAC signature.
-func CSRFMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		switch c.Request.Method {
-		case http.MethodGet, http.MethodHead, http.MethodOptions:
-			ensureCSRFCookie(c)
-			c.Next()
-			return
-		}
-		if allowSameOriginAuthBootstrap(c.Request) {
-			ensureCSRFCookie(c)
-			c.Next()
-			return
-		}
-
-		cookie, err := c.Request.Cookie(auth.CSRFCookieName)
-		if err != nil {
-			// No cookie at all — issue one so the frontend can retry.
-			reissueCSRFCookie(c)
-			c.JSON(http.StatusForbidden, apitypes.Error("missing CSRF token"))
-			c.Abort()
-			return
-		}
-
-		cookieToken := canonicalCSRFToken(cookie.Value)
-		headerToken := canonicalCSRFToken(c.GetHeader(auth.CSRFHeaderName))
-		if headerToken == "" || cookieToken != headerToken || !auth.ValidateCSRFToken(cookieToken) {
-			// Stale or forged token — issue a fresh one so the
-			// frontend can read the new cookie and retry.
-			reissueCSRFCookie(c)
-			c.JSON(http.StatusForbidden, apitypes.Error("invalid CSRF token"))
-			c.Abort()
-			return
-		}
-
-		c.Next()
-	}
-}
-
-func ensureCSRFCookie(c *gin.Context) {
-	if _, err := c.Request.Cookie(auth.CSRFCookieName); err == nil {
-		return
-	}
-	reissueCSRFCookie(c)
-}
-
-func reissueCSRFCookie(c *gin.Context) {
-	token, err := auth.GenerateCSRFToken()
-	if err != nil {
-		return
-	}
-	auth.SetCSRFCookie(c.Writer, c.Request, token)
-}
-
-func allowSameOriginAuthBootstrap(r *http.Request) bool {
-	if r.Method != http.MethodPost {
-		return false
-	}
-	switch r.URL.Path {
-	case "/api/v1/auth/login", "/api/v1/auth/callback":
-		return requestSourceMatchesHost(r)
-	default:
-		return false
-	}
-}
-
-func requestSourceMatchesHost(r *http.Request) bool {
-	for _, header := range []string{"Origin", "Referer"} {
-		value := r.Header.Get(header)
-		if value == "" {
-			continue
-		}
-		u, err := url.Parse(value)
-		if err != nil || u.Host == "" {
-			return false
-		}
-		return normalizeHost(u.Hostname()) == normalizeHost(r.Host)
-	}
-	return false
-}
-
-func normalizeHost(host string) string {
-	host = strings.ToLower(host)
-	if h, _, err := net.SplitHostPort(host); err == nil {
-		return h
-	}
-	return host
-}
-
-func canonicalCSRFToken(token string) string {
-	return strings.Trim(strings.TrimSpace(token), "\"")
-}

internal/api/csrf_test.go

@@ -1,280 +0,0 @@
-package api
-
-import (
-	"bytes"
-	"context"
-	"crypto/tls"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/yusing/godoxy/internal/auth"
-	autocert "github.com/yusing/godoxy/internal/autocert/types"
-	"github.com/yusing/godoxy/internal/common"
-	"github.com/yusing/goutils/task"
-)
-
-func TestAuthCheckIssuesCSRFCookie(t *testing.T) {
-	handler := newAuthenticatedHandler(t)
-
-	req := httptest.NewRequest(http.MethodHead, "/api/v1/auth/check", nil)
-	req.Host = "app.example.com"
-	rec := httptest.NewRecorder()
-
-	handler.ServeHTTP(rec, req)
-
-	assert.Equal(t, http.StatusFound, rec.Code)
-
-	csrfCookie := findCookie(rec.Result().Cookies(), auth.CSRFCookieName)
-	require.NotNil(t, csrfCookie)
-	assert.NotEmpty(t, csrfCookie.Value)
-	assert.Empty(t, csrfCookie.Domain)
-	assert.Equal(t, "/", csrfCookie.Path)
-	assert.Equal(t, http.SameSiteStrictMode, csrfCookie.SameSite)
-}
-
-func TestUserPassCallbackAllowsSameOriginFormPostWithoutCSRFCookie(t *testing.T) {
-	handler := newAuthenticatedHandler(t)
-
-	req := newJSONRequest(t, http.MethodPost, "/api/v1/auth/callback", map[string]string{
-		"username": common.APIUser,
-		"password": common.APIPassword,
-	})
-	req.Host = "app.example.com"
-	req.Header.Set("Origin", "https://app.example.com")
-	rec := httptest.NewRecorder()
-
-	handler.ServeHTTP(rec, req)
-
-	assert.Equal(t, http.StatusOK, rec.Code)
-	tokenCookie := findCookie(rec.Result().Cookies(), "godoxy_token")
-	require.NotNil(t, tokenCookie)
-	assert.NotEmpty(t, tokenCookie.Value)
-	csrfCookie := findCookie(rec.Result().Cookies(), auth.CSRFCookieName)
-	require.NotNil(t, csrfCookie)
-	assert.NotEmpty(t, csrfCookie.Value)
-}
-
-func TestUserPassCallbackRejectsCrossOriginPostWithoutCSRFCookie(t *testing.T) {
-	handler := newAuthenticatedHandler(t)
-
-	req := newJSONRequest(t, http.MethodPost, "/api/v1/auth/callback", map[string]string{
-		"username": common.APIUser,
-		"password": common.APIPassword,
-	})
-	req.Host = "app.example.com"
-	req.Header.Set("Origin", "https://evil.example.com")
-	rec := httptest.NewRecorder()
-
-	handler.ServeHTTP(rec, req)
-
-	assert.Equal(t, http.StatusForbidden, rec.Code)
-	csrfCookie := findCookie(rec.Result().Cookies(), auth.CSRFCookieName)
-	require.NotNil(t, csrfCookie)
-	assert.NotEmpty(t, csrfCookie.Value)
-}
-
-func TestUserPassCallbackAcceptsValidCSRFCookie(t *testing.T) {
-	handler := newAuthenticatedHandler(t)
-	csrfCookie := issueCSRFCookie(t, handler)
-
-	req := newJSONRequest(t, http.MethodPost, "/api/v1/auth/callback", map[string]string{
-		"username": common.APIUser,
-		"password": common.APIPassword,
-	})
-	req.Host = "app.example.com"
-	req.AddCookie(csrfCookie)
-	req.Header.Set(auth.CSRFHeaderName, csrfCookie.Value)
-	rec := httptest.NewRecorder()
-
-	handler.ServeHTTP(rec, req)
-
-	assert.Equal(t, http.StatusOK, rec.Code)
-	tokenCookie := findCookie(rec.Result().Cookies(), "godoxy_token")
-	require.NotNil(t, tokenCookie)
-	assert.NotEmpty(t, tokenCookie.Value)
-}
-
-func TestUnsafeRequestAcceptsQuotedCSRFCookieValue(t *testing.T) {
-	handler := newAuthenticatedHandler(t)
-	csrfCookie := issueCSRFCookie(t, handler)
-	sessionToken := issueSessionToken(t)
-
-	req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/logout", nil)
-	req.Host = "app.example.com"
-	req.Header.Set("Cookie", `godoxy_token=`+sessionToken+`; godoxy_csrf="`+csrfCookie.Value+`"`)
-	req.Header.Set(auth.CSRFHeaderName, csrfCookie.Value)
-	rec := httptest.NewRecorder()
-
-	handler.ServeHTTP(rec, req)
-
-	assert.Equal(t, http.StatusFound, rec.Code)
-}
-
-func TestLogoutRequiresCSRFCookie(t *testing.T) {
-	handler := newAuthenticatedHandler(t)
-
-	req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/logout", nil)
-	req.Host = "app.example.com"
-	rec := httptest.NewRecorder()
-
-	handler.ServeHTTP(rec, req)
-
-	assert.Equal(t, http.StatusForbidden, rec.Code)
-}
-
-func TestLoginAllowsSameOriginPostWithoutCSRFCookie(t *testing.T) {
-	handler := newAuthenticatedHandler(t)
-
-	req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", nil)
-	req.Host = "app.example.com"
-	req.Header.Set("Origin", "https://app.example.com")
-	req.Header.Set("Accept", "text/html")
-	rec := httptest.NewRecorder()
-
-	handler.ServeHTTP(rec, req)
-
-	assert.Equal(t, http.StatusFound, rec.Code)
-	csrfCookie := findCookie(rec.Result().Cookies(), auth.CSRFCookieName)
-	require.NotNil(t, csrfCookie)
-	assert.NotEmpty(t, csrfCookie.Value)
-}
-
-func TestGetLogoutRouteStillAvailableForFrontend(t *testing.T) {
-	handler := newAuthenticatedHandler(t)
-
-	req := httptest.NewRequest(http.MethodGet, "/api/v1/auth/logout", nil)
-	req.Host = "app.example.com"
-	rec := httptest.NewRecorder()
-
-	handler.ServeHTTP(rec, req)
-
-	assert.Equal(t, http.StatusFound, rec.Code)
-}
-
-func TestCertRenewRejectsCrossOriginWebSocketRequest(t *testing.T) {
-	handler := newAuthenticatedHandler(t)
-	provider := &stubAutocertProvider{}
-	sessionToken := issueSessionToken(t)
-
-	req := httptest.NewRequest(http.MethodGet, "/api/v1/cert/renew", nil)
-	req.Host = "app.example.com"
-	req.Header.Set("Connection", "Upgrade")
-	req.Header.Set("Upgrade", "websocket")
-	req.Header.Set("Sec-WebSocket-Version", "13")
-	req.Header.Set("Sec-WebSocket-Key", "dGhlIHNhbXBsZSBub25jZQ==")
-	req.Header.Set("Origin", "https://evil.example.com")
-	req.AddCookie(&http.Cookie{Name: "godoxy_token", Value: sessionToken})
-	req = req.WithContext(context.WithValue(req.Context(), autocert.ContextKey{}, provider))
-
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	assert.Equal(t, http.StatusForbidden, rec.Code)
-	assert.Zero(t, provider.forceExpiryCalls)
-}
-
-func newAuthenticatedHandler(t *testing.T) *gin.Engine {
-	t.Helper()
-
-	gin.SetMode(gin.TestMode)
-
-	prevSecret := common.APIJWTSecret
-	prevUser := common.APIUser
-	prevPassword := common.APIPassword
-	prevDisableAuth := common.DebugDisableAuth
-	prevIssuerURL := common.OIDCIssuerURL
-
-	common.APIJWTSecret = []byte("0123456789abcdef0123456789abcdef")
-	common.APIUser = "username"
-	common.APIPassword = "password"
-	common.DebugDisableAuth = false
-	common.OIDCIssuerURL = ""
-
-	t.Cleanup(func() {
-		common.APIJWTSecret = prevSecret
-		common.APIUser = prevUser
-		common.APIPassword = prevPassword
-		common.DebugDisableAuth = prevDisableAuth
-		common.OIDCIssuerURL = prevIssuerURL
-	})
-
-	require.NoError(t, auth.Initialize())
-	return NewHandler(true)
-}
-
-func issueCSRFCookie(t *testing.T, handler http.Handler) *http.Cookie {
-	t.Helper()
-
-	req := httptest.NewRequest(http.MethodHead, "/api/v1/auth/check", nil)
-	req.Host = "app.example.com"
-	rec := httptest.NewRecorder()
-
-	handler.ServeHTTP(rec, req)
-
-	csrfCookie := findCookie(rec.Result().Cookies(), auth.CSRFCookieName)
-	require.NotNil(t, csrfCookie)
-	return csrfCookie
-}
-
-func issueSessionToken(t *testing.T) string {
-	t.Helper()
-
-	userpass, ok := auth.GetDefaultAuth().(*auth.UserPassAuth)
-	require.True(t, ok)
-
-	token, err := userpass.NewToken()
-	require.NoError(t, err)
-	return token
-}
-
-func newJSONRequest(t *testing.T, method, target string, body any) *http.Request {
-	t.Helper()
-
-	encoded, err := json.Marshal(body)
-	require.NoError(t, err)
-
-	req := httptest.NewRequest(method, target, bytes.NewReader(encoded))
-	req.Header.Set("Content-Type", "application/json")
-	return req
-}
-
-func findCookie(cookies []*http.Cookie, name string) *http.Cookie {
-	for _, cookie := range cookies {
-		if cookie.Name == name {
-			return cookie
-		}
-	}
-	return nil
-}
-
-type stubAutocertProvider struct {
-	forceExpiryCalls int
-}
-
-func (p *stubAutocertProvider) GetCert(*tls.ClientHelloInfo) (*tls.Certificate, error) {
-	return nil, nil
-}
-
-func (p *stubAutocertProvider) GetCertInfos() ([]autocert.CertInfo, error) {
-	return nil, nil
-}
-
-func (p *stubAutocertProvider) ScheduleRenewalAll(task.Parent) {}
-
-func (p *stubAutocertProvider) ObtainCertAll() error {
-	return nil
-}
-
-func (p *stubAutocertProvider) ForceExpiryAll() bool {
-	p.forceExpiryCalls++
-	return true
-}
-
-func (p *stubAutocertProvider) WaitRenewalDone(context.Context) bool {
-	return true
-}

internal/api/handler.go

@@ -2,8 +2,10 @@ package api
 
 import (
 	"net/http"
+	"reflect"
 
 	"github.com/gin-gonic/gin"
+	"github.com/gin-gonic/gin/codec/json"
 	"github.com/gorilla/websocket"
 	"github.com/rs/zerolog/log"
 	apiV1 "github.com/yusing/godoxy/internal/api/v1"
@@ -47,16 +49,18 @@ func NewHandler(requireAuth bool) *gin.Engine {
 	r.Use(ErrorLoggingMiddleware())
 	r.Use(NoCache())
 
+	log.Debug().Msg("gin codec json.API: " + reflect.TypeOf(json.API).Name())
+
 	r.GET("/api/v1/version", apiV1.Version)
 
 	if auth.IsEnabled() && requireAuth {
 		v1Auth := r.Group("/api/v1/auth")
 		{
-			v1Auth.HEAD("/check", CSRFMiddleware(), authApi.Check)
-			v1Auth.POST("/login", CSRFMiddleware(), authApi.Login)
+			v1Auth.HEAD("/check", authApi.Check)
+			v1Auth.POST("/login", authApi.Login)
 			v1Auth.GET("/callback", authApi.Callback)
-			v1Auth.POST("/callback", CSRFMiddleware(), authApi.Callback)
-			v1Auth.POST("/logout", CSRFMiddleware(), authApi.Logout)
+			v1Auth.POST("/callback", authApi.Callback)
+			v1Auth.POST("/logout", authApi.Logout)
 			v1Auth.GET("/logout", authApi.Logout)
 		}
 	}
@@ -64,7 +68,6 @@ func NewHandler(requireAuth bool) *gin.Engine {
 	v1 := r.Group("/api/v1")
 	if auth.IsEnabled() && requireAuth {
 		v1.Use(AuthMiddleware())
-		v1.Use(CSRFMiddleware())
 	}
 	if common.APISkipOriginCheck {
 		v1.Use(SkipOriginCheckMiddleware())

internal/api/v1/cert/renew.go

@@ -19,7 +19,6 @@ import (
 // @Tags			cert,websocket
 // @Produce		plain
 // @Success		200	{object}	apitypes.SuccessResponse
-// @Failure		400	{object}	apitypes.ErrorResponse
 // @Failure		403	{object}	apitypes.ErrorResponse
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/cert/renew [get]

internal/api/v1/docker/container.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
@@ -42,22 +43,22 @@ func GetContainer(c *gin.Context) {
 
 	defer dockerClient.Close()
 
-	cont, err := dockerClient.ContainerInspect(c.Request.Context(), id)
+	cont, err := dockerClient.ContainerInspect(c.Request.Context(), id, client.ContainerInspectOptions{})
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to inspect container"))
 		return
 	}
 
 	var state ContainerState
-	if cont.State != nil {
-		state = cont.State.Status
+	if cont.Container.State != nil {
+		state = cont.Container.State.Status
 	}
 
 	c.JSON(http.StatusOK, &Container{
 		Server: dockerCfg.URL,
-		Name:   cont.Name,
-		ID:     cont.ID,
-		Image:  cont.Image,
+		Name:   cont.Container.Name,
+		ID:     cont.Container.ID,
+		Image:  cont.Container.Image,
 		State:  state,
 	})
 }

internal/api/v1/docker/containers.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"sort"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	gperr "github.com/yusing/goutils/errs"
 
@@ -40,12 +41,12 @@ func GetContainers(ctx context.Context, dockerClients DockerClients) ([]Containe
 	errs := gperr.NewBuilder("failed to get containers")
 	containers := make([]Container, 0)
 	for name, dockerClient := range dockerClients {
-		conts, err := dockerClient.ContainerList(ctx, container.ListOptions{All: true})
+		conts, err := dockerClient.ContainerList(ctx, client.ContainerListOptions{All: true})
 		if err != nil {
 			errs.AddSubject(err, name)
 			continue
 		}
-		for _, cont := range conts {
+		for _, cont := range conts.Items {
 			containers = append(containers, Container{
 				Server: name,
 				Name:   cont.Names[0],

internal/api/v1/docker/info.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"sort"
 
-	dockerSystem "github.com/docker/docker/api/types/system"
 	"github.com/gin-gonic/gin"
+	dockerSystem "github.com/moby/moby/api/types/system"
+	"github.com/moby/moby/client"
 	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 
@@ -64,13 +65,13 @@ func GetDockerInfo(ctx context.Context, dockerClients DockerClients) ([]dockerIn
 
 	i := 0
 	for name, dockerClient := range dockerClients {
-		info, err := dockerClient.Info(ctx)
+		info, err := dockerClient.Info(ctx, client.InfoOptions{})
 		if err != nil {
 			errs.AddSubject(err, name)
 			continue
 		}
-		info.Name = name
-		dockerInfos[i] = toDockerInfo(info)
+		info.Info.Name = name
+		dockerInfos[i] = toDockerInfo(info.Info)
 		i++
 	}
 

internal/api/v1/docker/logs.go

@@ -7,9 +7,9 @@ import (
 	"net/http"
 	"strconv"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/api/pkg/stdcopy"
+	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
@@ -73,7 +73,7 @@ func Logs(c *gin.Context) {
 	}
 	defer dockerClient.Close()
 
-	opts := container.LogsOptions{
+	opts := client.ContainerLogsOptions{
 		ShowStdout: queryParams.Stdout,
 		ShowStderr: queryParams.Stderr,
 		Since:      queryParams.Since,

internal/api/v1/docker/restart.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type RestartRequest struct {
 	ID string `json:"id" binding:"required"`
-	container.StopOptions
+	client.ContainerRestartOptions
 }
 
 // @x-id				"restart"
@@ -20,7 +20,7 @@ type RestartRequest struct {
 // @Description	Restart container by container id
 // @Tags			docker
 // @Produce		json
-// @Param			request	body		StopRequest	true	"Request"
+// @Param			request	body	RestartRequest	true	"Request"
 // @Success		200	{object}  apitypes.SuccessResponse
 // @Failure		400	{object}	apitypes.ErrorResponse "Invalid request"
 // @Failure		403	{object}	apitypes.ErrorResponse
@@ -48,7 +48,7 @@ func Restart(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerRestart(c.Request.Context(), req.ID, req.StopOptions)
+	_, err = client.ContainerRestart(c.Request.Context(), req.ID, req.ContainerRestartOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to restart container"))
 		return

internal/api/v1/docker/start.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StartRequest struct {
 	ID string `json:"id" binding:"required"`
-	container.StartOptions
+	client.ContainerStartOptions
 }
 
 // @x-id				"start"
@@ -48,7 +48,7 @@ func Start(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerStart(c.Request.Context(), req.ID, req.StartOptions)
+	_, err = client.ContainerStart(c.Request.Context(), req.ID, req.ContainerStartOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to start container"))
 		return

internal/api/v1/docker/stats.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/types"
@@ -67,7 +68,7 @@ func Stats(c *gin.Context) {
 	defer dockerClient.Close()
 
 	if httpheaders.IsWebsocket(c.Request.Header) {
-		stats, err := dockerClient.ContainerStats(c.Request.Context(), id, true)
+		stats, err := dockerClient.ContainerStats(c.Request.Context(), id, client.ContainerStatsOptions{Stream: true})
 		if err != nil {
 			c.Error(apitypes.InternalServerError(err, "failed to get container stats"))
 			return
@@ -101,7 +102,7 @@ func Stats(c *gin.Context) {
 		}
 	}
 
-	stats, err := dockerClient.ContainerStats(c.Request.Context(), id, false)
+	stats, err := dockerClient.ContainerStats(c.Request.Context(), id, client.ContainerStatsOptions{Stream: false})
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to get container stats"))
 		return

internal/api/v1/docker/stop.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StopRequest struct {
 	ID string `json:"id" binding:"required"`
-	container.StopOptions
+	client.ContainerStopOptions
 }
 
 // @x-id				"stop"
@@ -48,7 +48,7 @@ func Stop(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerStop(c.Request.Context(), req.ID, req.StopOptions)
+	_, err = client.ContainerStop(c.Request.Context(), req.ID, req.ContainerStopOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to stop container"))
 		return

internal/api/v1/docs/swagger.json

@@ -5125,7 +5125,10 @@
           "$ref": "#/definitions/MockResponse"
         },
         "rules": {
-          "type": "string",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/routeApi.RawRule"
+          },
           "x-nullable": false,
           "x-omitempty": false
         }
@@ -6923,6 +6926,28 @@
       "x-nullable": false,
       "x-omitempty": false
     },
+    "routeApi.RawRule": {
+      "type": "object",
+      "properties": {
+        "do": {
+          "type": "string",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
+        "name": {
+          "type": "string",
+          "x-nullable": false,
+          "x-omitempty": false
+        },
+        "on": {
+          "type": "string",
+          "x-nullable": false,
+          "x-omitempty": false
+        }
+      },
+      "x-nullable": false,
+      "x-omitempty": false
+    },
     "routeApi.RoutesByProvider": {
       "type": "object",
       "additionalProperties": {

internal/api/v1/docs/swagger.yaml

@@ -905,7 +905,9 @@ definitions:
       mockResponse:
         $ref: '#/definitions/MockResponse'
       rules:
-        type: string
+        items:
+          $ref: '#/definitions/routeApi.RawRule'
+        type: array
     required:
     - rules
     type: object
@@ -1856,6 +1858,15 @@ definitions:
       uptime:
         type: string
     type: object
+  routeApi.RawRule:
+    properties:
+      do:
+        type: string
+      name:
+        type: string
+      "on":
+        type: string
+    type: object
   routeApi.RoutesByProvider:
     additionalProperties:
       items:

internal/api/v1/file/get.go

@@ -1,7 +1,6 @@
 package fileapi
 
 import (
-	"io"
 	"net/http"
 	"os"
 	"path"
@@ -45,14 +44,7 @@ func Get(c *gin.Context) {
 		return
 	}
 
-	f, err := os.OpenInRoot(".", request.FileType.GetPath(request.Filename))
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to open root"))
-		return
-	}
-	defer f.Close()
-
-	content, err := io.ReadAll(f)
+	content, err := os.ReadFile(request.FileType.GetPath(request.Filename))
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to read file"))
 		return

internal/api/v1/file/get_test.go

@@ -1,68 +0,0 @@
-package fileapi_test
-
-import (
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"os"
-	"testing"
-
-	"github.com/gin-gonic/gin"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	api "github.com/yusing/godoxy/internal/api"
-	fileapi "github.com/yusing/godoxy/internal/api/v1/file"
-	"github.com/yusing/goutils/fs"
-)
-
-func TestGet_PathTraversalBlocked(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-
-	files, err := fs.ListFiles("..", 1, false)
-	require.NoError(t, err)
-
-	require.Greater(t, len(files), 0, "no files found")
-
-	relativePath := files[0]
-
-	fileContent, err := os.ReadFile(relativePath)
-	require.NoError(t, err)
-
-	r := gin.New()
-	r.Use(api.ErrorHandler())
-	r.GET("/api/v1/file/content", fileapi.Get)
-
-	tests := []struct {
-		name         string
-		filename     string
-		queryEscaped bool
-	}{
-		{
-			name:     "dotdot_traversal",
-			filename: relativePath,
-		},
-		{
-			name:         "url_encoded_dotdot_traversal",
-			filename:     relativePath,
-			queryEscaped: true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			filename := tt.filename
-			if tt.queryEscaped {
-				filename = url.QueryEscape(filename)
-			}
-
-			url := "/api/v1/file/content?type=config&filename=" + filename
-			req := httptest.NewRequest(http.MethodGet, url, nil)
-			w := httptest.NewRecorder()
-			r.ServeHTTP(w, req)
-
-			// "Blocked" means we should never successfully read the outside file.
-			assert.NotEqual(t, http.StatusOK, w.Code)
-			assert.NotEqual(t, fileContent, w.Body.String())
-		})
-	}
-}

internal/api/v1/metrics/all_system_info.go

@@ -8,6 +8,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/cenkalti/backoff/v5"
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
@@ -240,7 +241,7 @@ func marshalSystemInfo(ws *websocket.Manager, agentName string, systemInfo any)
 		defer bufFromPool.release(bufFromPool.RawMessage)
 	}
 
-	err := json.NewEncoder(buf).Encode(map[string]any{
+	err := sonic.ConfigDefault.NewEncoder(buf).Encode(map[string]any{
 		agentName: systemInfo,
 	})
 	if err != nil {

internal/api/v1/route/playground.go

@@ -9,7 +9,6 @@ import (
 	"strings"
 
 	"github.com/gin-gonic/gin"
-	"github.com/goccy/go-yaml"
 	"github.com/yusing/godoxy/internal/common"
 	"github.com/yusing/godoxy/internal/route/rules"
 	apitypes "github.com/yusing/goutils/apitypes"
@@ -24,7 +23,7 @@ type RawRule struct {
 }
 
 type PlaygroundRequest struct {
-	Rules        string       `json:"rules" binding:"required"`
+	Rules        []RawRule    `json:"rules" binding:"required"`
 	MockRequest  MockRequest  `json:"mockRequest"`
 	MockResponse MockResponse `json:"mockResponse"`
 } // @name PlaygroundRequest
@@ -256,35 +255,7 @@ func handlerWithRecover(w http.ResponseWriter, r *http.Request, h http.HandlerFu
 	h(w, r)
 }
 
-func parseRules(config string) ([]ParsedRule, rules.Rules, error) {
-	config = strings.TrimSpace(config)
-	if config == "" {
-		return []ParsedRule{}, nil, nil
-	}
-
-	var rawRules []RawRule
-	if err := yaml.Unmarshal([]byte(config), &rawRules); err == nil && len(rawRules) > 0 {
-		return parseRawRules(rawRules)
-	}
-
-	var rulesList rules.Rules
-	if err := rulesList.Parse(config); err != nil {
-		return nil, nil, err
-	}
-
-	parsedRules := make([]ParsedRule, 0, len(rulesList))
-	for _, rule := range rulesList {
-		parsedRules = append(parsedRules, ParsedRule{
-			Name: rule.Name,
-			On:   rule.On.String(),
-			Do:   rule.Do.String(),
-		})
-	}
-
-	return parsedRules, rulesList, nil
-}
-
-func parseRawRules(rawRules []RawRule) ([]ParsedRule, rules.Rules, error) {
+func parseRules(rawRules []RawRule) ([]ParsedRule, rules.Rules, error) {
 	parsedRules := make([]ParsedRule, 0, len(rawRules))
 	rulesList := make(rules.Rules, 0, len(rawRules))
 

internal/api/v1/route/playground_test.go

@@ -22,10 +22,13 @@ func TestPlayground(t *testing.T) {
 		{
 			name: "simple path matching rule",
 			request: PlaygroundRequest{
-				Rules: `- name: test rule
-  on: path /api
-  do: pass
-`,
+				Rules: []RawRule{
+					{
+						Name: "test rule",
+						On:   "path /api",
+						Do:   "pass",
+					},
+				},
 				MockRequest: MockRequest{
 					Method: "GET",
 					Path:   "/api",
@@ -50,10 +53,13 @@ func TestPlayground(t *testing.T) {
 		{
 			name: "header matching rule",
 			request: PlaygroundRequest{
-				Rules: `- name: check user agent
-  on: header User-Agent Chrome
-  do: error 403 Forbidden
-`,
+				Rules: []RawRule{
+					{
+						Name: "check user agent",
+						On:   "header User-Agent Chrome",
+						Do:   "error 403 Forbidden",
+					},
+				},
 				MockRequest: MockRequest{
 					Method: "GET",
 					Path:   "/",
@@ -84,10 +90,13 @@ func TestPlayground(t *testing.T) {
 		{
 			name: "invalid rule syntax",
 			request: PlaygroundRequest{
-				Rules: `- name: bad rule
-  on: invalid_checker something
-  do: pass
-`,
+				Rules: []RawRule{
+					{
+						Name: "bad rule",
+						On:   "invalid_checker something",
+						Do:   "pass",
+					},
+				},
 				MockRequest: MockRequest{
 					Method: "GET",
 					Path:   "/",
@@ -106,10 +115,13 @@ func TestPlayground(t *testing.T) {
 		{
 			name: "rewrite path rule",
 			request: PlaygroundRequest{
-				Rules: `- name: rewrite rule
-  on: path glob(/api/*)
-  do: rewrite /api/ /v1/
-`,
+				Rules: []RawRule{
+					{
+						Name: "rewrite rule",
+						On:   "path glob(/api/*)",
+						Do:   "rewrite /api/ /v1/",
+					},
+				},
 				MockRequest: MockRequest{
 					Method: "GET",
 					Path:   "/api/users",
@@ -136,10 +148,13 @@ func TestPlayground(t *testing.T) {
 		{
 			name: "method matching rule",
 			request: PlaygroundRequest{
-				Rules: `- name: block POST
-  on: method POST
-  do: error "405" "Method Not Allowed"
-`,
+				Rules: []RawRule{
+					{
+						Name: "block POST",
+						On:   "method POST",
+						Do:   `error "405" "Method Not Allowed"`,
+					},
+				},
 				MockRequest: MockRequest{
 					Method: "POST",
 					Path:   "/api",
@@ -158,63 +173,6 @@ func TestPlayground(t *testing.T) {
 				}
 			},
 		},
-		{
-			name: "block syntax default rule",
-			request: PlaygroundRequest{
-				Rules: `default {
-  pass
-}`,
-				MockRequest: MockRequest{
-					Method: "GET",
-					Path:   "/",
-				},
-			},
-			wantStatusCode: http.StatusOK,
-			checkResponse: func(t *testing.T, resp PlaygroundResponse) {
-				if len(resp.ParsedRules) != 1 {
-					t.Errorf("expected 1 parsed rule, got %d", len(resp.ParsedRules))
-				}
-				if resp.ParsedRules[0].ValidationError != nil {
-					t.Errorf("expected rule to be valid, got error: %v", resp.ParsedRules[0].ValidationError)
-				}
-				if !resp.UpstreamCalled {
-					t.Error("expected upstream to be called")
-				}
-			},
-		},
-		{
-			name: "block syntax conditional rule",
-			request: PlaygroundRequest{
-				Rules: `header User-Agent Chrome {
-  error 403 Forbidden
-}`,
-				MockRequest: MockRequest{
-					Method: "GET",
-					Path:   "/",
-					Headers: map[string][]string{
-						"User-Agent": {"Chrome"},
-					},
-				},
-			},
-			wantStatusCode: http.StatusOK,
-			checkResponse: func(t *testing.T, resp PlaygroundResponse) {
-				if len(resp.ParsedRules) != 1 {
-					t.Errorf("expected 1 parsed rule, got %d", len(resp.ParsedRules))
-				}
-				if resp.ParsedRules[0].ValidationError != nil {
-					t.Errorf("expected rule to be valid, got error: %v", resp.ParsedRules[0].ValidationError)
-				}
-				if len(resp.MatchedRules) != 1 {
-					t.Errorf("expected 1 matched rule, got %d", len(resp.MatchedRules))
-				}
-				if resp.FinalResponse.StatusCode != http.StatusForbidden {
-					t.Errorf("expected status 403, got %d", resp.FinalResponse.StatusCode)
-				}
-				if resp.UpstreamCalled {
-					t.Error("expected upstream not to be called")
-				}
-			},
-		},
 	}
 
 	for _, tt := range tests {

internal/auth/csrf.go

@@ -1,84 +0,0 @@
-package auth
-
-import (
-	"crypto/hmac"
-	"crypto/rand"
-	"crypto/sha256"
-	"encoding/hex"
-	"net/http"
-	"strings"
-
-	"github.com/yusing/godoxy/internal/common"
-	"golang.org/x/crypto/hkdf"
-)
-
-const (
-	CSRFCookieName  = "godoxy_csrf"
-	CSRFHKDFSalt    = "godoxy-csrf"
-	CSRFHeaderName  = "X-CSRF-Token"
-	csrfTokenLength = 32
-)
-
-// csrfSecret is derived from API_JWT_SECRET via HKDF for cryptographic
-// separation from JWT signing. Falls back to an ephemeral random key
-// for OIDC-only setups where no JWT secret is configured.
-var csrfSecret = func() []byte {
-	if common.APIJWTSecret != nil {
-		return hkdf.Extract(sha256.New, common.APIJWTSecret, []byte(CSRFHKDFSalt))
-	}
-	b := make([]byte, 32)
-	if _, err := rand.Read(b); err != nil {
-		panic("failed to generate CSRF secret: " + err.Error())
-	}
-	return b
-}()
-
-func GenerateCSRFToken() (string, error) {
-	nonce := make([]byte, csrfTokenLength)
-	if _, err := rand.Read(nonce); err != nil {
-		return "", err
-	}
-	nonceHex := hex.EncodeToString(nonce)
-	return nonceHex + "." + csrfSign(nonceHex), nil
-}
-
-// ValidateCSRFToken checks the HMAC signature embedded in the token.
-// This prevents subdomain cookie-injection attacks where an attacker
-// sets a forged CSRF cookie — they cannot produce a valid signature
-// without the ephemeral secret.
-func ValidateCSRFToken(token string) bool {
-	nonce, sig, ok := strings.Cut(token, ".")
-	if !ok || len(nonce) != csrfTokenLength*2 {
-		return false
-	}
-	return hmac.Equal([]byte(sig), []byte(csrfSign(nonce)))
-}
-
-func csrfSign(nonce string) string {
-	mac := hmac.New(sha256.New, csrfSecret)
-	mac.Write([]byte(nonce))
-	return hex.EncodeToString(mac.Sum(nil))
-}
-
-func SetCSRFCookie(w http.ResponseWriter, r *http.Request, token string) {
-	http.SetCookie(w, &http.Cookie{
-		Name:     CSRFCookieName,
-		Value:    token,
-		HttpOnly: false,
-		Secure:   common.APIJWTSecure,
-		SameSite: http.SameSiteStrictMode,
-		Path:     "/",
-	})
-}
-
-func ClearCSRFCookie(w http.ResponseWriter, r *http.Request) {
-	http.SetCookie(w, &http.Cookie{
-		Name:     CSRFCookieName,
-		Value:    "",
-		MaxAge:   -1,
-		HttpOnly: false,
-		Secure:   common.APIJWTSecure,
-		SameSite: http.SameSiteStrictMode,
-		Path:     "/",
-	})
-}

internal/auth/userpass.go

@@ -1,12 +1,12 @@
 package auth
 
 import (
-	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/yusing/godoxy/internal/common"
 	httputils "github.com/yusing/goutils/http"
@@ -107,7 +107,7 @@ type UserPassAuthCallbackRequest struct {
 
 func (auth *UserPassAuth) PostAuthCallbackHandler(w http.ResponseWriter, r *http.Request) {
 	var creds UserPassAuthCallbackRequest
-	err := json.NewDecoder(r.Body).Decode(&creds)
+	err := sonic.ConfigDefault.NewDecoder(r.Body).Decode(&creds)
 	if err != nil {
 		http.Error(w, "invalid request", http.StatusBadRequest)
 		return

internal/dnsproviders/go.mod

@@ -1,12 +1,12 @@
 module github.com/yusing/godoxy/internal/dnsproviders
 
-go 1.26.1
+go 1.26.0
 
 replace github.com/yusing/godoxy => ../..
 
 require (
-	github.com/go-acme/lego/v4 v4.33.0
-	github.com/yusing/godoxy v0.27.5
+	github.com/go-acme/lego/v4 v4.32.0
+	github.com/yusing/godoxy v0.26.0
 )
 
 require (
@@ -19,12 +19,16 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/boombuler/barcode v1.1.0 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -44,15 +48,16 @@ require (
 	github.com/google/go-querystring v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect
-	github.com/googleapis/gax-go/v2 v2.19.0 // indirect
-	github.com/gotify/server/v2 v2.9.1 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.12 // indirect
+	github.com/googleapis/gax-go/v2 v2.17.0 // indirect
+	github.com/gotify/server/v2 v2.9.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/linode/linodego v1.66.0 // indirect
+	github.com/linode/linodego v1.65.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/maxatome/go-testdeep v1.14.0 // indirect
@@ -60,8 +65,8 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/nrdcg/goacmedns v0.2.0 // indirect
 	github.com/nrdcg/goinwx v0.12.0 // indirect
-	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.109.2 // indirect
-	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.109.2 // indirect
+	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.2 // indirect
+	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.2 // indirect
 	github.com/nrdcg/porkbun v0.4.0 // indirect
 	github.com/ovh/go-ovh v1.9.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
@@ -73,27 +78,29 @@ require (
 	github.com/sony/gobreaker v1.0.0 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/stretchr/testify v1.11.1 // indirect
-	github.com/vultr/govultr/v3 v3.28.1 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/vultr/govultr/v3 v3.27.0 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	github.com/yusing/gointernals v0.2.0 // indirect
 	github.com/yusing/goutils v0.7.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect
-	go.opentelemetry.io/otel v1.42.0 // indirect
-	go.opentelemetry.io/otel/metric v1.42.0 // indirect
-	go.opentelemetry.io/otel/trace v1.42.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect
+	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel/metric v1.40.0 // indirect
+	go.opentelemetry.io/otel/trace v1.40.0 // indirect
 	go.uber.org/ratelimit v0.3.1 // indirect
-	golang.org/x/crypto v0.49.0 // indirect
-	golang.org/x/mod v0.34.0 // indirect
-	golang.org/x/net v0.52.0 // indirect
-	golang.org/x/oauth2 v0.36.0 // indirect
-	golang.org/x/sync v0.20.0 // indirect
-	golang.org/x/sys v0.42.0 // indirect
-	golang.org/x/text v0.35.0 // indirect
-	golang.org/x/tools v0.43.0 // indirect
-	google.golang.org/api v0.272.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 // indirect
-	google.golang.org/grpc v1.79.3 // indirect
+	golang.org/x/arch v0.24.0 // indirect
+	golang.org/x/crypto v0.48.0 // indirect
+	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/oauth2 v0.35.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	golang.org/x/tools v0.42.0 // indirect
+	google.golang.org/api v0.267.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260217215200-42d3e9bedb6d // indirect
+	google.golang.org/grpc v1.79.1 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

internal/dnsproviders/go.sum

@@ -25,8 +25,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0 h1:4iB+IesclUXdP0ICgAabvq2FYLXrJWKx1fJQ+GxSo3Y=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
 github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 h1:h/33OxYLqBk0BYmEbSUy7MlvgQR/m1w1/7OJFKoPL1I=
 github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0/go.mod h1:rvh3imDA6EaQi+oM/GQHkQAOHbXPKJ7EWJvfjuw141Q=
 github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
@@ -37,10 +37,18 @@ github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
 github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
+github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
+github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
+github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
+github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -54,8 +62,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM=
 github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
-github.com/go-acme/lego/v4 v4.33.0 h1:2KrRKieG+VczT4zvVXKAY7Tp/S3XLvh/QImofBALRAM=
-github.com/go-acme/lego/v4 v4.33.0/go.mod h1:lI2fZNdgeM/ymf9xQ9YKbgZm6MeDuf91UrohMQE4DhI=
+github.com/go-acme/lego/v4 v4.32.0 h1:z7Ss7aa1noabhKj+DBzhNCO2SM96xhE3b0ucVW3x8Tc=
+github.com/go-acme/lego/v4 v4.32.0/go.mod h1:lI2fZNdgeM/ymf9xQ9YKbgZm6MeDuf91UrohMQE4DhI=
 github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
 github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -95,12 +103,12 @@ github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.14 h1:yh8ncqsbUY4shRD5dA6RlzjJaT4hi3kII+zYw8wmLb8=
-github.com/googleapis/enterprise-certificate-proxy v0.3.14/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg=
-github.com/googleapis/gax-go/v2 v2.19.0 h1:fYQaUOiGwll0cGj7jmHT/0nPlcrZDFPrZRhTsoCr8hE=
-github.com/googleapis/gax-go/v2 v2.19.0/go.mod h1:w2ROXVdfGEVFXzmlciUU4EdjHgWvB5h2n6x/8XSTTJA=
-github.com/gotify/server/v2 v2.9.1 h1:wsQUCdYJ4ZvP7RIRKDLtAtmFQc3kxbrv3QqccO5RWzs=
-github.com/gotify/server/v2 v2.9.1/go.mod h1:8scw0hiExomp4rJDrXBwRIcgQm7kv74P4Z4B+iM4l8w=
+github.com/googleapis/enterprise-certificate-proxy v0.3.12 h1:Fg+zsqzYEs1ZnvmcztTYxhgCBsx3eEhEwQ1W/lHq/sQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.12/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg=
+github.com/googleapis/gax-go/v2 v2.17.0 h1:RksgfBpxqff0EZkDWYuz9q/uWsTVz+kf43LsZ1J6SMc=
+github.com/googleapis/gax-go/v2 v2.17.0/go.mod h1:mzaqghpQp4JDh3HvADwrat+6M3MOIDp5YKHhb9PAgDY=
+github.com/gotify/server/v2 v2.9.0 h1:2zRCl28wkq0oc6YNbyJS2n0dDOOVvOS3Oez5AG2ij54=
+github.com/gotify/server/v2 v2.9.0/go.mod h1:249wwlUqHTr0QsiKARGtFVqds0pNLIMjYLinHyMACdQ=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
@@ -111,6 +119,8 @@ github.com/jarcoal/httpmock v1.4.1 h1:0Ju+VCFuARfFlhVXFc2HxlcQkfB+Xq12/EotHko+x2
 github.com/jarcoal/httpmock v1.4.1/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -121,8 +131,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/linode/linodego v1.66.0 h1:rK8QJFaV53LWOEJvb/evhTg/dP5ElvtuZmx4iv4RJds=
-github.com/linode/linodego v1.66.0/go.mod h1:12ykGs9qsvxE+OU3SXuW2w+DTruWF35FPlXC7gGk2tU=
+github.com/linode/linodego v1.65.0 h1:SdsuGD8VSsPWeShXpE7ihl5vec+fD3MgwhnfYC/rj7k=
+github.com/linode/linodego v1.65.0/go.mod h1:tOFiTErdjkbVnV+4S0+NmIE9dqqZUEM2HsJaGu8wMh8=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -140,10 +150,10 @@ github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0
 github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
 github.com/nrdcg/goinwx v0.12.0 h1:ujdUqDBnaRSFwzVnImvPHYw3w3m9XgmGImNUw1GyMb4=
 github.com/nrdcg/goinwx v0.12.0/go.mod h1:IrVKd3ZDbFiMjdPgML4CSxZAY9wOoqLvH44zv3NodJ0=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.109.2 h1:SlJJlU2lgrB8dB9UFopLUNaO+JxtzLK4UWHYY3e3gvo=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.109.2/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.109.2 h1:c8B4nduK77OvP6WnsfzfZgnK6uHhZETZGYnxNfu23Go=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.109.2/go.mod h1:twxIRVoHRrrMZp1A8Mh46CqCG/gyzLnImEb4dpzleIE=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.2 h1:OWijzl3nHUApvTivl+3+78dbBwmyEHOnb+W9m6ixGbk=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.2/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.2 h1:9LsjN/zaIN7H8JE61NHpbWhxF0UGY96+kMlk3g8OvGU=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.2/go.mod h1:32vZH06TuwZSn+IDMO1qcDvC2vHVlzUALCwXGWPA+dc=
 github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
 github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/ovh/go-ovh v1.9.0 h1:6K8VoL3BYjVV3In9tPJUdT7qMx9h0GExN9EXx1r2kKE=
@@ -178,10 +188,13 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/vultr/govultr/v3 v3.28.1 h1:KR3LhppYARlBujY7+dcrE7YKL0Yo9qXL+msxykKQrLI=
-github.com/vultr/govultr/v3 v3.28.1/go.mod h1:2zyUw9yADQaGwKnwDesmIOlBNLrm7edsCfWHFJpWKf8=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/vultr/govultr/v3 v3.27.0 h1:J8etMyu/Jh5+idMsu2YZpOWmDXXHeW4VZnkYXmJYHx8=
+github.com/vultr/govultr/v3 v3.27.0/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI=
 github.com/yusing/gointernals v0.2.0 h1:jyWB3kdUPkuU6s0r8QY/sS5h2WNBF4Kfisly8dtSVvg=
@@ -192,58 +205,60 @@ go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg=
-go.opentelemetry.io/otel v1.42.0 h1:lSQGzTgVR3+sgJDAU/7/ZMjN9Z+vUip7leaqBKy4sho=
-go.opentelemetry.io/otel v1.42.0/go.mod h1:lJNsdRMxCUIWuMlVJWzecSMuNjE7dOYyWlqOXWkdqCc=
-go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUlaFdF/4=
-go.opentelemetry.io/otel/metric v1.42.0/go.mod h1:RlUN/7vTU7Ao/diDkEpQpnz3/92J9ko05BIwxYa2SSI=
-go.opentelemetry.io/otel/sdk v1.42.0 h1:LyC8+jqk6UJwdrI/8VydAq/hvkFKNHZVIWuslJXYsDo=
-go.opentelemetry.io/otel/sdk v1.42.0/go.mod h1:rGHCAxd9DAph0joO4W6OPwxjNTYWghRWmkHuGbayMts=
-go.opentelemetry.io/otel/sdk/metric v1.42.0 h1:D/1QR46Clz6ajyZ3G8SgNlTJKBdGp84q9RKCAZ3YGuA=
-go.opentelemetry.io/otel/sdk/metric v1.42.0/go.mod h1:Ua6AAlDKdZ7tdvaQKfSmnFTdHx37+J4ba8MwVCYM5hc=
-go.opentelemetry.io/otel/trace v1.42.0 h1:OUCgIPt+mzOnaUTpOQcBiM/PLQ/Op7oq6g4LenLmOYY=
-go.opentelemetry.io/otel/trace v1.42.0/go.mod h1:f3K9S+IFqnumBkKhRJMeaZeNk9epyhnCmQh/EysQCdc=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0=
+go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
+go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
+go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
+go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
+go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
+go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
+go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
+go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
+go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
+go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/ratelimit v0.3.1 h1:K4qVE+byfv/B3tC+4nYWP7v/6SimcO7HzHekoMNBma0=
 go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJhRk=
-golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
-golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
-golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI=
-golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY=
-golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
-golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
-golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
-golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
-golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
-golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/arch v0.24.0 h1:qlJ3M9upxvFfwRM51tTg3Yl+8CP9vCC1E7vlFpgv99Y=
+golang.org/x/arch v0.24.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
+golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
+golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
+golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
-golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
-golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
-golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
-golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
+golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s=
-golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.272.0 h1:eLUQZGnAS3OHn31URRf9sAmRk3w2JjMx37d2k8AjJmA=
-google.golang.org/api v0.272.0/go.mod h1:wKjowi5LNJc5qarNvDCvNQBn3rVK8nSy6jg2SwRwzIA=
-google.golang.org/genproto v0.0.0-20260316180232-0b37fe3546d5 h1:JNfk58HZ8lfmXbYK2vx/UvsqIL59TzByCxPIX4TDmsE=
-google.golang.org/genproto v0.0.0-20260316180232-0b37fe3546d5/go.mod h1:x5julN69+ED4PcFk/XWayw35O0lf/nGa4aNgODCmNmw=
-google.golang.org/genproto/googleapis/api v0.0.0-20260316180232-0b37fe3546d5 h1:CogIeEXn4qWYzzQU0QqvYBM8yDF9cFYzDq9ojSpv0Js=
-google.golang.org/genproto/googleapis/api v0.0.0-20260316180232-0b37fe3546d5/go.mod h1:EIQZ5bFCfRQDV4MhRle7+OgjNtZ6P1PiZBgAKuxXu/Y=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 h1:ndE4FoJqsIceKP2oYSnUZqhTdYufCYYkqwtFzfrhI7w=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
-google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
-google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+google.golang.org/api v0.267.0 h1:w+vfWPMPYeRs8qH1aYYsFX68jMls5acWl/jocfLomwE=
+google.golang.org/api v0.267.0/go.mod h1:Jzc0+ZfLnyvXma3UtaTl023TdhZu6OMBP9tJ+0EmFD0=
+google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 h1:VQZ/yAbAtjkHgH80teYd2em3xtIkkHd7ZhqfH2N9CsM=
+google.golang.org/genproto v0.0.0-20260128011058-8636f8732409/go.mod h1:rxKD3IEILWEu3P44seeNOAwZN4SaoKaQ/2eTg4mM6EM=
+google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 h1:merA0rdPeUV3YIIfHHcH4qBkiQAc1nfCKSI7lB4cV2M=
+google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409/go.mod h1:fl8J1IvUjCilwZzQowmw2b7HQB2eAuYBabMXzWurF+I=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260217215200-42d3e9bedb6d h1:t/LOSXPJ9R0B6fnZNyALBRfZBH0Uy0gT+uR+SJ6syqQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260217215200-42d3e9bedb6d/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
+google.golang.org/grpc v1.79.1 h1:zGhSi45ODB9/p3VAawt9a+O/MULLl9dpizzNNpq7flY=
+google.golang.org/grpc v1.79.1/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

internal/docker/client.go

@@ -14,7 +14,7 @@ import (
 	"unsafe"
 
 	"github.com/docker/cli/cli/connhelper"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/agentpool"
@@ -198,9 +198,7 @@ func NewClient(cfg types.DockerProviderConfig, unique ...bool) (*SharedClient, e
 		opt = append(opt, client.WithTLSClientConfig(cfg.TLS.CAFile, cfg.TLS.CertFile, cfg.TLS.KeyFile))
 	}
 
-	opt = append(opt, client.WithAPIVersionNegotiation())
-
-	client, err := client.NewClientWithOpts(opt...)
+	client, err := client.New(opt...)
 	if err != nil {
 		return nil, err
 	}

internal/docker/container.go

@@ -11,8 +11,9 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/agentpool"
 	"github.com/yusing/godoxy/internal/serialization"
@@ -98,18 +99,18 @@ func UpdatePorts(ctx context.Context, c *types.Container) error {
 	}
 	defer dockerClient.Close()
 
-	inspect, err := dockerClient.ContainerInspect(ctx, c.ContainerID)
+	inspect, err := dockerClient.ContainerInspect(ctx, c.ContainerID, client.ContainerInspectOptions{})
 	if err != nil {
 		return err
 	}
 
-	for port := range inspect.Config.ExposedPorts {
-		proto, portStr := nat.SplitProtoPort(string(port))
+	for port := range inspect.Container.Config.ExposedPorts {
+		proto, portStr := nat.SplitProtoPort(port.String())
 		portInt, _ := nat.ParsePort(portStr)
 		if portInt == 0 {
 			continue
 		}
-		c.PublicPortMapping[portInt] = container.Port{
+		c.PublicPortMapping[portInt] = container.PortSummary{
 			PublicPort:  uint16(portInt), //nolint:gosec
 			PrivatePort: uint16(portInt), //nolint:gosec
 			Type:        proto,
@@ -210,8 +211,8 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 	}
 	if c.Network != "" {
 		v, hasNetwork := helper.NetworkSettings.Networks[c.Network]
-		if hasNetwork && v.IPAddress != "" {
-			c.PrivateHostname = v.IPAddress
+		if hasNetwork && v.IPAddress.IsValid() {
+			c.PrivateHostname = v.IPAddress.String()
 			return
 		}
 		var hasComposeNetwork bool
@@ -219,9 +220,9 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 		if proj := DockerComposeProject(c); proj != "" {
 			newNetwork := fmt.Sprintf("%s_%s", proj, c.Network)
 			v, hasComposeNetwork = helper.NetworkSettings.Networks[newNetwork]
-			if hasComposeNetwork && v.IPAddress != "" {
+			if hasComposeNetwork && v.IPAddress.IsValid() {
 				c.Network = newNetwork // update network to the new one
-				c.PrivateHostname = v.IPAddress
+				c.PrivateHostname = v.IPAddress.String()
 				return
 			}
 		}
@@ -234,9 +235,9 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 	}
 	// fallback to first network if no network is specified
 	for k, v := range helper.NetworkSettings.Networks {
-		if v.IPAddress != "" {
+		if v.IPAddress.IsValid() {
 			c.Network = k // update network to the first network
-			c.PrivateHostname = v.IPAddress
+			c.PrivateHostname = v.IPAddress.String()
 			return
 		}
 	}

internal/docker/container_helper.go

@@ -3,7 +3,7 @@ package docker
 import (
 	"strings"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/yusing/ds/ordered"
 	"github.com/yusing/godoxy/internal/types"
 	strutils "github.com/yusing/goutils/strings"

internal/docker/container_test.go

@@ -3,7 +3,7 @@ package docker
 import (
 	"testing"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/yusing/godoxy/internal/types"
 	expect "github.com/yusing/goutils/testing"
 )

internal/docker/list_containers.go

@@ -3,12 +3,12 @@ package docker
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/types"
 )
 
-var listOptions = container.ListOptions{
+var listOptions = client.ContainerListOptions{
 	// created|restarting|running|removing|paused|exited|dead
 	// Filters: filters.NewArgs(
 	// 	filters.Arg("status", "created"),
@@ -31,7 +31,7 @@ func ListContainers(ctx context.Context, dockerCfg types.DockerProviderConfig) (
 	if err != nil {
 		return nil, err
 	}
-	return containers, nil
+	return containers.Items, nil
 }
 
 func IsErrConnectionFailed(err error) bool {

internal/entrypoint/README.md

@@ -122,9 +122,9 @@ classDiagram
         +accessLogger AccessLogger
         +findRouteFunc findRouteFunc
         +shortLinkMatcher *ShortLinkMatcher
-        +streamRoutes *pool.Pool\[types.StreamRoute\]
-        +excludedRoutes *pool.Pool\[types.Route\]
-        +servers *xsync.Map\[string, *httpServer\]
+        +streamRoutes *pool.Pool[types.StreamRoute]
+        +excludedRoutes *pool.Pool[types.Route]
+        +servers *xsync.Map[string, *httpServer]
         +SupportProxyProtocol() bool
         +StartAddRoute(r) error
         +IterRoutes(yield)
@@ -132,7 +132,7 @@ classDiagram
     }
 
     class httpServer {
-        +routes *pool.Pool\[types.HTTPRoute\]
+        +routes *pool.Pool[types.HTTPRoute]
         +ServeHTTP(w, r)
         +AddRoute(route)
         +DelRoute(route)
@@ -154,8 +154,8 @@ classDiagram
     }
 
     class ShortLinkMatcher {
-        +fqdnRoutes *xsync.Map\[string, string\]
-        +subdomainRoutes *xsync.Map\[string, emptyStruct\]
+        +fqdnRoutes *xsync.Map[string, string]
+        +subdomainRoutes *xsync.Map[string, struct{}]
         +ServeHTTP(w, r)
         +AddRoute(alias)
         +DelRoute(alias)

internal/health/check/docker.go

@@ -2,12 +2,13 @@ package healthcheck
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"net/http"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	"github.com/yusing/godoxy/internal/types"
 	httputils "github.com/yusing/goutils/http"
@@ -45,7 +46,7 @@ func Docker(ctx context.Context, state *DockerHealthcheckState, timeout time.Dur
 	defer cancel()
 
 	// the actual inspect response is intercepted and returned as RequestInterceptedError
-	_, err := state.client.ContainerInspect(ctx, state.containerID)
+	_, err := state.client.ContainerInspect(ctx, state.containerID, client.ContainerInspectOptions{})
 
 	var interceptedErr *httputils.RequestInterceptedError
 	if !httputils.AsRequestInterceptedError(err, &interceptedErr) {
@@ -107,7 +108,7 @@ func interceptDockerInspectResponse(resp *http.Response) (intercepted bool, err
 	}
 
 	var state container.State
-	err = json.Unmarshal(body, &state)
+	err = sonic.Unmarshal(body, &state)
 	release(body)
 	if err != nil {
 		return false, err

internal/homepage/icons/list/list_icons.go

@@ -2,12 +2,12 @@ package iconlist
 
 import (
 	"context"
-	"encoding/json"
 	"net/http"
 	"slices"
 	"strings"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/lithammer/fuzzysearch/fuzzy"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
@@ -55,7 +55,7 @@ func init() {
 
 func InitCache() {
 	m := make(IconMap)
-	err := serialization.LoadFileIfExist(common.IconListCachePath, &m, json.Unmarshal)
+	err := serialization.LoadFileIfExist(common.IconListCachePath, &m, sonic.Unmarshal)
 	switch {
 	case err != nil:
 		// backward compatible
@@ -63,13 +63,13 @@ func InitCache() {
 			Icons      IconMap
 			LastUpdate time.Time
 		}{}
-		err = serialization.LoadFileIfExist(common.IconListCachePath, &oldFormat, json.Unmarshal)
+		err = serialization.LoadFileIfExist(common.IconListCachePath, &oldFormat, sonic.Unmarshal)
 		if err != nil {
 			log.Error().Err(err).Msg("failed to load icons")
 		} else {
 			m = oldFormat.Icons
 			// store it to disk immediately
-			_ = serialization.SaveFile(common.IconListCachePath, &m, 0o644, json.Marshal)
+			_ = serialization.SaveFile(common.IconListCachePath, &m, 0o644, sonic.Marshal)
 		}
 	case len(m) > 0:
 		log.Info().
@@ -85,7 +85,7 @@ func InitCache() {
 
 	task.OnProgramExit("save_icons_cache", func() {
 		icons := iconsCache.Load()
-		_ = serialization.SaveFile(common.IconListCachePath, &icons, 0o644, json.Marshal)
+		_ = serialization.SaveFile(common.IconListCachePath, &icons, 0o644, sonic.Marshal)
 	})
 
 	go backgroundUpdateIcons()
@@ -106,7 +106,7 @@ func backgroundUpdateIcons() {
 				// swap old cache with new cache
 				iconsCache.Store(newCache)
 				// save it to disk
-				err := serialization.SaveFile(common.IconListCachePath, &newCache, 0o644, json.Marshal)
+				err := serialization.SaveFile(common.IconListCachePath, &newCache, 0o644, sonic.Marshal)
 				if err != nil {
 					log.Warn().Err(err).Msg("failed to save icons")
 				}
@@ -286,7 +286,7 @@ func UpdateWalkxCodeIcons(m IconMap) error {
 	}
 
 	data := make(map[string][]string)
-	err = json.Unmarshal(body, &data)
+	err = sonic.Unmarshal(body, &data)
 	release(body)
 	if err != nil {
 		return err
@@ -365,7 +365,7 @@ func UpdateSelfhstIcons(m IconMap) error {
 	}
 
 	data := make([]SelfhStIcon, 0)
-	err = json.Unmarshal(body, &data) //nolint:musttag
+	err = sonic.Unmarshal(body, &data) //nolint:musttag
 	release(body)
 	if err != nil {
 		return err

internal/homepage/integrations/qbittorrent/client.go

@@ -2,13 +2,13 @@ package qbittorrent
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
 	"net/url"
 
+	"github.com/bytedance/sonic"
 	"github.com/yusing/godoxy/internal/homepage/widgets"
 	strutils "github.com/yusing/goutils/strings"
 )
@@ -71,7 +71,7 @@ func jsonRequest[T any](ctx context.Context, client *Client, endpoint string, qu
 	}
 	defer resp.Body.Close()
 
-	err = json.NewDecoder(resp.Body).Decode(&result)
+	err = sonic.ConfigDefault.NewDecoder(resp.Body).Decode(&result)
 	if err != nil {
 		return result, err
 	}

internal/homepage/integrations/qbittorrent/logs.go

@@ -2,10 +2,11 @@ package qbittorrent
 
 import (
 	"context"
-	"encoding/json"
 	"net/url"
 	"strconv"
 	"time"
+
+	"github.com/bytedance/sonic"
 )
 
 const endpointLogs = "/api/v2/log/main"
@@ -44,7 +45,7 @@ func (l *LogEntry) Level() string {
 }
 
 func (l *LogEntry) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"id":        l.ID,
 		"timestamp": l.Timestamp,
 		"level":     l.Level(),

internal/idlewatcher/debug.go

@@ -1,10 +1,10 @@
 package idlewatcher
 
 import (
-	"encoding/json"
 	"iter"
 	"strconv"
 
+	"github.com/bytedance/sonic"
 	strutils "github.com/yusing/goutils/strings"
 )
 
@@ -14,7 +14,7 @@ type watcherDebug struct {
 
 func (w watcherDebug) MarshalJSON() ([]byte, error) {
 	state := w.state.Load()
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"name": w.Name(),
 		"state": map[string]string{
 			"status": string(state.status),

internal/idlewatcher/events.go

@@ -1,11 +1,11 @@
 package idlewatcher
 
 import (
-	"encoding/json"
 	"fmt"
 	"io"
 
-	"github.com/yusing/goutils/events"
+	"github.com/bytedance/sonic"
+	gevents "github.com/yusing/goutils/events"
 )
 
 type WakeEvent struct {
@@ -26,7 +26,7 @@ const (
 )
 
 func writeSSE(w io.Writer, v any) error {
-	data, err := json.Marshal(v)
+	data, err := sonic.Marshal(v)
 	if err != nil {
 		return err
 	}
@@ -58,12 +58,12 @@ func (w *Watcher) sendEvent(eventType WakeEventType, message string, err error)
 
 	w.l.Debug().Str("event", string(eventType)).Str("message", message).Err(err).Msg("sending event")
 
-	level := events.LevelInfo
+	level := gevents.LevelInfo
 	if eventType == WakeEventError {
-		level = events.LevelError
+		level = gevents.LevelError
 	}
 
-	w.events.Add(events.NewEvent(
+	w.events.Add(gevents.NewEvent(
 		level,
 		w.cfg.ContainerName(),
 		string(eventType),

internal/idlewatcher/handle_http_debug.go

@@ -9,12 +9,12 @@ import (
 
 	idlewatcher "github.com/yusing/godoxy/internal/idlewatcher/types"
 	"github.com/yusing/godoxy/internal/types"
-	"github.com/yusing/goutils/events"
+	gevents "github.com/yusing/goutils/events"
 )
 
 func DebugHandler(rw http.ResponseWriter, r *http.Request) {
 	w := &Watcher{
-		events: events.NewHistory(),
+		events: gevents.NewHistory(),
 		cfg: &types.IdlewatcherConfig{
 			IdlewatcherProviderConfig: types.IdlewatcherProviderConfig{
 				Docker: &types.DockerConfig{

internal/idlewatcher/provider/docker.go

@@ -4,7 +4,8 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	idlewatcher "github.com/yusing/godoxy/internal/idlewatcher/types"
 	"github.com/yusing/godoxy/internal/types"
@@ -17,7 +18,7 @@ type DockerProvider struct {
 	containerID string
 }
 
-var startOptions = container.StartOptions{}
+var startOptions = client.ContainerStartOptions{}
 
 func NewDockerProvider(dockerCfg types.DockerProviderConfig, containerID string) (idlewatcher.Provider, error) {
 	client, err := docker.NewClient(dockerCfg)
@@ -32,34 +33,41 @@ func NewDockerProvider(dockerCfg types.DockerProviderConfig, containerID string)
 }
 
 func (p *DockerProvider) ContainerPause(ctx context.Context) error {
-	return p.client.ContainerPause(ctx, p.containerID)
+	_, err := p.client.ContainerPause(ctx, p.containerID, client.ContainerPauseOptions{})
+	return err
 }
 
 func (p *DockerProvider) ContainerUnpause(ctx context.Context) error {
-	return p.client.ContainerUnpause(ctx, p.containerID)
+	_, err := p.client.ContainerUnpause(ctx, p.containerID, client.ContainerUnpauseOptions{})
+	return err
 }
 
 func (p *DockerProvider) ContainerStart(ctx context.Context) error {
-	return p.client.ContainerStart(ctx, p.containerID, startOptions)
+	_, err := p.client.ContainerStart(ctx, p.containerID, startOptions)
+	return err
 }
 
 func (p *DockerProvider) ContainerStop(ctx context.Context, signal types.ContainerSignal, timeout int) error {
-	return p.client.ContainerStop(ctx, p.containerID, container.StopOptions{
+	_, err := p.client.ContainerStop(ctx, p.containerID, client.ContainerStopOptions{
 		Signal:  string(signal),
 		Timeout: &timeout,
 	})
+	return err
 }
 
 func (p *DockerProvider) ContainerKill(ctx context.Context, signal types.ContainerSignal) error {
-	return p.client.ContainerKill(ctx, p.containerID, string(signal))
+	_, err := p.client.ContainerKill(ctx, p.containerID, client.ContainerKillOptions{
+		Signal: string(signal),
+	})
+	return err
 }
 
 func (p *DockerProvider) ContainerStatus(ctx context.Context) (idlewatcher.ContainerStatus, error) {
-	status, err := p.client.ContainerInspect(ctx, p.containerID)
+	status, err := p.client.ContainerInspect(ctx, p.containerID, client.ContainerInspectOptions{})
 	if err != nil {
 		return idlewatcher.ContainerStatusError, err
 	}
-	switch status.State.Status {
+	switch status.Container.State.Status {
 	case container.StateRunning:
 		return idlewatcher.ContainerStatusRunning, nil
 	case container.StateExited, container.StateDead, container.StateRestarting:
@@ -67,7 +75,7 @@ func (p *DockerProvider) ContainerStatus(ctx context.Context) (idlewatcher.Conta
 	case container.StatePaused:
 		return idlewatcher.ContainerStatusPaused, nil
 	}
-	return idlewatcher.ContainerStatusError, fmt.Errorf("%w: %s", idlewatcher.ErrUnexpectedContainerStatus, status.State.Status)
+	return idlewatcher.ContainerStatusError, fmt.Errorf("%w: %s", idlewatcher.ErrUnexpectedContainerStatus, status.Container.State.Status)
 }
 
 func (p *DockerProvider) Watch(ctx context.Context) (eventCh <-chan watcher.Event, errCh <-chan error) {

internal/idlewatcher/watcher.go

@@ -22,7 +22,7 @@ import (
 	"github.com/yusing/godoxy/internal/types"
 	watcherEvents "github.com/yusing/godoxy/internal/watcher/events"
 	gperr "github.com/yusing/goutils/errs"
-	"github.com/yusing/goutils/events"
+	gevents "github.com/yusing/goutils/events"
 	"github.com/yusing/goutils/http/reverseproxy"
 	strutils "github.com/yusing/goutils/strings"
 	"github.com/yusing/goutils/synk"
@@ -67,7 +67,7 @@ type (
 		task          *task.Task
 
 		// Per-watcher event history (for SSE and debug)
-		events *events.History
+		events *gevents.History
 
 		dependsOn []*dependency
 	}
@@ -132,7 +132,7 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *Config) (*Watcher, error
 			idleTicker:    time.NewTicker(cfg.IdleTimeout),
 			healthTicker:  time.NewTicker(idleWakerCheckInterval),
 			readyNotifyCh: make(chan struct{}, 1), // buffered to avoid blocking
-			events:        events.NewHistory(),
+			events:        gevents.NewHistory(),
 			cfg:           cfg,
 			routeHelper: routeHelper{
 				hc: monitor.NewMonitor(r),

internal/jsonstore/jsonstore.go

@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"reflect"
 
+	"github.com/bytedance/sonic"
 	"github.com/puzpuzpuz/xsync/v4"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
@@ -65,7 +66,7 @@ func loadNS[T store](ns namespace) T {
 		}
 	} else {
 		defer file.Close()
-		if err := json.NewDecoder(file).Decode(&store); err != nil {
+		if err := sonic.ConfigDefault.NewDecoder(file).Decode(&store); err != nil {
 			log.Err(err).
 				Str("path", path).
 				Msg("failed to load store")
@@ -83,7 +84,7 @@ func save() error {
 	errs := gperr.NewBuilder("failed to save data stores")
 	for ns, store := range stores {
 		path := filepath.Join(storesPath, string(ns)+".json")
-		if err := serialization.SaveFile(path, &store, 0o644, json.Marshal); err != nil {
+		if err := serialization.SaveFile(path, &store, 0o644, sonic.Marshal); err != nil {
 			errs.Add(err)
 		}
 	}
@@ -113,12 +114,12 @@ func (s *MapStore[VT]) Initialize() {
 }
 
 func (s MapStore[VT]) MarshalJSON() ([]byte, error) {
-	return json.Marshal(xsync.ToPlainMap(s.Map))
+	return sonic.Marshal(xsync.ToPlainMap(s.Map))
 }
 
 func (s *MapStore[VT]) UnmarshalJSON(data []byte) error {
 	tmp := make(map[string]VT)
-	if err := json.Unmarshal(data, &tmp); err != nil {
+	if err := sonic.Unmarshal(data, &tmp); err != nil {
 		return err
 	}
 	s.Map = xsync.NewMap[string, VT](xsync.WithPresize(len(tmp)))
@@ -134,10 +135,10 @@ func (obj *ObjectStore[Ptr]) Initialize() {
 }
 
 func (obj ObjectStore[Ptr]) MarshalJSON() ([]byte, error) {
-	return json.Marshal(obj.ptr)
+	return sonic.Marshal(obj.ptr)
 }
 
 func (obj *ObjectStore[Ptr]) UnmarshalJSON(data []byte) error {
 	obj.Initialize()
-	return json.Unmarshal(data, obj.ptr)
+	return sonic.Unmarshal(data, obj.ptr)
 }

internal/metrics/period/entries.go

@@ -3,6 +3,8 @@ package period
 import (
 	"encoding/json"
 	"time"
+
+	"github.com/bytedance/sonic"
 )
 
 type Entries[T any] struct {
@@ -73,7 +75,7 @@ type entriesJSON[T any] struct {
 }
 
 func (e *Entries[T]) MarshalJSON() ([]byte, error) {
-	return json.Marshal(entriesJSON[T]{
+	return sonic.Marshal(entriesJSON[T]{
 		Entries:  e.Get(),
 		Interval: e.interval,
 	})

internal/metrics/period/poller.go

@@ -9,6 +9,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/rs/zerolog/log"
 	gperr "github.com/yusing/goutils/errs"
 	"github.com/yusing/goutils/synk"
@@ -96,7 +97,7 @@ func (p *Poller[T, AggregateT]) save() error {
 	}
 	defer f.Close()
 
-	err = json.NewEncoder(f).Encode(p.period)
+	err = sonic.ConfigDefault.NewEncoder(f).Encode(p.period)
 	if err != nil {
 		return err
 	}

internal/metrics/systeminfo/system_info.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"net/url"
-	"strings"
 	"syscall"
 	"time"
 
@@ -153,24 +152,19 @@ func (s *SystemInfo) collectDisksInfo(ctx context.Context, lastResult *SystemInf
 		}
 	}
 
-	partitions, err := disk.PartitionsWithContext(ctx, true)
+	partitions, err := disk.PartitionsWithContext(ctx, false)
 	if err != nil {
 		return err
 	}
-
 	s.Disks = make(map[string]disk.UsageStat, len(partitions))
 	errs := gperr.NewBuilder("failed to get disks info")
 	for _, partition := range partitions {
-		if !shouldCollectPartition(partition) {
-			continue
-		}
 		diskInfo, err := disk.UsageWithContext(ctx, partition.Mountpoint)
 		if err != nil {
 			errs.Add(err)
 			continue
 		}
-		key := diskKey(partition)
-		s.Disks[key] = diskInfo
+		s.Disks[partition.Device] = diskInfo
 	}
 
 	if errs.HasError() {
@@ -182,41 +176,6 @@ func (s *SystemInfo) collectDisksInfo(ctx context.Context, lastResult *SystemInf
 	return nil
 }
 
-func shouldCollectPartition(partition disk.PartitionStat) bool {
-	if partition.Mountpoint == "/" {
-		return true
-	}
-
-	if partition.Mountpoint == "" {
-		return false
-	}
-
-	// includes WSL mounts like /mnt/c, but exclude /mnt/ itself and /mnt/wsl*
-	if len(partition.Mountpoint) >= len("/mnt/") &&
-		strings.HasPrefix(partition.Mountpoint, "/mnt/") &&
-		!strings.HasPrefix(partition.Mountpoint, "/mnt/wsl") {
-		return true
-	}
-
-	if strings.HasPrefix(partition.Device, "/dev/") {
-		return true
-	}
-
-	return false
-}
-
-func diskKey(partition disk.PartitionStat) string {
-	if partition.Device == "" || partition.Device == "none" {
-		return partition.Mountpoint
-	}
-
-	if partition.Device == "/dev/root" {
-		return partition.Mountpoint
-	}
-
-	return partition.Device
-}
-
 func (s *SystemInfo) collectNetworkInfo(ctx context.Context, lastResult *SystemInfo) error {
 	networkIO, err := net.IOCountersWithContext(ctx, false)
 	if err != nil {

internal/metrics/systeminfo/system_info_test.go

@@ -6,6 +6,7 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/bytedance/sonic"
 	"github.com/shirou/gopsutil/v4/disk"
 	"github.com/shirou/gopsutil/v4/mem"
 	"github.com/shirou/gopsutil/v4/net"
@@ -80,12 +81,12 @@ var (
 
 func TestSystemInfo(t *testing.T) {
 	// Test marshaling
-	data, err := json.Marshal(testInfo)
+	data, err := sonic.Marshal(testInfo)
 	expect.NoError(t, err)
 
 	// Test unmarshaling back
 	var decoded SystemInfo
-	err = json.Unmarshal(data, &decoded)
+	err = sonic.Unmarshal(data, &decoded)
 	expect.NoError(t, err)
 
 	// Compare original and decoded
@@ -137,7 +138,7 @@ func TestSerialize(t *testing.T) {
 	for _, query := range allQueries {
 		t.Run(string(query), func(t *testing.T) {
 			_, result := aggregate(entries, url.Values{"aggregate": []string{string(query)}})
-			s, err := json.Marshal(result)
+			s, err := sonic.Marshal(result)
 			expect.NoError(t, err)
 			var v []map[string]any
 			expect.NoError(t, json.Unmarshal(s, &v))

internal/metrics/uptime/uptime.go

@@ -2,13 +2,13 @@ package uptime
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"math"
 	"net/url"
 	"slices"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/lithammer/fuzzysearch/fuzzy"
 	config "github.com/yusing/godoxy/internal/config/types"
 	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
@@ -54,7 +54,7 @@ func getStatuses(ctx context.Context, _ StatusByAlias) (StatusByAlias, error) {
 }
 
 func (s *Status) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"status":    s.Status.String(),
 		"latency":   s.Latency,
 		"timestamp": s.Timestamp,
@@ -158,5 +158,5 @@ func (rs RouteStatuses) aggregate(limit int, offset int) Aggregated {
 }
 
 func (result Aggregated) MarshalJSON() ([]byte, error) {
-	return json.Marshal([]RouteAggregate(result))
+	return sonic.Marshal([]RouteAggregate(result))
 }

internal/net/gphttp/middleware/README.md

@@ -13,8 +13,6 @@ This package implements a flexible HTTP middleware system for GoDoxy. Middleware
 - **Bypass Rules**: Skip middleware based on request properties
 - **Dynamic Loading**: Load middleware definitions from files at runtime
 
-Response body rewriting is only applied to unencoded, text-like content types (for example `text/*`, JSON, YAML, XML). Response status and headers can always be modified.
-
 ## Architecture
 
 ```mermaid

internal/net/gphttp/middleware/captcha/hcaptcha.go

@@ -3,7 +3,6 @@ package captcha
 import (
 	"bytes"
 	"context"
-	"encoding/json"
 	"errors"
 	"net"
 	"net/http"
@@ -12,6 +11,7 @@ import (
 
 	_ "embed"
 
+	"github.com/bytedance/sonic"
 	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 )
@@ -73,7 +73,7 @@ func (p *HcaptchaProvider) Verify(r *http.Request) error {
 		Success bool     `json:"success"`
 		Error   []string `json:"error-codes"`
 	}
-	if err := json.NewDecoder(resp.Body).Decode(&respData); err != nil {
+	if err := sonic.ConfigDefault.NewDecoder(resp.Body).Decode(&respData); err != nil {
 		return err
 	}
 

internal/net/gphttp/middleware/custom_error_page.go

@@ -20,8 +20,6 @@ var CustomErrorPage = NewMiddleware[customErrorPage]()
 
 const StaticFilePathPrefix = "/$gperrorpage/"
 
-func (customErrorPage) isBodyResponseModifier() {}
-
 // before implements RequestModifier.
 func (customErrorPage) before(w http.ResponseWriter, r *http.Request) (proceed bool) {
 	return !ServeStaticErrorPageFile(w, r)

internal/net/gphttp/middleware/middleware.go

@@ -1,16 +1,13 @@
 package middleware
 
 import (
-	"encoding/json"
 	"fmt"
 	"maps"
-	"mime"
 	"net/http"
 	"reflect"
 	"sort"
-	"strconv"
-	"strings"
 
+	"github.com/bytedance/sonic"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/serialization"
@@ -19,12 +16,6 @@ import (
 	"github.com/yusing/goutils/http/reverseproxy"
 )
 
-const (
-	mimeEventStream   = "text/event-stream"
-	headerContentType = "Content-Type"
-	maxModifiableBody = 4 * 1024 * 1024 // 4MB
-)
-
 type (
 	ReverseProxy = reverseproxy.ReverseProxy
 	ProxyRequest = reverseproxy.ProxyRequest
@@ -54,11 +45,7 @@ type (
 	RequestModifier interface {
 		before(w http.ResponseWriter, r *http.Request) (proceed bool)
 	}
-	ResponseModifier     interface{ modifyResponse(r *http.Response) error }
-	BodyResponseModifier interface {
-		ResponseModifier
-		isBodyResponseModifier()
-	}
+	ResponseModifier             interface{ modifyResponse(r *http.Response) error }
 	MiddlewareWithSetup          interface{ setup() }
 	MiddlewareFinalizer          interface{ finalize() }
 	MiddlewareFinalizerWithError interface {
@@ -163,7 +150,7 @@ func (m *Middleware) MarshalJSON() ([]byte, error) {
 		commonOptions
 		any
 	}
-	return json.MarshalIndent(map[string]any{
+	return sonic.MarshalIndent(map[string]any{
 		"name": m.name,
 		"options": allOptions{
 			commonOptions: m.commonOptions,
@@ -202,154 +189,60 @@ func (m *Middleware) ServeHTTP(next http.HandlerFunc, w http.ResponseWriter, r *
 		}
 	}
 
-	if httpheaders.IsWebsocket(r.Header) || strings.Contains(strings.ToLower(r.Header.Get("Accept")), mimeEventStream) {
+	if httpheaders.IsWebsocket(r.Header) || r.Header.Get("Accept") == "text/event-stream" {
 		next(w, r)
 		return
 	}
 
-	exec, ok := m.impl.(ResponseModifier)
-	if !ok {
-		next(w, r)
-		return
-	}
-	isBodyModifier := isBodyResponseModifier(exec)
-
-	shouldBuffer := canBufferAndModifyResponseBody
-	if !isBodyModifier {
-		// Header-only response modifiers do not need body rewrite capability checks.
-		// We still respect max buffer limits and may fall back to passthrough for large bodies.
-		shouldBuffer = func(http.Header) bool { return true }
-	}
-	lrm := httputils.NewLazyResponseModifier(w, shouldBuffer)
-	lrm.SetMaxBufferedBytes(maxModifiableBody)
-	defer func() {
-		_, err := lrm.FlushRelease()
-		if err != nil {
-			m.LogError(r).Err(err).Msg("failed to flush response")
-		}
-	}()
-	next(lrm, r)
-
-	// Skip modification if response wasn't buffered
-	if !lrm.IsBuffered() {
-		return
-	}
-
-	rm := lrm.ResponseModifier()
-	if rm.IsPassthrough() {
-		return
-	}
-	currentBody := rm.BodyReader()
-	currentResp := &http.Response{
-		StatusCode:    rm.StatusCode(),
-		Header:        rm.Header(),
-		ContentLength: int64(rm.ContentLength()),
-		Body:          currentBody,
-		Request:       r,
-	}
-	respToModify := currentResp
-	if err := exec.modifyResponse(respToModify); err != nil {
-		log.Err(err).Str("middleware", m.Name()).Str("url", fullURL(r)).Msg("failed to modify response")
-		return // skip modification if failed
-	}
-
-	// override the response status code
-	rm.WriteHeader(respToModify.StatusCode)
-
-	// overriding the response header
-	maps.Copy(rm.Header(), respToModify.Header)
-
-	// override the body if changed
-	if isBodyModifier && respToModify.Body != currentBody {
-		err := rm.SetBody(respToModify.Body)
-		if err != nil {
-			m.LogError(r).Err(err).Msg("failed to set response body")
-			return // skip modification if failed
-		}
-	}
-}
-
-// canBufferAndModifyResponseBody checks if the response body can be buffered and modified.
-//
-// A body can be buffered and modified if:
-// - The response is not a websocket and is not an event stream
-// - The response has identity transfer encoding
-// - The response has identity content encoding
-// - The response has a content length
-// - The content length is less than 4MB
-// - The content type is text-like
-func canBufferAndModifyResponseBody(respHeader http.Header) bool {
-	if httpheaders.IsWebsocket(respHeader) {
-		return false
-	}
-	contentType := respHeader.Get("Content-Type")
-	if contentType == "" { // safe default: skip if no content type
-		return false
-	}
-	contentType = strings.ToLower(contentType)
-	if strings.Contains(contentType, mimeEventStream) {
-		return false
-	}
-	// strip charset or any other parameters
-	contentType, _, err := mime.ParseMediaType(contentType)
-	if err != nil { // skip if invalid content type
-		return false
-	}
-	if hasNonIdentityEncoding(respHeader.Values("Transfer-Encoding")) {
-		return false
-	}
-	if hasNonIdentityEncoding(respHeader.Values("Content-Encoding")) {
-		return false
-	}
-	if contentLengthRaw := respHeader.Get("Content-Length"); contentLengthRaw != "" {
-		contentLength, err := strconv.ParseInt(contentLengthRaw, 10, 64)
-		if err != nil || contentLength >= maxModifiableBody {
-			return false
-		}
-	}
-	if !isTextLikeMediaType(contentType) {
-		return false
-	}
-	return true
-}
-
-func hasNonIdentityEncoding(values []string) bool {
-	for _, value := range values {
-		for token := range strings.SplitSeq(value, ",") {
-			token = strings.TrimSpace(token)
-			if token == "" || strings.EqualFold(token, "identity") {
-				continue
+	if exec, ok := m.impl.(ResponseModifier); ok {
+		lrm := httputils.NewLazyResponseModifier(w, needsBuffering)
+		defer func() {
+			_, err := lrm.FlushRelease()
+			if err != nil {
+				m.LogError(r).Err(err).Msg("failed to flush response")
 			}
-			return true
+		}()
+		next(lrm, r)
+
+		// Skip modification if response wasn't buffered (non-HTML content)
+		if !lrm.IsBuffered() {
+			return
 		}
+
+		rm := lrm.ResponseModifier()
+		currentBody := rm.BodyReader()
+		currentResp := &http.Response{
+			StatusCode:    rm.StatusCode(),
+			Header:        rm.Header(),
+			ContentLength: int64(rm.ContentLength()),
+			Body:          currentBody,
+			Request:       r,
+		}
+		if err := exec.modifyResponse(currentResp); err != nil {
+			log.Err(err).Str("middleware", m.Name()).Str("url", fullURL(r)).Msg("failed to modify response")
+		}
+
+		// override the response status code
+		rm.WriteHeader(currentResp.StatusCode)
+
+		// overriding the response header
+		maps.Copy(rm.Header(), currentResp.Header)
+
+		// override the content length and body if changed
+		if currentResp.Body != currentBody {
+			if err := rm.SetBody(currentResp.Body); err != nil {
+				m.LogError(r).Err(err).Msg("failed to set response body")
+			}
+		}
+	} else {
+		next(w, r)
 	}
-	return false
 }
 
-func isTextLikeMediaType(contentType string) bool {
-	if contentType == "" {
-		return false
-	}
-	contentType = strings.ToLower(contentType)
-	if strings.HasPrefix(contentType, "text/") {
-		return true
-	}
-	if contentType == "application/json" || strings.HasSuffix(contentType, "+json") {
-		return true
-	}
-	if contentType == "application/xml" || strings.HasSuffix(contentType, "+xml") {
-		return true
-	}
-	if strings.Contains(contentType, "yaml") || strings.Contains(contentType, "toml") {
-		return true
-	}
-	if strings.Contains(contentType, "javascript") || strings.Contains(contentType, "ecmascript") {
-		return true
-	}
-	if strings.Contains(contentType, "csv") {
-		return true
-	}
-	return contentType == "application/x-www-form-urlencoded"
+// needsBuffering determines if a response should be buffered for modification.
+// Only HTML responses need buffering; streaming content (video, audio, etc.) should pass through.
+func needsBuffering(header http.Header) bool {
+	return httputils.GetContentType(header).IsHTML()
 }
 
 func (m *Middleware) LogWarn(req *http.Request) *zerolog.Event {

internal/net/gphttp/middleware/middleware_chain.go

@@ -8,9 +8,8 @@ import (
 )
 
 type middlewareChain struct {
-	befores    []RequestModifier
-	respHeader []ResponseModifier
-	respBody   []ResponseModifier
+	befores  []RequestModifier
+	modResps []ResponseModifier
 }
 
 // TODO: check conflict or duplicates.
@@ -23,11 +22,7 @@ func NewMiddlewareChain(name string, chain []*Middleware) *Middleware {
 			chainMid.befores = append(chainMid.befores, before)
 		}
 		if mr, ok := comp.impl.(ResponseModifier); ok {
-			if isBodyResponseModifier(mr) {
-				chainMid.respBody = append(chainMid.respBody, mr)
-			} else {
-				chainMid.respHeader = append(chainMid.respHeader, mr)
-			}
+			chainMid.modResps = append(chainMid.modResps, mr)
 		}
 	}
 	return m
@@ -48,41 +43,13 @@ func (m *middlewareChain) before(w http.ResponseWriter, r *http.Request) (procee
 
 // modifyResponse implements ResponseModifier.
 func (m *middlewareChain) modifyResponse(resp *http.Response) error {
-	for i, mr := range m.respHeader {
+	if len(m.modResps) == 0 {
+		return nil
+	}
+	for i, mr := range m.modResps {
 		if err := mr.modifyResponse(resp); err != nil {
 			return gperr.PrependSubject(err, strconv.Itoa(i))
 		}
 	}
-	if len(m.respBody) == 0 || !canBufferAndModifyResponseBody(responseHeaderForBodyRewriteGate(resp)) {
-		return nil
-	}
-	headerLen := len(m.respHeader)
-	for i, mr := range m.respBody {
-		if err := mr.modifyResponse(resp); err != nil {
-			return gperr.PrependSubject(err, strconv.Itoa(i+headerLen))
-		}
-	}
 	return nil
 }
-
-func isBodyResponseModifier(mr ResponseModifier) bool {
-	if chain, ok := mr.(*middlewareChain); ok {
-		return len(chain.respBody) > 0
-	}
-	if bypass, ok := mr.(*checkBypass); ok {
-		return isBodyResponseModifier(bypass.modRes)
-	}
-	_, ok := mr.(BodyResponseModifier)
-	return ok
-}
-
-func responseHeaderForBodyRewriteGate(resp *http.Response) http.Header {
-	h := resp.Header.Clone()
-	if len(resp.TransferEncoding) > 0 && len(h.Values("Transfer-Encoding")) == 0 {
-		h["Transfer-Encoding"] = append([]string(nil), resp.TransferEncoding...)
-	}
-	if resp.ContentLength >= 0 && h.Get("Content-Length") == "" {
-		h.Set("Content-Length", strconv.FormatInt(resp.ContentLength, 10))
-	}
-	return h
-}

internal/net/gphttp/middleware/middleware_test.go

@@ -1,9 +1,7 @@
 package middleware
 
 import (
-	"io"
 	"net/http"
-	"net/http/httptest"
 	"strconv"
 	"strings"
 	"testing"
@@ -16,37 +14,12 @@ type testPriority struct {
 }
 
 var test = NewMiddleware[testPriority]()
-var responseHeaderRewrite = NewMiddleware[testHeaderRewrite]()
-var responseBodyRewrite = NewMiddleware[testBodyRewrite]()
 
 func (t testPriority) before(w http.ResponseWriter, r *http.Request) bool {
 	w.Header().Add("Test-Value", strconv.Itoa(t.Value))
 	return true
 }
 
-type testHeaderRewrite struct {
-	StatusCode int    `json:"status_code"`
-	HeaderKey  string `json:"header_key"`
-	HeaderVal  string `json:"header_val"`
-}
-
-func (t testHeaderRewrite) modifyResponse(resp *http.Response) error {
-	resp.StatusCode = t.StatusCode
-	resp.Header.Set(t.HeaderKey, t.HeaderVal)
-	return nil
-}
-
-type testBodyRewrite struct {
-	Body string `json:"body"`
-}
-
-func (t testBodyRewrite) modifyResponse(resp *http.Response) error {
-	resp.Body = io.NopCloser(strings.NewReader(t.Body))
-	return nil
-}
-
-func (testBodyRewrite) isBodyResponseModifier() {}
-
 func TestMiddlewarePriority(t *testing.T) {
 	priorities := []int{4, 7, 9, 0}
 	chain := make([]*Middleware, len(priorities))
@@ -62,215 +35,3 @@ func TestMiddlewarePriority(t *testing.T) {
 	expect.NoError(t, err)
 	expect.Equal(t, strings.Join(res.ResponseHeaders["Test-Value"], ","), "3,0,1,2")
 }
-
-func TestMiddlewareResponseRewriteGate(t *testing.T) {
-	headerOpts := OptionsRaw{
-		"status_code": 418,
-		"header_key":  "X-Rewrite",
-		"header_val":  "1",
-	}
-	bodyOpts := OptionsRaw{
-		"body": "rewritten-body",
-	}
-	headerMid, err := responseHeaderRewrite.New(headerOpts)
-	expect.NoError(t, err)
-	bodyMid, err := responseBodyRewrite.New(bodyOpts)
-	expect.NoError(t, err)
-
-	tests := []struct {
-		name         string
-		respHeaders  http.Header
-		respBody     []byte
-		expectStatus int
-		expectHeader string
-		expectBody   string
-	}{
-		{
-			name: "allow_body_rewrite_for_html",
-			respHeaders: http.Header{
-				"Content-Type": []string{"text/html; charset=utf-8"},
-			},
-			respBody:     []byte("<html><body>original</body></html>"),
-			expectStatus: http.StatusTeapot,
-			expectHeader: "1",
-			expectBody:   "rewritten-body",
-		},
-		{
-			name: "allow_body_rewrite_for_json",
-			respHeaders: http.Header{
-				"Content-Type": []string{"application/json"},
-			},
-			respBody:     []byte(`{"message":"original"}`),
-			expectStatus: http.StatusTeapot,
-			expectHeader: "1",
-			expectBody:   "rewritten-body",
-		},
-		{
-			name: "allow_body_rewrite_for_yaml",
-			respHeaders: http.Header{
-				"Content-Type": []string{"application/yaml"},
-			},
-			respBody:     []byte("k: v"),
-			expectStatus: http.StatusTeapot,
-			expectHeader: "1",
-			expectBody:   "rewritten-body",
-		},
-		{
-			name: "block_body_rewrite_for_binary_content",
-			respHeaders: http.Header{
-				"Content-Type": []string{"application/octet-stream"},
-			},
-			respBody:     []byte("binary"),
-			expectStatus: http.StatusTeapot,
-			expectHeader: "1",
-			expectBody:   "binary",
-		},
-		{
-			name: "block_body_rewrite_for_transfer_encoded_html",
-			respHeaders: http.Header{
-				"Content-Type":      []string{"text/html"},
-				"Transfer-Encoding": []string{"chunked"},
-			},
-			respBody:     []byte("<html><body>original</body></html>"),
-			expectStatus: http.StatusTeapot,
-			expectHeader: "1",
-			expectBody:   "<html><body>original</body></html>",
-		},
-		{
-			name: "block_body_rewrite_for_content_encoded_html",
-			respHeaders: http.Header{
-				"Content-Type":     []string{"text/html"},
-				"Content-Encoding": []string{"gzip"},
-			},
-			respBody:     []byte("<html><body>original</body></html>"),
-			expectStatus: http.StatusTeapot,
-			expectHeader: "1",
-			expectBody:   "<html><body>original</body></html>",
-		},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			result, err := newMiddlewaresTest([]*Middleware{headerMid, bodyMid}, &testArgs{
-				respHeaders: tc.respHeaders,
-				respBody:    tc.respBody,
-				respStatus:  http.StatusOK,
-			})
-			expect.NoError(t, err)
-			expect.Equal(t, result.ResponseStatus, tc.expectStatus)
-			expect.Equal(t, result.ResponseHeaders.Get("X-Rewrite"), tc.expectHeader)
-			expect.Equal(t, string(result.Data), tc.expectBody)
-		})
-	}
-}
-
-func TestMiddlewareResponseRewriteGateServeHTTP(t *testing.T) {
-	headerOpts := OptionsRaw{
-		"status_code": 418,
-		"header_key":  "X-Rewrite",
-		"header_val":  "1",
-	}
-	bodyOpts := OptionsRaw{
-		"body": "rewritten-body",
-	}
-	headerMid, err := responseHeaderRewrite.New(headerOpts)
-	expect.NoError(t, err)
-	bodyMid, err := responseBodyRewrite.New(bodyOpts)
-	expect.NoError(t, err)
-	mid := NewMiddlewareChain("test", []*Middleware{headerMid, bodyMid})
-
-	tests := []struct {
-		name             string
-		respHeaders      http.Header
-		respBody         string
-		expectStatusCode int
-		expectHeader     string
-		expectBody       string
-	}{
-		{
-			name: "allow_body_rewrite_for_html",
-			respHeaders: http.Header{
-				"Content-Type": []string{"text/html; charset=utf-8"},
-			},
-			respBody:         "<html><body>original</body></html>",
-			expectStatusCode: http.StatusTeapot,
-			expectHeader:     "1",
-			expectBody:       "rewritten-body",
-		},
-		{
-			name: "block_body_rewrite_for_binary_content",
-			respHeaders: http.Header{
-				"Content-Type": []string{"application/octet-stream"},
-			},
-			respBody:         "binary",
-			expectStatusCode: http.StatusOK,
-			expectHeader:     "",
-			expectBody:       "binary",
-		},
-		{
-			name: "block_body_rewrite_for_transfer_encoded_html",
-			respHeaders: http.Header{
-				"Content-Type":      []string{"text/html"},
-				"Transfer-Encoding": []string{"chunked"},
-			},
-			respBody:         "<html><body>original</body></html>",
-			expectStatusCode: http.StatusOK,
-			expectHeader:     "",
-			expectBody:       "<html><body>original</body></html>",
-		},
-		{
-			name: "block_body_rewrite_for_content_encoded_html",
-			respHeaders: http.Header{
-				"Content-Type":     []string{"text/html"},
-				"Content-Encoding": []string{"gzip"},
-			},
-			respBody:         "<html><body>original</body></html>",
-			expectStatusCode: http.StatusOK,
-			expectHeader:     "",
-			expectBody:       "<html><body>original</body></html>",
-		},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			req := httptest.NewRequest(http.MethodGet, "http://example.com", nil)
-			rw := httptest.NewRecorder()
-
-			next := func(w http.ResponseWriter, _ *http.Request) {
-				for key, values := range tc.respHeaders {
-					for _, value := range values {
-						w.Header().Add(key, value)
-					}
-				}
-				w.WriteHeader(http.StatusOK)
-				_, _ = w.Write([]byte(tc.respBody))
-			}
-
-			mid.ServeHTTP(next, rw, req)
-
-			resp := rw.Result()
-			defer resp.Body.Close()
-			data, readErr := io.ReadAll(resp.Body)
-			expect.NoError(t, readErr)
-
-			expect.Equal(t, resp.StatusCode, tc.expectStatusCode)
-			expect.Equal(t, resp.Header.Get("X-Rewrite"), tc.expectHeader)
-			expect.Equal(t, string(data), tc.expectBody)
-		})
-	}
-}
-
-func TestThemedSkipsBodyRewriteWhenRewriteBlocked(t *testing.T) {
-	result, err := newMiddlewareTest(Themed, &testArgs{
-		middlewareOpt: OptionsRaw{
-			"theme": DarkTheme,
-		},
-		respHeaders: http.Header{
-			"Content-Type":      []string{"text/html; charset=utf-8"},
-			"Transfer-Encoding": []string{"chunked"},
-		},
-		respBody: []byte("<html><body>original</body></html>"),
-	})
-	expect.NoError(t, err)
-	expect.Equal(t, string(result.Data), "<html><body>original</body></html>")
-}

internal/net/gphttp/middleware/modify_html.go

@@ -22,8 +22,6 @@ type modifyHTML struct {
 
 var ModifyHTML = NewMiddleware[modifyHTML]()
 
-func (*modifyHTML) isBodyResponseModifier() {}
-
 func (m *modifyHTML) before(_ http.ResponseWriter, req *http.Request) bool {
 	req.Header.Set("Accept-Encoding", "identity")
 	return true

internal/net/gphttp/middleware/test_utils_test.go

@@ -3,13 +3,12 @@ package middleware
 import (
 	"bytes"
 	_ "embed"
-	"encoding/json"
 	"io"
 	"maps"
 	"net/http"
 	"net/http/httptest"
-	"strings"
 
+	"github.com/bytedance/sonic"
 	"github.com/yusing/godoxy/internal/common"
 	nettypes "github.com/yusing/godoxy/internal/net/types"
 	"github.com/yusing/goutils/http/reverseproxy"
@@ -24,7 +23,7 @@ func init() {
 		return
 	}
 	tmp := map[string]string{}
-	err := json.Unmarshal(testHeadersRaw, &tmp)
+	err := sonic.Unmarshal(testHeadersRaw, &tmp)
 	if err != nil {
 		panic(err)
 	}
@@ -55,7 +54,7 @@ func (rt *requestRecorder) RoundTrip(req *http.Request) (resp *http.Response, er
 		resp = &http.Response{
 			Status:        http.StatusText(rt.args.respStatus),
 			StatusCode:    rt.args.respStatus,
-			Header:        maps.Clone(testHeaders),
+			Header:        testHeaders,
 			Body:          io.NopCloser(bytes.NewReader(rt.args.respBody)),
 			ContentLength: int64(len(rt.args.respBody)),
 			Request:       req,
@@ -66,27 +65,9 @@ func (rt *requestRecorder) RoundTrip(req *http.Request) (resp *http.Response, er
 		return nil, err
 	}
 	maps.Copy(resp.Header, rt.args.respHeaders)
-	if transferEncoding := resp.Header.Values("Transfer-Encoding"); len(transferEncoding) > 0 {
-		resp.TransferEncoding = parseHeaderTokens(transferEncoding)
-		resp.ContentLength = -1
-	}
 	return resp, nil
 }
 
-func parseHeaderTokens(values []string) []string {
-	var tokens []string
-	for _, value := range values {
-		for token := range strings.SplitSeq(value, ",") {
-			token = strings.TrimSpace(token)
-			if token == "" {
-				continue
-			}
-			tokens = append(tokens, token)
-		}
-	}
-	return tokens
-}
-
 type TestResult struct {
 	RequestHeaders  http.Header
 	ResponseHeaders http.Header

internal/net/gphttp/middleware/themed.go

@@ -54,8 +54,6 @@ func (m *themed) modifyResponse(resp *http.Response) error {
 	return m.m.modifyResponse(resp)
 }
 
-func (*themed) isBodyResponseModifier() {}
-
 func (m *themed) finalize() error {
 	m.m.Target = "body"
 	if m.FontURL != "" && m.FontFamily != "" {

internal/net/types/url.go

@@ -1,8 +1,9 @@
 package nettypes
 
 import (
-	"encoding/json"
 	urlPkg "net/url"
+
+	"github.com/bytedance/sonic"
 )
 
 type URL struct {
@@ -46,7 +47,7 @@ func (u *URL) MarshalJSON() (text []byte, err error) {
 	if u == nil {
 		return []byte("null"), nil
 	}
-	return json.Marshal(u.URL.String())
+	return sonic.Marshal(u.URL.String())
 }
 
 func (u *URL) Equals(other *URL) bool {

internal/notif/body.go

@@ -2,9 +2,9 @@ package notif
 
 import (
 	"bytes"
-	"encoding/json"
 	"strings"
 
+	"github.com/bytedance/sonic"
 	gperr "github.com/yusing/goutils/errs"
 )
 
@@ -70,7 +70,7 @@ func (f FieldsBody) Format(format LogFormat) ([]byte, error) {
 		}
 		return msg.Bytes(), nil
 	case LogFormatRawJSON:
-		return json.Marshal(f)
+		return sonic.Marshal(f)
 	}
 	return f.Format(LogFormatMarkdown)
 }
@@ -88,7 +88,7 @@ func (l ListBody) Format(format LogFormat) ([]byte, error) {
 		}
 		return msg.Bytes(), nil
 	case LogFormatRawJSON:
-		return json.Marshal(l)
+		return sonic.Marshal(l)
 	}
 	return l.Format(LogFormatMarkdown)
 }
@@ -98,7 +98,7 @@ func (m MessageBody) Format(format LogFormat) ([]byte, error) {
 	case LogFormatPlain, LogFormatMarkdown:
 		return []byte(m), nil
 	case LogFormatRawJSON:
-		return json.Marshal(m)
+		return sonic.Marshal(m)
 	}
 	return []byte(m), nil
 }
@@ -106,7 +106,7 @@ func (m MessageBody) Format(format LogFormat) ([]byte, error) {
 func (m MessageBodyBytes) Format(format LogFormat) ([]byte, error) {
 	switch format {
 	case LogFormatRawJSON:
-		return json.Marshal(string(m))
+		return sonic.Marshal(string(m))
 	default:
 	}
 	return m, nil
@@ -115,7 +115,7 @@ func (m MessageBodyBytes) Format(format LogFormat) ([]byte, error) {
 func (e errorBody) Format(format LogFormat) ([]byte, error) {
 	switch format {
 	case LogFormatRawJSON:
-		return json.Marshal(e.Error)
+		return sonic.Marshal(e.Error)
 	case LogFormatPlain:
 		return gperr.Plain(e.Error), nil
 	case LogFormatMarkdown:

internal/notif/gotify.go

@@ -1,10 +1,10 @@
 package notif
 
 import (
-	"encoding/json"
 	"fmt"
 	"io"
 
+	"github.com/bytedance/sonic"
 	"github.com/gotify/server/v2/model"
 	"github.com/rs/zerolog"
 	gperr "github.com/yusing/goutils/errs"
@@ -66,7 +66,7 @@ func (client *GotifyClient) MarshalMessage(logMsg *LogMessage) ([]byte, error) {
 		}
 	}
 
-	data, err := json.Marshal(msg)
+	data, err := sonic.Marshal(msg)
 	if err != nil {
 		return nil, err
 	}
@@ -77,7 +77,7 @@ func (client *GotifyClient) MarshalMessage(logMsg *LogMessage) ([]byte, error) {
 // fmtError implements Provider.
 func (client *GotifyClient) fmtError(respBody io.Reader) error {
 	var errm model.Error
-	err := json.NewDecoder(respBody).Decode(&errm)
+	err := sonic.ConfigDefault.NewDecoder(respBody).Decode(&errm)
 	if err != nil {
 		return fmt.Errorf("failed to decode err response: %w", err)
 	}

internal/notif/webhook.go

@@ -2,12 +2,12 @@ package notif
 
 import (
 	_ "embed"
-	"encoding/json"
 	"errors"
 	"io"
 	"net/http"
 	"strings"
 
+	"github.com/bytedance/sonic"
 	gperr "github.com/yusing/goutils/errs"
 )
 
@@ -101,7 +101,7 @@ func (webhook *Webhook) fmtError(respBody io.Reader) error {
 }
 
 func (webhook *Webhook) MarshalMessage(logMsg *LogMessage) ([]byte, error) {
-	title, err := json.Marshal(logMsg.Title)
+	title, err := sonic.Marshal(logMsg.Title)
 	if err != nil {
 		return nil, err
 	}
@@ -120,7 +120,7 @@ func (webhook *Webhook) MarshalMessage(logMsg *LogMessage) ([]byte, error) {
 		return nil, err
 	}
 	if webhook.MIMEType == MimeTypeJSON {
-		message, err = json.Marshal(string(message))
+		message, err = sonic.Marshal(string(message))
 		if err != nil {
 			return nil, err
 		}
@@ -149,5 +149,5 @@ func validateJSONPayload(payload string) bool {
 		"$color", "",
 	)
 	payload = replacer.Replace(payload)
-	return json.Valid([]byte(payload))
+	return sonic.Valid([]byte(payload))
 }

internal/proxmox/client.go

@@ -2,7 +2,6 @@ package proxmox
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
@@ -13,6 +12,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/bytedance/sonic"
 	"github.com/luthermonson/go-proxmox"
 	"golang.org/x/sync/errgroup"
 )
@@ -203,7 +203,7 @@ func (c *Client) Name() string {
 }
 
 func (c *Client) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"version": c.Version,
 		"cluster": map[string]any{
 			"name":    c.Cluster.Name,

internal/proxmox/node.go

@@ -2,10 +2,10 @@ package proxmox
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"strings"
 
+	"github.com/bytedance/sonic"
 	gperr "github.com/yusing/goutils/errs"
 	"github.com/yusing/goutils/pool"
 )
@@ -82,7 +82,7 @@ func (n *Node) String() string {
 }
 
 func (n *Node) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"name": n.name,
 		"id":   n.id,
 	})

internal/route/provider/all_fields.yaml

@@ -3,7 +3,6 @@ example: # matching `example.y.z`
   host: 10.0.0.254
   port: 80
   bind: 0.0.0.0
-  relay_proxy_protocol_header: false # tcp only, sends PROXY header to upstream
   root: /var/www/example
   spa: true
   index: index.html

internal/route/provider/docker_labels_test.go

@@ -3,8 +3,8 @@ package provider
 import (
 	"testing"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/goccy/go-yaml"
+	"github.com/moby/moby/api/types/container"
 	"github.com/yusing/godoxy/internal/docker"
 	"github.com/yusing/godoxy/internal/types"
 	expect "github.com/yusing/goutils/testing"
@@ -26,7 +26,7 @@ func TestParseDockerLabels(t *testing.T) {
 			Names:  []string{"container"},
 			Labels: labels,
 			State:  "running",
-			Ports: []container.Port{
+			Ports: []container.PortSummary{
 				{Type: "tcp", PrivatePort: 1234, PublicPort: 1234},
 			},
 		}, types.DockerProviderConfig{URL: "unix:///var/run/docker.sock"}),

internal/route/provider/docker_test.go

@@ -1,12 +1,13 @@
 package provider
 
 import (
+	"net/netip"
 	"testing"
 	"time"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/network"
+	"github.com/moby/moby/client"
 	D "github.com/yusing/godoxy/internal/docker"
 	"github.com/yusing/godoxy/internal/route"
 	routeTypes "github.com/yusing/godoxy/internal/route/types"
@@ -275,7 +276,7 @@ func TestPrivateIPLocalhost(t *testing.T) {
 		NetworkSettings: &container.NetworkSettingsSummary{
 			Networks: map[string]*network.EndpointSettings{
 				"network": {
-					IPAddress: testDockerIP,
+					IPAddress: netip.MustParseAddr(testDockerIP),
 				},
 			},
 		},
@@ -293,7 +294,7 @@ func TestPrivateIPRemote(t *testing.T) {
 		NetworkSettings: &container.NetworkSettingsSummary{
 			Networks: map[string]*network.EndpointSettings{
 				"network": {
-					IPAddress: testDockerIP,
+					IPAddress: netip.MustParseAddr(testDockerIP),
 				},
 			},
 		},
@@ -315,11 +316,11 @@ func TestStreamDefaultValues(t *testing.T) {
 		NetworkSettings: &container.NetworkSettingsSummary{
 			Networks: map[string]*network.EndpointSettings{
 				"network": {
-					IPAddress: privIP,
+					IPAddress: netip.MustParseAddr(privIP),
 				},
 			},
 		},
-		Ports: []container.Port{
+		Ports: []container.PortSummary{
 			{Type: "udp", PrivatePort: privPort, PublicPort: pubPort},
 		},
 	}
@@ -372,7 +373,7 @@ func TestImplicitExcludeDatabase(t *testing.T) {
 	t.Run("exposed port detection", func(t *testing.T) {
 		r, ok := makeRoutes(&container.Summary{
 			Names: dummyNames,
-			Ports: []container.Port{
+			Ports: []container.PortSummary{
 				{Type: "tcp", PrivatePort: 5432, PublicPort: 5432},
 			},
 		})["a"]

internal/route/reverse_proxy.go

@@ -123,24 +123,6 @@ func (r *ReverseProxyRoute) ReverseProxy() *reverseproxy.ReverseProxy {
 	return r.rp
 }
 
-func (r *ReverseProxyRoute) isSyntheticLoadBalancerRoute() bool {
-	return r.loadBalancer != nil && r.rp == nil
-}
-
-func (r *ReverseProxyRoute) Key() string {
-	if r.isSyntheticLoadBalancerRoute() {
-		return r.Alias
-	}
-	return r.Route.Key()
-}
-
-func (r *ReverseProxyRoute) ShouldExclude() bool {
-	if r.isSyntheticLoadBalancerRoute() {
-		return false
-	}
-	return r.Route.ShouldExclude()
-}
-
 // Start implements task.TaskStarter.
 func (r *ReverseProxyRoute) Start(parent task.Parent) error {
 	r.task = parent.Subtask("http."+r.Name(), false)
@@ -224,7 +206,7 @@ func (r *ReverseProxyRoute) addToLoadBalancer(parent task.Parent, ep entrypoint.
 		linked = l.(*ReverseProxyRoute) // it must be a reverse proxy route
 		lb = linked.loadBalancer
 		lb.UpdateConfigIfNeeded(cfg)
-		if linked.Homepage == nil || linked.Homepage.Name == "" {
+		if linked.Homepage.Name == "" {
 			linked.Homepage = r.Homepage
 		}
 	} else {

internal/route/reverse_proxy_test.go

@@ -1,165 +1,16 @@
 package route
 
 import (
-	"fmt"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"strconv"
-	"sync"
 	"testing"
-	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
-	"github.com/yusing/godoxy/internal/homepage"
 	route "github.com/yusing/godoxy/internal/route/types"
 	"github.com/yusing/godoxy/internal/types"
-	"github.com/yusing/goutils/task"
 )
 
-type testPool[T interface{ Key() string }] struct {
-	mu    sync.RWMutex
-	items map[string]T
-}
-
-func newTestPool[T interface{ Key() string }]() *testPool[T] {
-	return &testPool[T]{items: make(map[string]T)}
-}
-
-func (p *testPool[T]) Get(alias string) (T, bool) {
-	p.mu.RLock()
-	defer p.mu.RUnlock()
-	v, ok := p.items[alias]
-	return v, ok
-}
-
-func (p *testPool[T]) Iter(yield func(alias string, r T) bool) {
-	p.mu.RLock()
-	defer p.mu.RUnlock()
-	for alias, r := range p.items {
-		if !yield(alias, r) {
-			return
-		}
-	}
-}
-
-func (p *testPool[T]) Size() int {
-	p.mu.RLock()
-	defer p.mu.RUnlock()
-	return len(p.items)
-}
-
-func (p *testPool[T]) Add(r T) {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-	p.items[r.Key()] = r
-}
-
-func (p *testPool[T]) Del(r T) {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-	delete(p.items, r.Key())
-}
-
-type testEntrypoint struct {
-	httpRoutes     *testPool[types.HTTPRoute]
-	streamRoutes   *testPool[types.StreamRoute]
-	excludedRoutes *testPool[types.Route]
-}
-
-func newTestEntrypoint() *testEntrypoint {
-	return &testEntrypoint{
-		httpRoutes:     newTestPool[types.HTTPRoute](),
-		streamRoutes:   newTestPool[types.StreamRoute](),
-		excludedRoutes: newTestPool[types.Route](),
-	}
-}
-
-func (ep *testEntrypoint) SupportProxyProtocol() bool { return false }
-func (ep *testEntrypoint) DisablePoolsLog(bool)       {}
-
-func (ep *testEntrypoint) GetRoute(alias string) (types.Route, bool) {
-	if r, ok := ep.httpRoutes.Get(alias); ok {
-		return r, true
-	}
-	if r, ok := ep.streamRoutes.Get(alias); ok {
-		return r, true
-	}
-	if r, ok := ep.excludedRoutes.Get(alias); ok {
-		return r, true
-	}
-	return nil, false
-}
-
-func (ep *testEntrypoint) StartAddRoute(r types.Route) error {
-	if r.ShouldExclude() {
-		ep.excludedRoutes.Add(r)
-		return nil
-	}
-	switch rt := r.(type) {
-	case types.HTTPRoute:
-		ep.httpRoutes.Add(rt)
-		return nil
-	case types.StreamRoute:
-		ep.streamRoutes.Add(rt)
-		return nil
-	default:
-		return fmt.Errorf("unknown route type: %T", r)
-	}
-}
-
-func (ep *testEntrypoint) IterRoutes(yield func(r types.Route) bool) {
-	ep.httpRoutes.Iter(func(_ string, r types.HTTPRoute) bool {
-		return yield(r)
-	})
-	ep.streamRoutes.Iter(func(_ string, r types.StreamRoute) bool {
-		return yield(r)
-	})
-	ep.excludedRoutes.Iter(func(_ string, r types.Route) bool {
-		return yield(r)
-	})
-}
-
-func (ep *testEntrypoint) NumRoutes() int {
-	return ep.httpRoutes.Size() + ep.streamRoutes.Size() + ep.excludedRoutes.Size()
-}
-
-func (ep *testEntrypoint) RoutesByProvider() map[string][]types.Route {
-	return map[string][]types.Route{}
-}
-
-func (ep *testEntrypoint) HTTPRoutes() entrypoint.PoolLike[types.HTTPRoute] {
-	return ep.httpRoutes
-}
-
-func (ep *testEntrypoint) StreamRoutes() entrypoint.PoolLike[types.StreamRoute] {
-	return ep.streamRoutes
-}
-
-func (ep *testEntrypoint) ExcludedRoutes() entrypoint.RWPoolLike[types.Route] {
-	return ep.excludedRoutes
-}
-
-func (ep *testEntrypoint) GetHealthInfo() map[string]types.HealthInfo {
-	return nil
-}
-
-func (ep *testEntrypoint) GetHealthInfoWithoutDetail() map[string]types.HealthInfoWithoutDetail {
-	return nil
-}
-
-func (ep *testEntrypoint) GetHealthInfoSimple() map[string]types.HealthStatus {
-	return nil
-}
-
 func TestReverseProxyRoute(t *testing.T) {
 	t.Run("LinkToLoadBalancer", func(t *testing.T) {
-		testTask := task.GetTestTask(t)
-		entrypoint.SetCtx(testTask, newTestEntrypoint())
-
 		cfg := Route{
 			Alias:  "test",
 			Scheme: route.SchemeHTTP,
@@ -185,75 +36,4 @@ func TestReverseProxyRoute(t *testing.T) {
 		require.NoError(t, err)
 		assert.NotNil(t, r2)
 	})
-	t.Run("LoadBalancerRoute", func(t *testing.T) {
-		testTask := task.GetTestTask(t)
-		entrypoint.SetCtx(testTask, newTestEntrypoint())
-
-		newServer := func() *httptest.Server {
-			return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				w.WriteHeader(http.StatusOK)
-			}))
-		}
-
-		srv1 := newServer()
-		t.Cleanup(srv1.Close)
-		srv2 := newServer()
-		t.Cleanup(srv2.Close)
-		srv3 := newServer()
-		t.Cleanup(srv3.Close)
-
-		makeRoute := func(alias string, target *httptest.Server) *Route {
-			t.Helper()
-
-			targetURL, err := url.Parse(target.URL)
-			require.NoError(t, err)
-
-			host, portStr, err := net.SplitHostPort(targetURL.Host)
-			require.NoError(t, err)
-			port, err := strconv.Atoi(portStr)
-			require.NoError(t, err)
-
-			return &Route{
-				Alias:  alias,
-				Scheme: route.SchemeHTTP,
-				Host:   host,
-				Port:   Port{Proxy: port},
-				Homepage: &homepage.ItemConfig{
-					Show: true,
-				},
-				LoadBalance: &types.LoadBalancerConfig{
-					Link: "lb-test",
-				},
-				HealthCheck: types.HealthCheckConfig{
-					Path:     "/",
-					Interval: 2 * time.Second,
-					Timeout:  time.Second,
-					UseGet:   true,
-				},
-			}
-		}
-
-		_, err := NewStartedTestRoute(t, makeRoute("lb-1", srv1))
-		require.NoError(t, err)
-		_, err = NewStartedTestRoute(t, makeRoute("lb-2", srv2))
-		require.NoError(t, err)
-		_, err = NewStartedTestRoute(t, makeRoute("lb-3", srv3))
-		require.NoError(t, err)
-
-		ep := entrypoint.FromCtx(testTask.Context())
-		require.NotNil(t, ep)
-
-		lbRoute, ok := ep.HTTPRoutes().Get("lb-test")
-		require.True(t, ok)
-
-		lb, ok := lbRoute.(*ReverseProxyRoute)
-		require.True(t, ok)
-		require.False(t, lb.ShouldExclude())
-		require.NotNil(t, lb.loadBalancer)
-		require.NotNil(t, lb.HealthMonitor())
-		assert.Equal(t, route.SchemeNone, lb.Scheme)
-		assert.Empty(t, lb.Host)
-		assert.Zero(t, lb.Port.Proxy)
-		assert.Equal(t, "3/3 servers are healthy", lb.HealthMonitor().Detail())
-	})
 }

internal/route/route.go

@@ -54,16 +54,15 @@ type (
 		Index string `json:"index,omitempty"` // Index file to serve for single-page app mode
 
 		route.HTTPConfig
-		PathPatterns             []string                       `json:"path_patterns,omitempty" extensions:"x-nullable"`
-		Rules                    rules.Rules                    `json:"rules,omitempty" extensions:"x-nullable"`
-		RuleFile                 string                         `json:"rule_file,omitempty" extensions:"x-nullable"`
-		HealthCheck              types.HealthCheckConfig        `json:"healthcheck,omitzero" extensions:"x-nullable"` // null on load-balancer routes
-		LoadBalance              *types.LoadBalancerConfig      `json:"load_balance,omitempty" extensions:"x-nullable"`
-		Middlewares              map[string]types.LabelMap      `json:"middlewares,omitempty" extensions:"x-nullable"`
-		Homepage                 *homepage.ItemConfig           `json:"homepage"`
-		AccessLog                *accesslog.RequestLoggerConfig `json:"access_log,omitempty" extensions:"x-nullable"`
-		RelayProxyProtocolHeader bool                           `json:"relay_proxy_protocol_header,omitempty"` // TCP only: relay PROXY protocol header to the destination
-		Agent                    string                         `json:"agent,omitempty"`
+		PathPatterns []string                       `json:"path_patterns,omitempty" extensions:"x-nullable"`
+		Rules        rules.Rules                    `json:"rules,omitempty" extensions:"x-nullable"`
+		RuleFile     string                         `json:"rule_file,omitempty" extensions:"x-nullable"`
+		HealthCheck  types.HealthCheckConfig        `json:"healthcheck,omitzero" extensions:"x-nullable"` // null on load-balancer routes
+		LoadBalance  *types.LoadBalancerConfig      `json:"load_balance,omitempty" extensions:"x-nullable"`
+		Middlewares  map[string]types.LabelMap      `json:"middlewares,omitempty" extensions:"x-nullable"`
+		Homepage     *homepage.ItemConfig           `json:"homepage"`
+		AccessLog    *accesslog.RequestLoggerConfig `json:"access_log,omitempty" extensions:"x-nullable"`
+		Agent        string                         `json:"agent,omitempty"`
 
 		Proxmox *proxmox.NodeConfig `json:"proxmox,omitempty" extensions:"x-nullable"`
 
@@ -311,9 +310,6 @@ func (r *Route) validate() error {
 	if !r.UseHealthCheck() && (r.UseLoadBalance() || r.UseIdleWatcher()) {
 		errs.Adds("cannot disable healthcheck when loadbalancer or idle watcher is enabled")
 	}
-	if r.RelayProxyProtocolHeader && r.Scheme != route.SchemeTCP {
-		errs.Adds("relay_proxy_protocol_header is only supported for tcp routes")
-	}
 
 	if errs.HasError() {
 		return errs.Error()

internal/route/route_test.go

@@ -78,19 +78,6 @@ func TestRouteValidate(t *testing.T) {
 		require.NotNil(t, r.impl, "Impl should be initialized")
 	})
 
-	t.Run("RelayProxyProtocolHeaderTCPOnly", func(t *testing.T) {
-		r := &Route{
-			Alias:                    "test-udp-relay",
-			Scheme:                   route.SchemeUDP,
-			Host:                     "127.0.0.1",
-			Port:                     route.Port{Proxy: 53, Listening: 53},
-			RelayProxyProtocolHeader: true,
-		}
-		err := r.Validate()
-		require.Error(t, err, "Validate should reject proxy protocol relay on UDP routes")
-		require.ErrorContains(t, err, "relay_proxy_protocol_header is only supported for tcp routes")
-	})
-
 	t.Run("DockerContainer", func(t *testing.T) {
 		r := &Route{
 			Alias:  "test",

internal/route/rules/README.md

@@ -309,8 +309,7 @@ nested_block := on_expr ws* '{' do_body '}'
 
 Notes:
 
-- A nested block is recognized when a logical header ends with an unquoted `{`.
-- Logical headers can continue to the next line when the current line ends with `|` or `&`.
+- A nested block is recognized when a line ends with an unquoted `{` (ignoring trailing whitespace).
 - `on_expr` uses the same syntax as rule `on` (supports `|`, `&`, quoting/backticks, matcher functions, etc.).
 - The nested block executes **in sequence**, at the point where it appears in the parent `do` list.
 - Nested blocks are evaluated in the same phase the parent rule runs (no special phase promotion).
@@ -425,15 +424,6 @@ path !glob("/public/*")
 
 # OR within a line
 method GET | method POST
-
-# OR across multiple lines (line continuation)
-method GET |
-method POST |
-method PUT
-
-# AND across multiple lines
-header Connection Upgrade &
-header Upgrade websocket
 ```
 
 ### Variable Substitution
@@ -449,19 +439,8 @@ $remote_host     # Client IP
 # Dynamic variables
 $header(Name)           # Request header
 $header(Name, index)    # Header at index
-$resp_header(Name)      # Response header
 $arg(Name)              # Query argument
 $form(Name)             # Form field
-$postform(Name)         # POST form field
-$cookie(Name)           # Cookie value
-
-# Function composition: pass result of one function to another
-$redacted($header(Authorization))   # Redact the Authorization header value
-$redacted($arg(token))              # Redact a query parameter value
-$redacted($cookie(session))         # Redact a cookie value
-
-# $redacted: masks a value, showing only first 2 and last 2 characters
-$redacted(value)                    # Redact a plain string
 
 # Environment variables
 ${ENV_VAR}

internal/route/rules/do.go

@@ -1,7 +1,6 @@
 package rules
 
 import (
-	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -234,9 +233,6 @@ var commands = map[string]struct {
 			route := args.(string)
 			return func(w *httputils.ResponseModifier, req *http.Request, upstream http.HandlerFunc) error {
 				ep := entrypoint.FromCtx(req.Context())
-				if ep == nil {
-					return errors.New("entrypoint not found")
-				}
 				r, ok := ep.HTTPRoutes().Get(route)
 				if !ok {
 					excluded, has := ep.ExcludedRoutes().Get(route)

internal/route/rules/do_blocks.go

@@ -292,20 +292,6 @@ func parseAtBlockChain(src string, blockPos int) (CommandHandler, int, error) {
 }
 
 func lineEndsWithUnquotedOpenBrace(src string, lineStart int, lineEnd int) bool {
-	return lineEndsWithUnquotedToken(src, lineStart, lineEnd) == '{'
-}
-
-func lineContinuationOperator(src string, lineStart int, lineEnd int) byte {
-	token := lineEndsWithUnquotedToken(src, lineStart, lineEnd)
-	switch token {
-	case '|', '&':
-		return token
-	default:
-		return 0
-	}
-}
-
-func lineEndsWithUnquotedToken(src string, lineStart int, lineEnd int) byte {
 	quote := byte(0)
 	lastSignificant := byte(0)
 	atLineStart := true
@@ -348,22 +334,13 @@ func lineEndsWithUnquotedToken(src string, lineStart int, lineEnd int) byte {
 		atLineStart = false
 		prevIsSpace = false
 	}
-	if quote != 0 {
-		return 0
-	}
-	return lastSignificant
+	return quote == 0 && lastSignificant == '{'
 }
 
 // parseDoWithBlocks parses a do-body containing plain command lines and nested blocks.
 // It returns the outer command handlers and the require phase.
 //
-// A nested block is recognized when a logical header ends with an unquoted '{'.
-// Logical headers may span lines using trailing '|' or '&', for example:
-//
-//	remote 127.0.0.1 |
-//	remote 192.168.0.0/16 {
-//	  set header X-Remote-Type private
-//	}
+// A nested block is recognized when a line ends with an unquoted '{' (ignoring trailing whitespace).
 func parseDoWithBlocks(src string) (handlers []CommandHandler, err error) {
 	pos := 0
 	length := len(src)
@@ -423,38 +400,12 @@ func parseDoWithBlocks(src string) (handlers []CommandHandler, err error) {
 				linePos++
 			}
 
-			logicalEnd := linePos
-			for logicalEnd < length && src[logicalEnd] != '\n' {
-				logicalEnd++
+			lineEnd := linePos
+			for lineEnd < length && src[lineEnd] != '\n' {
+				lineEnd++
 			}
 
-			for linePos < length && lineContinuationOperator(src, linePos, logicalEnd) != 0 {
-				nextPos := logicalEnd
-				if nextPos < length && src[nextPos] == '\n' {
-					nextPos++
-				}
-				for nextPos < length {
-					c := rune(src[nextPos])
-					if c == '\n' {
-						nextPos++
-						continue
-					}
-					if c == '\r' || unicode.IsSpace(c) {
-						nextPos++
-						continue
-					}
-					break
-				}
-				if nextPos >= length {
-					break
-				}
-				logicalEnd = nextPos
-				for logicalEnd < length && src[logicalEnd] != '\n' {
-					logicalEnd++
-				}
-			}
-
-			if linePos < length && lineEndsWithUnquotedOpenBrace(src, linePos, logicalEnd) {
+			if linePos < length && lineEndsWithUnquotedOpenBrace(src, linePos, lineEnd) {
 				h, next, err := parseAtBlockChain(src, linePos)
 				if err != nil {
 					return nil, err
@@ -466,10 +417,10 @@ func parseDoWithBlocks(src string) (handlers []CommandHandler, err error) {
 			}
 
 			// Not a nested block; parse the rest of this line as a command.
-			if lerr := appendLineCommand(src[pos:logicalEnd]); lerr != nil {
+			if lerr := appendLineCommand(src[pos:lineEnd]); lerr != nil {
 				return nil, lerr
 			}
-			pos = logicalEnd
+			pos = lineEnd
 			lineStart = true
 			continue
 		}

internal/route/rules/do_blocks_test.go

@@ -71,38 +71,3 @@ func TestIfElseBlockCommandServeHTTP_ConditionalMatchedNilDoNotFallsThrough(t *t
 	require.NoError(t, err)
 	assert.False(t, elseCalled)
 }
-
-func TestParseDoWithBlocks_MultilineBlockHeaderContinuation(t *testing.T) {
-	tests := []struct {
-		name string
-		src  string
-	}{
-		{
-			name: "or continuation",
-			src: `
-remote 127.0.0.1 |
-remote 192.168.0.0/16 {
-  set header X-Remote-Type private
-}
-`,
-		},
-		{
-			name: "and continuation",
-			src: `
-method GET &
-remote 127.0.0.1 {
-  set header X-Remote-Type private
-}
-`,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			handlers, err := parseDoWithBlocks(tt.src)
-			require.NoError(t, err)
-			require.Len(t, handlers, 1)
-			require.IsType(t, IfBlockCommand{}, handlers[0])
-		})
-	}
-}

internal/route/rules/http_flow_block_test.go

@@ -456,8 +456,7 @@ func TestHTTPFlow_NestedBlocks_RemoteOverride(t *testing.T) {
 	err := parseRules(`
 header X-Test-Header {
   set header X-Remote-Type public
-  remote 127.0.0.1 |
-	remote 192.168.0.0/16 {
+  remote 127.0.0.1 | remote 192.168.0.0/16 {
     set header X-Remote-Type private
   }
 }

internal/route/rules/on.go

@@ -505,70 +505,62 @@ var (
 	andSeps    = [256]uint8{'&': 1, '\n': 1}
 )
 
-// splitAnd splits a condition string into AND parts.
-// It treats '&' and newline as AND separators, except when a line ends with
-// an unescaped '|' (OR continuation), where the newline stays in the same part.
-// Empty parts are omitted.
+func indexAnd(s string) int {
+	for i := range s {
+		if andSeps[s[i]] != 0 {
+			return i
+		}
+	}
+	return -1
+}
+
+func countAnd(s string) int {
+	n := 0
+	for i := range s {
+		if andSeps[s[i]] != 0 {
+			n++
+		}
+	}
+	return n
+}
+
+// splitAnd splits a string by "&" and "\n" with all spaces removed.
+// empty strings are not included in the result.
 func splitAnd(s string) []string {
 	if s == "" {
 		return []string{}
 	}
-	result := []string{}
-	forEachAndPart(s, func(part string) {
-		result = append(result, part)
-	})
-	return result
-}
-
-func lineEndsWithUnescapedPipe(s string, start, end int) bool {
-	for i := end - 1; i >= start; i-- {
-		if asciiSpace[s[i]] != 0 {
-			continue
+	n := countAnd(s)
+	a := make([]string, n+1)
+	i := 0
+	for i < n {
+		end := indexAnd(s)
+		if end == -1 {
+			break
 		}
-		if s[i] != '|' {
-			return false
+		beg := 0
+		// trim leading spaces
+		for beg < end && asciiSpace[s[beg]] != 0 {
+			beg++
 		}
-		escapes := 0
-		for j := i - 1; j >= start && s[j] == '\\'; j-- {
-			escapes++
+		// trim trailing spaces
+		next := end + 1
+		for end-1 > beg && asciiSpace[s[end-1]] != 0 {
+			end--
 		}
-		return escapes%2 == 0
+		// skip empty segments
+		if end > beg {
+			a[i] = s[beg:end]
+			i++
+		}
+		s = s[next:]
 	}
-	return false
-}
-
-func advanceSplitState(s string, i *int, quote *byte, brackets *int) bool {
-	c := s[*i]
-	if *quote != 0 {
-		if c == '\\' && *i+1 < len(s) {
-			*i++
-			return true
-		}
-		if c == *quote {
-			*quote = 0
-		}
-		return true
+	s = strings.TrimSpace(s)
+	if s != "" {
+		a[i] = s
+		i++
 	}
-
-	switch c {
-	case '\\':
-		if *i+1 < len(s) {
-			*i++
-			return true
-		}
-	case '"', '\'', '`':
-		*quote = c
-		return true
-	case '(':
-		*brackets++
-		return true
-	case ')':
-		if *brackets > 0 {
-			*brackets--
-		}
-		return true
-	}
-	return false
+	return a[:i]
 }
 
 // splitPipe splits a string by "|" but respects quotes, brackets, and escaped characters.
@@ -586,26 +578,8 @@ func splitPipe(s string) []string {
 }
 
 func forEachAndPart(s string, fn func(part string)) {
-	quote := byte(0)
-	brackets := 0
 	start := 0
-
 	for i := 0; i <= len(s); i++ {
-		if i < len(s) {
-			c := s[i]
-			if advanceSplitState(s, &i, &quote, &brackets) {
-				continue
-			}
-
-			if c == '\n' {
-				if brackets > 0 || lineEndsWithUnescapedPipe(s, start, i) {
-					continue
-				}
-			} else if c != '&' || brackets > 0 {
-				continue
-			}
-		}
-
 		if i < len(s) && andSeps[s[i]] == 0 {
 			continue
 		}
@@ -623,14 +597,30 @@ func forEachPipePart(s string, fn func(part string)) {
 	start := 0
 
 	for i := 0; i < len(s); i++ {
-		if advanceSplitState(s, &i, &quote, &brackets) {
-			continue
-		}
-		if s[i] == '|' && brackets == 0 {
-			if part := strings.TrimSpace(s[start:i]); part != "" {
-				fn(part)
+		switch s[i] {
+		case '\\':
+			if i+1 < len(s) {
+				i++
+			}
+		case '"', '\'', '`':
+			if quote == 0 && brackets == 0 {
+				quote = s[i]
+			} else if s[i] == quote {
+				quote = 0
+			}
+		case '(':
+			brackets++
+		case ')':
+			if brackets > 0 {
+				brackets--
+			}
+		case '|':
+			if quote == 0 && brackets == 0 {
+				if part := strings.TrimSpace(s[start:i]); part != "" {
+					fn(part)
+				}
+				start = i + 1
 			}
-			start = i + 1
 		}
 	}
 	if start < len(s) {

internal/route/rules/on_internal_test.go

@@ -1,8 +1,6 @@
 package rules
 
 import (
-	"net/http"
-	"net/url"
 	"testing"
 
 	gperr "github.com/yusing/goutils/errs"
@@ -135,16 +133,6 @@ func TestSplitAnd(t *testing.T) {
 			input: " rule1\nrule2 & rule3 ",
 			want:  []string{"rule1", "rule2", "rule3"},
 		},
-		{
-			name:  "newline_after_pipe_is_or_continuation",
-			input: "path /abc |\npath /bcd",
-			want:  []string{"path /abc |\npath /bcd"},
-		},
-		{
-			name:  "newline_after_pipe_with_spaces_is_or_continuation",
-			input: "path /abc |   \n  path /bcd",
-			want:  []string{"path /abc |   \n  path /bcd"},
-		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -292,11 +280,6 @@ func TestParseOn(t *testing.T) {
 			input:   `method GET | path regex("^(_next/static|_next/image|favicon.ico).*$") | header Authorization`,
 			wantErr: nil,
 		},
-		{
-			name:    "pipe_multiline_continuation",
-			input:   "path /abc |\npath /bcd |",
-			wantErr: nil,
-		},
 	}
 
 	for _, tt := range tests {
@@ -311,18 +294,3 @@ func TestParseOn(t *testing.T) {
 		})
 	}
 }
-
-func TestRuleOnParse_MultilineOrContinuation(t *testing.T) {
-	var on RuleOn
-	err := on.Parse("path /abc |\npath /bcd |")
-	expect.NoError(t, err)
-
-	w := http.ResponseWriter(nil)
-	reqABC := &http.Request{URL: &url.URL{Path: "/abc"}}
-	reqBCD := &http.Request{URL: &url.URL{Path: "/bcd"}}
-	reqXYZ := &http.Request{URL: &url.URL{Path: "/xyz"}}
-
-	expect.Equal(t, on.Check(w, reqABC), true)
-	expect.Equal(t, on.Check(w, reqBCD), true)
-	expect.Equal(t, on.Check(w, reqXYZ), false)
-}

internal/route/rules/presets/webui_dev.yml

@@ -6,10 +6,9 @@
     !path glob("/@tanstack-start/*")
     !path glob("/@vite-plugin-pwa/*")
     !path glob("/__tsd/*")
-    !path glob("/src/*")
     !path /@react-refresh
     !path /@vite/client
-    !header Sec-Websocket-Protocol vite-hmr
+    !path regex("/\?token=[a-zA-Z0-9-_]+")
     !path glob("/@id/*")
     !path glob("/api/v1/auth/*")
     !path glob("/auth/*")

internal/route/rules/rules.go

@@ -27,21 +27,22 @@ type (
 			Example:
 
 				proxy.app1.rules: |
-					default {
-						rewrite / /index.html
-						serve /var/www/goaccess
-					}
-					header Connection Upgrade & header Upgrade websocket {
-						bypass
-					}
+					- name: default
+						do: |
+							rewrite / /index.html
+							serve /var/www/goaccess
+					- name: ws
+						on: |
+							header Connection Upgrade
+							header Upgrade websocket
+						do: bypass
 
 				proxy.app2.rules: |
-					default {
-						bypass
-					}
-					method POST | method PUT {
-						error 403 Forbidden
-					}
+					- name: default
+						do: bypass
+					- name: block POST and PUT
+						on: method POST | method PUT
+						do: error 403 Forbidden
 	*/
 	//nolint:recvcheck
 	Rules []Rule

internal/route/rules/vars.go

@@ -152,12 +152,6 @@ func ExpandVars(w *httputils.ResponseModifier, req *http.Request, src string, ds
 					return phase, err
 				}
 				i = nextIdx
-				// Expand any nested $func(...) expressions in args
-				args, argPhase, err := expandArgs(args, w, req)
-				if err != nil {
-					return phase, err
-				}
-				phase |= argPhase
 				actual, err = getter.get(args, w, req)
 				if err != nil {
 					return phase, err
@@ -227,18 +221,6 @@ func extractArgs(src string, i int, funcName string) (args []string, nextIdx int
 			continue
 		}
 
-		// Nested function call: $func(...) as an argument
-		if ch == '$' && arg.Len() == 0 {
-			// Capture the entire $func(...) expression as a raw argument token
-			nestedEnd, nestedErr := extractNestedFuncExpr(src, nextIdx)
-			if nestedErr != nil {
-				return nil, 0, nestedErr
-			}
-			args = append(args, src[nextIdx:nestedEnd+1])
-			nextIdx = nestedEnd + 1
-			continue
-		}
-
 		if ch == ')' {
 			// End of arguments
 			if arg.Len() > 0 {
@@ -274,70 +256,3 @@ func extractArgs(src string, i int, funcName string) (args []string, nextIdx int
 	}
 	return nil, 0, ErrUnterminatedParenthesis.Withf("func %q", funcName)
 }
-
-// extractNestedFuncExpr finds the end index (inclusive) of a $func(...) expression
-// starting at position start in src. It handles nested parentheses.
-func extractNestedFuncExpr(src string, start int) (endIdx int, err error) {
-	// src[start] must be '$'
-	i := start + 1
-	// skip the function name (valid var name chars)
-	for i < len(src) && validVarNameCharset[src[i]] {
-		i++
-	}
-	if i >= len(src) || src[i] != '(' {
-		return 0, ErrUnterminatedParenthesis.Withf("nested func at position %d", start)
-	}
-	// Now find the matching closing parenthesis, respecting quotes and nesting
-	depth := 0
-	var quote byte
-	for i < len(src) {
-		ch := src[i]
-		if quote != 0 {
-			if ch == quote {
-				quote = 0
-			}
-			i++
-			continue
-		}
-		if quoteChars[ch] {
-			quote = ch
-			i++
-			continue
-		}
-		switch ch {
-		case '(':
-			depth++
-		case ')':
-			depth--
-			if depth == 0 {
-				return i, nil
-			}
-		}
-		i++
-	}
-	if quote != 0 {
-		return 0, ErrUnterminatedQuotes.Withf("nested func at position %d", start)
-	}
-	return 0, ErrUnterminatedParenthesis.Withf("nested func at position %d", start)
-}
-
-// expandArgs expands any args that are nested dynamic var expressions (starting with '$').
-// It returns the expanded args and the combined phase flags.
-func expandArgs(args []string, w *httputils.ResponseModifier, req *http.Request) (expanded []string, phase PhaseFlag, err error) {
-	expanded = make([]string, len(args))
-	for i, arg := range args {
-		if len(arg) > 0 && arg[0] == '$' {
-			var buf strings.Builder
-			var argPhase PhaseFlag
-			argPhase, err = ExpandVars(w, req, arg, &buf)
-			if err != nil {
-				return nil, phase, err
-			}
-			phase |= argPhase
-			expanded[i] = buf.String()
-		} else {
-			expanded[i] = arg
-		}
-	}
-	return expanded, phase, nil
-}

internal/route/rules/vars_dynamic.go

@@ -6,7 +6,6 @@ import (
 	"strconv"
 
 	httputils "github.com/yusing/goutils/http"
-	strutils "github.com/yusing/goutils/strings"
 )
 
 var (
@@ -16,7 +15,6 @@ var (
 	VarQuery          = "arg"
 	VarForm           = "form"
 	VarPostForm       = "postform"
-	VarRedacted       = "redacted"
 )
 
 type dynamicVarGetter struct {
@@ -96,17 +94,6 @@ var dynamicVarSubsMap = map[string]dynamicVarGetter{
 			return getValueByKeyAtIndex(req.PostForm, key, index)
 		},
 	},
-	// VarRedacted wraps the result of its single argument (which may be another dynamic var
-	// expression, already expanded by expandArgs) with strutils.Redact.
-	VarRedacted: {
-		phase: PhaseNone,
-		get: func(args []string, w *httputils.ResponseModifier, req *http.Request) (string, error) {
-			if len(args) != 1 {
-				return "", ErrExpectOneArg
-			}
-			return strutils.Redact(args[0]), nil
-		},
-	},
 }
 
 func getValueByKeyAtIndex[Values http.Header | url.Values](values Values, key string, index int) (string, error) {