From c0b2cbe1c8256852adf20f3c4feccf69c66ba7b5 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Fri, 6 Feb 2026 09:30:35 -0700
Subject: [PATCH 01/17] docs: update preferred external port design in TODO

---
 agents/TODO.md | 107 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 107 insertions(+)

diff --git a/agents/TODO.md b/agents/TODO.md
index 70124aa74..2ee9bbe2b 100644
--- a/agents/TODO.md
+++ b/agents/TODO.md
@@ -6,4 +6,111 @@ Pending tasks for AI agents. Remove items when completed.
 
 - [ ] Architecture - Web (`/web`) - @MattDHill
 
+## Features
 
+- [ ] Support preferred external ports besides 443 - @dr-bonez
+
+  **Problem**: Currently, port 443 is the only preferred external port that is actually honored. When a
+  service requests `preferred_external_port: 8443` (or any non-443 value) for SSL, the system ignores
+  the preference and assigns a dynamic-range port (49152-65535). The `preferred_external_port` is only
+  used as a label for Tor mappings and as a trigger for the port-443 special case in `update()`.
+
+  **Goal**: Honor `preferred_external_port` for both SSL and non-SSL binds when the requested port is
+  available, with proper conflict resolution and fallback to dynamic-range allocation.
+
+  ### Design
+
+  **Key distinction**: There are two separate concepts for SSL port usage:
+
+  1. **Port ownership** (`assigned_ssl_port`) — A port exclusively owned by a binding, allocated from
+     `AvailablePorts`. Used for server hostnames (`.local`, mDNS, etc.) and iptables forwards.
+  2. **Domain SSL port** — The port used for domain-based vhost entries. A binding does NOT need to own
+     a port to have a domain vhost on it. The VHostController already supports multiple hostnames on the
+     same port via SNI. Any binding can create a domain vhost entry on any SSL port that the
+     VHostController has a listener for, regardless of who "owns" that port.
+
+  For example: the OS owns port 443 as its `assigned_ssl_port`. A service with
+  `preferred_external_port: 443` won't get 443 as its `assigned_ssl_port` (it's taken), but it CAN
+  still have domain vhost entries on port 443 — SNI routes by hostname.
+
+  #### 1. Preferred Port Allocation for Ownership (`forward.rs`, `binding.rs`)
+
+  Expand `AvailablePorts` to support trying a preferred port before falling back to the dynamic range:
+
+  - Add `try_alloc(port) -> Option<u16>`: Attempts to exclusively allocate a specific port. Returns
+    `None` if the port is already allocated or restricted.
+  - Enforce the restricted port list (currently noted in `vhost.rs:89`: `<=1024, >=32768, 5355, 5432,
+    9050, 6010, 9051, 5353`) — skip the preferred port if restricted, except for ports the OS itself
+    uses (80, 443).
+  - No SSL-vs-non-SSL distinction or refcounting needed at this layer — ownership is always exclusive.
+    SSL port sharing for domains is handled entirely by the VHostController via SNI.
+
+  Modify `BindInfo::new()` and `BindInfo::update()` to attempt the preferred port first:
+
+  ```
+  assigned_ssl_port = try_alloc(ssl.preferred_external_port)
+                      .unwrap_or(dynamic_pool.alloc())
+  assigned_port     = try_alloc(options.preferred_external_port)
+                      .unwrap_or(dynamic_pool.alloc())
+  ```
+
+  After this change, `assigned_ssl_port` may match the preferred port if it was available, or fall back
+  to the dynamic range as before.
+
+  #### 2. Eliminate the Port 5443 Hack: Source-IP-Based Public/Private Gating (`vhost.rs`, `net_controller.rs`)
+
+  **Current problem**: The `if ssl.preferred_external_port == 443` branch (line 341 of
+  `net_controller.rs`) creates a bespoke dual-vhost setup: port 5443 for private-only access and port
+  443 for public (or public+private). This exists because both public and private traffic arrive on the
+  same port 443 listener, and the current `InterfaceFilter`/`PublicFilter` model distinguishes
+  public/private by which *network interface* the connection arrived on — which doesn't work when both
+  traffic types share a listener.
+
+  **Solution**: Determine public vs private based on **source IP** at the vhost level. Traffic arriving
+  from the gateway IP should be treated as public (the gateway may MASQUERADE/NAT internet traffic, so
+  anything from the gateway is potentially public). Traffic from LAN IPs is private.
+
+  This applies to **all** vhost targets, not just port 443:
+
+  - **Add a `public` field to `ProxyTarget`** (or an enum: `Public`, `Private`, `Both`) indicating
+    what traffic this target accepts.
+  - **Modify `VHostTarget::filter()`** (`vhost.rs:342`): Instead of (or in addition to) checking the
+    network interface via `GatewayInfo`, check the source IP of the TCP connection against known gateway
+    IPs. If the source IP matches a gateway or IP outside the subnet, the connection is public;
+    otherwise it's private. Use this to gate against the target's `public` field.
+  - **Eliminate the 5443 port entirely**: A single vhost entry on port 443 (or any shared SSL port) can
+    serve both public and private traffic, with per-target source-IP gating determining which backend
+    handles which connections.
+
+  #### 3. Simplify `update()` Domain Vhost Logic (`net_controller.rs`)
+
+  With source-IP gating in the vhost controller:
+
+  - **Remove the `== 443` special case** and the 5443 secondary vhost.
+  - For **server hostnames** (`.local`, mDNS, embassy, startos, localhost): use `assigned_ssl_port`
+    (the port the binding owns).
+  - For **domain-based vhost entries**: attempt to use `preferred_external_port` as the vhost port.
+    This succeeds if the port is either unused or already has an SSL listener (SNI handles sharing).
+    It fails only if the port is already in use by a non-SSL binding, or is a restricted port. On
+    failure, fall back to `assigned_ssl_port`.
+  - Each domain vhost entry declares whether it's public, private, or both — the vhost controller uses
+    source IP to enforce this.
+  - Hostname info must exactly match the actual vhost port used: for server hostnames, report
+    `ssl_port: assigned_ssl_port`. For domains, report `ssl_port: preferred_external_port` if it was
+    successfully used for the domain vhost, otherwise report `ssl_port: assigned_ssl_port`.
+
+  #### 4. No SDK or Frontend Changes Needed
+
+  - SDK: `preferredExternalPort` is already exposed in `BindOptions` and `AddSslOptions`.
+  - Frontend: Already reads `assigned_port`/`assigned_ssl_port` from `NetInfo`.
+
+  ### Key Files
+
+  | File | Role |
+  |------|------|
+  | `core/src/net/forward.rs` | `AvailablePorts` — port pool allocation |
+  | `core/src/net/host/binding.rs` | `BindInfo::new()` / `update()` — port assignment at bind time |
+  | `core/src/net/net_controller.rs:259` | `NetServiceData::update()` — vhost/forward/DNS reconciliation, 5443 hack removal |
+  | `core/src/net/vhost.rs` | `VHostController` / `ProxyTarget` — source-IP gating for public/private |
+  | `core/src/net/gateway.rs` | `PublicFilter`, `InterfaceFilter` — may need refactoring |
+  | `sdk/base/lib/interfaces/Host.ts` | SDK `MultiHost.bindPort()` — no changes needed |

From 8f809dab216efd647b4c6ebf90567b6726bf7c30 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Sun, 8 Feb 2026 11:17:43 -0700
Subject: [PATCH 02/17] docs: add user-controlled public/private and port
 forward mapping to design

---
 agents/TODO.md | 81 +++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 73 insertions(+), 8 deletions(-)

diff --git a/agents/TODO.md b/agents/TODO.md
index 2ee9bbe2b..9d39f2d7a 100644
--- a/agents/TODO.md
+++ b/agents/TODO.md
@@ -57,7 +57,46 @@ Pending tasks for AI agents. Remove items when completed.
   After this change, `assigned_ssl_port` may match the preferred port if it was available, or fall back
   to the dynamic range as before.
 
-  #### 2. Eliminate the Port 5443 Hack: Source-IP-Based Public/Private Gating (`vhost.rs`, `net_controller.rs`)
+  #### 2. User-Controlled Public/Private on Bindings
+
+  There are three distinct concepts for public/private in the system:
+
+  1. **Gateway public/private** (descriptive): A property of the gateway/network interface — whether
+     its ports are publicly reachable from the internet without port forwards. This is
+     `NetworkInterfaceInfo::public()`.
+  2. **Binding public/private** (user intent): Whether the user wants this binding to be reachable from
+     the internet. This is a **new** user-controlled field on the binding.
+  3. **`public_enabled` / `private_disabled`** (per-gateway overrides): Override the default behavior
+     where private gateways are enabled and public gateways are disabled. These sets are per-gateway
+     exceptions to that default.
+
+  Add a `public` field to `BindInfo` (or `NetInfo`) representing user intent:
+
+  - **When `public = false`** (default): Block WAN traffic to this binding using source-IP gating
+    (see Section 3). The binding is only accessible on the LAN.
+  - **When `public = true`**: Allow WAN traffic. Additionally, maintain a port forward mapping in
+    patch-db (see Section 4) so the user knows what to configure on their router.
+
+  **New RPC endpoints** (`binding.rs`):
+
+  Following the existing `HostApiKind` pattern, add a new subcommand to the `binding` parent handler:
+
+  - **`set-public`** — Set whether a binding should be publicly accessible.
+
+    ```ts
+    interface BindingSetPublicParams {
+      internalPort: number
+      public: boolean
+    }
+    ```
+
+    Mutates `BindInfo` to set the `public` field, syncs the host. Uses `sync_db` metadata.
+
+    This yields two RPC methods:
+    - `server.host.binding.set-public`
+    - `package.host.binding.set-public`
+
+  #### 3. Eliminate the Port 5443 Hack: Source-IP-Based WAN Blocking (`vhost.rs`, `net_controller.rs`)
 
   **Current problem**: The `if ssl.preferred_external_port == 443` branch (line 341 of
   `net_controller.rs`) creates a bespoke dual-vhost setup: port 5443 for private-only access and port
@@ -73,7 +112,7 @@ Pending tasks for AI agents. Remove items when completed.
   This applies to **all** vhost targets, not just port 443:
 
   - **Add a `public` field to `ProxyTarget`** (or an enum: `Public`, `Private`, `Both`) indicating
-    what traffic this target accepts.
+    what traffic this target accepts, derived from the binding's user-controlled `public` field.
   - **Modify `VHostTarget::filter()`** (`vhost.rs:342`): Instead of (or in addition to) checking the
     network interface via `GatewayInfo`, check the source IP of the TCP connection against known gateway
     IPs. If the source IP matches a gateway or IP outside the subnet, the connection is public;
@@ -82,7 +121,21 @@ Pending tasks for AI agents. Remove items when completed.
     serve both public and private traffic, with per-target source-IP gating determining which backend
     handles which connections.
 
-  #### 3. Simplify `update()` Domain Vhost Logic (`net_controller.rs`)
+  #### 4. Port Forward Mapping in Patch-DB
+
+  When a binding is marked `public = true`, StartOS must record the required port forwards in patch-db
+  so the frontend can display them to the user. The user then configures these on their router manually.
+
+  For each public binding, store:
+  - The external port the router should forward (the actual vhost port used for domains, or the
+    `assigned_port` / `assigned_ssl_port` for non-domain access)
+  - The protocol (TCP/UDP)
+  - The StartOS LAN IP as the forward target
+  - Which service/binding this forward is for (for display purposes)
+
+  This mapping should be in the public database model so the frontend can read and display it.
+
+  #### 5. Simplify `update()` Domain Vhost Logic (`net_controller.rs`)
 
   With source-IP gating in the vhost controller:
 
@@ -93,16 +146,17 @@ Pending tasks for AI agents. Remove items when completed.
     This succeeds if the port is either unused or already has an SSL listener (SNI handles sharing).
     It fails only if the port is already in use by a non-SSL binding, or is a restricted port. On
     failure, fall back to `assigned_ssl_port`.
-  - Each domain vhost entry declares whether it's public, private, or both — the vhost controller uses
-    source IP to enforce this.
+  - The binding's `public` field determines the `ProxyTarget`'s public/private gating.
   - Hostname info must exactly match the actual vhost port used: for server hostnames, report
     `ssl_port: assigned_ssl_port`. For domains, report `ssl_port: preferred_external_port` if it was
     successfully used for the domain vhost, otherwise report `ssl_port: assigned_ssl_port`.
 
-  #### 4. No SDK or Frontend Changes Needed
+  #### 6. SDK and Frontend Changes
 
-  - SDK: `preferredExternalPort` is already exposed in `BindOptions` and `AddSslOptions`.
-  - Frontend: Already reads `assigned_port`/`assigned_ssl_port` from `NetInfo`.
+  - **SDK**: `preferredExternalPort` is already exposed. No additional SDK changes needed.
+  - **Frontend**: Needs to display the port forward mapping from patch-db, showing the user what
+    router configuration is required for their public bindings. Also needs UI for toggling the
+    `public` field on a binding. Bindings are always private by default.
 
   ### Key Files
 
@@ -114,3 +168,14 @@ Pending tasks for AI agents. Remove items when completed.
   | `core/src/net/vhost.rs` | `VHostController` / `ProxyTarget` — source-IP gating for public/private |
   | `core/src/net/gateway.rs` | `PublicFilter`, `InterfaceFilter` — may need refactoring |
   | `sdk/base/lib/interfaces/Host.ts` | SDK `MultiHost.bindPort()` — no changes needed |
+  | `core/src/db/model/public.rs` | Public DB model — port forward mapping |
+
+- [ ] Auto-configure port forwards via UPnP/NAT-PMP/PCP - @dr-bonez
+
+  **Blocked by**: "Support preferred external ports besides 443" (must be implemented and tested
+  end-to-end first).
+
+  **Goal**: When a binding is marked public, automatically configure port forwards on the user's router
+  using UPnP, NAT-PMP, or PCP, instead of requiring manual router configuration. Fall back to
+  displaying manual instructions (the port forward mapping from patch-db) when auto-configuration is
+  unavailable or fails.

From 2e03a95e4716bcec1e4f01a587ee8476f28494bd Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Mon, 9 Feb 2026 13:10:57 -0700
Subject: [PATCH 03/17] docs: overhaul interfaces page design with view/manage
 split and per-address controls

---
 agents/TODO.md | 175 ++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 144 insertions(+), 31 deletions(-)

diff --git a/agents/TODO.md b/agents/TODO.md
index 9d39f2d7a..956343afb 100644
--- a/agents/TODO.md
+++ b/agents/TODO.md
@@ -57,44 +57,73 @@ Pending tasks for AI agents. Remove items when completed.
   After this change, `assigned_ssl_port` may match the preferred port if it was available, or fall back
   to the dynamic range as before.
 
-  #### 2. User-Controlled Public/Private on Bindings
+  #### 2. Per-Address Enable/Disable (replaces gateway overrides)
 
-  There are three distinct concepts for public/private in the system:
+  **Current model being removed**: `NetInfo` has `private_disabled: OrdSet<GatewayId>` and
+  `public_enabled: OrdSet<GatewayId>` — gateway-level toggles where private gateways are enabled by
+  default and public gateways are disabled by default. The `set-gateway-enabled` RPC endpoint and the
+  `InterfaceFilter` impl on `NetInfo` use these sets. This model is unintuitive because users think in
+  terms of individual addresses, not gateways.
 
-  1. **Gateway public/private** (descriptive): A property of the gateway/network interface — whether
-     its ports are publicly reachable from the internet without port forwards. This is
-     `NetworkInterfaceInfo::public()`.
-  2. **Binding public/private** (user intent): Whether the user wants this binding to be reachable from
-     the internet. This is a **new** user-controlled field on the binding.
-  3. **`public_enabled` / `private_disabled`** (per-gateway overrides): Override the default behavior
-     where private gateways are enabled and public gateways are disabled. These sets are per-gateway
-     exceptions to that default.
+  **New model**: Per-address enable/disable. Each computed address in `hostname_info` gets an `enabled`
+  field. Users toggle individual addresses on the View page (see Section 6).
 
-  Add a `public` field to `BindInfo` (or `NetInfo`) representing user intent:
+  **How disabling works per address type**:
 
-  - **When `public = false`** (default): Block WAN traffic to this binding using source-IP gating
-    (see Section 3). The binding is only accessible on the LAN.
-  - **When `public = true`**: Allow WAN traffic. Additionally, maintain a port forward mapping in
-    patch-db (see Section 4) so the user knows what to configure on their router.
+  The enforcement mechanism varies by address type because different addresses are reached through
+  different network paths:
 
-  **New RPC endpoints** (`binding.rs`):
+  - **WAN IP:port** (public gateway IP addresses): Disabled via **source-IP gating** in the vhost
+    layer (Section 3). Public and private traffic share the same port listener, so we can't just
+    remove the vhost entry — that would also block private traffic. Instead, the vhost target is
+    tagged with which source-IP classes it accepts. When a WAN IP address is disabled, the vhost
+    target rejects connections whose source IP matches the gateway (i.e., NAT'd internet traffic)
+    or falls outside the gateway's LAN subnets. LAN traffic to the same port is unaffected.
+  - **LAN IP:port** (private gateway IP addresses): Also enforced via **source-IP gating**. When
+    disabled, the vhost target rejects connections from LAN subnets on that gateway. This is the
+    inverse of the WAN case — same mechanism, different source-IP class.
+  - **Hostname-based addresses** (`.local`, domains): Disabled by **not creating the vhost/SNI
+    entry** for that hostname. Since hostname-based routing uses SNI (SSL) or Host header (HTTP),
+    removing the entry means the hostname simply doesn't resolve to a backend. No traffic reaches
+    the service for that hostname.
+  - **Onion addresses**: Disabled by **not creating the Tor hidden service mapping**. The Tor
+    daemon won't advertise the onion:port, so no traffic arrives.
 
-  Following the existing `HostApiKind` pattern, add a new subcommand to the `binding` parent handler:
+  **Backend changes**:
 
-  - **`set-public`** — Set whether a binding should be publicly accessible.
+  - **Remove from `NetInfo`**: Delete the `private_disabled` and `public_enabled` fields entirely.
+  - **Add to `NetInfo`**: A `disabled` set containing identifiers for addresses the user has explicitly
+    disabled. The identifier must be stable across network changes — e.g., `(gateway_id, hostname_kind)`
+    for IP/Local addresses, `(gateway_id, domain_value)` for domain addresses, or `onion_value` for
+    onion addresses. Exact format TBD at implementation time.
+  - **Default behavior preserved**: Private-gateway addresses default to enabled, public-gateway
+    addresses default to disabled. An address is enabled if it's not in the `disabled` set AND either
+    (a) the gateway is private, or (b) the user has explicitly enabled it.
+  - **Add `enabled` field to `HostnameInfo`**: The computed `hostname_info` output should include
+    whether each address is enabled, derived from the `disabled` set during `NetServiceData::update()`.
+  - **Remove `set-gateway-enabled`** RPC endpoint from `binding.rs`.
+  - **Remove `InterfaceFilter` impl for `NetInfo`**: The per-gateway filter logic is replaced by
+    per-address filtering in `update()`.
+
+  **New RPC endpoint** (`binding.rs`):
+
+  Following the existing `HostApiKind` pattern, replace `set-gateway-enabled` with:
+
+  - **`set-address-enabled`** — Toggle an individual address on or off.
 
     ```ts
-    interface BindingSetPublicParams {
+    interface BindingSetAddressEnabledParams {
       internalPort: number
-      public: boolean
+      addressId: AddressId   // identifies a specific HostnameInfo entry
+      enabled: boolean
     }
     ```
 
-    Mutates `BindInfo` to set the `public` field, syncs the host. Uses `sync_db` metadata.
+    Mutates `NetInfo.disabled` and syncs the host. Uses `sync_db` metadata.
 
     This yields two RPC methods:
-    - `server.host.binding.set-public`
-    - `package.host.binding.set-public`
+    - `server.host.binding.set-address-enabled`
+    - `package.host.binding.set-address-enabled`
 
   #### 3. Eliminate the Port 5443 Hack: Source-IP-Based WAN Blocking (`vhost.rs`, `net_controller.rs`)
 
@@ -151,22 +180,106 @@ Pending tasks for AI agents. Remove items when completed.
     `ssl_port: assigned_ssl_port`. For domains, report `ssl_port: preferred_external_port` if it was
     successfully used for the domain vhost, otherwise report `ssl_port: assigned_ssl_port`.
 
-  #### 6. SDK and Frontend Changes
+  #### 6. Frontend: Interfaces Page Overhaul (View/Manage Split)
 
-  - **SDK**: `preferredExternalPort` is already exposed. No additional SDK changes needed.
-  - **Frontend**: Needs to display the port forward mapping from patch-db, showing the user what
-    router configuration is required for their public bindings. Also needs UI for toggling the
-    `public` field on a binding. Bindings are always private by default.
+  The current interfaces page is a single page showing gateways (with toggle), addresses, public
+  domains, Tor domains, and private domains. It gets split into two pages: **View** and **Manage**.
+
+  **SDK**: `preferredExternalPort` is already exposed. No additional SDK changes needed.
+
+  ##### View Page
+
+  Displays all computed addresses for the interface (from `hostname_info`) as a flat list. For each
+  address:
+
+  - **Enable/disable toggle**: Calls `set-address-enabled` RPC endpoint to toggle the address. Reflects
+    the `enabled` field from `HostnameInfo`.
+  - **Address details**: URL, type (IPv4, IPv6, .local, domain, onion), access level (public/private),
+    gateway name.
+  - **Port forward info**: For public addresses, display the required port forward mapping (external
+    port, protocol, LAN IP target) so the user knows what to configure on their router.
+  - **Test button**: Per-address reachability test (see Section 7). The backend returns structured
+    failure data (which check failed, relevant context like expected IP, actual IP, port, etc.).
+    The frontend constructs user-facing fix messaging from the structured result.
+
+  No gateway-level toggles. The old `gateways.component.ts` toggle UI is removed.
+
+  ##### Manage Page
+
+  Simple CRUD interface for configuring which addresses exist. Three sections:
+
+  - **Public domains**: Add/remove. Uses existing RPC endpoints:
+    - `{server,package}.host.address.domain.public.add`
+    - `{server,package}.host.address.domain.public.remove`
+  - **Private domains**: Add/remove. Uses existing RPC endpoints:
+    - `{server,package}.host.address.domain.private.add`
+    - `{server,package}.host.address.domain.private.remove`
+  - **Onion addresses**: Add/remove. Uses existing RPC endpoints:
+    - `{server,package}.host.address.onion.add`
+    - `{server,package}.host.address.onion.remove`
+
+  ##### Key Frontend Files to Modify
+
+  | File | Change |
+  |------|--------|
+  | `web/projects/ui/src/app/routes/portal/components/interfaces/` | Overhaul: split into view/manage |
+  | `web/projects/ui/src/app/routes/portal/components/interfaces/gateways.component.ts` | Remove (replaced by per-address toggles on View page) |
+  | `web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts` | Update `MappedServiceInterface` to use `enabled` field from `HostnameInfo` |
+  | `web/projects/ui/src/app/routes/portal/components/interfaces/addresses/` | Refactor for View page with enable/disable toggles and test buttons |
+  | `web/projects/ui/src/app/routes/portal/routes/services/services.routes.ts` | Add routes for view/manage sub-pages |
+  | `web/projects/ui/src/app/routes/portal/routes/system/system.routes.ts` | Add routes for view/manage sub-pages |
+
+  #### 7. Reachability Test Endpoint
+
+  New RPC endpoint that tests whether an address is actually reachable, with diagnostic info on
+  failure.
+
+  **RPC endpoint** (`binding.rs` or new file):
+
+  - **`test-address`** — Test reachability of a specific address.
+
+    ```ts
+    interface BindingTestAddressParams {
+      internalPort: number
+      addressId: AddressId
+    }
+    ```
+
+    The backend simply performs the raw checks and returns the results. The **frontend** owns all
+    interpretation — it already knows the address type, expected IP, expected port, etc. from the
+    `HostnameInfo` data, so it can compare against the backend results and construct fix messaging.
+
+    ```ts
+    interface TestAddressResult {
+      dns: string[] | null      // resolved IPs, null if not a domain address or lookup failed
+      portOpen: boolean | null  // TCP connect result, null if not applicable
+    }
+    ```
+
+    This yields two RPC methods:
+    - `server.host.binding.test-address`
+    - `package.host.binding.test-address`
+
+  The frontend already has the full `HostnameInfo` context (expected IP, domain, port, gateway,
+  public/private). It compares the backend's raw results against the expected state and constructs
+  localized fix instructions. For example:
+  - `dns` returned but doesn't contain the expected WAN IP → "Update DNS A record for {domain}
+    to {wanIp}"
+  - `dns` is `null` for a domain address → "DNS lookup failed for {domain}"
+  - `portOpen` is `false` → "Configure port forward on your router: external {port} TCP →
+    {lanIp}:{port}"
 
   ### Key Files
 
   | File | Role |
   |------|------|
   | `core/src/net/forward.rs` | `AvailablePorts` — port pool allocation |
-  | `core/src/net/host/binding.rs` | `BindInfo::new()` / `update()` — port assignment at bind time |
-  | `core/src/net/net_controller.rs:259` | `NetServiceData::update()` — vhost/forward/DNS reconciliation, 5443 hack removal |
+  | `core/src/net/host/binding.rs` | `BindInfo`/`NetInfo` — remove gateway overrides, add per-address disable set, new RPC endpoints |
+  | `core/src/net/net_controller.rs:259` | `NetServiceData::update()` — compute `enabled` on `HostnameInfo`, vhost/forward/DNS reconciliation, 5443 hack removal |
   | `core/src/net/vhost.rs` | `VHostController` / `ProxyTarget` — source-IP gating for public/private |
-  | `core/src/net/gateway.rs` | `PublicFilter`, `InterfaceFilter` — may need refactoring |
+  | `core/src/net/gateway.rs` | `InterfaceFilter` — remove `NetInfo` impl, simplify |
+  | `core/src/net/service_interface.rs` | `HostnameInfo` — add `enabled` field |
+  | `core/src/net/host/address.rs` | Existing domain/onion CRUD endpoints (no changes needed) |
   | `sdk/base/lib/interfaces/Host.ts` | SDK `MultiHost.bindPort()` — no changes needed |
   | `core/src/db/model/public.rs` | Public DB model — port forward mapping |
 

From 1974dfd66f2848242ecef3e0adea09a5275d1d32 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Mon, 9 Feb 2026 13:29:49 -0700
Subject: [PATCH 04/17] docs: move address enable/disable to overflow menu, add
 SSL indicator, defer UI placement decisions

---
 agents/TODO.md | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/agents/TODO.md b/agents/TODO.md
index 956343afb..b2e34b44c 100644
--- a/agents/TODO.md
+++ b/agents/TODO.md
@@ -190,20 +190,16 @@ Pending tasks for AI agents. Remove items when completed.
   ##### View Page
 
   Displays all computed addresses for the interface (from `hostname_info`) as a flat list. For each
-  address:
-
-  - **Enable/disable toggle**: Calls `set-address-enabled` RPC endpoint to toggle the address. Reflects
-    the `enabled` field from `HostnameInfo`.
-  - **Address details**: URL, type (IPv4, IPv6, .local, domain, onion), access level (public/private),
-    gateway name.
-  - **Port forward info**: For public addresses, display the required port forward mapping (external
-    port, protocol, LAN IP target) so the user knows what to configure on their router.
-  - **Test button**: Per-address reachability test (see Section 7). The backend returns structured
-    failure data (which check failed, relevant context like expected IP, actual IP, port, etc.).
-    The frontend constructs user-facing fix messaging from the structured result.
+  address, show: URL, type (IPv4, IPv6, .local, domain, onion), access level (public/private),
+  gateway name, SSL indicator (especially relevant for onion addresses which may have both SSL and
+  non-SSL entries), enable/disable state, port forward info for public addresses, and a test button
+  for reachability (see Section 7).
 
   No gateway-level toggles. The old `gateways.component.ts` toggle UI is removed.
 
+  **Note**: Exact UI element placement (where toggles, buttons, info badges go) is sensitive.
+  Prompt the user for specific placement decisions during implementation.
+
   ##### Manage Page
 
   Simple CRUD interface for configuring which addresses exist. Three sections:
@@ -225,7 +221,7 @@ Pending tasks for AI agents. Remove items when completed.
   | `web/projects/ui/src/app/routes/portal/components/interfaces/` | Overhaul: split into view/manage |
   | `web/projects/ui/src/app/routes/portal/components/interfaces/gateways.component.ts` | Remove (replaced by per-address toggles on View page) |
   | `web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts` | Update `MappedServiceInterface` to use `enabled` field from `HostnameInfo` |
-  | `web/projects/ui/src/app/routes/portal/components/interfaces/addresses/` | Refactor for View page with enable/disable toggles and test buttons |
+  | `web/projects/ui/src/app/routes/portal/components/interfaces/addresses/` | Refactor for View page with overflow menu (enable/disable) and test buttons |
   | `web/projects/ui/src/app/routes/portal/routes/services/services.routes.ts` | Add routes for view/manage sub-pages |
   | `web/projects/ui/src/app/routes/portal/routes/system/system.routes.ts` | Add routes for view/manage sub-pages |
 

From 2ee403e7de2a993bf24e35eae2cd644c70964097 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Tue, 10 Feb 2026 13:28:24 -0700
Subject: [PATCH 05/17] chore: remove tor from startos core

Tor is being moved from a built-in OS feature to a service. This removes
the Arti-based Tor client, onion address management, hidden service
creation, and all related code from the core backend, frontend, and SDK.

- Delete core/src/net/tor/ module (~2060 lines)
- Remove OnionAddress, TorSecretKey, TorController from all consumers
- Remove HostnameInfo::Onion and HostAddress::Onion variants
- Remove onion CRUD RPC endpoints and tor subcommand
- Remove tor key handling from account and backup/restore
- Remove ~12 tor-related Cargo dependencies (arti-client, torut, etc.)
- Remove tor UI components, API methods, mock data, and routes
- Remove OnionHostname and tor patterns/regexes from SDK
- Add v0_4_0_alpha_20 database migration to strip onion data
- Bump version to 0.4.0-alpha.20
---
 .claude/settings.json                         |    3 +-
 agents/TODO.md                                |   27 +
 core/Cargo.lock                               | 2724 +-------
 core/Cargo.toml                               |   42 +-
 core/src/account.rs                           |   36 -
 core/src/backup/os.rs                         |   13 -
 core/src/db/model/public.rs                   |    1 -
 core/src/error.rs                             |   19 +-
 core/src/net/host/address.rs                  |   98 -
 core/src/net/host/mod.rs                      |   38 +-
 core/src/net/keys.rs                          |   11 +-
 core/src/net/mod.rs                           |    2 -
 core/src/net/net_controller.rs                |  143 +-
 core/src/net/service_interface.rs             |   19 -
 core/src/net/socks.rs                         |   38 +-
 core/src/net/tor/arti.rs                      |  964 ---
 core/src/net/tor/ctor.rs                      | 1092 ---
 core/src/net/tor/mod.rs                       |   10 -
 core/src/service/effects/net/ssl.rs           |   20 +-
 core/src/version/mod.rs                       |   12 +-
 core/src/version/v0_3_6_alpha_0.rs            |  157 +-
 core/src/version/v0_3_6_alpha_10.rs           |    3 +-
 core/src/version/v0_4_0_alpha_12.rs           |   46 -
 core/src/version/v0_4_0_alpha_20.rs           |  110 +
 sdk/base/lib/exver/exver.ts                   | 5967 ++++++++---------
 sdk/base/lib/osBindings/ErrorData.ts          |    2 +-
 sdk/base/lib/osBindings/Host.ts               |    1 -
 sdk/base/lib/osBindings/HostnameInfo.ts       |   10 +-
 sdk/base/lib/osBindings/OnionHostname.ts      |    7 -
 sdk/base/lib/osBindings/index.ts              |    1 -
 sdk/base/lib/util/getServiceInterface.ts      |   65 +-
 sdk/base/lib/util/patterns.ts                 |   10 -
 sdk/base/lib/util/regexes.ts                  |    8 -
 sdk/package/scripts/oldSpecToBuilder.ts       |   94 +-
 .../shared/src/types/workspace-config.ts      |    1 -
 .../interfaces/interface.component.ts         |    3 -
 .../interfaces/interface.service.ts           |   43 +-
 .../interfaces/tor-domains.component.ts       |  193 -
 .../routes/portal/routes/logs/logs.routes.ts  |    4 -
 .../routes/logs/routes/outlet.component.ts    |    6 -
 .../routes/logs/routes/tor.component.ts       |   32 -
 .../services/routes/interface.component.ts    |    1 -
 .../routes/sideload/sideload.component.ts     |    8 -
 .../routes/general/general.component.ts       |   49 +-
 .../system/routes/general/wipe.component.ts   |   36 -
 .../routes/startos-ui/startos-ui.component.ts |    1 -
 .../ui/src/app/services/api/api.fixures.ts    |   11 -
 .../ui/src/app/services/api/api.types.ts      |   33 +-
 .../app/services/api/embassy-api.service.ts   |   26 -
 .../services/api/embassy-live-api.service.ts  |   60 -
 .../services/api/embassy-mock-api.service.ts  |  130 -
 .../ui/src/app/services/api/mock-patch.ts     |   20 -
 .../ui/src/app/services/config.service.ts     |    3 +-
 53 files changed, 3147 insertions(+), 9306 deletions(-)
 delete mode 100644 core/src/net/tor/arti.rs
 delete mode 100644 core/src/net/tor/ctor.rs
 delete mode 100644 core/src/net/tor/mod.rs
 create mode 100644 core/src/version/v0_4_0_alpha_20.rs
 delete mode 100644 sdk/base/lib/osBindings/OnionHostname.ts
 delete mode 100644 web/projects/ui/src/app/routes/portal/components/interfaces/tor-domains.component.ts
 delete mode 100644 web/projects/ui/src/app/routes/portal/routes/logs/routes/tor.component.ts
 delete mode 100644 web/projects/ui/src/app/routes/portal/routes/system/routes/general/wipe.component.ts

diff --git a/.claude/settings.json b/.claude/settings.json
index ce5d2734a..671a08447 100644
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -1,5 +1,6 @@
 {
   "attribution": {
-    "commit": ""
+    "commit": "",
+    "pr": ""
   }
 }
diff --git a/agents/TODO.md b/agents/TODO.md
index b2e34b44c..e38dbdec4 100644
--- a/agents/TODO.md
+++ b/agents/TODO.md
@@ -279,6 +279,33 @@ Pending tasks for AI agents. Remove items when completed.
   | `sdk/base/lib/interfaces/Host.ts` | SDK `MultiHost.bindPort()` — no changes needed |
   | `core/src/db/model/public.rs` | Public DB model — port forward mapping |
 
+- [ ] Remove Tor from StartOS core - @dr-bonez
+
+  **Goal**: Remove all built-in Tor functionality from StartOS. Tor will now be provided by a service
+  running on StartOS rather than being integrated into the core OS.
+
+  **Scope**: Remove the Arti-based Tor client, onion address management in the networking stack, Tor
+  hidden service creation in the vhost/net controller layers, and any Tor-specific configuration in the
+  database models. The core should no longer start, manage, or depend on a Tor daemon.
+
+  **Key areas to modify**:
+
+  | Area | Change |
+  |------|--------|
+  | `core/src/net/tor/` | Remove the Tor module entirely (Arti client, hidden service management) |
+  | `core/src/net/net_controller.rs` | Remove Tor hidden service creation/teardown in `update()` |
+  | `core/src/net/host/address.rs` | Remove onion address CRUD RPC endpoints (`address.onion.add`, `address.onion.remove`) |
+  | `core/src/net/host/binding.rs` | Remove onion-related fields from `NetInfo` |
+  | `core/src/net/service_interface.rs` | Remove onion-related variants from `HostnameInfo` |
+  | `core/src/db/model/` | Remove Tor/onion fields from public and private DB models |
+  | `sdk/base/lib/interfaces/Host.ts` | Remove onion-related types and options from the SDK |
+  | `web/projects/ui/` | Remove onion address UI from interfaces pages |
+  | `Cargo.toml` / dependencies | Remove Arti and related Tor crate dependencies |
+
+  **Migration**: Existing onion address data in the database should be cleaned up during migration.
+  Services that previously relied on the OS-provided Tor integration will need to use the new Tor
+  service instead (service-level integration is out of scope for this task).
+
 - [ ] Auto-configure port forwards via UPnP/NAT-PMP/PCP - @dr-bonez
 
   **Blocked by**: "Support preferred external ports besides 443" (must be implemented and tested
diff --git a/core/Cargo.lock b/core/Cargo.lock
index 484974f9f..0e96d08e4 100644
--- a/core/Cargo.lock
+++ b/core/Cargo.lock
@@ -26,22 +26,10 @@ dependencies = [
  "cfg-if",
  "cipher 0.3.0",
  "cpufeatures",
- "ctr 0.8.0",
+ "ctr",
  "opaque-debug",
 ]
 
-[[package]]
-name = "aes"
-version = "0.8.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
-dependencies = [
- "cfg-if",
- "cipher 0.4.4",
- "cpufeatures",
- "zeroize",
-]
-
 [[package]]
 name = "ahash"
 version = "0.7.8"
@@ -95,52 +83,6 @@ version = "0.2.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
 
-[[package]]
-name = "amplify"
-version = "4.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f7fb4ac7c881e54a8e7015e399b6112a2a5bc958b6c89ac510840ff20273b31"
-dependencies = [
- "amplify_derive",
- "amplify_num",
- "ascii",
- "getrandom 0.2.17",
- "getrandom 0.3.4",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "amplify_derive"
-version = "4.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a6309e6b8d89b36b9f959b7a8fa093583b94922a0f6438a24fb08936de4d428"
-dependencies = [
- "amplify_syn",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "amplify_num"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99bcb75a2982047f733547042fc3968c0f460dfcf7d90b90dea3b2744580e9ad"
-dependencies = [
- "wasm-bindgen",
-]
-
-[[package]]
-name = "amplify_syn"
-version = "2.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7736fb8d473c0d83098b5bac44df6a561e20470375cd8bcae30516dc889fd62a"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
 [[package]]
 name = "android_system_properties"
 version = "0.1.5"
@@ -150,12 +92,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "anes"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
-
 [[package]]
 name = "ansi-regex"
 version = "0.1.0"
@@ -230,15 +166,6 @@ dependencies = [
  "object 0.32.2",
 ]
 
-[[package]]
-name = "arbitrary"
-version = "1.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3d036a3c4ab069c7b410a2ce876bd74808d2d0888a82667669f8e783a898bf1"
-dependencies = [
- "derive_arbitrary",
-]
-
 [[package]]
 name = "arc-swap"
 version = "1.8.0"
@@ -272,62 +199,6 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50"
 
-[[package]]
-name = "arti-client"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "async-trait",
- "cfg-if",
- "derive-deftly",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "educe",
- "fs-mistrust",
- "futures",
- "hostname-validator",
- "humantime",
- "humantime-serde",
- "libc",
- "once_cell",
- "postage",
- "rand 0.9.2",
- "safelog",
- "serde",
- "thiserror 2.0.17",
- "time",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-chanmgr",
- "tor-circmgr",
- "tor-config",
- "tor-config-path",
- "tor-dirmgr",
- "tor-error",
- "tor-guardmgr",
- "tor-hsclient",
- "tor-hscrypto",
- "tor-hsservice",
- "tor-keymgr",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-memquota",
- "tor-netdir",
- "tor-netdoc",
- "tor-persist",
- "tor-proto",
- "tor-protover",
- "tor-rtcompat",
- "tracing",
- "void",
-]
-
-[[package]]
-name = "ascii"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d92bec98840b8f03a5ff5413de5293bfcd8bf96467cf5452609f939ec6f5de16"
-
 [[package]]
 name = "ascii-canvas"
 version = "3.0.0"
@@ -343,7 +214,7 @@ version = "0.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5493c3bedbacf7fd7382c6346bbd66687d12bbaad3a89a2d2c303ee6cf20b048"
 dependencies = [
- "asn1-rs-derive 0.5.1",
+ "asn1-rs-derive",
  "asn1-rs-impl",
  "displaydoc",
  "nom 7.1.3",
@@ -353,21 +224,6 @@ dependencies = [
  "time",
 ]
 
-[[package]]
-name = "asn1-rs"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56624a96882bb8c26d61312ae18cb45868e5a9992ea73c58e45c3101e56a1e60"
-dependencies = [
- "asn1-rs-derive 0.6.0",
- "asn1-rs-impl",
- "displaydoc",
- "nom 7.1.3",
- "num-traits",
- "rusticata-macros",
- "thiserror 2.0.17",
-]
-
 [[package]]
 name = "asn1-rs-derive"
 version = "0.5.1"
@@ -380,18 +236,6 @@ dependencies = [
  "synstructure",
 ]
 
-[[package]]
-name = "asn1-rs-derive"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3109e49b1e4909e9db6515a30c633684d68cdeaa252f215214cb4fa1a5bfee2c"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.114",
- "synstructure",
-]
-
 [[package]]
 name = "asn1-rs-impl"
 version = "0.2.0"
@@ -403,12 +247,6 @@ dependencies = [
  "syn 2.0.114",
 ]
 
-[[package]]
-name = "assert_matches"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b34d609dfbaf33d6889b2b7106d3ca345eacad44200913df5ba02bfd31d2ba9"
-
 [[package]]
 name = "async-acme"
 version = "0.6.0"
@@ -474,7 +312,6 @@ checksum = "d10e4f991a553474232bc0a31799f6d24b034a84c0971d80d2e2f78b2e576e40"
 dependencies = [
  "compression-codecs",
  "compression-core",
- "futures-io",
  "pin-project-lite",
  "tokio",
 ]
@@ -493,21 +330,6 @@ dependencies = [
  "slab",
 ]
 
-[[package]]
-name = "async-global-executor"
-version = "2.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05b1b633a2115cd122d73b955eadd9916c18c8f510ec9cd1686404c60ad1c29c"
-dependencies = [
- "async-channel 2.5.0",
- "async-executor",
- "async-io",
- "async-lock",
- "blocking",
- "futures-lite",
- "once_cell",
-]
-
 [[package]]
 name = "async-io"
 version = "2.6.0"
@@ -537,18 +359,6 @@ dependencies = [
  "pin-project-lite",
 ]
 
-[[package]]
-name = "async-native-tls"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9343dc5acf07e79ff82d0c37899f079db3534d99f189a1837c8e549c99405bec"
-dependencies = [
- "futures-util",
- "native-tls",
- "thiserror 1.0.69",
- "url",
-]
-
 [[package]]
 name = "async-process"
 version = "2.5.0"
@@ -596,33 +406,6 @@ dependencies = [
  "windows-sys 0.61.2",
 ]
 
-[[package]]
-name = "async-std"
-version = "1.13.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2c8e079a4ab67ae52b7403632e4618815d6db36d2a010cfe41b02c1b1578f93b"
-dependencies = [
- "async-channel 1.9.0",
- "async-global-executor",
- "async-io",
- "async-lock",
- "async-process",
- "crossbeam-utils",
- "futures-channel",
- "futures-core",
- "futures-io",
- "futures-lite",
- "gloo-timers",
- "kv-log-macro",
- "log",
- "memchr",
- "once_cell",
- "pin-project-lite",
- "pin-utils",
- "slab",
- "wasm-bindgen-futures",
-]
-
 [[package]]
 name = "async-stream"
 version = "0.3.6"
@@ -662,35 +445,6 @@ dependencies = [
  "syn 2.0.114",
 ]
 
-[[package]]
-name = "async_executors"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a982d2f86de6137cc05c9db9a915a19886c97911f9790d04f174cede74be01a5"
-dependencies = [
- "async-std",
- "blanket",
- "futures-core",
- "futures-task",
- "futures-util",
- "pin-project",
- "rustc_version",
- "tokio",
-]
-
-[[package]]
-name = "asynchronous-codec"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a860072022177f903e59730004fb5dc13db9275b79bb2aef7ba8ce831956c233"
-dependencies = [
- "bytes",
- "futures-sink",
- "futures-util",
- "memchr",
- "pin-project-lite",
-]
-
 [[package]]
 name = "atoi"
 version = "2.0.0"
@@ -700,21 +454,6 @@ dependencies = [
  "num-traits",
 ]
 
-[[package]]
-name = "atomic"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c59bdb34bc650a32731b31bd8f0829cc15d24a708ee31559e0bb34f2bc320cba"
-
-[[package]]
-name = "atomic"
-version = "0.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a89cbf775b137e9b968e67227ef7f775587cde3fd31b0d8599dbd0f598a48340"
-dependencies = [
- "bytemuck",
-]
-
 [[package]]
 name = "atomic-waker"
 version = "1.1.2"
@@ -816,7 +555,7 @@ dependencies = [
  "miniz_oxide",
  "object 0.37.3",
  "rustc-demangle",
- "windows-link 0.2.1",
+ "windows-link",
 ]
 
 [[package]]
@@ -845,12 +584,6 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
 
-[[package]]
-name = "base32"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23ce669cd6c8588f79e15cf450314f9638f967fc5770ff1c7c1deb0925ea7cfa"
-
 [[package]]
 name = "base32"
 version = "0.5.1"
@@ -863,12 +596,6 @@ version = "2.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1adf9755786e27479693dedd3271691a92b5e242ab139cacb9fb8e7fb5381111"
 
-[[package]]
-name = "base64"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
-
 [[package]]
 name = "base64"
 version = "0.21.7"
@@ -999,15 +726,6 @@ dependencies = [
  "wyz 0.5.1",
 ]
 
-[[package]]
-name = "blake2"
-version = "0.10.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
-dependencies = [
- "digest 0.10.7",
-]
-
 [[package]]
 name = "blake2b_simd"
 version = "1.0.4"
@@ -1035,17 +753,6 @@ dependencies = [
  "rayon-core",
 ]
 
-[[package]]
-name = "blanket"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e0b121a9fe0df916e362fb3271088d071159cdf11db0e4182d02152850756eff"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "block"
 version = "0.1.6"
@@ -1058,7 +765,6 @@ version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4"
 dependencies = [
- "block-padding",
  "generic-array",
 ]
 
@@ -1071,12 +777,6 @@ dependencies = [
  "generic-array",
 ]
 
-[[package]]
-name = "block-padding"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae"
-
 [[package]]
 name = "blocking"
 version = "1.6.2"
@@ -1090,12 +790,6 @@ dependencies = [
  "piper",
 ]
 
-[[package]]
-name = "bounded-vec-deque"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2225b558afc76c596898f5f1b3fc35cfce0eb1b13635cbd7d1b2a7177dc10ccd"
-
 [[package]]
 name = "brotli"
 version = "8.0.2"
@@ -1124,7 +818,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "63044e1ae8e69f3b5a92c736ca6269b8d12fa7efe39bf34ddb06d102cf0e2cab"
 dependencies = [
  "memchr",
- "regex-automata 0.4.13",
  "serde",
 ]
 
@@ -1134,12 +827,6 @@ version = "3.19.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510"
 
-[[package]]
-name = "by_address"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64fa3c856b712db6612c019f14756e64e4bcea13337a6b33b696333a9eaa2d06"
-
 [[package]]
 name = "bytemuck"
 version = "1.24.0"
@@ -1164,17 +851,6 @@ version = "1.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
 
-[[package]]
-name = "caret"
-version = "0.5.3"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-
-[[package]]
-name = "cast"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
-
 [[package]]
 name = "cc"
 version = "1.2.53"
@@ -1222,7 +898,7 @@ dependencies = [
  "num-traits",
  "serde",
  "wasm-bindgen",
- "windows-link 0.2.1",
+ "windows-link",
 ]
 
 [[package]]
@@ -1279,7 +955,6 @@ checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
 dependencies = [
  "crypto-common",
  "inout",
- "zeroize",
 ]
 
 [[package]]
@@ -1301,7 +976,7 @@ dependencies = [
  "anstream",
  "anstyle",
  "clap_lex",
- "strsim 0.11.1",
+ "strsim",
  "terminal_size",
 ]
 
@@ -1342,17 +1017,6 @@ dependencies = [
  "cc",
 ]
 
-[[package]]
-name = "coarsetime"
-version = "0.1.37"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e58eb270476aa4fc7843849f8a35063e8743b4dbcdf6dd0f8ea0886980c204c2"
-dependencies = [
- "libc",
- "wasix",
- "wasm-bindgen",
-]
-
 [[package]]
 name = "color-eyre"
 version = "0.6.5"
@@ -1414,7 +1078,6 @@ dependencies = [
  "brotli",
  "compression-core",
  "flate2",
- "liblzma",
  "memchr",
  "zstd",
  "zstd-safe",
@@ -1520,12 +1183,6 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b"
 
-[[package]]
-name = "convert_case"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e"
-
 [[package]]
 name = "convert_case"
 version = "0.6.0"
@@ -1555,15 +1212,6 @@ dependencies = [
  "version_check",
 ]
 
-[[package]]
-name = "cookie-factory"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9885fa71e26b8ab7855e2ec7cae6e9b380edff76cd052e07c683a0319d51b3a2"
-dependencies = [
- "futures",
-]
-
 [[package]]
 name = "cookie_store"
 version = "0.22.0"
@@ -1667,52 +1315,6 @@ dependencies = [
  "cfg-if",
 ]
 
-[[package]]
-name = "criterion"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2b12d017a929603d80db1831cd3a24082f8137ce19c69e6447f54f5fc8d692f"
-dependencies = [
- "anes",
- "cast",
- "ciborium",
- "clap",
- "criterion-plot",
- "is-terminal",
- "itertools 0.10.5",
- "num-traits",
- "once_cell",
- "oorandom",
- "plotters",
- "rayon",
- "regex",
- "serde",
- "serde_derive",
- "serde_json",
- "tinytemplate",
- "walkdir",
-]
-
-[[package]]
-name = "criterion-cycles-per-byte"
-version = "0.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1029452fa751c93f8834962dd74807d69f0a6c7624d5b06625b393aeb6a14fc2"
-dependencies = [
- "cfg-if",
- "criterion",
-]
-
-[[package]]
-name = "criterion-plot"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1"
-dependencies = [
- "cast",
- "itertools 0.10.5",
-]
-
 [[package]]
 name = "critical-section"
 version = "1.2.0"
@@ -1770,7 +1372,7 @@ checksum = "d8b9f2e4c67f833b660cdb0a3523065869fb35570177239812ed4c905aeff87b"
 dependencies = [
  "bitflags 2.10.0",
  "crossterm_winapi",
- "derive_more 2.1.1",
+ "derive_more",
  "document-features",
  "futures-core",
  "mio",
@@ -1818,23 +1420,13 @@ dependencies = [
  "typenum",
 ]
 
-[[package]]
-name = "crypto-mac"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e"
-dependencies = [
- "generic-array",
- "subtle",
-]
-
 [[package]]
 name = "csscolorparser"
 version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5fda6aace1fbef3aa217b27f4c8d7d071ef2a70a5ca51050b1f17d40299d3f16"
 dependencies = [
- "phf 0.11.3",
+ "phf",
 ]
 
 [[package]]
@@ -1867,15 +1459,6 @@ dependencies = [
  "cipher 0.3.0",
 ]
 
-[[package]]
-name = "ctr"
-version = "0.9.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835"
-dependencies = [
- "cipher 0.4.4",
-]
-
 [[package]]
 name = "curve25519-dalek"
 version = "3.2.0"
@@ -1916,76 +1499,6 @@ dependencies = [
  "syn 2.0.114",
 ]
 
-[[package]]
-name = "darling"
-version = "0.14.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7b750cb3417fd1b327431a470f388520309479ab0bf5e323505daf0290cd3850"
-dependencies = [
- "darling_core 0.14.4",
- "darling_macro 0.14.4",
-]
-
-[[package]]
-name = "darling"
-version = "0.21.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9cdf337090841a411e2a7f3deb9187445851f91b309c0c0a29e05f74a00a48c0"
-dependencies = [
- "darling_core 0.21.3",
- "darling_macro 0.21.3",
-]
-
-[[package]]
-name = "darling_core"
-version = "0.14.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "109c1ca6e6b7f82cc233a97004ea8ed7ca123a9af07a8230878fcfda9b158bf0"
-dependencies = [
- "fnv",
- "ident_case",
- "proc-macro2",
- "quote",
- "strsim 0.10.0",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "darling_core"
-version = "0.21.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1247195ecd7e3c85f83c8d2a366e4210d588e802133e1e355180a9870b517ea4"
-dependencies = [
- "fnv",
- "ident_case",
- "proc-macro2",
- "quote",
- "strsim 0.11.1",
- "syn 2.0.114",
-]
-
-[[package]]
-name = "darling_macro"
-version = "0.14.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4aab4dbc9f7611d8b55048a3a16d2d010c2c8334e46304b40ac1cc14bf3b48e"
-dependencies = [
- "darling_core 0.14.4",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "darling_macro"
-version = "0.21.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d38308df82d1080de0afee5d069fa14b0326a88c14f15c5ccda35b4a6c414c81"
-dependencies = [
- "darling_core 0.21.3",
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "data-encoding"
 version = "2.10.0"
@@ -2010,7 +1523,7 @@ version = "9.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5cd0a5c643689626bec213c4d8bd4d96acc8ffdb4ad4bb6bc16abf27d5f4b553"
 dependencies = [
- "asn1-rs 0.6.2",
+ "asn1-rs",
  "displaydoc",
  "nom 7.1.3",
  "num-bigint",
@@ -2018,20 +1531,6 @@ dependencies = [
  "rusticata-macros",
 ]
 
-[[package]]
-name = "der-parser"
-version = "10.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07da5016415d5a3c4dd39b11ed26f915f52fc4e0dc197d87908bc916e51bc1a6"
-dependencies = [
- "asn1-rs 0.7.1",
- "cookie-factory",
- "displaydoc",
- "nom 7.1.3",
- "num-traits",
- "rusticata-macros",
-]
-
 [[package]]
 name = "der_derive"
 version = "0.7.3"
@@ -2050,90 +1549,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ececcb659e7ba858fb4f10388c250a7252eb0a27373f1a72b8748afdd248e587"
 dependencies = [
  "powerfmt",
- "serde_core",
-]
-
-[[package]]
-name = "derive-deftly"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "957bb73a3a9c0bbcac67e129b81954661b3cfcb9e28873d8441f91b54852e77a"
-dependencies = [
- "derive-deftly-macros",
- "heck 0.5.0",
-]
-
-[[package]]
-name = "derive-deftly-macros"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ea41269bd490d251b9eca50ccb43117e641cc68b129849757c15ece88fe0574"
-dependencies = [
- "heck 0.5.0",
- "indexmap 2.13.0",
- "itertools 0.14.0",
- "proc-macro-crate",
- "proc-macro2",
- "quote",
- "sha3 0.10.8",
- "strum",
- "syn 2.0.114",
- "void",
-]
-
-[[package]]
-name = "derive_arbitrary"
-version = "1.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e567bd82dcff979e4b03460c307b3cdc9e96fde3d73bed1496d2bc75d9dd62a"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
-[[package]]
-name = "derive_builder_core_fork_arti"
-version = "0.11.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24c1b715c79be6328caa9a5e1a387a196ea503740f0722ec3dd8f67a9e72314d"
-dependencies = [
- "darling 0.14.4",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "derive_builder_fork_arti"
-version = "0.11.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3eae24d595f4d0ecc90a9a5a6d11c2bd8dafe2375ec4a1ec63250e5ade7d228"
-dependencies = [
- "derive_builder_macro_fork_arti",
-]
-
-[[package]]
-name = "derive_builder_macro_fork_arti"
-version = "0.11.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69887769a2489cd946bf782eb2b1bb2cb7bc88551440c94a765d4f040c08ebf3"
-dependencies = [
- "derive_builder_core_fork_arti",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "derive_more"
-version = "0.99.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6edb4b64a43d977b8e99788fe3a04d483834fba1215a7e02caa415b626497f7f"
-dependencies = [
- "convert_case 0.4.0",
- "proc-macro2",
- "quote",
- "rustc_version",
- "syn 2.0.114",
 ]
 
 [[package]]
@@ -2156,7 +1571,6 @@ dependencies = [
  "quote",
  "rustc_version",
  "syn 2.0.114",
- "unicode-xid",
 ]
 
 [[package]]
@@ -2186,24 +1600,6 @@ dependencies = [
  "subtle",
 ]
 
-[[package]]
-name = "directories"
-version = "6.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16f5094c54661b38d03bd7e50df373292118db60b585c08a411c6d840017fe7d"
-dependencies = [
- "dirs-sys",
-]
-
-[[package]]
-name = "dirs"
-version = "6.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3e8aa94d75141228480295a7d0e7feb620b1a5ad9f12bc40be62411e38cce4e"
-dependencies = [
- "dirs-sys",
-]
-
 [[package]]
 name = "dirs-next"
 version = "2.0.0"
@@ -2214,18 +1610,6 @@ dependencies = [
  "dirs-sys-next",
 ]
 
-[[package]]
-name = "dirs-sys"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e01a3366d27ee9890022452ee61b2b63a67e6f13f58900b651ff5665f0bb1fab"
-dependencies = [
- "libc",
- "option-ext",
- "redox_users 0.5.2",
- "windows-sys 0.61.2",
-]
-
 [[package]]
 name = "dirs-sys-next"
 version = "0.1.2"
@@ -2233,7 +1617,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4ebda144c4fe02d1f7ea1a7d9641b6fc6b580adcfa024ae48797ecdeb6825b4d"
 dependencies = [
  "libc",
- "redox_users 0.4.6",
+ "redox_users",
  "winapi",
 ]
 
@@ -2296,12 +1680,6 @@ version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75b325c5dbd37f80359721ad39aca5a29fb04c89279657cffdda8736d0c0b9d2"
 
-[[package]]
-name = "downcast-rs"
-version = "2.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "117240f60069e65410b3ae1bb213295bd828f707b5bec6596a1afc8793ce0cbc"
-
 [[package]]
 name = "dunce"
 version = "1.0.5"
@@ -2314,33 +1692,6 @@ version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555"
 
-[[package]]
-name = "dynasm"
-version = "3.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f7d4c414c94bc830797115b8e5f434d58e7e80cb42ba88508c14bc6ea270625"
-dependencies = [
- "bitflags 2.10.0",
- "byteorder",
- "lazy_static",
- "proc-macro-error2",
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
-[[package]]
-name = "dynasmrt"
-version = "3.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "602f7458a3859195fb840e6e0cce5f4330dd9dfbfece0edaf31fe427af346f55"
-dependencies = [
- "byteorder",
- "dynasm",
- "fnv",
- "memmap2 0.9.9",
-]
-
 [[package]]
 name = "ecdsa"
 version = "0.16.9"
@@ -2397,7 +1748,6 @@ checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9"
 dependencies = [
  "curve25519-dalek 4.1.3",
  "ed25519 2.2.3",
- "merlin",
  "rand_core 0.6.4",
  "serde",
  "sha2 0.10.9",
@@ -2406,18 +1756,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "educe"
-version = "0.4.23"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0f0042ff8246a363dbe77d2ceedb073339e85a804b9a47636c6e016a9a32c05f"
-dependencies = [
- "enum-ordinalize",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
 [[package]]
 name = "either"
 version = "1.15.0"
@@ -2517,19 +1855,6 @@ dependencies = [
  "syn 2.0.114",
 ]
 
-[[package]]
-name = "enum-ordinalize"
-version = "3.1.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bf1fa3f06bbff1ea5b1a9c7b14aa992a39657db60a2759457328d7e058f49ee"
-dependencies = [
- "num-bigint",
- "num-traits",
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "enumflags2"
 version = "0.7.12"
@@ -2557,18 +1882,6 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
 
-[[package]]
-name = "equix"
-version = "0.2.5"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "arrayvec 0.7.6",
- "hashx",
- "num-traits",
- "thiserror 2.0.17",
- "visibility",
-]
-
 [[package]]
 name = "errno"
 version = "0.3.14"
@@ -2645,18 +1958,6 @@ dependencies = [
  "once_cell",
 ]
 
-[[package]]
-name = "fallible-iterator"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649"
-
-[[package]]
-name = "fallible-streaming-iterator"
-version = "0.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7360491ce676a36bf9bb3c56c1aa791658183a54d2744120f27285738d90465a"
-
 [[package]]
 name = "fastrand"
 version = "2.3.0"
@@ -2688,19 +1989,6 @@ version = "0.2.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
 
-[[package]]
-name = "figment"
-version = "0.10.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8cb01cd46b0cf372153850f4c6c272d9cbea2da513e07538405148f95bd789f3"
-dependencies = [
- "atomic 0.6.1",
- "serde",
- "toml 0.8.23",
- "uncased",
- "version_check",
-]
-
 [[package]]
 name = "filedescriptor"
 version = "0.8.3"
@@ -2730,12 +2018,6 @@ version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8591b0bcc8a98a64310a2fae1bb3e9b8564dd10e381e6e28010fde8e8e8568db"
 
-[[package]]
-name = "fixed-capacity-vec"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b31a14f5ee08ed1a40e1252b35af18bed062e3f39b69aab34decde36bc43e40"
-
 [[package]]
 name = "fixedbitset"
 version = "0.4.2"
@@ -2752,12 +2034,6 @@ dependencies = [
  "miniz_oxide",
 ]
 
-[[package]]
-name = "fluid-let"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "749cff877dc1af878a0b31a41dd221a753634401ea0ef2f87b62d3171522485a"
-
 [[package]]
 name = "fnv"
 version = "1.0.7"
@@ -2809,20 +2085,6 @@ dependencies = [
  "itertools 0.8.2",
 ]
 
-[[package]]
-name = "fs-mistrust"
-version = "0.10.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "derive_builder_fork_arti",
- "dirs",
- "libc",
- "pwd-grp",
- "serde",
- "thiserror 2.0.17",
- "walkdir",
-]
-
 [[package]]
 name = "fs2"
 version = "0.4.3"
@@ -2839,36 +2101,6 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
 
-[[package]]
-name = "fslock"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04412b8935272e3a9bae6f48c7bfff74c2911f60525404edfdd28e49884c3bfb"
-dependencies = [
- "libc",
- "winapi",
-]
-
-[[package]]
-name = "fslock-arti-fork"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b21bd626aaab7b904b20bef6d9e06298914a0c8d9fb8b010483766b2e532791"
-dependencies = [
- "libc",
- "winapi",
-]
-
-[[package]]
-name = "fslock-guard"
-version = "0.2.4"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "fslock-arti-fork",
- "thiserror 2.0.17",
- "winapi",
-]
-
 [[package]]
 name = "funty"
 version = "1.1.0"
@@ -2975,17 +2207,6 @@ dependencies = [
  "rustls-pki-types",
 ]
 
-[[package]]
-name = "futures-rustls"
-version = "0.26.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8f2f12607f92c69b12ed746fabf9ca4f5c482cba46679c1a75b874ed7c26adb"
-dependencies = [
- "futures-io",
- "rustls 0.23.36",
- "rustls-pki-types",
-]
-
 [[package]]
 name = "futures-sink"
 version = "0.3.31"
@@ -3043,7 +2264,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75cec8bb4d3d32542cfcb9517f78366b52c17931e30d7ee1682c13686c19cee7"
 dependencies = [
  "futures",
- "futures-rustls 0.25.1",
+ "futures-rustls",
  "hyper",
  "log",
  "serde",
@@ -3115,12 +2336,6 @@ version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
 
-[[package]]
-name = "glob-match"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9985c9503b412198aa4197559e9a318524ebc4519c229bfa05a535828c950b9d"
-
 [[package]]
 name = "globset"
 version = "0.4.18"
@@ -3145,18 +2360,6 @@ dependencies = [
  "walkdir",
 ]
 
-[[package]]
-name = "gloo-timers"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbb143cf96099802033e0d4f4963b19fd2e0b728bcf076cd9cf7f6634f092994"
-dependencies = [
- "futures-channel",
- "futures-core",
- "js-sys",
- "wasm-bindgen",
-]
-
 [[package]]
 name = "gpt"
 version = "4.1.0"
@@ -3180,18 +2383,6 @@ dependencies = [
  "subtle",
 ]
 
-[[package]]
-name = "growable-bloom-filter"
-version = "2.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d174ccb4ba660d431329e7f0797870d0a4281e36353ec4b4a3c5eab6c2cfb6f1"
-dependencies = [
- "serde",
- "serde_bytes",
- "serde_derive",
- "xxhash-rust",
-]
-
 [[package]]
 name = "h2"
 version = "0.4.13"
@@ -3292,20 +2483,6 @@ dependencies = [
  "hashbrown 0.15.5",
 ]
 
-[[package]]
-name = "hashx"
-version = "0.3.4"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "arrayvec 0.7.6",
- "blake2",
- "dynasmrt",
- "fixed-capacity-vec",
- "hex",
- "rand_core 0.9.5",
- "thiserror 2.0.17",
-]
-
 [[package]]
 name = "hdrhistogram"
 version = "7.5.4"
@@ -3427,17 +2604,7 @@ version = "0.12.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
 dependencies = [
- "hmac 0.12.1",
-]
-
-[[package]]
-name = "hmac"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
-dependencies = [
- "crypto-mac",
- "digest 0.9.0",
+ "hmac",
 ]
 
 [[package]]
@@ -3466,15 +2633,9 @@ checksum = "617aaa3557aef3810a6369d0a99fac8a080891b68bd9f9812a1eeda0c0730cbd"
 dependencies = [
  "cfg-if",
  "libc",
- "windows-link 0.2.1",
+ "windows-link",
 ]
 
-[[package]]
-name = "hostname-validator"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f558a64ac9af88b5ba400d99b579451af0d39c6d360980045b91aac966d705e2"
-
 [[package]]
 name = "http"
 version = "1.4.0"
@@ -3526,16 +2687,6 @@ version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424"
 
-[[package]]
-name = "humantime-serde"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57a3db5ea5923d99402c94e9feb261dc5ee9b4efa158b0315f788cf549cc200c"
-dependencies = [
- "humantime",
- "serde",
-]
-
 [[package]]
 name = "hyper"
 version = "1.8.1"
@@ -3643,7 +2794,7 @@ dependencies = [
  "js-sys",
  "log",
  "wasm-bindgen",
- "windows-core 0.62.2",
+ "windows-core",
 ]
 
 [[package]]
@@ -3758,12 +2909,6 @@ dependencies = [
  "rustc-hash",
 ]
 
-[[package]]
-name = "ident_case"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
-
 [[package]]
 name = "idna"
 version = "1.1.0"
@@ -3894,7 +3039,6 @@ checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99"
 dependencies = [
  "autocfg",
  "hashbrown 0.12.3",
- "serde",
 ]
 
 [[package]]
@@ -3973,15 +3117,6 @@ dependencies = [
  "tokio",
 ]
 
-[[package]]
-name = "inventory"
-version = "0.3.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc61209c082fbeb19919bee74b176221b27223e27b65d781eb91af24eb1fb46e"
-dependencies = [
- "rustversion",
-]
-
 [[package]]
 name = "ipconfig"
 version = "0.3.2"
@@ -4224,45 +3359,6 @@ dependencies = [
  "serde_json",
 ]
 
-[[package]]
-name = "k12"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4dc5fdb62af2f520116927304f15d25b3c2667b4817b90efdc045194c912c54"
-dependencies = [
- "digest 0.10.7",
- "sha3 0.10.8",
-]
-
-[[package]]
-name = "keccak"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654"
-dependencies = [
- "cpufeatures",
-]
-
-[[package]]
-name = "kqueue"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eac30106d7dce88daf4a3fcb4879ea939476d5074a9b7ddd0fb97fa4bed5596a"
-dependencies = [
- "kqueue-sys",
- "libc",
-]
-
-[[package]]
-name = "kqueue-sys"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed9625ffda8729b85e45cf04090035ac368927b8cebc34898e7c120f52e4838b"
-dependencies = [
- "bitflags 1.3.2",
- "libc",
-]
-
 [[package]]
 name = "kv"
 version = "0.24.0"
@@ -4278,15 +3374,6 @@ dependencies = [
  "toml 0.5.11",
 ]
 
-[[package]]
-name = "kv-log-macro"
-version = "1.0.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0de8b303297635ad57c9f5059fd9cee7a47f8e8daa09df0fcd07dd39fb22977f"
-dependencies = [
- "log",
-]
-
 [[package]]
 name = "lalrpop"
 version = "0.20.2"
@@ -4404,27 +3491,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55"
 dependencies = [
  "cfg-if",
- "windows-link 0.2.1",
-]
-
-[[package]]
-name = "liblzma"
-version = "0.4.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "73c36d08cad03a3fbe2c4e7bb3a9e84c57e4ee4135ed0b065cade3d98480c648"
-dependencies = [
- "liblzma-sys",
-]
-
-[[package]]
-name = "liblzma-sys"
-version = "0.4.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01b9596486f6d60c3bbe644c0e1be1aa6ccc472ad630fe8927b456973d7cb736"
-dependencies = [
- "cc",
- "libc",
- "pkg-config",
+ "windows-link",
 ]
 
 [[package]]
@@ -4454,17 +3521,6 @@ dependencies = [
  "redox_syscall 0.7.0",
 ]
 
-[[package]]
-name = "libsqlite3-sys"
-version = "0.35.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "133c182a6a2c87864fe97778797e46c7e999672690dc9fa3ee8e241aa4a9c13f"
-dependencies = [
- "cc",
- "pkg-config",
- "vcpkg",
-]
-
 [[package]]
 name = "libyml"
 version = "0.0.5"
@@ -4519,9 +3575,6 @@ name = "log"
 version = "0.4.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
-dependencies = [
- "value-bag",
-]
 
 [[package]]
 name = "lru-slab"
@@ -4618,18 +3671,6 @@ dependencies = [
  "autocfg",
 ]
 
-[[package]]
-name = "merlin"
-version = "3.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "58c38e2799fc0978b65dfff8023ec7843e2330bb462f19198840b34b6582397d"
-dependencies = [
- "byteorder",
- "keccak",
- "rand_core 0.6.4",
- "zeroize",
-]
-
 [[package]]
 name = "miette"
 version = "7.6.0"
@@ -4854,38 +3895,6 @@ dependencies = [
  "windows-sys 0.61.2",
 ]
 
-[[package]]
-name = "notify"
-version = "8.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4d3d07927151ff8575b7087f245456e549fea62edf0ec4e565a5ee50c8402bc3"
-dependencies = [
- "bitflags 2.10.0",
- "inotify",
- "kqueue",
- "libc",
- "log",
- "mio",
- "notify-types",
- "walkdir",
- "windows-sys 0.60.2",
-]
-
-[[package]]
-name = "notify-types"
-version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e0826a989adedc2a244799e823aece04662b66609d96af8dff7ac6df9a8925d"
-
-[[package]]
-name = "ntapi"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c70f219e21142367c70c0b30c6a9e3a14d55b4d12a204d897fbec83a0363f081"
-dependencies = [
- "winapi",
-]
-
 [[package]]
 name = "nu-ansi-term"
 version = "0.46.0"
@@ -5050,25 +4059,6 @@ dependencies = [
  "objc_id",
 ]
 
-[[package]]
-name = "objc2-core-foundation"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a180dd8642fa45cdb7dd721cd4c11b1cadd4929ce112ebd8b9f5803cc79d536"
-dependencies = [
- "bitflags 2.10.0",
-]
-
-[[package]]
-name = "objc2-io-kit"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33fafba39597d6dc1fb709123dfa8289d39406734be322956a69f0931c73bb15"
-dependencies = [
- "libc",
- "objc2-core-foundation",
-]
-
 [[package]]
 name = "objc_id"
 version = "0.1.1"
@@ -5102,7 +4092,7 @@ version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a8d8034d9489cdaf79228eb9f6a3b8d7bb32ba00d6645ebd48eef4077ceb5bd9"
 dependencies = [
- "asn1-rs 0.6.2",
+ "asn1-rs",
 ]
 
 [[package]]
@@ -5121,14 +4111,6 @@ version = "1.70.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe"
 
-[[package]]
-name = "oneshot-fused-workaround"
-version = "0.2.3"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "futures",
-]
-
 [[package]]
 name = "onig"
 version = "6.5.1"
@@ -5151,12 +4133,6 @@ dependencies = [
  "pkg-config",
 ]
 
-[[package]]
-name = "oorandom"
-version = "11.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6790f58c7ff633d8771f42965289203411a5e5c68388703c06e14f24770b41e"
-
 [[package]]
 name = "opaque-debug"
 version = "0.3.1"
@@ -5236,21 +4212,6 @@ dependencies = [
  "vcpkg",
 ]
 
-[[package]]
-name = "option-ext"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d"
-
-[[package]]
-name = "ordered-float"
-version = "2.10.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68f19d67e5a2795c94e73e0bb1cc1a7edeb2e28efd39e2e1c9b7a40c1108b11c"
-dependencies = [
- "num-traits",
-]
-
 [[package]]
 name = "ordered-stream"
 version = "0.2.0"
@@ -5261,15 +4222,6 @@ dependencies = [
  "pin-project-lite",
 ]
 
-[[package]]
-name = "os_str_bytes"
-version = "6.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1"
-dependencies = [
- "memchr",
-]
-
 [[package]]
 name = "overload"
 version = "0.1.1"
@@ -5371,15 +4323,9 @@ dependencies = [
  "libc",
  "redox_syscall 0.5.18",
  "smallvec",
- "windows-link 0.2.1",
+ "windows-link",
 ]
 
-[[package]]
-name = "paste"
-version = "1.0.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
-
 [[package]]
 name = "patch-db"
 version = "0.1.0"
@@ -5428,7 +4374,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
 dependencies = [
  "digest 0.10.7",
- "hmac 0.12.1",
+ "hmac",
 ]
 
 [[package]]
@@ -5515,19 +4461,8 @@ version = "0.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fd6780a80ae0c52cc120a26a1a42c1ae51b247a253e4e06113d23d2c2edd078"
 dependencies = [
- "phf_macros 0.11.3",
- "phf_shared 0.11.3",
-]
-
-[[package]]
-name = "phf"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1562dc717473dbaa4c1f85a36410e03c047b2e7df7f45ee938fbef64ae7fadf"
-dependencies = [
- "phf_macros 0.13.1",
- "phf_shared 0.13.1",
- "serde",
+ "phf_macros",
+ "phf_shared",
 ]
 
 [[package]]
@@ -5536,41 +4471,18 @@ version = "0.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3c80231409c20246a13fddb31776fb942c38553c51e871f8cbd687a4cfb5843d"
 dependencies = [
- "phf_shared 0.11.3",
+ "phf_shared",
  "rand 0.8.5",
 ]
 
-[[package]]
-name = "phf_generator"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "135ace3a761e564ec88c03a77317a7c6b80bb7f7135ef2544dbe054243b89737"
-dependencies = [
- "fastrand",
- "phf_shared 0.13.1",
-]
-
 [[package]]
 name = "phf_macros"
 version = "0.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f84ac04429c13a7ff43785d75ad27569f2951ce0ffd30a3321230db2fc727216"
 dependencies = [
- "phf_generator 0.11.3",
- "phf_shared 0.11.3",
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
-[[package]]
-name = "phf_macros"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "812f032b54b1e759ccd5f8b6677695d5268c588701effba24601f6932f8269ef"
-dependencies = [
- "phf_generator 0.13.1",
- "phf_shared 0.13.1",
+ "phf_generator",
+ "phf_shared",
  "proc-macro2",
  "quote",
  "syn 2.0.114",
@@ -5585,15 +4497,6 @@ dependencies = [
  "siphasher",
 ]
 
-[[package]]
-name = "phf_shared"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e57fef6bc5981e38c2ce2d63bfa546861309f875b8a75f092d1d54ae2d64f266"
-dependencies = [
- "siphasher",
-]
-
 [[package]]
 name = "pico-args"
 version = "0.5.0"
@@ -5683,34 +4586,6 @@ dependencies = [
  "time",
 ]
 
-[[package]]
-name = "plotters"
-version = "0.3.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747"
-dependencies = [
- "num-traits",
- "plotters-backend",
- "plotters-svg",
- "wasm-bindgen",
- "web-sys",
-]
-
-[[package]]
-name = "plotters-backend"
-version = "0.3.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a"
-
-[[package]]
-name = "plotters-svg"
-version = "0.3.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670"
-dependencies = [
- "plotters-backend",
-]
-
 [[package]]
 name = "polling"
 version = "3.11.0"
@@ -5739,7 +4614,7 @@ checksum = "b4a596a2b3d2752d94f51fac2d4a96737b8705dddd311a32b9af47211f08671e"
 dependencies = [
  "anyhow",
  "bitflags 1.3.2",
- "downcast-rs 1.2.1",
+ "downcast-rs",
  "filedescriptor",
  "lazy_static",
  "libc",
@@ -5752,21 +4627,6 @@ dependencies = [
  "winreg 0.10.1",
 ]
 
-[[package]]
-name = "postage"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "af3fb618632874fb76937c2361a7f22afd393c982a2165595407edc75b06d3c1"
-dependencies = [
- "atomic 0.5.3",
- "crossbeam-queue",
- "futures",
- "parking_lot 0.12.5",
- "pin-project",
- "static_assertions",
- "thiserror 1.0.69",
-]
-
 [[package]]
 name = "potential_utf"
 version = "0.1.4"
@@ -5840,17 +4700,6 @@ dependencies = [
  "elliptic-curve",
 ]
 
-[[package]]
-name = "priority-queue"
-version = "2.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93980406f12d9f8140ed5abe7155acb10bb1e69ea55c88960b9c2f117445ef96"
-dependencies = [
- "equivalent",
- "indexmap 2.13.0",
- "serde",
-]
-
 [[package]]
 name = "proc-macro-crate"
 version = "3.4.0"
@@ -5860,28 +4709,6 @@ dependencies = [
  "toml_edit 0.23.10+spec-1.0.0",
 ]
 
-[[package]]
-name = "proc-macro-error-attr2"
-version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
-dependencies = [
- "proc-macro2",
- "quote",
-]
-
-[[package]]
-name = "proc-macro-error2"
-version = "2.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
-dependencies = [
- "proc-macro-error-attr2",
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "proc-macro2"
 version = "1.0.105"
@@ -6012,18 +4839,6 @@ dependencies = [
  "psl-types",
 ]
 
-[[package]]
-name = "pwd-grp"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e2023f41b5fcb7c30eb5300a5733edfaa9e0e0d502d51b586f65633fd39e40c"
-dependencies = [
- "derive-deftly",
- "libc",
- "paste",
- "thiserror 2.0.17",
-]
-
 [[package]]
 name = "pxfm"
 version = "0.1.27"
@@ -6294,17 +5109,6 @@ dependencies = [
  "rand_core 0.5.1",
 ]
 
-[[package]]
-name = "rand_jitter"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b16df48f071248e67b8fc5e866d9448d45c08ad8b672baaaf796e2f15e606ff0"
-dependencies = [
- "libc",
- "rand_core 0.9.5",
- "winapi",
-]
-
 [[package]]
 name = "rand_xorshift"
 version = "0.4.0"
@@ -6323,16 +5127,6 @@ dependencies = [
  "rand_core 0.9.5",
 ]
 
-[[package]]
-name = "rayon"
-version = "1.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "368f01d005bf8fd9b1206fb6fa653e6c4a81ceb1466406b81792d87c5677a58f"
-dependencies = [
- "either",
- "rayon-core",
-]
-
 [[package]]
 name = "rayon-core"
 version = "1.13.0"
@@ -6355,15 +5149,6 @@ dependencies = [
  "yasna",
 ]
 
-[[package]]
-name = "rdrand"
-version = "0.8.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d92195228612ac8eed47adbc2ed0f04e513a4ccb98175b6f2bd04d963b533655"
-dependencies = [
- "rand_core 0.6.4",
-]
-
 [[package]]
 name = "redox_syscall"
 version = "0.2.16"
@@ -6402,37 +5187,6 @@ dependencies = [
  "thiserror 1.0.69",
 ]
 
-[[package]]
-name = "redox_users"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4e608c6638b9c18977b00b475ac1f28d14e84b27d8d42f70e0bf1e3dec127ac"
-dependencies = [
- "getrandom 0.2.17",
- "libredox",
- "thiserror 2.0.17",
-]
-
-[[package]]
-name = "ref-cast"
-version = "1.0.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f354300ae66f76f1c85c5f84693f0ce81d747e2c3f21a45fef496d89c960bf7d"
-dependencies = [
- "ref-cast-impl",
-]
-
-[[package]]
-name = "ref-cast-impl"
-version = "1.0.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7186006dcb21920990093f30e3dea63b7d6e977bf1256be20c3563a5db070da"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "regex"
 version = "1.12.2"
@@ -6544,18 +5298,13 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e061d1b48cb8d38042de4ae0a7a6401009d6143dc80d2e2d6f31f0bdd6470c7"
 
-[[package]]
-name = "retry-error"
-version = "0.6.5"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-
 [[package]]
 name = "rfc6979"
 version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
 dependencies = [
- "hmac 0.12.1",
+ "hmac",
  "subtle",
 ]
 
@@ -6644,21 +5393,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "rusqlite"
-version = "0.37.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "165ca6e57b20e1351573e3729b958bc62f0e48025386970b6e4d29e7a7e71f3f"
-dependencies = [
- "bitflags 2.10.0",
- "fallible-iterator",
- "fallible-streaming-iterator",
- "hashlink",
- "libsqlite3-sys",
- "smallvec",
- "time",
-]
-
 [[package]]
 name = "rust-argon2"
 version = "3.0.0"
@@ -6916,18 +5650,6 @@ version = "1.0.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a50f4cf475b65d88e057964e0e9bb1f0aa9bbb2036dc65c64596b42932536984"
 
-[[package]]
-name = "safelog"
-version = "0.4.8"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "derive_more 2.1.1",
- "educe",
- "either",
- "fluid-let",
- "thiserror 2.0.17",
-]
-
 [[package]]
 name = "same-file"
 version = "1.0.6"
@@ -6937,15 +5659,6 @@ dependencies = [
  "winapi-util",
 ]
 
-[[package]]
-name = "sanitize-filename"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc984f4f9ceb736a7bb755c3e3bd17dc56370af2600c9780dcc48c66453da34d"
-dependencies = [
- "regex",
-]
-
 [[package]]
 name = "schannel"
 version = "0.1.28"
@@ -6955,30 +5668,6 @@ dependencies = [
  "windows-sys 0.61.2",
 ]
 
-[[package]]
-name = "schemars"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4cd191f9397d57d581cddd31014772520aa448f65ef991055d7f61582c65165f"
-dependencies = [
- "dyn-clone",
- "ref-cast",
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "schemars"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "54e910108742c57a770f492731f99be216a52fadd361b06c8fb59d74ccc267d2"
-dependencies = [
- "dyn-clone",
- "ref-cast",
- "serde",
- "serde_json",
-]
-
 [[package]]
 name = "scoped-tls"
 version = "1.0.1"
@@ -7070,26 +5759,6 @@ dependencies = [
  "serde",
 ]
 
-[[package]]
-name = "serde-value"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3a1a3341211875ef120e117ea7fd5228530ae7e7036a779fdc9117be6b3282c"
-dependencies = [
- "ordered-float",
- "serde",
-]
-
-[[package]]
-name = "serde_bytes"
-version = "0.11.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a5d440709e79d88e51ac01c4b72fc6cb7314017bb7da9eeff678aa94c10e3ea8"
-dependencies = [
- "serde",
- "serde_core",
-]
-
 [[package]]
 name = "serde_cbor"
 version = "0.11.1"
@@ -7128,16 +5797,6 @@ dependencies = [
  "syn 2.0.114",
 ]
 
-[[package]]
-name = "serde_ignored"
-version = "0.1.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "115dffd5f3853e06e746965a20dcbae6ee747ae30b543d91b0e089668bb07798"
-dependencies = [
- "serde",
- "serde_core",
-]
-
 [[package]]
 name = "serde_json"
 version = "1.0.149"
@@ -7215,37 +5874,6 @@ dependencies = [
  "serde",
 ]
 
-[[package]]
-name = "serde_with"
-version = "3.16.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4fa237f2807440d238e0364a218270b98f767a00d3dada77b1c53ae88940e2e7"
-dependencies = [
- "base64 0.22.1",
- "chrono",
- "hex",
- "indexmap 1.9.3",
- "indexmap 2.13.0",
- "schemars 0.9.0",
- "schemars 1.2.0",
- "serde_core",
- "serde_json",
- "serde_with_macros",
- "time",
-]
-
-[[package]]
-name = "serde_with_macros"
-version = "3.16.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "52a8e3ca0ca629121f70ab50f95249e5a6f925cc0f6ffe8256c45b728875706c"
-dependencies = [
- "darling 0.21.3",
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "serde_yaml"
 version = "0.9.34+deprecated"
@@ -7332,28 +5960,6 @@ dependencies = [
  "digest 0.10.7",
 ]
 
-[[package]]
-name = "sha3"
-version = "0.9.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f81199417d4e5de3f04b1e871023acea7389672c4135918f05aa9cbf2f2fa809"
-dependencies = [
- "block-buffer 0.9.0",
- "digest 0.9.0",
- "keccak",
- "opaque-debug",
-]
-
-[[package]]
-name = "sha3"
-version = "0.10.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
-dependencies = [
- "digest 0.10.7",
- "keccak",
-]
-
 [[package]]
 name = "sharded-slab"
 version = "0.1.7"
@@ -7379,17 +5985,6 @@ version = "1.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dc6fe69c597f9c37bfeeeeeb33da3530379845f10be461a66d16d03eca2ded77"
 
-[[package]]
-name = "shellexpand"
-version = "3.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b1fdf65dd6331831494dd616b30351c38e96e45921a27745cf98490458b90bb"
-dependencies = [
- "bstr",
- "dirs",
- "os_str_bytes",
-]
-
 [[package]]
 name = "shlex"
 version = "1.3.0"
@@ -7483,28 +6078,6 @@ dependencies = [
  "parking_lot 0.11.2",
 ]
 
-[[package]]
-name = "slotmap"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bdd58c3c93c3d278ca835519292445cb4b0d4dc59ccfdf7ceadaab3f8aeb4038"
-dependencies = [
- "serde",
- "version_check",
-]
-
-[[package]]
-name = "slotmap-careful"
-version = "0.2.5"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "paste",
- "serde",
- "slotmap",
- "thiserror 2.0.17",
- "void",
-]
-
 [[package]]
 name = "smallstr"
 version = "0.3.1"
@@ -7708,7 +6281,7 @@ dependencies = [
  "futures-util",
  "hex",
  "hkdf",
- "hmac 0.12.1",
+ "hmac",
  "home",
  "itoa",
  "log",
@@ -7749,7 +6322,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "regex-syntax 0.6.29",
- "strsim 0.11.1",
+ "strsim",
  "syn 2.0.114",
  "unicode-width 0.1.14",
 ]
@@ -7817,17 +6390,16 @@ dependencies = [
 
 [[package]]
 name = "start-os"
-version = "0.4.0-alpha.19"
+version = "0.4.0-alpha.20"
 dependencies = [
- "aes 0.7.5",
- "arti-client",
+ "aes",
  "async-acme",
  "async-compression",
  "async-stream",
  "async-trait",
  "axum",
  "backtrace-on-stack-overflow",
- "base32 0.5.1",
+ "base32",
  "base64 0.22.1",
  "base64ct",
  "basic-cookies",
@@ -7842,7 +6414,6 @@ dependencies = [
  "const_format",
  "cookie",
  "cookie_store",
- "curve25519-dalek 4.1.3",
  "der",
  "digest 0.10.7",
  "divrem",
@@ -7858,7 +6429,7 @@ dependencies = [
  "hashing-serializer",
  "hex",
  "hickory-server",
- "hmac 0.12.1",
+ "hmac",
  "http",
  "http-body-util",
  "hyper",
@@ -7917,7 +6488,6 @@ dependencies = [
  "rpc-toolkit",
  "rust-argon2",
  "rust-i18n",
- "safelog",
  "semver",
  "serde",
  "serde_json",
@@ -7941,14 +6511,6 @@ dependencies = [
  "tokio-tungstenite 0.26.2",
  "tokio-util",
  "toml 0.9.11+spec-1.1.0",
- "tor-cell",
- "tor-hscrypto",
- "tor-hsservice",
- "tor-keymgr",
- "tor-llcrypto",
- "tor-proto",
- "tor-rtcompat",
- "torut",
  "tower-service",
  "tracing",
  "tracing-error",
@@ -7977,7 +6539,7 @@ checksum = "bf776ba3fa74f83bf4b63c3dcbbf82173db2632ed8452cb2d891d33f459de70f"
 dependencies = [
  "new_debug_unreachable",
  "parking_lot 0.12.5",
- "phf_shared 0.11.3",
+ "phf_shared",
  "precomputed-hash",
 ]
 
@@ -8010,12 +6572,6 @@ dependencies = [
  "vte",
 ]
 
-[[package]]
-name = "strsim"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
-
 [[package]]
 name = "strsim"
 version = "0.11.1"
@@ -8027,9 +6583,6 @@ name = "strum"
 version = "0.27.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf"
-dependencies = [
- "strum_macros",
-]
 
 [[package]]
 name = "strum_macros"
@@ -8133,20 +6686,6 @@ dependencies = [
  "yaml-rust",
 ]
 
-[[package]]
-name = "sysinfo"
-version = "0.36.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "252800745060e7b9ffb7b2badbd8b31cfa4aa2e61af879d0a3bf2a317c20217d"
-dependencies = [
- "libc",
- "memchr",
- "ntapi",
- "objc2-core-foundation",
- "objc2-io-kit",
- "windows",
-]
-
 [[package]]
 name = "system-configuration"
 version = "0.6.1"
@@ -8351,20 +6890,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42d3e9c45c09de15d06dd8acf5f4e0e399e85927b7f00711024eb7ae10fa4869"
 dependencies = [
  "displaydoc",
- "serde_core",
  "zerovec",
 ]
 
-[[package]]
-name = "tinytemplate"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc"
-dependencies = [
- "serde",
- "serde_json",
-]
-
 [[package]]
 name = "tinyvec"
 version = "1.10.0"
@@ -8500,7 +7028,6 @@ checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098"
 dependencies = [
  "bytes",
  "futures-core",
- "futures-io",
  "futures-sink",
  "pin-project-lite",
  "tokio",
@@ -8647,1001 +7174,6 @@ dependencies = [
  "tonic",
 ]
 
-[[package]]
-name = "tor-async-utils"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "derive-deftly",
- "educe",
- "futures",
- "oneshot-fused-workaround",
- "pin-project",
- "postage",
- "thiserror 2.0.17",
- "void",
-]
-
-[[package]]
-name = "tor-basic-utils"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "derive_more 2.1.1",
- "hex",
- "itertools 0.14.0",
- "libc",
- "paste",
- "rand 0.9.2",
- "rand_chacha 0.9.0",
- "serde",
- "slab",
- "smallvec",
- "thiserror 2.0.17",
-]
-
-[[package]]
-name = "tor-bytes"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "bytes",
- "derive-deftly",
- "digest 0.10.7",
- "educe",
- "getrandom 0.3.4",
- "safelog",
- "thiserror 2.0.17",
- "tor-error",
- "tor-llcrypto",
- "zeroize",
-]
-
-[[package]]
-name = "tor-cell"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "bitflags 2.10.0",
- "bytes",
- "caret",
- "derive-deftly",
- "derive_more 2.1.1",
- "educe",
- "itertools 0.14.0",
- "paste",
- "rand 0.9.2",
- "smallvec",
- "thiserror 2.0.17",
- "tor-basic-utils",
- "tor-bytes",
- "tor-cert",
- "tor-error",
- "tor-hscrypto",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-memquota",
- "tor-protover",
- "tor-units",
- "void",
-]
-
-[[package]]
-name = "tor-cert"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "caret",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "digest 0.10.7",
- "thiserror 2.0.17",
- "tor-bytes",
- "tor-checkable",
- "tor-llcrypto",
-]
-
-[[package]]
-name = "tor-chanmgr"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "async-trait",
- "caret",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "educe",
- "futures",
- "oneshot-fused-workaround",
- "postage",
- "rand 0.9.2",
- "safelog",
- "serde",
- "thiserror 2.0.17",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-cell",
- "tor-config",
- "tor-error",
- "tor-keymgr",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-memquota",
- "tor-netdir",
- "tor-proto",
- "tor-rtcompat",
- "tor-socksproto",
- "tor-units",
- "tracing",
- "void",
-]
-
-[[package]]
-name = "tor-checkable"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "humantime",
- "signature 2.2.0",
- "thiserror 2.0.17",
- "tor-llcrypto",
-]
-
-[[package]]
-name = "tor-circmgr"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "async-trait",
- "bounded-vec-deque",
- "cfg-if",
- "derive-deftly",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "downcast-rs 2.0.2",
- "dyn-clone",
- "educe",
- "futures",
- "humantime-serde",
- "itertools 0.14.0",
- "once_cell",
- "oneshot-fused-workaround",
- "pin-project",
- "rand 0.9.2",
- "retry-error",
- "safelog",
- "serde",
- "static_assertions",
- "thiserror 2.0.17",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-cell",
- "tor-chanmgr",
- "tor-config",
- "tor-error",
- "tor-guardmgr",
- "tor-linkspec",
- "tor-memquota",
- "tor-netdir",
- "tor-netdoc",
- "tor-persist",
- "tor-proto",
- "tor-protover",
- "tor-relay-selection",
- "tor-rtcompat",
- "tor-units",
- "tracing",
- "void",
- "weak-table",
-]
-
-[[package]]
-name = "tor-config"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "cfg-if",
- "derive-deftly",
- "derive_builder_fork_arti",
- "educe",
- "either",
- "figment",
- "fs-mistrust",
- "futures",
- "itertools 0.14.0",
- "notify",
- "paste",
- "postage",
- "regex",
- "serde",
- "serde-value",
- "serde_ignored",
- "strum",
- "thiserror 2.0.17",
- "toml 0.9.11+spec-1.1.0",
- "tor-basic-utils",
- "tor-error",
- "tor-rtcompat",
- "tracing",
- "void",
-]
-
-[[package]]
-name = "tor-config-path"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "directories",
- "serde",
- "shellexpand",
- "thiserror 2.0.17",
- "tor-error",
- "tor-general-addr",
-]
-
-[[package]]
-name = "tor-consdiff"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "digest 0.10.7",
- "hex",
- "thiserror 2.0.17",
- "tor-llcrypto",
-]
-
-[[package]]
-name = "tor-dirclient"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "async-compression",
- "base64ct",
- "derive_more 2.1.1",
- "futures",
- "hex",
- "http",
- "httparse",
- "httpdate",
- "itertools 0.14.0",
- "memchr",
- "thiserror 2.0.17",
- "tor-circmgr",
- "tor-error",
- "tor-hscrypto",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-netdoc",
- "tor-proto",
- "tor-rtcompat",
- "tracing",
-]
-
-[[package]]
-name = "tor-dirmgr"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "async-trait",
- "base64ct",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "digest 0.10.7",
- "educe",
- "event-listener 5.4.1",
- "fs-mistrust",
- "fslock",
- "futures",
- "hex",
- "humantime",
- "humantime-serde",
- "itertools 0.14.0",
- "memmap2 0.9.9",
- "oneshot-fused-workaround",
- "paste",
- "postage",
- "rand 0.9.2",
- "rusqlite",
- "safelog",
- "scopeguard",
- "serde",
- "serde_json",
- "signature 2.2.0",
- "static_assertions",
- "strum",
- "thiserror 2.0.17",
- "time",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-checkable",
- "tor-circmgr",
- "tor-config",
- "tor-consdiff",
- "tor-dirclient",
- "tor-error",
- "tor-guardmgr",
- "tor-llcrypto",
- "tor-netdir",
- "tor-netdoc",
- "tor-persist",
- "tor-proto",
- "tor-protover",
- "tor-rtcompat",
- "tracing",
-]
-
-[[package]]
-name = "tor-error"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "derive_more 2.1.1",
- "futures",
- "paste",
- "retry-error",
- "static_assertions",
- "strum",
- "thiserror 2.0.17",
- "tracing",
- "void",
-]
-
-[[package]]
-name = "tor-general-addr"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "arbitrary",
- "derive_more 2.1.1",
- "thiserror 2.0.17",
- "void",
-]
-
-[[package]]
-name = "tor-guardmgr"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "base64ct",
- "derive-deftly",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "dyn-clone",
- "educe",
- "futures",
- "humantime",
- "humantime-serde",
- "itertools 0.14.0",
- "num_enum",
- "oneshot-fused-workaround",
- "pin-project",
- "postage",
- "rand 0.9.2",
- "safelog",
- "serde",
- "strum",
- "thiserror 2.0.17",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-config",
- "tor-error",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-netdir",
- "tor-netdoc",
- "tor-persist",
- "tor-proto",
- "tor-relay-selection",
- "tor-rtcompat",
- "tor-units",
- "tracing",
-]
-
-[[package]]
-name = "tor-hsclient"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "async-trait",
- "derive-deftly",
- "derive_more 2.1.1",
- "educe",
- "either",
- "futures",
- "itertools 0.14.0",
- "oneshot-fused-workaround",
- "postage",
- "rand 0.9.2",
- "retry-error",
- "safelog",
- "slotmap-careful",
- "strum",
- "thiserror 2.0.17",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-bytes",
- "tor-cell",
- "tor-checkable",
- "tor-circmgr",
- "tor-config",
- "tor-dirclient",
- "tor-error",
- "tor-hscrypto",
- "tor-keymgr",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-memquota",
- "tor-netdir",
- "tor-netdoc",
- "tor-persist",
- "tor-proto",
- "tor-protover",
- "tor-rtcompat",
- "tracing",
-]
-
-[[package]]
-name = "tor-hscrypto"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "cipher 0.4.4",
- "data-encoding",
- "derive-deftly",
- "derive_more 2.1.1",
- "digest 0.10.7",
- "equix",
- "hex",
- "humantime",
- "itertools 0.14.0",
- "paste",
- "rand 0.9.2",
- "safelog",
- "serde",
- "signature 2.2.0",
- "subtle",
- "thiserror 2.0.17",
- "tor-basic-utils",
- "tor-bytes",
- "tor-error",
- "tor-key-forge",
- "tor-llcrypto",
- "tor-memquota",
- "tor-units",
- "void",
- "zeroize",
-]
-
-[[package]]
-name = "tor-hsservice"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "async-trait",
- "base64ct",
- "cfg-if",
- "derive-deftly",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "digest 0.10.7",
- "educe",
- "fs-mistrust",
- "futures",
- "growable-bloom-filter",
- "hex",
- "humantime",
- "itertools 0.14.0",
- "k12",
- "once_cell",
- "oneshot-fused-workaround",
- "postage",
- "rand 0.9.2",
- "rand_core 0.9.5",
- "retry-error",
- "safelog",
- "serde",
- "serde_with",
- "strum",
- "thiserror 2.0.17",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-bytes",
- "tor-cell",
- "tor-circmgr",
- "tor-config",
- "tor-config-path",
- "tor-dirclient",
- "tor-error",
- "tor-hscrypto",
- "tor-keymgr",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-log-ratelim",
- "tor-netdir",
- "tor-netdoc",
- "tor-persist",
- "tor-proto",
- "tor-protover",
- "tor-relay-selection",
- "tor-rtcompat",
- "tracing",
- "void",
-]
-
-[[package]]
-name = "tor-key-forge"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "derive-deftly",
- "derive_more 2.1.1",
- "downcast-rs 2.0.2",
- "paste",
- "rand 0.9.2",
- "signature 2.2.0",
- "ssh-key",
- "thiserror 2.0.17",
- "tor-bytes",
- "tor-cert",
- "tor-checkable",
- "tor-error",
- "tor-llcrypto",
-]
-
-[[package]]
-name = "tor-keymgr"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "arrayvec 0.7.6",
- "cfg-if",
- "derive-deftly",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "downcast-rs 2.0.2",
- "dyn-clone",
- "fs-mistrust",
- "glob-match",
- "humantime",
- "inventory",
- "itertools 0.14.0",
- "rand 0.9.2",
- "safelog",
- "serde",
- "signature 2.2.0",
- "ssh-key",
- "thiserror 2.0.17",
- "tor-basic-utils",
- "tor-bytes",
- "tor-config",
- "tor-config-path",
- "tor-error",
- "tor-hscrypto",
- "tor-key-forge",
- "tor-llcrypto",
- "tor-persist",
- "tracing",
- "visibility",
- "walkdir",
- "zeroize",
-]
-
-[[package]]
-name = "tor-linkspec"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "base64ct",
- "by_address",
- "caret",
- "derive-deftly",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "hex",
- "itertools 0.14.0",
- "safelog",
- "serde",
- "serde_with",
- "strum",
- "thiserror 2.0.17",
- "tor-basic-utils",
- "tor-bytes",
- "tor-config",
- "tor-llcrypto",
- "tor-memquota",
- "tor-protover",
-]
-
-[[package]]
-name = "tor-llcrypto"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "aes 0.8.4",
- "base64ct",
- "ctr 0.9.2",
- "curve25519-dalek 4.1.3",
- "der-parser 10.0.0",
- "derive-deftly",
- "derive_more 2.1.1",
- "digest 0.10.7",
- "ed25519-dalek 2.2.0",
- "educe",
- "getrandom 0.3.4",
- "hex",
- "rand 0.9.2",
- "rand_chacha 0.9.0",
- "rand_core 0.6.4",
- "rand_core 0.9.5",
- "rand_jitter",
- "rdrand",
- "rsa",
- "safelog",
- "serde",
- "sha1",
- "sha2 0.10.9",
- "sha3 0.10.8",
- "signature 2.2.0",
- "subtle",
- "thiserror 2.0.17",
- "tor-memquota",
- "visibility",
- "x25519-dalek",
- "zeroize",
-]
-
-[[package]]
-name = "tor-log-ratelim"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "futures",
- "humantime",
- "thiserror 2.0.17",
- "tor-error",
- "tor-rtcompat",
- "tracing",
- "weak-table",
-]
-
-[[package]]
-name = "tor-memquota"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "cfg-if",
- "derive-deftly",
- "derive_more 2.1.1",
- "dyn-clone",
- "educe",
- "futures",
- "itertools 0.14.0",
- "paste",
- "pin-project",
- "serde",
- "slotmap-careful",
- "static_assertions",
- "sysinfo",
- "thiserror 2.0.17",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-config",
- "tor-error",
- "tor-log-ratelim",
- "tor-rtcompat",
- "tracing",
- "void",
-]
-
-[[package]]
-name = "tor-netdir"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "async-trait",
- "bitflags 2.10.0",
- "derive_more 2.1.1",
- "digest 0.10.7",
- "futures",
- "hex",
- "humantime",
- "itertools 0.14.0",
- "num_enum",
- "rand 0.9.2",
- "serde",
- "static_assertions",
- "strum",
- "thiserror 2.0.17",
- "time",
- "tor-basic-utils",
- "tor-error",
- "tor-hscrypto",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-netdoc",
- "tor-protover",
- "tor-units",
- "tracing",
- "typed-index-collections",
-]
-
-[[package]]
-name = "tor-netdoc"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "base64ct",
- "bitflags 2.10.0",
- "cipher 0.4.4",
- "derive-deftly",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "digest 0.10.7",
- "educe",
- "hex",
- "humantime",
- "itertools 0.14.0",
- "memchr",
- "paste",
- "phf 0.13.1",
- "rand 0.9.2",
- "serde",
- "serde_with",
- "signature 2.2.0",
- "smallvec",
- "strum",
- "subtle",
- "thiserror 2.0.17",
- "time",
- "tinystr",
- "tor-basic-utils",
- "tor-bytes",
- "tor-cell",
- "tor-cert",
- "tor-checkable",
- "tor-error",
- "tor-hscrypto",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-protover",
- "tor-units",
- "void",
- "weak-table",
- "zeroize",
-]
-
-[[package]]
-name = "tor-persist"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "derive-deftly",
- "derive_more 2.1.1",
- "filetime",
- "fs-mistrust",
- "fslock",
- "fslock-guard",
- "futures",
- "itertools 0.14.0",
- "oneshot-fused-workaround",
- "paste",
- "sanitize-filename",
- "serde",
- "serde_json",
- "thiserror 2.0.17",
- "time",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-error",
- "tracing",
- "void",
-]
-
-[[package]]
-name = "tor-proto"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "asynchronous-codec",
- "bitvec 1.0.1",
- "bytes",
- "caret",
- "cfg-if",
- "cipher 0.4.4",
- "coarsetime",
- "criterion-cycles-per-byte",
- "derive-deftly",
- "derive_builder_fork_arti",
- "derive_more 2.1.1",
- "digest 0.10.7",
- "educe",
- "futures",
- "futures-util",
- "hkdf",
- "hmac 0.12.1",
- "itertools 0.14.0",
- "oneshot-fused-workaround",
- "pin-project",
- "postage",
- "rand 0.9.2",
- "rand_core 0.9.5",
- "safelog",
- "slotmap-careful",
- "smallvec",
- "static_assertions",
- "subtle",
- "sync_wrapper",
- "thiserror 2.0.17",
- "tokio",
- "tokio-util",
- "tor-async-utils",
- "tor-basic-utils",
- "tor-bytes",
- "tor-cell",
- "tor-cert",
- "tor-checkable",
- "tor-config",
- "tor-error",
- "tor-hscrypto",
- "tor-linkspec",
- "tor-llcrypto",
- "tor-log-ratelim",
- "tor-memquota",
- "tor-protover",
- "tor-rtcompat",
- "tor-rtmock",
- "tor-units",
- "tracing",
- "typenum",
- "visibility",
- "void",
- "zeroize",
-]
-
-[[package]]
-name = "tor-protover"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "caret",
- "paste",
- "serde_with",
- "thiserror 2.0.17",
- "tor-bytes",
-]
-
-[[package]]
-name = "tor-relay-selection"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "rand 0.9.2",
- "serde",
- "tor-basic-utils",
- "tor-linkspec",
- "tor-netdir",
- "tor-netdoc",
-]
-
-[[package]]
-name = "tor-rtcompat"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "arbitrary",
- "async-io",
- "async-native-tls",
- "async-std",
- "async-trait",
- "async_executors",
- "asynchronous-codec",
- "coarsetime",
- "derive_more 2.1.1",
- "dyn-clone",
- "educe",
- "futures",
- "futures-rustls 0.26.0",
- "hex",
- "libc",
- "native-tls",
- "paste",
- "pin-project",
- "rustls-pki-types",
- "rustls-webpki 0.103.9",
- "thiserror 2.0.17",
- "tokio",
- "tokio-util",
- "tor-error",
- "tor-general-addr",
- "tracing",
- "void",
-]
-
-[[package]]
-name = "tor-rtmock"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "assert_matches",
- "async-trait",
- "derive-deftly",
- "derive_more 2.1.1",
- "educe",
- "futures",
- "humantime",
- "itertools 0.14.0",
- "oneshot-fused-workaround",
- "pin-project",
- "priority-queue",
- "slotmap-careful",
- "strum",
- "thiserror 2.0.17",
- "tor-error",
- "tor-general-addr",
- "tor-rtcompat",
- "tracing",
- "tracing-test",
- "void",
-]
-
-[[package]]
-name = "tor-socksproto"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "amplify",
- "caret",
- "derive-deftly",
- "educe",
- "safelog",
- "subtle",
- "thiserror 2.0.17",
- "tor-bytes",
- "tor-error",
-]
-
-[[package]]
-name = "tor-units"
-version = "0.33.0"
-source = "git+https://github.com/Start9Labs/arti.git?branch=patch%2Fdisable-exit#24730694701a83432d791d80802db8bda0699700"
-dependencies = [
- "derive-deftly",
- "derive_more 2.1.1",
- "serde",
- "thiserror 2.0.17",
- "tor-memquota",
-]
-
-[[package]]
-name = "torut"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99febc413f26cf855b3a309c5872edff5c31e0ffe9c2fce5681868761df36f69"
-dependencies = [
- "base32 0.4.0",
- "base64 0.13.1",
- "derive_more 0.99.20",
- "ed25519-dalek 1.0.1",
- "hex",
- "hmac 0.11.0",
- "rand 0.7.3",
- "serde",
- "serde_derive",
- "sha2 0.9.9",
- "sha3 0.9.1",
- "tokio",
-]
-
 [[package]]
 name = "tower"
 version = "0.5.3"
@@ -9786,27 +7318,6 @@ dependencies = [
  "tracing-log",
 ]
 
-[[package]]
-name = "tracing-test"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "557b891436fe0d5e0e363427fc7f217abf9ccd510d5136549847bdcbcd011d68"
-dependencies = [
- "tracing-core",
- "tracing-subscriber",
- "tracing-test-macro",
-]
-
-[[package]]
-name = "tracing-test-macro"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04659ddb06c87d233c566112c1c9c5b9e98256d9af50ec3bc9c8327f873a7568"
-dependencies = [
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "triomphe"
 version = "0.1.15"
@@ -9902,16 +7413,6 @@ dependencies = [
  "syn 2.0.114",
 ]
 
-[[package]]
-name = "typed-index-collections"
-version = "3.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5318ee4ce62a4e948a33915574021a7a953d83e84fba6e25c72ffcfd7dad35ff"
-dependencies = [
- "bincode 2.0.1",
- "serde",
-]
-
 [[package]]
 name = "typenum"
 version = "1.19.0"
@@ -9941,15 +7442,6 @@ version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94"
 
-[[package]]
-name = "uncased"
-version = "0.9.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1b88fcfe09e89d3866a5c11019378088af2d24c3fbd4f0543f96b479ec90697"
-dependencies = [
- "version_check",
-]
-
 [[package]]
 name = "unicase"
 version = "2.9.0"
@@ -10086,12 +7578,6 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
 
-[[package]]
-name = "value-bag"
-version = "1.12.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ba6f5989077681266825251a52748b8c1d8a4ad098cc37e440103d0ea717fc0"
-
 [[package]]
 name = "vcpkg"
 version = "0.2.15"
@@ -10110,17 +7596,6 @@ version = "0.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1"
 
-[[package]]
-name = "visibility"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d674d135b4a8c1d7e813e2f8d1c9a58308aee4a680323066025e53132218bd91"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "visit-rs"
 version = "0.1.9"
@@ -10144,12 +7619,6 @@ dependencies = [
  "syn 2.0.114",
 ]
 
-[[package]]
-name = "void"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"
-
 [[package]]
 name = "vte"
 version = "0.14.1"
@@ -10214,15 +7683,6 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
 
-[[package]]
-name = "wasix"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1757e0d1f8456693c7e5c6c629bdb54884e032aa0bb53c155f6a39f94440d332"
-dependencies = [
- "wasi 0.11.1+wasi-snapshot-preview1",
-]
-
 [[package]]
 name = "wasm-bindgen"
 version = "0.2.108"
@@ -10302,7 +7762,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f3b068c05a039c9f755f881dc50f01732214f5685e379829759088967c46715"
 dependencies = [
  "bitflags 1.3.2",
- "downcast-rs 1.2.1",
+ "downcast-rs",
  "libc",
  "nix 0.24.3",
  "scoped-tls",
@@ -10368,12 +7828,6 @@ dependencies = [
  "pkg-config",
 ]
 
-[[package]]
-name = "weak-table"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "323f4da9523e9a669e1eaf9c6e763892769b1d38c623913647bfdc1532fe4549"
-
 [[package]]
 name = "web-sys"
 version = "0.3.85"
@@ -10489,41 +7943,6 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
-[[package]]
-name = "windows"
-version = "0.61.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9babd3a767a4c1aef6900409f85f5d53ce2544ccdfaa86dad48c91782c6d6893"
-dependencies = [
- "windows-collections",
- "windows-core 0.61.2",
- "windows-future",
- "windows-link 0.1.3",
- "windows-numerics",
-]
-
-[[package]]
-name = "windows-collections"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3beeceb5e5cfd9eb1d76b381630e82c4241ccd0d27f1a39ed41b2760b255c5e8"
-dependencies = [
- "windows-core 0.61.2",
-]
-
-[[package]]
-name = "windows-core"
-version = "0.61.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0fdd3ddb90610c7638aa2b3a3ab2904fb9e5cdbecc643ddb3647212781c4ae3"
-dependencies = [
- "windows-implement",
- "windows-interface",
- "windows-link 0.1.3",
- "windows-result 0.3.4",
- "windows-strings 0.4.2",
-]
-
 [[package]]
 name = "windows-core"
 version = "0.62.2"
@@ -10532,20 +7951,9 @@ checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb"
 dependencies = [
  "windows-implement",
  "windows-interface",
- "windows-link 0.2.1",
- "windows-result 0.4.1",
- "windows-strings 0.5.1",
-]
-
-[[package]]
-name = "windows-future"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fc6a41e98427b19fe4b73c550f060b59fa592d7d686537eebf9385621bfbad8e"
-dependencies = [
- "windows-core 0.61.2",
- "windows-link 0.1.3",
- "windows-threading",
+ "windows-link",
+ "windows-result",
+ "windows-strings",
 ]
 
 [[package]]
@@ -10570,46 +7978,21 @@ dependencies = [
  "syn 2.0.114",
 ]
 
-[[package]]
-name = "windows-link"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"
-
 [[package]]
 name = "windows-link"
 version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
 
-[[package]]
-name = "windows-numerics"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9150af68066c4c5c07ddc0ce30421554771e528bde427614c61038bc2c92c2b1"
-dependencies = [
- "windows-core 0.61.2",
- "windows-link 0.1.3",
-]
-
 [[package]]
 name = "windows-registry"
 version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "02752bf7fbdcce7f2a27a742f798510f3e5ad88dbe84871e5168e2120c3d5720"
 dependencies = [
- "windows-link 0.2.1",
- "windows-result 0.4.1",
- "windows-strings 0.5.1",
-]
-
-[[package]]
-name = "windows-result"
-version = "0.3.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56f42bd332cc6c8eac5af113fc0c1fd6a8fd2aa08a0119358686e5160d0586c6"
-dependencies = [
- "windows-link 0.1.3",
+ "windows-link",
+ "windows-result",
+ "windows-strings",
 ]
 
 [[package]]
@@ -10618,16 +8001,7 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5"
 dependencies = [
- "windows-link 0.2.1",
-]
-
-[[package]]
-name = "windows-strings"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56e6c93f3a0c3b36176cb1327a4958a0353d5d166c2a35cb268ace15e91d3b57"
-dependencies = [
- "windows-link 0.1.3",
+ "windows-link",
 ]
 
 [[package]]
@@ -10636,7 +8010,7 @@ version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091"
 dependencies = [
- "windows-link 0.2.1",
+ "windows-link",
 ]
 
 [[package]]
@@ -10690,7 +8064,7 @@ version = "0.61.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
 dependencies = [
- "windows-link 0.2.1",
+ "windows-link",
 ]
 
 [[package]]
@@ -10745,7 +8119,7 @@ version = "0.53.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3"
 dependencies = [
- "windows-link 0.2.1",
+ "windows-link",
  "windows_aarch64_gnullvm 0.53.1",
  "windows_aarch64_msvc 0.53.1",
  "windows_i686_gnu 0.53.1",
@@ -10756,15 +8130,6 @@ dependencies = [
  "windows_x86_64_msvc 0.53.1",
 ]
 
-[[package]]
-name = "windows-threading"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b66463ad2e0ea3bbf808b7f1d371311c80e115c0b71d60efc142cafbcfb057a6"
-dependencies = [
- "windows-link 0.1.3",
-]
-
 [[package]]
 name = "windows_aarch64_gnullvm"
 version = "0.42.2"
@@ -11049,9 +8414,9 @@ version = "0.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fcbc162f30700d6f3f82a24bf7cc62ffe7caea42c0b2cba8bf7f3ae50cf51f69"
 dependencies = [
- "asn1-rs 0.6.2",
+ "asn1-rs",
  "data-encoding",
- "der-parser 9.0.0",
+ "der-parser",
  "lazy_static",
  "nom 7.1.3",
  "oid-registry",
@@ -11309,7 +8674,6 @@ version = "0.11.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6c28719294829477f525be0186d13efa9a3c602f7ec202ca9e353d310fb9a002"
 dependencies = [
- "serde",
  "yoke",
  "zerofrom",
  "zerovec-derive",
diff --git a/core/Cargo.toml b/core/Cargo.toml
index 0256ac433..9937dfaa1 100644
--- a/core/Cargo.toml
+++ b/core/Cargo.toml
@@ -15,7 +15,7 @@ license = "MIT"
 name = "start-os"
 readme = "README.md"
 repository = "https://github.com/Start9Labs/start-os"
-version = "0.4.0-alpha.19" # VERSION_BUMP
+version = "0.4.0-alpha.20" # VERSION_BUMP
 
 [lib]
 name = "startos"
@@ -42,17 +42,6 @@ name = "tunnelbox"
 path = "src/main/tunnelbox.rs"
 
 [features]
-arti = [
-  "arti-client",
-  "safelog",
-  "tor-cell",
-  "tor-hscrypto",
-  "tor-hsservice",
-  "tor-keymgr",
-  "tor-llcrypto",
-  "tor-proto",
-  "tor-rtcompat",
-]
 beta = []
 console = ["console-subscriber", "tokio/tracing"]
 default = []
@@ -62,16 +51,6 @@ unstable = ["backtrace-on-stack-overflow"]
 
 [dependencies]
 aes = { version = "0.7.5", features = ["ctr"] }
-arti-client = { version = "0.33", features = [
-  "compression",
-  "ephemeral-keystore",
-  "experimental-api",
-  "onion-service-client",
-  "onion-service-service",
-  "rustls",
-  "static",
-  "tokio",
-], default-features = false, git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
 async-acme = { version = "0.6.0", git = "https://github.com/dr-bonez/async-acme.git", features = [
   "use_rustls",
   "use_tokio",
@@ -100,7 +79,6 @@ console-subscriber = { version = "0.5.0", optional = true }
 const_format = "0.2.34"
 cookie = "0.18.0"
 cookie_store = "0.22.0"
-curve25519-dalek = "4.1.3"
 der = { version = "0.7.9", features = ["derive", "pem"] }
 digest = "0.10.7"
 divrem = "1.0.0"
@@ -216,7 +194,6 @@ rpassword = "7.2.0"
 rust-argon2 = "3.0.0"
 rust-i18n = "3.1.5"
 rpc-toolkit = { git = "https://github.com/Start9Labs/rpc-toolkit.git" }
-safelog = { version = "0.4.8", git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
 semver = { version = "1.0.20", features = ["serde"] }
 serde = { version = "1.0", features = ["derive", "rc"] }
 serde_cbor = { package = "ciborium", version = "0.2.1" }
@@ -244,23 +221,6 @@ tokio-stream = { version = "0.1.14", features = ["io-util", "net", "sync"] }
 tokio-tar = { git = "https://github.com/dr-bonez/tokio-tar.git" }
 tokio-tungstenite = { version = "0.26.2", features = ["native-tls", "url"] }
 tokio-util = { version = "0.7.9", features = ["io"] }
-tor-cell = { version = "0.33", git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
-tor-hscrypto = { version = "0.33", features = [
-  "full",
-], git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
-tor-hsservice = { version = "0.33", git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
-tor-keymgr = { version = "0.33", features = [
-  "ephemeral-keystore",
-], git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
-tor-llcrypto = { version = "0.33", features = [
-  "full",
-], git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
-tor-proto = { version = "0.33", git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
-tor-rtcompat = { version = "0.33", features = [
-  "rustls",
-  "tokio",
-], git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
-torut = "0.2.1"
 tower-service = "0.3.3"
 tracing = "0.1.39"
 tracing-error = "0.2.0"
diff --git a/core/src/account.rs b/core/src/account.rs
index d583c95f7..2216fc361 100644
--- a/core/src/account.rs
+++ b/core/src/account.rs
@@ -8,7 +8,6 @@ use openssl::x509::X509;
 use crate::db::model::DatabaseModel;
 use crate::hostname::{Hostname, generate_hostname, generate_id};
 use crate::net::ssl::{gen_nistp256, make_root_cert};
-use crate::net::tor::TorSecretKey;
 use crate::prelude::*;
 use crate::util::serde::Pem;
 
@@ -26,7 +25,6 @@ pub struct AccountInfo {
     pub server_id: String,
     pub hostname: Hostname,
     pub password: String,
-    pub tor_keys: Vec<TorSecretKey>,
     pub root_ca_key: PKey<Private>,
     pub root_ca_cert: X509,
     pub ssh_key: ssh_key::PrivateKey,
@@ -36,7 +34,6 @@ impl AccountInfo {
     pub fn new(password: &str, start_time: SystemTime) -> Result<Self, Error> {
         let server_id = generate_id();
         let hostname = generate_hostname();
-        let tor_key = vec![TorSecretKey::generate()];
         let root_ca_key = gen_nistp256()?;
         let root_ca_cert = make_root_cert(&root_ca_key, &hostname, start_time)?;
         let ssh_key = ssh_key::PrivateKey::from(ssh_key::private::Ed25519Keypair::random(
@@ -48,7 +45,6 @@ impl AccountInfo {
             server_id,
             hostname,
             password: hash_password(password)?,
-            tor_keys: tor_key,
             root_ca_key,
             root_ca_cert,
             ssh_key,
@@ -61,17 +57,6 @@ impl AccountInfo {
         let hostname = Hostname(db.as_public().as_server_info().as_hostname().de()?);
         let password = db.as_private().as_password().de()?;
         let key_store = db.as_private().as_key_store();
-        let tor_addrs = db
-            .as_public()
-            .as_server_info()
-            .as_network()
-            .as_host()
-            .as_onions()
-            .de()?;
-        let tor_keys = tor_addrs
-            .into_iter()
-            .map(|tor_addr| key_store.as_onion().get_key(&tor_addr))
-            .collect::<Result<_, _>>()?;
         let cert_store = key_store.as_local_certs();
         let root_ca_key = cert_store.as_root_key().de()?.0;
         let root_ca_cert = cert_store.as_root_cert().de()?.0;
@@ -82,7 +67,6 @@ impl AccountInfo {
             server_id,
             hostname,
             password,
-            tor_keys,
             root_ca_key,
             root_ca_cert,
             ssh_key,
@@ -97,17 +81,6 @@ impl AccountInfo {
         server_info
             .as_pubkey_mut()
             .ser(&self.ssh_key.public_key().to_openssh()?)?;
-        server_info
-            .as_network_mut()
-            .as_host_mut()
-            .as_onions_mut()
-            .ser(
-                &self
-                    .tor_keys
-                    .iter()
-                    .map(|tor_key| tor_key.onion_address())
-                    .collect(),
-            )?;
         server_info.as_password_hash_mut().ser(&self.password)?;
         db.as_private_mut().as_password_mut().ser(&self.password)?;
         db.as_private_mut()
@@ -117,9 +90,6 @@ impl AccountInfo {
             .as_developer_key_mut()
             .ser(Pem::new_ref(&self.developer_key))?;
         let key_store = db.as_private_mut().as_key_store_mut();
-        for tor_key in &self.tor_keys {
-            key_store.as_onion_mut().insert_key(tor_key)?;
-        }
         let cert_store = key_store.as_local_certs_mut();
         if cert_store.as_root_cert().de()?.0 != self.root_ca_cert {
             cert_store
@@ -148,11 +118,5 @@ impl AccountInfo {
             self.hostname.no_dot_host_name(),
             self.hostname.local_domain_name(),
         ]
-        .into_iter()
-        .chain(
-            self.tor_keys
-                .iter()
-                .map(|k| InternedString::from_display(&k.onion_address())),
-        )
     }
 }
diff --git a/core/src/backup/os.rs b/core/src/backup/os.rs
index 380772b77..8837f72f0 100644
--- a/core/src/backup/os.rs
+++ b/core/src/backup/os.rs
@@ -7,9 +7,7 @@ use ssh_key::private::Ed25519Keypair;
 
 use crate::account::AccountInfo;
 use crate::hostname::{Hostname, generate_hostname, generate_id};
-use crate::net::tor::TorSecretKey;
 use crate::prelude::*;
-use crate::util::crypto::ed25519_expand_key;
 use crate::util::serde::{Base32, Base64, Pem};
 
 pub struct OsBackup {
@@ -85,10 +83,6 @@ impl OsBackupV0 {
                     &mut ssh_key::rand_core::OsRng::default(),
                     ssh_key::Algorithm::Ed25519,
                 )?,
-                tor_keys: TorSecretKey::from_bytes(self.tor_key.0)
-                    .ok()
-                    .into_iter()
-                    .collect(),
                 developer_key: ed25519_dalek::SigningKey::generate(
                     &mut ssh_key::rand_core::OsRng::default(),
                 ),
@@ -119,10 +113,6 @@ impl OsBackupV1 {
                 root_ca_key: self.root_ca_key.0,
                 root_ca_cert: self.root_ca_cert.0,
                 ssh_key: ssh_key::PrivateKey::from(Ed25519Keypair::from_seed(&self.net_key.0)),
-                tor_keys: TorSecretKey::from_bytes(ed25519_expand_key(&self.net_key.0))
-                    .ok()
-                    .into_iter()
-                    .collect(),
                 developer_key: ed25519_dalek::SigningKey::from_bytes(&self.net_key),
             },
             ui: self.ui,
@@ -140,7 +130,6 @@ struct OsBackupV2 {
     root_ca_key: Pem<PKey<Private>>,                 // PEM Encoded OpenSSL Key
     root_ca_cert: Pem<X509>,                         // PEM Encoded OpenSSL X509 Certificate
     ssh_key: Pem<ssh_key::PrivateKey>,               // PEM Encoded OpenSSH Key
-    tor_keys: Vec<TorSecretKey>,                     // Base64 Encoded Ed25519 Expanded Secret Key
     compat_s9pk_key: Pem<ed25519_dalek::SigningKey>, // PEM Encoded ED25519 Key
     ui: Value,                                       // JSON Value
 }
@@ -154,7 +143,6 @@ impl OsBackupV2 {
                 root_ca_key: self.root_ca_key.0,
                 root_ca_cert: self.root_ca_cert.0,
                 ssh_key: self.ssh_key.0,
-                tor_keys: self.tor_keys,
                 developer_key: self.compat_s9pk_key.0,
             },
             ui: self.ui,
@@ -167,7 +155,6 @@ impl OsBackupV2 {
             root_ca_key: Pem(backup.account.root_ca_key.clone()),
             root_ca_cert: Pem(backup.account.root_ca_cert.clone()),
             ssh_key: Pem(backup.account.ssh_key.clone()),
-            tor_keys: backup.account.tor_keys.clone(),
             compat_s9pk_key: Pem(backup.account.developer_key.clone()),
             ui: backup.ui.clone(),
         }
diff --git a/core/src/db/model/public.rs b/core/src/db/model/public.rs
index 20c5bc390..d038577a6 100644
--- a/core/src/db/model/public.rs
+++ b/core/src/db/model/public.rs
@@ -89,7 +89,6 @@ impl Public {
                         )]
                         .into_iter()
                         .collect(),
-                        onions: account.tor_keys.iter().map(|k| k.onion_address()).collect(),
                         public_domains: BTreeMap::new(),
                         private_domains: BTreeSet::new(),
                         hostname_info: BTreeMap::new(),
diff --git a/core/src/error.rs b/core/src/error.rs
index dba631303..0624be4dc 100644
--- a/core/src/error.rs
+++ b/core/src/error.rs
@@ -42,11 +42,11 @@ pub enum ErrorKind {
     ParseUrl = 19,
     DiskNotAvailable = 20,
     BlockDevice = 21,
-    InvalidOnionAddress = 22,
+    // InvalidOnionAddress = 22,
     Pack = 23,
     ValidateS9pk = 24,
     DiskCorrupted = 25, // Remove
-    Tor = 26,
+    // Tor = 26,
     ConfigGen = 27,
     ParseNumber = 28,
     Database = 29,
@@ -126,11 +126,11 @@ impl ErrorKind {
             ParseUrl => t!("error.parse-url"),
             DiskNotAvailable => t!("error.disk-not-available"),
             BlockDevice => t!("error.block-device"),
-            InvalidOnionAddress => t!("error.invalid-onion-address"),
+            // InvalidOnionAddress => t!("error.invalid-onion-address"),
             Pack => t!("error.pack"),
             ValidateS9pk => t!("error.validate-s9pk"),
             DiskCorrupted => t!("error.disk-corrupted"), // Remove
-            Tor => t!("error.tor"),
+            // Tor => t!("error.tor"),
             ConfigGen => t!("error.config-gen"),
             ParseNumber => t!("error.parse-number"),
             Database => t!("error.database"),
@@ -370,17 +370,6 @@ impl From<reqwest::Error> for Error {
         Error::new(e, kind)
     }
 }
-#[cfg(feature = "arti")]
-impl From<arti_client::Error> for Error {
-    fn from(e: arti_client::Error) -> Self {
-        Error::new(e, ErrorKind::Tor)
-    }
-}
-impl From<torut::control::ConnError> for Error {
-    fn from(e: torut::control::ConnError) -> Self {
-        Error::new(e, ErrorKind::Tor)
-    }
-}
 impl From<zbus::Error> for Error {
     fn from(e: zbus::Error) -> Self {
         Error::new(e, ErrorKind::DBus)
diff --git a/core/src/net/host/address.rs b/core/src/net/host/address.rs
index 9c60ababe..59f74fdb8 100644
--- a/core/src/net/host/address.rs
+++ b/core/src/net/host/address.rs
@@ -12,7 +12,6 @@ use crate::context::{CliContext, RpcContext};
 use crate::db::model::DatabaseModel;
 use crate::net::acme::AcmeProvider;
 use crate::net::host::{HostApiKind, all_hosts};
-use crate::net::tor::OnionAddress;
 use crate::prelude::*;
 use crate::util::serde::{HandlerExtSerde, display_serializable};
 
@@ -21,9 +20,6 @@ use crate::util::serde::{HandlerExtSerde, display_serializable};
 #[serde(rename_all_fields = "camelCase")]
 #[serde(tag = "kind")]
 pub enum HostAddress {
-    Onion {
-        address: OnionAddress,
-    },
     Domain {
         address: InternedString,
         public: Option<PublicDomainConfig>,
@@ -38,18 +34,7 @@ pub struct PublicDomainConfig {
 }
 
 fn handle_duplicates(db: &mut DatabaseModel) -> Result<(), Error> {
-    let mut onions = BTreeSet::<OnionAddress>::new();
     let mut domains = BTreeSet::<InternedString>::new();
-    let check_onion = |onions: &mut BTreeSet<OnionAddress>, onion: OnionAddress| {
-        if onions.contains(&onion) {
-            return Err(Error::new(
-                eyre!("onion address {onion} is already in use"),
-                ErrorKind::InvalidRequest,
-            ));
-        }
-        onions.insert(onion);
-        Ok(())
-    };
     let check_domain = |domains: &mut BTreeSet<InternedString>, domain: InternedString| {
         if domains.contains(&domain) {
             return Err(Error::new(
@@ -68,9 +53,6 @@ fn handle_duplicates(db: &mut DatabaseModel) -> Result<(), Error> {
             not_in_use.push(host);
             continue;
         }
-        for onion in host.as_onions().de()? {
-            check_onion(&mut onions, onion)?;
-        }
         let public = host.as_public_domains().keys()?;
         for domain in &public {
             check_domain(&mut domains, domain.clone())?;
@@ -82,16 +64,11 @@ fn handle_duplicates(db: &mut DatabaseModel) -> Result<(), Error> {
         }
     }
     for host in not_in_use {
-        host.as_onions_mut()
-            .mutate(|o| Ok(o.retain(|o| !onions.contains(o))))?;
         host.as_public_domains_mut()
             .mutate(|d| Ok(d.retain(|d, _| !domains.contains(d))))?;
         host.as_private_domains_mut()
             .mutate(|d| Ok(d.retain(|d| !domains.contains(d))))?;
 
-        for onion in host.as_onions().de()? {
-            check_onion(&mut onions, onion)?;
-        }
         let public = host.as_public_domains().keys()?;
         for domain in &public {
             check_domain(&mut domains, domain.clone())?;
@@ -159,29 +136,6 @@ pub fn address_api<C: Context, Kind: HostApiKind>()
                 )
                 .with_inherited(Kind::inheritance),
         )
-        .subcommand(
-            "onion",
-            ParentHandler::<C, Empty, Kind::Inheritance>::new()
-                .subcommand(
-                    "add",
-                    from_fn_async(add_onion::<Kind>)
-                        .with_metadata("sync_db", Value::Bool(true))
-                        .with_inherited(|_, a| a)
-                        .no_display()
-                        .with_about("about.add-address-to-host")
-                        .with_call_remote::<CliContext>(),
-                )
-                .subcommand(
-                    "remove",
-                    from_fn_async(remove_onion::<Kind>)
-                        .with_metadata("sync_db", Value::Bool(true))
-                        .with_inherited(|_, a| a)
-                        .no_display()
-                        .with_about("about.remove-address-from-host")
-                        .with_call_remote::<CliContext>(),
-                )
-                .with_inherited(Kind::inheritance),
-        )
         .subcommand(
             "list",
             from_fn_async(list_addresses::<Kind>)
@@ -199,9 +153,6 @@ pub fn address_api<C: Context, Kind: HostApiKind>()
                     table.add_row(row![bc => "ADDRESS", "PUBLIC", "ACME PROVIDER"]);
                     for address in &res {
                         match address {
-                            HostAddress::Onion { address } => {
-                                table.add_row(row![address, true, "N/A"]);
-                            }
                             HostAddress::Domain {
                                 address,
                                 public: Some(PublicDomainConfig { gateway, acme }),
@@ -351,55 +302,6 @@ pub async fn remove_private_domain<Kind: HostApiKind>(
     Ok(())
 }
 
-#[derive(Deserialize, Serialize, Parser)]
-pub struct OnionParams {
-    #[arg(help = "help.arg.onion-address")]
-    pub onion: String,
-}
-
-pub async fn add_onion<Kind: HostApiKind>(
-    ctx: RpcContext,
-    OnionParams { onion }: OnionParams,
-    inheritance: Kind::Inheritance,
-) -> Result<(), Error> {
-    let onion = onion.parse::<OnionAddress>()?;
-    ctx.db
-        .mutate(|db| {
-            db.as_private().as_key_store().as_onion().get_key(&onion)?;
-
-            Kind::host_for(&inheritance, db)?
-                .as_onions_mut()
-                .mutate(|a| Ok(a.insert(onion)))?;
-            handle_duplicates(db)
-        })
-        .await
-        .result?;
-
-    Kind::sync_host(&ctx, inheritance).await?;
-
-    Ok(())
-}
-
-pub async fn remove_onion<Kind: HostApiKind>(
-    ctx: RpcContext,
-    OnionParams { onion }: OnionParams,
-    inheritance: Kind::Inheritance,
-) -> Result<(), Error> {
-    let onion = onion.parse::<OnionAddress>()?;
-    ctx.db
-        .mutate(|db| {
-            Kind::host_for(&inheritance, db)?
-                .as_onions_mut()
-                .mutate(|a| Ok(a.remove(&onion)))
-        })
-        .await
-        .result?;
-
-    Kind::sync_host(&ctx, inheritance).await?;
-
-    Ok(())
-}
-
 pub async fn list_addresses<Kind: HostApiKind>(
     ctx: RpcContext,
     _: Empty,
diff --git a/core/src/net/host/mod.rs b/core/src/net/host/mod.rs
index 620991ca7..6fdd65d92 100644
--- a/core/src/net/host/mod.rs
+++ b/core/src/net/host/mod.rs
@@ -15,7 +15,6 @@ use crate::net::forward::AvailablePorts;
 use crate::net::host::address::{HostAddress, PublicDomainConfig, address_api};
 use crate::net::host::binding::{BindInfo, BindOptions, binding};
 use crate::net::service_interface::HostnameInfo;
-use crate::net::tor::OnionAddress;
 use crate::prelude::*;
 use crate::{HostId, PackageId};
 
@@ -28,8 +27,6 @@ pub mod binding;
 #[ts(export)]
 pub struct Host {
     pub bindings: BTreeMap<u16, BindInfo>,
-    #[ts(type = "string[]")]
-    pub onions: BTreeSet<OnionAddress>,
     pub public_domains: BTreeMap<InternedString, PublicDomainConfig>,
     pub private_domains: BTreeSet<InternedString>,
     /// COMPUTED: NetService::update
@@ -46,19 +43,13 @@ impl Host {
         Self::default()
     }
     pub fn addresses<'a>(&'a self) -> impl Iterator<Item = HostAddress> + 'a {
-        self.onions
+        self.public_domains
             .iter()
-            .cloned()
-            .map(|address| HostAddress::Onion { address })
-            .chain(
-                self.public_domains
-                    .iter()
-                    .map(|(address, config)| HostAddress::Domain {
-                        address: address.clone(),
-                        public: Some(config.clone()),
-                        private: self.private_domains.contains(address),
-                    }),
-            )
+            .map(|(address, config)| HostAddress::Domain {
+                address: address.clone(),
+                public: Some(config.clone()),
+                private: self.private_domains.contains(address),
+            })
             .chain(
                 self.private_domains
                     .iter()
@@ -112,22 +103,7 @@ pub fn host_for<'a>(
                 .as_hosts_mut(),
         )
     }
-    let tor_key = if host_info(db, package_id)?.as_idx(host_id).is_none() {
-        Some(
-            db.as_private_mut()
-                .as_key_store_mut()
-                .as_onion_mut()
-                .new_key()?,
-        )
-    } else {
-        None
-    };
-    host_info(db, package_id)?.upsert(host_id, || {
-        let mut h = Host::new();
-        h.onions
-            .insert(tor_key.or_not_found("generated tor key")?.onion_address());
-        Ok(h)
-    })
+    host_info(db, package_id)?.upsert(host_id, || Ok(Host::new()))
 }
 
 pub fn all_hosts(db: &mut DatabaseModel) -> impl Iterator<Item = Result<&mut Model<Host>, Error>> {
diff --git a/core/src/net/keys.rs b/core/src/net/keys.rs
index 41e96eedd..077f56875 100644
--- a/core/src/net/keys.rs
+++ b/core/src/net/keys.rs
@@ -3,28 +3,21 @@ use serde::{Deserialize, Serialize};
 use crate::account::AccountInfo;
 use crate::net::acme::AcmeCertStore;
 use crate::net::ssl::CertStore;
-use crate::net::tor::OnionStore;
 use crate::prelude::*;
 
 #[derive(Debug, Deserialize, Serialize, HasModel)]
 #[model = "Model<Self>"]
 #[serde(rename_all = "camelCase")]
 pub struct KeyStore {
-    pub onion: OnionStore,
     pub local_certs: CertStore,
     #[serde(default)]
     pub acme: AcmeCertStore,
 }
 impl KeyStore {
     pub fn new(account: &AccountInfo) -> Result<Self, Error> {
-        let mut res = Self {
-            onion: OnionStore::new(),
+        Ok(Self {
             local_certs: CertStore::new(account)?,
             acme: AcmeCertStore::new(),
-        };
-        for tor_key in account.tor_keys.iter().cloned() {
-            res.onion.insert(tor_key);
-        }
-        Ok(res)
+        })
     }
 }
diff --git a/core/src/net/mod.rs b/core/src/net/mod.rs
index f30c1383b..f199b3194 100644
--- a/core/src/net/mod.rs
+++ b/core/src/net/mod.rs
@@ -14,7 +14,6 @@ pub mod socks;
 pub mod ssl;
 pub mod static_server;
 pub mod tls;
-pub mod tor;
 pub mod tunnel;
 pub mod utils;
 pub mod vhost;
@@ -23,7 +22,6 @@ pub mod wifi;
 
 pub fn net_api<C: Context>() -> ParentHandler<C> {
     ParentHandler::new()
-        .subcommand("tor", tor::tor_api::<C>().with_about("about.tor-commands"))
         .subcommand(
             "acme",
             acme::acme_api::<C>().with_about("about.setup-acme-certificate"),
diff --git a/core/src/net/net_controller.rs b/core/src/net/net_controller.rs
index dc46fde33..b1c6e0a6a 100644
--- a/core/src/net/net_controller.rs
+++ b/core/src/net/net_controller.rs
@@ -3,7 +3,7 @@ use std::net::{IpAddr, Ipv4Addr, SocketAddr, SocketAddrV4};
 use std::sync::{Arc, Weak};
 
 use color_eyre::eyre::eyre;
-use imbl::{OrdMap, vector};
+use imbl::vector;
 use imbl_value::InternedString;
 use ipnet::IpNet;
 use tokio::sync::Mutex;
@@ -19,24 +19,22 @@ use crate::net::dns::DnsController;
 use crate::net::forward::{InterfacePortForwardController, START9_BRIDGE_IFACE, add_iptables_rule};
 use crate::net::gateway::{
     AndFilter, DynInterfaceFilter, IdFilter, InterfaceFilter, NetworkInterfaceController, OrFilter,
-    PublicFilter, SecureFilter, TypeFilter,
+    PublicFilter, SecureFilter,
 };
 use crate::net::host::address::HostAddress;
 use crate::net::host::binding::{AddSslOptions, BindId, BindOptions};
 use crate::net::host::{Host, Hosts, host_for};
-use crate::net::service_interface::{GatewayInfo, HostnameInfo, IpHostname, OnionHostname};
+use crate::net::service_interface::{GatewayInfo, HostnameInfo, IpHostname};
 use crate::net::socks::SocksController;
-use crate::net::tor::{OnionAddress, TorController, TorSecretKey};
 use crate::net::utils::ipv6_is_local;
 use crate::net::vhost::{AlpnInfo, DynVHostTarget, ProxyTarget, VHostController};
 use crate::prelude::*;
 use crate::service::effects::callbacks::ServiceCallbacks;
 use crate::util::serde::MaybeUtf8String;
-use crate::{GatewayId, HOST_IP, HostId, OptionExt, PackageId};
+use crate::{HOST_IP, HostId, OptionExt, PackageId};
 
 pub struct NetController {
     pub(crate) db: TypedPatchDb<Database>,
-    pub(super) tor: TorController,
     pub(super) vhost: VHostController,
     pub(super) tls_client_config: Arc<TlsClientConfig>,
     pub(crate) net_iface: Arc<NetworkInterfaceController>,
@@ -54,8 +52,7 @@ impl NetController {
         socks_listen: SocketAddr,
     ) -> Result<Self, Error> {
         let net_iface = Arc::new(NetworkInterfaceController::new(db.clone()));
-        let tor = TorController::new()?;
-        let socks = SocksController::new(socks_listen, tor.clone())?;
+        let socks = SocksController::new(socks_listen)?;
         let crypto_provider = Arc::new(tokio_rustls::rustls::crypto::ring::default_provider());
         let tls_client_config = Arc::new(crate::net::tls::client_config(
             crypto_provider.clone(),
@@ -87,7 +84,6 @@ impl NetController {
         .await?;
         Ok(Self {
             db: db.clone(),
-            tor,
             vhost: VHostController::new(db.clone(), net_iface.clone(), crypto_provider),
             tls_client_config,
             dns: DnsController::init(db, &net_iface.watcher).await?,
@@ -168,7 +164,6 @@ struct HostBinds {
     forwards: BTreeMap<u16, (SocketAddrV4, DynInterfaceFilter, Arc<()>)>,
     vhosts: BTreeMap<(Option<InternedString>, u16), (ProxyTarget, Arc<()>)>,
     private_dns: BTreeMap<InternedString, Arc<()>>,
-    tor: BTreeMap<OnionAddress, (OrdMap<u16, SocketAddr>, Vec<Arc<()>>)>,
 }
 
 pub struct NetServiceData {
@@ -260,8 +255,6 @@ impl NetServiceData {
         let mut forwards: BTreeMap<u16, (SocketAddrV4, DynInterfaceFilter)> = BTreeMap::new();
         let mut vhosts: BTreeMap<(Option<InternedString>, u16), ProxyTarget> = BTreeMap::new();
         let mut private_dns: BTreeSet<InternedString> = BTreeSet::new();
-        let mut tor: BTreeMap<OnionAddress, (TorSecretKey, OrdMap<u16, SocketAddr>)> =
-            BTreeMap::new();
         let mut hostname_info: BTreeMap<u16, Vec<HostnameInfo>> = BTreeMap::new();
         let binds = self.binds.entry(id.clone()).or_default();
 
@@ -308,29 +301,6 @@ impl NetServiceData {
                     }
                     for address in host.addresses() {
                         match address {
-                            HostAddress::Onion { address } => {
-                                let hostname = InternedString::from_display(&address);
-                                if hostnames.insert(hostname.clone()) {
-                                    vhosts.insert(
-                                        (Some(hostname), external),
-                                        ProxyTarget {
-                                            filter: OrFilter(
-                                                TypeFilter(NetworkInterfaceType::Loopback),
-                                                IdFilter(GatewayId::from(InternedString::from(
-                                                    START9_BRIDGE_IFACE,
-                                                ))),
-                                            )
-                                            .into_dyn(),
-                                            acme: None,
-                                            addr,
-                                            add_x_forwarded_headers: ssl.add_x_forwarded_headers,
-                                            connect_ssl: connect_ssl
-                                                .clone()
-                                                .map(|_| ctrl.tls_client_config.clone()),
-                                        },
-                                    ); // TODO: wrap onion ssl stream directly in tor ctrl
-                                }
-                            }
                             HostAddress::Domain {
                                 address,
                                 public,
@@ -615,66 +585,6 @@ impl NetServiceData {
             }
         }
 
-        struct TorHostnamePorts {
-            non_ssl: Option<u16>,
-            ssl: Option<u16>,
-        }
-        let mut tor_hostname_ports = BTreeMap::<u16, TorHostnamePorts>::new();
-        let mut tor_binds = OrdMap::<u16, SocketAddr>::new();
-        for (internal, info) in &host.bindings {
-            if !info.enabled {
-                continue;
-            }
-            tor_binds.insert(
-                info.options.preferred_external_port,
-                SocketAddr::from((self.ip, *internal)),
-            );
-            if let (Some(ssl), Some(ssl_internal)) =
-                (&info.options.add_ssl, info.net.assigned_ssl_port)
-            {
-                tor_binds.insert(
-                    ssl.preferred_external_port,
-                    SocketAddr::from(([127, 0, 0, 1], ssl_internal)),
-                );
-                tor_hostname_ports.insert(
-                    *internal,
-                    TorHostnamePorts {
-                        non_ssl: Some(info.options.preferred_external_port)
-                            .filter(|p| *p != ssl.preferred_external_port),
-                        ssl: Some(ssl.preferred_external_port),
-                    },
-                );
-            } else {
-                tor_hostname_ports.insert(
-                    *internal,
-                    TorHostnamePorts {
-                        non_ssl: Some(info.options.preferred_external_port),
-                        ssl: None,
-                    },
-                );
-            }
-        }
-
-        for tor_addr in host.onions.iter() {
-            let key = peek
-                .as_private()
-                .as_key_store()
-                .as_onion()
-                .get_key(tor_addr)?;
-            tor.insert(key.onion_address(), (key, tor_binds.clone()));
-            for (internal, ports) in &tor_hostname_ports {
-                let mut bind_hostname_info = hostname_info.remove(internal).unwrap_or_default();
-                bind_hostname_info.push(HostnameInfo::Onion {
-                    hostname: OnionHostname {
-                        value: InternedString::from_display(tor_addr),
-                        port: ports.non_ssl,
-                        ssl_port: ports.ssl,
-                    },
-                });
-                hostname_info.insert(*internal, bind_hostname_info);
-            }
-        }
-
         let all = binds
             .forwards
             .keys()
@@ -763,48 +673,9 @@ impl NetServiceData {
         }
         ctrl.dns.gc_private_domains(&rm)?;
 
-        let all = binds
-            .tor
-            .keys()
-            .chain(tor.keys())
-            .cloned()
-            .collect::<BTreeSet<_>>();
-        for onion in all {
-            let mut prev = binds.tor.remove(&onion);
-            if let Some((key, tor_binds)) = tor.remove(&onion).filter(|(_, b)| !b.is_empty()) {
-                prev = prev.filter(|(b, _)| b == &tor_binds);
-                binds.tor.insert(
-                    onion,
-                    if let Some(prev) = prev {
-                        prev
-                    } else {
-                        let service = ctrl.tor.service(key)?;
-                        let rcs = service.proxy_all(tor_binds.iter().map(|(k, v)| (*k, *v)));
-                        (tor_binds, rcs)
-                    },
-                );
-            } else {
-                if let Some((_, rc)) = prev {
-                    drop(rc);
-                    ctrl.tor.gc(Some(onion)).await?;
-                }
-            }
-        }
-
-        let res = ctrl
-            .db
-            .mutate(|db| {
-                host_for(db, self.id.as_ref(), &id)?
-                    .as_hostname_info_mut()
-                    .ser(&hostname_info)
-            })
-            .await;
-        res.result?;
         if let Some(pkg_id) = self.id.as_ref() {
-            if res.revision.is_some() {
-                if let Some(cbs) = ctrl.callbacks.get_host_info(&(pkg_id.clone(), id)) {
-                    cbs.call(vector![]).await?;
-                }
+            if let Some(cbs) = ctrl.callbacks.get_host_info(&(pkg_id.clone(), id)) {
+                cbs.call(vector![]).await?;
             }
         }
         Ok(())
diff --git a/core/src/net/service_interface.rs b/core/src/net/service_interface.rs
index 499e1a321..ca960e569 100644
--- a/core/src/net/service_interface.rs
+++ b/core/src/net/service_interface.rs
@@ -17,15 +17,11 @@ pub enum HostnameInfo {
         public: bool,
         hostname: IpHostname,
     },
-    Onion {
-        hostname: OnionHostname,
-    },
 }
 impl HostnameInfo {
     pub fn to_san_hostname(&self) -> InternedString {
         match self {
             Self::Ip { hostname, .. } => hostname.to_san_hostname(),
-            Self::Onion { hostname } => hostname.to_san_hostname(),
         }
     }
 }
@@ -39,21 +35,6 @@ pub struct GatewayInfo {
     pub public: bool,
 }
 
-#[derive(Clone, Debug, Deserialize, Serialize, TS)]
-#[ts(export)]
-#[serde(rename_all = "camelCase")]
-pub struct OnionHostname {
-    #[ts(type = "string")]
-    pub value: InternedString,
-    pub port: Option<u16>,
-    pub ssl_port: Option<u16>,
-}
-impl OnionHostname {
-    pub fn to_san_hostname(&self) -> InternedString {
-        self.value.clone()
-    }
-}
-
 #[derive(Clone, Debug, Deserialize, Serialize, TS)]
 #[ts(export)]
 #[serde(rename_all = "camelCase")]
diff --git a/core/src/net/socks.rs b/core/src/net/socks.rs
index 5d1be66f0..7f54a8010 100644
--- a/core/src/net/socks.rs
+++ b/core/src/net/socks.rs
@@ -8,7 +8,6 @@ use socks5_impl::server::{AuthAdaptor, ClientConnection, Server};
 use tokio::net::{TcpListener, TcpStream};
 
 use crate::HOST_IP;
-use crate::net::tor::TorController;
 use crate::prelude::*;
 use crate::util::actor::background::BackgroundJobQueue;
 use crate::util::future::NonDetachingJoinHandle;
@@ -22,7 +21,7 @@ pub struct SocksController {
     _thread: NonDetachingJoinHandle<()>,
 }
 impl SocksController {
-    pub fn new(listen: SocketAddr, tor: TorController) -> Result<Self, Error> {
+    pub fn new(listen: SocketAddr) -> Result<Self, Error> {
         Ok(Self {
             _thread: tokio::spawn(async move {
                 let auth: AuthAdaptor<()> = Arc::new(NoAuth);
@@ -45,7 +44,6 @@ impl SocksController {
                         loop {
                             match server.accept().await {
                                 Ok((stream, _)) => {
-                                    let tor = tor.clone();
                                     bg.add_job(async move {
                                         if let Err(e) = async {
                                             match stream
@@ -57,40 +55,6 @@ impl SocksController {
                                                 .await
                                                 .with_kind(ErrorKind::Network)?
                                             {
-                                                ClientConnection::Connect(
-                                                    reply,
-                                                    Address::DomainAddress(domain, port),
-                                                ) if domain.ends_with(".onion") => {
-                                                    if let Ok(mut target) = tor
-                                                        .connect_onion(&domain.parse()?, port)
-                                                        .await
-                                                    {
-                                                        let mut sock = reply
-                                                            .reply(
-                                                                Reply::Succeeded,
-                                                                Address::unspecified(),
-                                                            )
-                                                            .await
-                                                            .with_kind(ErrorKind::Network)?;
-                                                        tokio::io::copy_bidirectional(
-                                                            &mut sock,
-                                                            &mut target,
-                                                        )
-                                                        .await
-                                                        .with_kind(ErrorKind::Network)?;
-                                                    } else {
-                                                        let mut sock = reply
-                                                            .reply(
-                                                                Reply::HostUnreachable,
-                                                                Address::unspecified(),
-                                                            )
-                                                            .await
-                                                            .with_kind(ErrorKind::Network)?;
-                                                        sock.shutdown()
-                                                            .await
-                                                            .with_kind(ErrorKind::Network)?;
-                                                    }
-                                                }
                                                 ClientConnection::Connect(reply, addr) => {
                                                     if let Ok(mut target) = match addr {
                                                         Address::DomainAddress(domain, port) => {
diff --git a/core/src/net/tor/arti.rs b/core/src/net/tor/arti.rs
deleted file mode 100644
index c44d8d528..000000000
--- a/core/src/net/tor/arti.rs
+++ /dev/null
@@ -1,964 +0,0 @@
-use std::borrow::Cow;
-use std::collections::{BTreeMap, BTreeSet};
-use std::net::SocketAddr;
-use std::str::FromStr;
-use std::sync::{Arc, Weak};
-use std::time::{Duration, Instant};
-
-use arti_client::config::onion_service::OnionServiceConfigBuilder;
-use arti_client::{TorClient, TorClientConfig};
-use base64::Engine;
-use clap::Parser;
-use color_eyre::eyre::eyre;
-use futures::{FutureExt, StreamExt};
-use imbl_value::InternedString;
-use itertools::Itertools;
-use rpc_toolkit::{Context, Empty, HandlerExt, ParentHandler, from_fn_async};
-use serde::{Deserialize, Serialize};
-use tokio::io::{AsyncReadExt, AsyncWriteExt};
-use tokio::net::TcpStream;
-use tokio::sync::Notify;
-use tor_cell::relaycell::msg::Connected;
-use tor_hscrypto::pk::{HsId, HsIdKeypair};
-use tor_hsservice::status::State as ArtiOnionServiceState;
-use tor_hsservice::{HsNickname, RunningOnionService};
-use tor_keymgr::config::ArtiKeystoreKind;
-use tor_proto::client::stream::IncomingStreamRequest;
-use tor_rtcompat::tokio::TokioRustlsRuntime;
-use ts_rs::TS;
-
-use crate::context::{CliContext, RpcContext};
-use crate::prelude::*;
-use crate::util::actor::background::BackgroundJobQueue;
-use crate::util::future::{NonDetachingJoinHandle, Until};
-use crate::util::io::ReadWriter;
-use crate::util::serde::{
-    BASE64, Base64, HandlerExtSerde, WithIoFormat, deserialize_from_str, display_serializable,
-    serialize_display,
-};
-use crate::util::sync::{SyncMutex, SyncRwLock, Watch};
-
-const BOOTSTRAP_PROGRESS_TIMEOUT: Duration = Duration::from_secs(300);
-const HS_BOOTSTRAP_TIMEOUT: Duration = Duration::from_secs(300);
-const RETRY_COOLDOWN: Duration = Duration::from_secs(15);
-const HEALTH_CHECK_FAILURE_ALLOWANCE: usize = 5;
-const HEALTH_CHECK_COOLDOWN: Duration = Duration::from_secs(120);
-
-#[derive(Debug, Clone, Copy)]
-pub struct OnionAddress(pub HsId);
-impl std::fmt::Display for OnionAddress {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        safelog::DisplayRedacted::fmt_unredacted(&self.0, f)
-    }
-}
-impl FromStr for OnionAddress {
-    type Err = Error;
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        Ok(Self(
-            if s.ends_with(".onion") {
-                Cow::Borrowed(s)
-            } else {
-                Cow::Owned(format!("{s}.onion"))
-            }
-            .parse::<HsId>()
-            .with_kind(ErrorKind::Tor)?,
-        ))
-    }
-}
-impl Serialize for OnionAddress {
-    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
-    where
-        S: serde::Serializer,
-    {
-        serialize_display(self, serializer)
-    }
-}
-impl<'de> Deserialize<'de> for OnionAddress {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        deserialize_from_str(deserializer)
-    }
-}
-impl PartialEq for OnionAddress {
-    fn eq(&self, other: &Self) -> bool {
-        self.0.as_ref() == other.0.as_ref()
-    }
-}
-impl Eq for OnionAddress {}
-impl PartialOrd for OnionAddress {
-    fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
-        self.0.as_ref().partial_cmp(other.0.as_ref())
-    }
-}
-impl Ord for OnionAddress {
-    fn cmp(&self, other: &Self) -> std::cmp::Ordering {
-        self.0.as_ref().cmp(other.0.as_ref())
-    }
-}
-
-pub struct TorSecretKey(pub HsIdKeypair);
-impl TorSecretKey {
-    pub fn onion_address(&self) -> OnionAddress {
-        OnionAddress(HsId::from(self.0.as_ref().public().to_bytes()))
-    }
-    pub fn from_bytes(bytes: [u8; 64]) -> Result<Self, Error> {
-        Ok(Self(
-            tor_llcrypto::pk::ed25519::ExpandedKeypair::from_secret_key_bytes(bytes)
-                .ok_or_else(|| {
-                    Error::new(
-                        eyre!("{}", t!("net.tor.invalid-ed25519-key")),
-                        ErrorKind::Tor,
-                    )
-                })?
-                .into(),
-        ))
-    }
-    pub fn generate() -> Self {
-        Self(
-            tor_llcrypto::pk::ed25519::ExpandedKeypair::from(
-                &tor_llcrypto::pk::ed25519::Keypair::generate(&mut rand::rng()),
-            )
-            .into(),
-        )
-    }
-}
-impl Clone for TorSecretKey {
-    fn clone(&self) -> Self {
-        Self(HsIdKeypair::from(
-            tor_llcrypto::pk::ed25519::ExpandedKeypair::from_secret_key_bytes(
-                self.0.as_ref().to_secret_key_bytes(),
-            )
-            .unwrap(),
-        ))
-    }
-}
-impl std::fmt::Display for TorSecretKey {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(
-            f,
-            "{}",
-            BASE64.encode(self.0.as_ref().to_secret_key_bytes())
-        )
-    }
-}
-impl FromStr for TorSecretKey {
-    type Err = Error;
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        Self::from_bytes(Base64::<[u8; 64]>::from_str(s)?.0)
-    }
-}
-impl Serialize for TorSecretKey {
-    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
-    where
-        S: serde::Serializer,
-    {
-        serialize_display(self, serializer)
-    }
-}
-impl<'de> Deserialize<'de> for TorSecretKey {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        deserialize_from_str(deserializer)
-    }
-}
-
-#[derive(Default, Deserialize, Serialize)]
-pub struct OnionStore(BTreeMap<OnionAddress, TorSecretKey>);
-impl Map for OnionStore {
-    type Key = OnionAddress;
-    type Value = TorSecretKey;
-    fn key_str(key: &Self::Key) -> Result<impl AsRef<str>, Error> {
-        Self::key_string(key)
-    }
-    fn key_string(key: &Self::Key) -> Result<imbl_value::InternedString, Error> {
-        Ok(InternedString::from_display(key))
-    }
-}
-impl OnionStore {
-    pub fn new() -> Self {
-        Self::default()
-    }
-    pub fn insert(&mut self, key: TorSecretKey) {
-        self.0.insert(key.onion_address(), key);
-    }
-}
-impl Model<OnionStore> {
-    pub fn new_key(&mut self) -> Result<TorSecretKey, Error> {
-        let key = TorSecretKey::generate();
-        self.insert(&key.onion_address(), &key)?;
-        Ok(key)
-    }
-    pub fn insert_key(&mut self, key: &TorSecretKey) -> Result<(), Error> {
-        self.insert(&key.onion_address(), &key)
-    }
-    pub fn get_key(&self, address: &OnionAddress) -> Result<TorSecretKey, Error> {
-        self.as_idx(address)
-            .or_not_found(lazy_format!("private key for {address}"))?
-            .de()
-    }
-}
-impl std::fmt::Debug for OnionStore {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        struct OnionStoreMap<'a>(&'a BTreeMap<OnionAddress, TorSecretKey>);
-        impl<'a> std::fmt::Debug for OnionStoreMap<'a> {
-            fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-                #[derive(Debug)]
-                struct KeyFor(#[allow(unused)] OnionAddress);
-                let mut map = f.debug_map();
-                for (k, v) in self.0 {
-                    map.key(k);
-                    map.value(&KeyFor(v.onion_address()));
-                }
-                map.finish()
-            }
-        }
-        f.debug_tuple("OnionStore")
-            .field(&OnionStoreMap(&self.0))
-            .finish()
-    }
-}
-
-pub fn tor_api<C: Context>() -> ParentHandler<C> {
-    ParentHandler::new()
-        .subcommand(
-            "list-services",
-            from_fn_async(list_services)
-                .with_display_serializable()
-                .with_custom_display_fn(|handle, result| display_services(handle.params, result))
-                .with_about("about.display-tor-v3-onion-addresses")
-                .with_call_remote::<CliContext>(),
-        )
-        .subcommand(
-            "reset",
-            from_fn_async(reset)
-                .no_display()
-                .with_about("about.reset-tor-daemon")
-                .with_call_remote::<CliContext>(),
-        )
-        .subcommand(
-            "key",
-            key::<C>().with_about("about.manage-onion-service-key-store"),
-        )
-}
-
-pub fn key<C: Context>() -> ParentHandler<C> {
-    ParentHandler::new()
-        .subcommand(
-            "generate",
-            from_fn_async(generate_key)
-                .with_about("about.generate-onion-service-key-add-to-store")
-                .with_call_remote::<CliContext>(),
-        )
-        .subcommand(
-            "add",
-            from_fn_async(add_key)
-                .with_about("about.add-onion-service-key-to-store")
-                .with_call_remote::<CliContext>(),
-        )
-        .subcommand(
-            "list",
-            from_fn_async(list_keys)
-                .with_custom_display_fn(|_, res| {
-                    for addr in res {
-                        println!("{addr}");
-                    }
-                    Ok(())
-                })
-                .with_about("about.list-onion-services-with-keys-in-store")
-                .with_call_remote::<CliContext>(),
-        )
-}
-
-pub async fn generate_key(ctx: RpcContext) -> Result<OnionAddress, Error> {
-    ctx.db
-        .mutate(|db| {
-            Ok(db
-                .as_private_mut()
-                .as_key_store_mut()
-                .as_onion_mut()
-                .new_key()?
-                .onion_address())
-        })
-        .await
-        .result
-}
-
-#[derive(Deserialize, Serialize, Parser)]
-pub struct AddKeyParams {
-    #[arg(help = "help.arg.onion-secret-key")]
-    pub key: Base64<[u8; 64]>,
-}
-
-pub async fn add_key(
-    ctx: RpcContext,
-    AddKeyParams { key }: AddKeyParams,
-) -> Result<OnionAddress, Error> {
-    let key = TorSecretKey::from_bytes(key.0)?;
-    ctx.db
-        .mutate(|db| {
-            db.as_private_mut()
-                .as_key_store_mut()
-                .as_onion_mut()
-                .insert_key(&key)
-        })
-        .await
-        .result?;
-    Ok(key.onion_address())
-}
-
-pub async fn list_keys(ctx: RpcContext) -> Result<BTreeSet<OnionAddress>, Error> {
-    ctx.db
-        .peek()
-        .await
-        .into_private()
-        .into_key_store()
-        .into_onion()
-        .keys()
-}
-
-#[derive(Deserialize, Serialize, Parser, TS)]
-#[serde(rename_all = "camelCase")]
-#[command(rename_all = "kebab-case")]
-pub struct ResetParams {
-    #[arg(
-        name = "wipe-state",
-        short = 'w',
-        long = "wipe-state",
-        help = "help.arg.wipe-tor-state"
-    )]
-    wipe_state: bool,
-}
-
-pub async fn reset(ctx: RpcContext, ResetParams { wipe_state }: ResetParams) -> Result<(), Error> {
-    ctx.net_controller.tor.reset(wipe_state).await
-}
-
-pub fn display_services(
-    params: WithIoFormat<Empty>,
-    services: BTreeMap<OnionAddress, OnionServiceInfo>,
-) -> Result<(), Error> {
-    use prettytable::*;
-
-    if let Some(format) = params.format {
-        return display_serializable(format, services);
-    }
-
-    let mut table = Table::new();
-    table.add_row(row![bc => "ADDRESS", "STATE", "BINDINGS"]);
-    for (service, info) in services {
-        let row = row![
-            &service.to_string(),
-            &format!("{:?}", info.state),
-            &info
-                .bindings
-                .into_iter()
-                .map(|(port, addr)| lazy_format!("{port} -> {addr}"))
-                .join("; ")
-        ];
-        table.add_row(row);
-    }
-    table.print_tty(false)?;
-    Ok(())
-}
-
-#[derive(Debug, Serialize, Deserialize)]
-#[serde(rename_all = "kebab-case")]
-pub enum OnionServiceState {
-    Shutdown,
-    Bootstrapping,
-    DegradedReachable,
-    DegradedUnreachable,
-    Running,
-    Recovering,
-    Broken,
-}
-impl From<ArtiOnionServiceState> for OnionServiceState {
-    fn from(value: ArtiOnionServiceState) -> Self {
-        match value {
-            ArtiOnionServiceState::Shutdown => Self::Shutdown,
-            ArtiOnionServiceState::Bootstrapping => Self::Bootstrapping,
-            ArtiOnionServiceState::DegradedReachable => Self::DegradedReachable,
-            ArtiOnionServiceState::DegradedUnreachable => Self::DegradedUnreachable,
-            ArtiOnionServiceState::Running => Self::Running,
-            ArtiOnionServiceState::Recovering => Self::Recovering,
-            ArtiOnionServiceState::Broken => Self::Broken,
-            _ => unreachable!(),
-        }
-    }
-}
-
-#[derive(Debug, Serialize, Deserialize)]
-#[serde(rename_all = "camelCase")]
-pub struct OnionServiceInfo {
-    pub state: OnionServiceState,
-    pub bindings: BTreeMap<u16, SocketAddr>,
-}
-
-pub async fn list_services(
-    ctx: RpcContext,
-    _: Empty,
-) -> Result<BTreeMap<OnionAddress, OnionServiceInfo>, Error> {
-    ctx.net_controller.tor.list_services().await
-}
-
-#[derive(Clone)]
-pub struct TorController(Arc<TorControllerInner>);
-struct TorControllerInner {
-    client: Watch<(usize, TorClient<TokioRustlsRuntime>)>,
-    _bootstrapper: NonDetachingJoinHandle<()>,
-    services: SyncMutex<BTreeMap<OnionAddress, OnionService>>,
-    reset: Arc<Notify>,
-}
-impl TorController {
-    pub fn new() -> Result<Self, Error> {
-        let mut config = TorClientConfig::builder();
-        config
-            .storage()
-            .keystore()
-            .primary()
-            .kind(ArtiKeystoreKind::Ephemeral.into());
-        let client = Watch::new((
-            0,
-            TorClient::with_runtime(TokioRustlsRuntime::current()?)
-                .config(config.build().with_kind(ErrorKind::Tor)?)
-                .local_resource_timeout(Duration::from_secs(0))
-                .create_unbootstrapped()?,
-        ));
-        let reset = Arc::new(Notify::new());
-        let bootstrapper_reset = reset.clone();
-        let bootstrapper_client = client.clone();
-        let bootstrapper = tokio::spawn(async move {
-            loop {
-                let (epoch, client): (usize, _) = bootstrapper_client.read();
-                if let Err(e) = Until::new()
-                    .with_async_fn(|| bootstrapper_reset.notified().map(Ok))
-                    .run(async {
-                        let mut events = client.bootstrap_events();
-                        let bootstrap_fut =
-                            client.bootstrap().map(|res| res.with_kind(ErrorKind::Tor));
-                        let failure_fut = async {
-                            let mut prev_frac = 0_f32;
-                            let mut prev_inst = Instant::now();
-                            while let Some(event) =
-                                tokio::time::timeout(BOOTSTRAP_PROGRESS_TIMEOUT, events.next())
-                                    .await
-                                    .with_kind(ErrorKind::Tor)?
-                            {
-                                if event.ready_for_traffic() {
-                                    return Ok::<_, Error>(());
-                                }
-                                let frac = event.as_frac();
-                                if frac == prev_frac {
-                                    if prev_inst.elapsed() > BOOTSTRAP_PROGRESS_TIMEOUT {
-                                        return Err(Error::new(
-                                            eyre!(
-                                                "{}",
-                                                t!(
-                                                    "net.tor.bootstrap-no-progress",
-                                                    duration = crate::util::serde::Duration::from(
-                                                        BOOTSTRAP_PROGRESS_TIMEOUT
-                                                    )
-                                                    .to_string()
-                                                )
-                                            ),
-                                            ErrorKind::Tor,
-                                        ));
-                                    }
-                                } else {
-                                    prev_frac = frac;
-                                    prev_inst = Instant::now();
-                                }
-                            }
-                            futures::future::pending().await
-                        };
-                        if let Err::<(), Error>(e) = tokio::select! {
-                            res = bootstrap_fut => res,
-                            res = failure_fut => res,
-                        } {
-                            tracing::error!(
-                                "{}",
-                                t!("net.tor.bootstrap-error", error = e.to_string())
-                            );
-                            tracing::debug!("{e:?}");
-                        } else {
-                            bootstrapper_client.send_modify(|_| ());
-
-                            for _ in 0..HEALTH_CHECK_FAILURE_ALLOWANCE {
-                                if let Err::<(), Error>(e) = async {
-                                    loop {
-                                        let (bg, mut runner) = BackgroundJobQueue::new();
-                                        runner
-                                            .run_while(async {
-                                                const PING_BUF_LEN: usize = 8;
-                                                let key = TorSecretKey::generate();
-                                                let onion = key.onion_address();
-                                                let (hs, stream) = client
-                                                    .launch_onion_service_with_hsid(
-                                                        OnionServiceConfigBuilder::default()
-                                                            .nickname(
-                                                                onion
-                                                                    .to_string()
-                                                                    .trim_end_matches(".onion")
-                                                                    .parse::<HsNickname>()
-                                                                    .with_kind(ErrorKind::Tor)?,
-                                                            )
-                                                            .build()
-                                                            .with_kind(ErrorKind::Tor)?,
-                                                        key.clone().0,
-                                                    )
-                                                    .with_kind(ErrorKind::Tor)?;
-                                                bg.add_job(async move {
-                                                    if let Err(e) = async {
-                                                        let mut stream =
-                                                            tor_hsservice::handle_rend_requests(
-                                                                stream,
-                                                            );
-                                                        while let Some(req) = stream.next().await {
-                                                            let mut stream = req
-                                                                .accept(Connected::new_empty())
-                                                                .await
-                                                                .with_kind(ErrorKind::Tor)?;
-                                                            let mut buf = [0; PING_BUF_LEN];
-                                                            stream.read_exact(&mut buf).await?;
-                                                            stream.write_all(&buf).await?;
-                                                            stream.flush().await?;
-                                                            stream.shutdown().await?;
-                                                        }
-                                                        Ok::<_, Error>(())
-                                                    }
-                                                    .await
-                                                    {
-                                                        tracing::error!(
-                                                            "{}",
-                                                            t!(
-                                                                "net.tor.health-error",
-                                                                error = e.to_string()
-                                                            )
-                                                        );
-                                                        tracing::debug!("{e:?}");
-                                                    }
-                                                });
-
-                                                tokio::time::timeout(HS_BOOTSTRAP_TIMEOUT, async {
-                                                    let mut status = hs.status_events();
-                                                    while let Some(status) = status.next().await {
-                                                        if status.state().is_fully_reachable() {
-                                                            return Ok(());
-                                                        }
-                                                    }
-                                                    Err(Error::new(
-                                                        eyre!(
-                                                            "{}",
-                                                            t!("net.tor.status-stream-ended")
-                                                        ),
-                                                        ErrorKind::Tor,
-                                                    ))
-                                                })
-                                                .await
-                                                .with_kind(ErrorKind::Tor)??;
-
-                                                let mut stream = client
-                                                    .connect((onion.to_string(), 8080))
-                                                    .await?;
-                                                let mut ping_buf = [0; PING_BUF_LEN];
-                                                rand::fill(&mut ping_buf);
-                                                stream.write_all(&ping_buf).await?;
-                                                stream.flush().await?;
-                                                let mut ping_res = [0; PING_BUF_LEN];
-                                                stream.read_exact(&mut ping_res).await?;
-                                                ensure_code!(
-                                                    ping_buf == ping_res,
-                                                    ErrorKind::Tor,
-                                                    "ping buffer mismatch"
-                                                );
-                                                stream.shutdown().await?;
-
-                                                Ok::<_, Error>(())
-                                            })
-                                            .await?;
-                                        tokio::time::sleep(HEALTH_CHECK_COOLDOWN).await;
-                                    }
-                                }
-                                .await
-                                {
-                                    tracing::error!(
-                                        "{}",
-                                        t!("net.tor.client-health-error", error = e.to_string())
-                                    );
-                                    tracing::debug!("{e:?}");
-                                }
-                            }
-                            tracing::error!(
-                                "{}",
-                                t!(
-                                    "net.tor.health-check-failed-recycling",
-                                    count = HEALTH_CHECK_FAILURE_ALLOWANCE
-                                )
-                            );
-                        }
-
-                        Ok(())
-                    })
-                    .await
-                {
-                    tracing::error!(
-                        "{}",
-                        t!("net.tor.bootstrapper-error", error = e.to_string())
-                    );
-                    tracing::debug!("{e:?}");
-                }
-                if let Err::<(), Error>(e) = async {
-                    tokio::time::sleep(RETRY_COOLDOWN).await;
-                    bootstrapper_client.send((
-                        epoch.wrapping_add(1),
-                        TorClient::with_runtime(TokioRustlsRuntime::current()?)
-                            .config(config.build().with_kind(ErrorKind::Tor)?)
-                            .local_resource_timeout(Duration::from_secs(0))
-                            .create_unbootstrapped_async()
-                            .await?,
-                    ));
-                    tracing::debug!("TorClient recycled");
-                    Ok(())
-                }
-                .await
-                {
-                    tracing::error!(
-                        "{}",
-                        t!("net.tor.client-creation-error", error = e.to_string())
-                    );
-                    tracing::debug!("{e:?}");
-                }
-            }
-        })
-        .into();
-        Ok(Self(Arc::new(TorControllerInner {
-            client,
-            _bootstrapper: bootstrapper,
-            services: SyncMutex::new(BTreeMap::new()),
-            reset,
-        })))
-    }
-
-    pub fn service(&self, key: TorSecretKey) -> Result<OnionService, Error> {
-        self.0.services.mutate(|s| {
-            use std::collections::btree_map::Entry;
-            let addr = key.onion_address();
-            match s.entry(addr) {
-                Entry::Occupied(e) => Ok(e.get().clone()),
-                Entry::Vacant(e) => Ok(e
-                    .insert(OnionService::launch(self.0.client.clone(), key)?)
-                    .clone()),
-            }
-        })
-    }
-
-    pub async fn gc(&self, addr: Option<OnionAddress>) -> Result<(), Error> {
-        if let Some(addr) = addr {
-            if let Some(s) = self.0.services.mutate(|s| {
-                let rm = if let Some(s) = s.get(&addr) {
-                    !s.gc()
-                } else {
-                    false
-                };
-                if rm { s.remove(&addr) } else { None }
-            }) {
-                s.shutdown().await
-            } else {
-                Ok(())
-            }
-        } else {
-            for s in self.0.services.mutate(|s| {
-                let mut rm = Vec::new();
-                s.retain(|_, s| {
-                    if s.gc() {
-                        true
-                    } else {
-                        rm.push(s.clone());
-                        false
-                    }
-                });
-                rm
-            }) {
-                s.shutdown().await?;
-            }
-            Ok(())
-        }
-    }
-
-    pub async fn reset(&self, wipe_state: bool) -> Result<(), Error> {
-        self.0.reset.notify_waiters();
-        Ok(())
-    }
-
-    pub async fn list_services(&self) -> Result<BTreeMap<OnionAddress, OnionServiceInfo>, Error> {
-        Ok(self
-            .0
-            .services
-            .peek(|s| s.iter().map(|(a, s)| (a.clone(), s.info())).collect()))
-    }
-
-    pub async fn connect_onion(
-        &self,
-        addr: &OnionAddress,
-        port: u16,
-    ) -> Result<Box<dyn ReadWriter + Unpin + Send + Sync + 'static>, Error> {
-        if let Some(target) = self.0.services.peek(|s| {
-            s.get(addr).and_then(|s| {
-                s.0.bindings.peek(|b| {
-                    b.get(&port).and_then(|b| {
-                        b.iter()
-                            .find(|(_, rc)| rc.strong_count() > 0)
-                            .map(|(a, _)| *a)
-                    })
-                })
-            })
-        }) {
-            let tcp_stream = TcpStream::connect(target)
-                .await
-                .with_kind(ErrorKind::Network)?;
-            if let Err(e) = socket2::SockRef::from(&tcp_stream).set_keepalive(true) {
-                tracing::error!(
-                    "{}",
-                    t!("net.tor.failed-to-set-tcp-keepalive", error = e.to_string())
-                );
-                tracing::debug!("{e:?}");
-            }
-            Ok(Box::new(tcp_stream))
-        } else {
-            let mut client = self.0.client.clone();
-            client
-                .wait_for(|(_, c)| c.bootstrap_status().ready_for_traffic())
-                .await;
-            let stream = client
-                .read()
-                .1
-                .connect((addr.to_string(), port))
-                .await
-                .with_kind(ErrorKind::Tor)?;
-            Ok(Box::new(stream))
-        }
-    }
-}
-
-#[derive(Clone)]
-pub struct OnionService(Arc<OnionServiceData>);
-struct OnionServiceData {
-    service: Arc<SyncMutex<Option<Arc<RunningOnionService>>>>,
-    bindings: Arc<SyncRwLock<BTreeMap<u16, BTreeMap<SocketAddr, Weak<()>>>>>,
-    _thread: NonDetachingJoinHandle<()>,
-}
-impl OnionService {
-    fn launch(
-        mut client: Watch<(usize, TorClient<TokioRustlsRuntime>)>,
-        key: TorSecretKey,
-    ) -> Result<Self, Error> {
-        let service = Arc::new(SyncMutex::new(None));
-        let bindings = Arc::new(SyncRwLock::new(BTreeMap::<
-            u16,
-            BTreeMap<SocketAddr, Weak<()>>,
-        >::new()));
-        Ok(Self(Arc::new(OnionServiceData {
-            service: service.clone(),
-            bindings: bindings.clone(),
-            _thread: tokio::spawn(async move {
-                let (bg, mut runner) = BackgroundJobQueue::new();
-                runner
-                    .run_while(async {
-                        loop {
-                            if let Err(e) = async {
-                                client.wait_for(|(_,c)| c.bootstrap_status().ready_for_traffic()).await;
-                                let epoch = client.peek(|(e, c)| {
-                                    ensure_code!(c.bootstrap_status().ready_for_traffic(), ErrorKind::Tor, "TorClient recycled");
-                                    Ok::<_, Error>(*e)
-                                })?;
-                                let addr = key.onion_address();
-                                let (new_service, stream) = client.peek(|(_, c)| {
-                                    c.launch_onion_service_with_hsid(
-                                        OnionServiceConfigBuilder::default()
-                                            .nickname(
-                                                addr
-                                                    .to_string()
-                                                    .trim_end_matches(".onion")
-                                                    .parse::<HsNickname>()
-                                                    .with_kind(ErrorKind::Tor)?,
-                                            )
-                                            .build()
-                                            .with_kind(ErrorKind::Tor)?,
-                                        key.clone().0,
-                                    )
-                                    .with_kind(ErrorKind::Tor)
-                                })?;
-                                let mut status_stream = new_service.status_events();
-                                let mut status = new_service.status();
-                                if status.state().is_fully_reachable() {
-                                    tracing::debug!("{addr} is fully reachable");
-                                } else {
-                                    tracing::debug!("{addr} is not fully reachable");
-                                }
-                                bg.add_job(async move {
-                                    while let Some(new_status) = status_stream.next().await {
-                                        if status.state().is_fully_reachable() && !new_status.state().is_fully_reachable() {
-                                            tracing::debug!("{addr} is no longer fully reachable");
-                                        } else if !status.state().is_fully_reachable() && new_status.state().is_fully_reachable() {
-                                            tracing::debug!("{addr} is now fully reachable");
-                                        }
-                                        status = new_status;
-                                        // TODO: health daemon?
-                                    }
-                                });
-                                service.replace(Some(new_service));
-                                let mut stream = tor_hsservice::handle_rend_requests(stream);
-                                while let Some(req) = tokio::select! {
-                                    req = stream.next() => req,
-                                    _ = client.wait_for(|(e, _)| *e != epoch) => None
-                                } {
-                                    bg.add_job({
-                                        let bg = bg.clone();
-                                        let bindings = bindings.clone();
-                                        async move {
-                                            if let Err(e) = async {
-                                                let IncomingStreamRequest::Begin(begin) =
-                                                    req.request()
-                                                else {
-                                                    return req
-                                                        .reject(tor_cell::relaycell::msg::End::new_with_reason(
-                                                            tor_cell::relaycell::msg::EndReason::DONE,
-                                                        ))
-                                                        .await
-                                                        .with_kind(ErrorKind::Tor);
-                                                };
-                                                let Some(target) = bindings.peek(|b| {
-                                                    b.get(&begin.port()).and_then(|a| {
-                                                        a.iter()
-                                                            .find(|(_, rc)| rc.strong_count() > 0)
-                                                            .map(|(addr, _)| *addr)
-                                                    })
-                                                }) else {
-                                                    return req
-                                                        .reject(tor_cell::relaycell::msg::End::new_with_reason(
-                                                            tor_cell::relaycell::msg::EndReason::DONE,
-                                                        ))
-                                                        .await
-                                                        .with_kind(ErrorKind::Tor);
-                                                };
-                                                bg.add_job(async move {
-                                                    if let Err(e) = async {
-                                                        let mut outgoing =
-                                                            TcpStream::connect(target)
-                                                                .await
-                                                                .with_kind(ErrorKind::Network)?;
-                                                        if let Err(e) = socket2::SockRef::from(&outgoing).set_keepalive(true) {
-                                                            tracing::error!("{}", t!("net.tor.failed-to-set-tcp-keepalive", error = e.to_string()));
-                                                            tracing::debug!("{e:?}");
-                                                        }
-                                                        let mut incoming = req
-                                                            .accept(Connected::new_empty())
-                                                            .await
-                                                            .with_kind(ErrorKind::Tor)?;
-                                                        if let Err(e) =
-                                                            tokio::io::copy_bidirectional(
-                                                                &mut outgoing,
-                                                                &mut incoming,
-                                                            )
-                                                            .await
-                                                        {
-                                                            tracing::trace!("Tor Stream Error: {e}");
-                                                            tracing::trace!("{e:?}");
-                                                        }
-
-                                                        Ok::<_, Error>(())
-                                                    }
-                                                    .await
-                                                    {
-                                                        tracing::trace!("Tor Stream Error: {e}");
-                                                        tracing::trace!("{e:?}");
-                                                    }
-                                                });
-                                                Ok::<_, Error>(())
-                                            }
-                                            .await
-                                            {
-                                                tracing::trace!("Tor Request Error: {e}");
-                                                tracing::trace!("{e:?}");
-                                            }
-                                        }
-                                    });
-                                }
-                                Ok::<_, Error>(())
-                            }
-                            .await
-                            {
-                                tracing::error!("{}", t!("net.tor.client-error", error = e.to_string()));
-                                tracing::debug!("{e:?}");
-                            }
-                        }
-                    })
-                    .await
-            })
-            .into(),
-        })))
-    }
-
-    pub async fn proxy_all<Rcs: FromIterator<Arc<()>>>(
-        &self,
-        bindings: impl IntoIterator<Item = (u16, SocketAddr)>,
-    ) -> Result<Rcs, Error> {
-        Ok(self.0.bindings.mutate(|b| {
-            bindings
-                .into_iter()
-                .map(|(port, target)| {
-                    let entry = b.entry(port).or_default().entry(target).or_default();
-                    if let Some(rc) = entry.upgrade() {
-                        rc
-                    } else {
-                        let rc = Arc::new(());
-                        *entry = Arc::downgrade(&rc);
-                        rc
-                    }
-                })
-                .collect()
-        }))
-    }
-
-    pub fn gc(&self) -> bool {
-        self.0.bindings.mutate(|b| {
-            b.retain(|_, targets| {
-                targets.retain(|_, rc| rc.strong_count() > 0);
-                !targets.is_empty()
-            });
-            !b.is_empty()
-        })
-    }
-
-    pub async fn shutdown(self) -> Result<(), Error> {
-        self.0.service.replace(None);
-        self.0._thread.abort();
-        Ok(())
-    }
-
-    pub fn state(&self) -> OnionServiceState {
-        self.0
-            .service
-            .peek(|s| s.as_ref().map(|s| s.status().state().into()))
-            .unwrap_or(OnionServiceState::Bootstrapping)
-    }
-
-    pub fn info(&self) -> OnionServiceInfo {
-        OnionServiceInfo {
-            state: self.state(),
-            bindings: self.0.bindings.peek(|b| {
-                b.iter()
-                    .filter_map(|(port, b)| {
-                        b.iter()
-                            .find(|(_, rc)| rc.strong_count() > 0)
-                            .map(|(addr, _)| (*port, *addr))
-                    })
-                    .collect()
-            }),
-        }
-    }
-}
diff --git a/core/src/net/tor/ctor.rs b/core/src/net/tor/ctor.rs
deleted file mode 100644
index 1fc3485fe..000000000
--- a/core/src/net/tor/ctor.rs
+++ /dev/null
@@ -1,1092 +0,0 @@
-use std::collections::{BTreeMap, BTreeSet};
-use std::net::{Ipv4Addr, SocketAddr, SocketAddrV4};
-use std::str::FromStr;
-use std::sync::atomic::AtomicBool;
-use std::sync::{Arc, Weak};
-use std::time::Duration;
-
-use base64::Engine;
-use clap::Parser;
-use color_eyre::eyre::eyre;
-use futures::future::BoxFuture;
-use futures::{FutureExt, TryFutureExt, TryStreamExt};
-use imbl::OrdMap;
-use imbl_value::InternedString;
-use lazy_static::lazy_static;
-use regex::Regex;
-use rpc_toolkit::{Context, Empty, HandlerExt, ParentHandler, from_fn_async};
-use serde::{Deserialize, Serialize};
-use tokio::net::TcpStream;
-use tokio::process::Command;
-use tokio::sync::{mpsc, oneshot};
-use tokio::time::Instant;
-use torut::control::{AsyncEvent, AuthenticatedConn, ConnError};
-use torut::onion::{OnionAddressV3, TorSecretKeyV3};
-use tracing::instrument;
-use ts_rs::TS;
-
-use crate::context::{CliContext, RpcContext};
-use crate::logs::{LogSource, LogsParams, journalctl};
-use crate::prelude::*;
-use crate::util::Invoke;
-use crate::util::collections::ordmap_retain;
-use crate::util::future::NonDetachingJoinHandle;
-use crate::util::io::{ReadWriter, write_file_atomic};
-use crate::util::serde::{
-    BASE64, Base64, HandlerExtSerde, WithIoFormat, deserialize_from_str, display_serializable,
-    serialize_display,
-};
-use crate::util::sync::Watch;
-
-pub const SYSTEMD_UNIT: &str = "tor@default";
-const STARTING_HEALTH_TIMEOUT: u64 = 120; // 2min
-
-const TOR_CONTROL: SocketAddr =
-    SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::new(127, 0, 1, 1), 9051));
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub struct OnionAddress(OnionAddressV3);
-impl std::fmt::Display for OnionAddress {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}", self.0)
-    }
-}
-impl FromStr for OnionAddress {
-    type Err = Error;
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        Ok(Self(
-            s.strip_suffix(".onion")
-                .unwrap_or(s)
-                .rsplit(".")
-                .next()
-                .unwrap_or(s)
-                .parse::<OnionAddressV3>()
-                .with_kind(ErrorKind::Tor)?,
-        ))
-    }
-}
-impl Serialize for OnionAddress {
-    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
-    where
-        S: serde::Serializer,
-    {
-        serialize_display(self, serializer)
-    }
-}
-impl<'de> Deserialize<'de> for OnionAddress {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        deserialize_from_str(deserializer)
-    }
-}
-impl Ord for OnionAddress {
-    fn cmp(&self, other: &Self) -> std::cmp::Ordering {
-        self.0.get_raw_bytes().cmp(&other.0.get_raw_bytes())
-    }
-}
-impl PartialOrd for OnionAddress {
-    fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
-        Some(self.cmp(other))
-    }
-}
-
-#[derive(Clone, Debug, PartialEq, Eq)]
-pub struct TorSecretKey(pub TorSecretKeyV3);
-impl TorSecretKey {
-    pub fn onion_address(&self) -> OnionAddress {
-        OnionAddress(self.0.public().get_onion_address())
-    }
-    pub fn from_bytes(bytes: [u8; 64]) -> Result<Self, Error> {
-        Ok(Self(TorSecretKeyV3::from(bytes)))
-    }
-    pub fn generate() -> Self {
-        Self(TorSecretKeyV3::generate())
-    }
-    pub fn is_valid(&self) -> bool {
-        let bytes = self.0.as_bytes()[..32].try_into().unwrap();
-        curve25519_dalek::scalar::clamp_integer(bytes) == bytes
-    }
-}
-impl std::fmt::Display for TorSecretKey {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}", BASE64.encode(self.0.as_bytes()))
-    }
-}
-impl FromStr for TorSecretKey {
-    type Err = Error;
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        Self::from_bytes(Base64::<[u8; 64]>::from_str(s)?.0)
-    }
-}
-impl Serialize for TorSecretKey {
-    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
-    where
-        S: serde::Serializer,
-    {
-        serialize_display(self, serializer)
-    }
-}
-impl<'de> Deserialize<'de> for TorSecretKey {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        deserialize_from_str(deserializer)
-    }
-}
-
-#[test]
-fn test_generated_is_valid() {
-    for _ in 0..100 {
-        assert!(TorSecretKey::generate().is_valid());
-    }
-}
-
-#[test]
-fn test_tor_key() {
-    // let key = crate::util::crypto::ed25519_expand_key(
-    //     &hex::decode("c4b1a617bfdbcfb3f31e98c95542ce61718100e81cc6766eeebaa0dab42f0a93")
-    //         .unwrap()
-    //         .try_into()
-    //         .unwrap(),
-    // );
-    let key =
-        "4FpKpT4GZeEkUvH32AWMsndW+EG3XH46EmSFTh286G4AfG2U/Cc7y7L6k1dW5bl996QGDwe8gnaglq2hR2aD2w"
-            .parse::<TorSecretKey>()
-            .unwrap();
-    assert_eq!(
-        InternedString::from_display(&key.onion_address()),
-        InternedString::from("ja24lucrzgcusm72r2kmiujaa2g6b5o2w4wrwt5crfrhaz2qek5ozhqd.onion")
-    );
-    eprintln!("{:?}", key.0.as_bytes());
-    dbg!(key.to_string());
-    dbg!(key.0.as_bytes()[0] & 0b111);
-    dbg!(key.onion_address());
-    assert!(key.is_valid());
-}
-
-#[derive(Default, Deserialize, Serialize)]
-pub struct OnionStore(BTreeMap<OnionAddress, TorSecretKey>);
-impl Map for OnionStore {
-    type Key = OnionAddress;
-    type Value = TorSecretKey;
-    fn key_str(key: &Self::Key) -> Result<impl AsRef<str>, Error> {
-        Self::key_string(key)
-    }
-    fn key_string(key: &Self::Key) -> Result<imbl_value::InternedString, Error> {
-        Ok(InternedString::from_display(key))
-    }
-}
-impl OnionStore {
-    pub fn new() -> Self {
-        Self::default()
-    }
-    pub fn insert(&mut self, key: TorSecretKey) {
-        self.0.insert(key.onion_address(), key);
-    }
-}
-impl Model<OnionStore> {
-    pub fn new_key(&mut self) -> Result<TorSecretKey, Error> {
-        let key = TorSecretKey::generate();
-        self.insert_key(&key)?;
-        Ok(key)
-    }
-    pub fn insert_key(&mut self, key: &TorSecretKey) -> Result<(), Error> {
-        self.insert(&key.onion_address(), &key).map(|_| ())
-    }
-    pub fn get_key(&self, address: &OnionAddress) -> Result<TorSecretKey, Error> {
-        self.as_idx(address)
-            .or_not_found(lazy_format!("private key for {address}"))?
-            .de()
-    }
-}
-impl std::fmt::Debug for OnionStore {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        struct OnionStoreMap<'a>(&'a BTreeMap<OnionAddress, TorSecretKey>);
-        impl<'a> std::fmt::Debug for OnionStoreMap<'a> {
-            fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-                #[derive(Debug)]
-                struct KeyFor(#[allow(unused)] OnionAddress);
-                let mut map = f.debug_map();
-                for (k, v) in self.0 {
-                    map.key(k);
-                    map.value(&KeyFor(v.onion_address()));
-                }
-                map.finish()
-            }
-        }
-        f.debug_tuple("OnionStore")
-            .field(&OnionStoreMap(&self.0))
-            .finish()
-    }
-}
-
-enum ErrorLogSeverity {
-    Fatal { wipe_state: bool },
-    Unknown { wipe_state: bool },
-}
-
-lazy_static! {
-    static ref LOG_REGEXES: Vec<(Regex, ErrorLogSeverity)> = vec![(
-        Regex::new("This could indicate a route manipulation attack, network overload, bad local network connectivity, or a bug\\.").unwrap(),
-        ErrorLogSeverity::Unknown { wipe_state: true }
-    ),(
-        Regex::new("died due to an invalid selected path").unwrap(),
-        ErrorLogSeverity::Fatal { wipe_state: false }
-    ),(
-        Regex::new("Tor has not observed any network activity for the past").unwrap(),
-        ErrorLogSeverity::Unknown { wipe_state: false }
-    )];
-    static ref PROGRESS_REGEX: Regex = Regex::new("PROGRESS=([0-9]+)").unwrap();
-}
-
-pub fn tor_api<C: Context>() -> ParentHandler<C> {
-    ParentHandler::new()
-        .subcommand(
-            "list-services",
-            from_fn_async(list_services)
-                .with_display_serializable()
-                .with_custom_display_fn(|handle, result| display_services(handle.params, result))
-                .with_about("about.display-tor-v3-onion-addresses")
-                .with_call_remote::<CliContext>(),
-        )
-        .subcommand("logs", logs().with_about("about.display-tor-logs"))
-        .subcommand(
-            "logs",
-            from_fn_async(crate::logs::cli_logs::<RpcContext, Empty>)
-                .no_display()
-                .with_about("about.display-tor-logs"),
-        )
-        .subcommand(
-            "reset",
-            from_fn_async(reset)
-                .no_display()
-                .with_about("about.reset-tor-daemon")
-                .with_call_remote::<CliContext>(),
-        )
-        .subcommand(
-            "key",
-            key::<C>().with_about("about.manage-onion-service-key-store"),
-        )
-}
-
-pub fn key<C: Context>() -> ParentHandler<C> {
-    ParentHandler::new()
-        .subcommand(
-            "generate",
-            from_fn_async(generate_key)
-                .with_about("about.generate-onion-service-key-add-to-store")
-                .with_call_remote::<CliContext>(),
-        )
-        .subcommand(
-            "add",
-            from_fn_async(add_key)
-                .with_about("about.add-onion-service-key-to-store")
-                .with_call_remote::<CliContext>(),
-        )
-        .subcommand(
-            "list",
-            from_fn_async(list_keys)
-                .with_custom_display_fn(|_, res| {
-                    for addr in res {
-                        println!("{addr}");
-                    }
-                    Ok(())
-                })
-                .with_about("about.list-onion-services-with-keys-in-store")
-                .with_call_remote::<CliContext>(),
-        )
-}
-
-pub async fn generate_key(ctx: RpcContext) -> Result<OnionAddress, Error> {
-    ctx.db
-        .mutate(|db| {
-            Ok(db
-                .as_private_mut()
-                .as_key_store_mut()
-                .as_onion_mut()
-                .new_key()?
-                .onion_address())
-        })
-        .await
-        .result
-}
-
-#[derive(Deserialize, Serialize, Parser)]
-pub struct AddKeyParams {
-    #[arg(help = "help.arg.onion-secret-key")]
-    pub key: Base64<[u8; 64]>,
-}
-
-pub async fn add_key(
-    ctx: RpcContext,
-    AddKeyParams { key }: AddKeyParams,
-) -> Result<OnionAddress, Error> {
-    let key = TorSecretKey::from_bytes(key.0)?;
-    ctx.db
-        .mutate(|db| {
-            db.as_private_mut()
-                .as_key_store_mut()
-                .as_onion_mut()
-                .insert_key(&key)
-        })
-        .await
-        .result?;
-    Ok(key.onion_address())
-}
-
-pub async fn list_keys(ctx: RpcContext) -> Result<BTreeSet<OnionAddress>, Error> {
-    ctx.db
-        .peek()
-        .await
-        .into_private()
-        .into_key_store()
-        .into_onion()
-        .keys()
-}
-
-#[derive(Deserialize, Serialize, Parser, TS)]
-#[serde(rename_all = "camelCase")]
-#[command(rename_all = "kebab-case")]
-pub struct ResetParams {
-    #[arg(
-        name = "wipe-state",
-        short = 'w',
-        long = "wipe-state",
-        help = "help.arg.wipe-tor-state"
-    )]
-    wipe_state: bool,
-    #[arg(help = "help.arg.reset-reason")]
-    reason: String,
-}
-
-pub async fn reset(
-    ctx: RpcContext,
-    ResetParams { reason, wipe_state }: ResetParams,
-) -> Result<(), Error> {
-    ctx.net_controller
-        .tor
-        .reset(wipe_state, Error::new(eyre!("{reason}"), ErrorKind::Tor))
-        .await
-}
-
-pub fn display_services(
-    params: WithIoFormat<Empty>,
-    services: Vec<OnionAddress>,
-) -> Result<(), Error> {
-    use prettytable::*;
-
-    if let Some(format) = params.format {
-        return display_serializable(format, services);
-    }
-
-    let mut table = Table::new();
-    for service in services {
-        let row = row![&service.to_string()];
-        table.add_row(row);
-    }
-    table.print_tty(false)?;
-    Ok(())
-}
-
-pub async fn list_services(ctx: RpcContext, _: Empty) -> Result<Vec<OnionAddress>, Error> {
-    ctx.net_controller.tor.list_services().await
-}
-
-pub fn logs() -> ParentHandler<RpcContext, LogsParams> {
-    crate::logs::logs::<RpcContext, Empty>(|_: &RpcContext, _| async {
-        Ok(LogSource::Unit(SYSTEMD_UNIT))
-    })
-}
-
-fn event_handler(_event: AsyncEvent<'static>) -> BoxFuture<'static, Result<(), ConnError>> {
-    async move { Ok(()) }.boxed()
-}
-
-#[derive(Clone)]
-pub struct TorController(Arc<TorControl>);
-impl TorController {
-    const TOR_SOCKS: &[SocketAddr] = &[
-        SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 9050)),
-        SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::new(10, 0, 3, 1), 9050)),
-    ];
-
-    pub fn new() -> Result<Self, Error> {
-        Ok(TorController(Arc::new(TorControl::new(
-            TOR_CONTROL,
-            Self::TOR_SOCKS,
-        ))))
-    }
-
-    pub fn service(&self, key: TorSecretKey) -> Result<TorService, Error> {
-        Ok(TorService {
-            services: self.0.services.clone(),
-            key,
-        })
-    }
-
-    pub async fn gc(&self, addr: Option<OnionAddress>) -> Result<(), Error> {
-        self.0.services.send_if_modified(|services| {
-            let mut changed = false;
-            let mut gc = |bindings: &mut OrdMap<u16, BTreeMap<SocketAddr, Weak<()>>>| {
-                ordmap_retain(bindings, |_, targets| {
-                    let start_len = targets.len();
-                    targets.retain(|_, rc| rc.strong_count() > 0);
-                    changed |= start_len != targets.len();
-                    !targets.is_empty()
-                });
-                if bindings.is_empty() {
-                    changed = true;
-                    false
-                } else {
-                    true
-                }
-            };
-            if let Some(addr) = addr {
-                if !if let Some((_, bindings, needs_sync)) = services.get_mut(&addr) {
-                    let keep = gc(bindings);
-                    if !keep {
-                        *needs_sync = Some(SyncState::Remove);
-                    }
-                    keep
-                } else {
-                    true
-                } {
-                    services.remove(&addr);
-                }
-            } else {
-                services.retain(|_, (_, bindings, _)| gc(bindings));
-            }
-            changed
-        });
-        Ok(())
-    }
-
-    pub async fn reset(&self, wipe_state: bool, context: Error) -> Result<(), Error> {
-        self.0
-            .send
-            .send(TorCommand::Reset {
-                wipe_state,
-                context,
-            })
-            .ok()
-            .ok_or_else(|| Error::new(eyre!("TorControl died"), ErrorKind::Tor))
-    }
-
-    pub async fn list_services(&self) -> Result<Vec<OnionAddress>, Error> {
-        let (reply, res) = oneshot::channel();
-        self.0
-            .send
-            .send(TorCommand::GetInfo {
-                query: "onions/current".into(),
-                reply,
-            })
-            .ok()
-            .ok_or_else(|| Error::new(eyre!("TorControl died"), ErrorKind::Tor))?;
-        res.await
-            .ok()
-            .ok_or_else(|| Error::new(eyre!("TorControl died"), ErrorKind::Tor))??
-            .lines()
-            .map(|l| l.trim())
-            .filter(|l| !l.is_empty())
-            .map(|l| l.parse::<OnionAddress>().with_kind(ErrorKind::Tor))
-            .collect()
-    }
-
-    pub async fn connect_onion(
-        &self,
-        addr: &OnionAddress,
-        port: u16,
-    ) -> Result<Box<dyn ReadWriter + Unpin + Send + Sync + 'static>, Error> {
-        if let Some(target) = self.0.services.peek(|s| {
-            s.get(addr).and_then(|(_, bindings, _)| {
-                bindings.get(&port).and_then(|b| {
-                    b.iter()
-                        .find(|(_, rc)| rc.strong_count() > 0)
-                        .map(|(a, _)| *a)
-                })
-            })
-        }) {
-            tracing::debug!("Resolving {addr} internally to {target}");
-            let tcp_stream = TcpStream::connect(target)
-                .await
-                .with_kind(ErrorKind::Network)?;
-            if let Err(e) = socket2::SockRef::from(&tcp_stream).set_keepalive(true) {
-                tracing::error!("Failed to set tcp keepalive: {e}");
-                tracing::debug!("{e:?}");
-            }
-            Ok(Box::new(tcp_stream))
-        } else {
-            let mut stream = TcpStream::connect(Self::TOR_SOCKS[0])
-                .await
-                .with_kind(ErrorKind::Tor)?;
-            if let Err(e) = socket2::SockRef::from(&stream).set_keepalive(true) {
-                tracing::error!("Failed to set tcp keepalive: {e}");
-                tracing::debug!("{e:?}");
-            }
-            socks5_impl::client::connect(&mut stream, (addr.to_string(), port), None)
-                .await
-                .with_kind(ErrorKind::Tor)?;
-            Ok(Box::new(stream))
-        }
-    }
-}
-
-#[derive(Clone, Copy, PartialEq, Eq)]
-enum SyncState {
-    Add,
-    Update,
-    Remove,
-}
-
-pub struct TorService {
-    services: Watch<
-        BTreeMap<
-            OnionAddress,
-            (
-                TorSecretKey,
-                OrdMap<u16, BTreeMap<SocketAddr, Weak<()>>>,
-                Option<SyncState>,
-            ),
-        >,
-    >,
-    key: TorSecretKey,
-}
-
-impl TorService {
-    pub fn proxy_all<Rcs: FromIterator<Arc<()>>>(
-        &self,
-        bindings: impl IntoIterator<Item = (u16, SocketAddr)>,
-    ) -> Rcs {
-        self.services.send_modify(|services| {
-            let (_, entry, needs_sync) = services
-                .entry(self.key.onion_address())
-                .or_insert_with(|| (self.key.clone(), OrdMap::new(), Some(SyncState::Add)));
-            let rcs = bindings
-                .into_iter()
-                .map(|(external, target)| {
-                    let binding = entry.entry(external).or_default();
-                    let target = binding.entry(target).or_default();
-                    let rc = if let Some(rc) = Weak::upgrade(&*target) {
-                        rc
-                    } else {
-                        if needs_sync.is_none() {
-                            *needs_sync = Some(SyncState::Update);
-                        }
-                        Arc::new(())
-                    };
-                    *target = Arc::downgrade(&rc);
-                    rc
-                })
-                .collect();
-
-            rcs
-        })
-    }
-}
-
-type AuthenticatedConnection = AuthenticatedConn<
-    TcpStream,
-    Box<dyn Fn(AsyncEvent<'static>) -> BoxFuture<'static, Result<(), ConnError>> + Send + Sync>,
->;
-
-enum TorCommand {
-    GetInfo {
-        query: String,
-        reply: oneshot::Sender<Result<String, Error>>,
-    },
-    Reset {
-        wipe_state: bool,
-        context: Error,
-    },
-}
-
-#[instrument(skip_all)]
-async fn torctl(
-    tor_control: SocketAddr,
-    tor_socks: &[SocketAddr],
-    recv: &mut mpsc::UnboundedReceiver<TorCommand>,
-    services: &mut Watch<
-        BTreeMap<
-            OnionAddress,
-            (
-                TorSecretKey,
-                OrdMap<u16, BTreeMap<SocketAddr, Weak<()>>>,
-                Option<SyncState>,
-            ),
-        >,
-    >,
-    wipe_state: &AtomicBool,
-    health_timeout: &mut Duration,
-) -> Result<(), Error> {
-    let bootstrap = async {
-        if Command::new("systemctl")
-            .arg("is-active")
-            .arg("--quiet")
-            .arg("tor")
-            .invoke(ErrorKind::Tor)
-            .await
-            .is_ok()
-        {
-            Command::new("systemctl")
-                .arg("stop")
-                .arg("tor")
-                .invoke(ErrorKind::Tor)
-                .await?;
-            for _ in 0..30 {
-                if TcpStream::connect(tor_control).await.is_err() {
-                    break;
-                }
-                tokio::time::sleep(Duration::from_secs(1)).await;
-            }
-            if TcpStream::connect(tor_control).await.is_ok() {
-                return Err(Error::new(
-                    eyre!("Tor is failing to shut down"),
-                    ErrorKind::Tor,
-                ));
-            }
-        }
-        if wipe_state.load(std::sync::atomic::Ordering::SeqCst) {
-            tokio::fs::remove_dir_all("/var/lib/tor").await?;
-            wipe_state.store(false, std::sync::atomic::Ordering::SeqCst);
-        }
-
-        write_file_atomic("/etc/tor/torrc", {
-            use std::fmt::Write;
-            let mut conf = String::new();
-
-            for tor_socks in tor_socks {
-                writeln!(&mut conf, "SocksPort {tor_socks}").unwrap();
-            }
-            writeln!(
-                &mut conf,
-                "ControlPort {tor_control}\nCookieAuthentication 1"
-            )
-            .unwrap();
-            conf
-        })
-        .await?;
-        tokio::fs::create_dir_all("/var/lib/tor").await?;
-        Command::new("chown")
-            .arg("-R")
-            .arg("debian-tor")
-            .arg("/var/lib/tor")
-            .invoke(ErrorKind::Filesystem)
-            .await?;
-        Command::new("systemctl")
-            .arg("start")
-            .arg("tor")
-            .invoke(ErrorKind::Tor)
-            .await?;
-
-        let mut tcp_stream = None;
-        for _ in 0..60 {
-            if let Ok(conn) = TcpStream::connect(tor_control).await {
-                tcp_stream = Some(conn);
-                break;
-            }
-            tokio::time::sleep(Duration::from_secs(1)).await;
-        }
-        let tcp_stream = tcp_stream.ok_or_else(|| {
-            Error::new(eyre!("Timed out waiting for tor to start"), ErrorKind::Tor)
-        })?;
-        tracing::info!("Tor is started");
-
-        if let Err(e) = socket2::SockRef::from(&tcp_stream).set_keepalive(true) {
-            tracing::error!("Failed to set tcp keepalive: {e}");
-            tracing::debug!("{e:?}");
-        }
-
-        let mut conn = torut::control::UnauthenticatedConn::new(tcp_stream);
-        let auth = conn
-            .load_protocol_info()
-            .await?
-            .make_auth_data()?
-            .ok_or_else(|| eyre!("Cookie Auth Not Available"))
-            .with_kind(crate::ErrorKind::Tor)?;
-        conn.authenticate(&auth).await?;
-        let mut connection: AuthenticatedConnection = conn.into_authenticated().await;
-        connection.set_async_event_handler(Some(Box::new(|event| event_handler(event))));
-
-        let mut bootstrapped = false;
-        let mut last_increment = (String::new(), Instant::now());
-        for _ in 0..300 {
-            match connection.get_info("status/bootstrap-phase").await {
-                Ok(a) => {
-                    if a.contains("TAG=done") {
-                        bootstrapped = true;
-                        break;
-                    }
-                    if let Some(p) = PROGRESS_REGEX.captures(&a) {
-                        if let Some(p) = p.get(1) {
-                            if p.as_str() != &*last_increment.0 {
-                                last_increment = (p.as_str().into(), Instant::now());
-                            }
-                        }
-                    }
-                }
-                Err(e) => {
-                    let e = Error::from(e);
-                    tracing::error!("{}", e);
-                    tracing::debug!("{:?}", e);
-                }
-            }
-            if last_increment.1.elapsed() > Duration::from_secs(30) {
-                return Err(Error::new(
-                    eyre!("Tor stuck bootstrapping at {}%", last_increment.0),
-                    ErrorKind::Tor,
-                ));
-            }
-            tokio::time::sleep(Duration::from_secs(1)).await;
-        }
-        if !bootstrapped {
-            return Err(Error::new(
-                eyre!("Timed out waiting for tor to bootstrap"),
-                ErrorKind::Tor,
-            ));
-        }
-        Ok(connection)
-    };
-    let pre_handler = async {
-        while let Some(command) = recv.recv().await {
-            match command {
-                TorCommand::GetInfo { reply, .. } => {
-                    reply
-                        .send(Err(Error::new(
-                            eyre!("Tor has not finished bootstrapping..."),
-                            ErrorKind::Tor,
-                        )))
-                        .unwrap_or_default();
-                }
-                TorCommand::Reset {
-                    wipe_state: new_wipe_state,
-                    context,
-                } => {
-                    wipe_state.fetch_or(new_wipe_state, std::sync::atomic::Ordering::SeqCst);
-                    return Err(context);
-                }
-            }
-        }
-        Ok(())
-    };
-
-    let mut connection = tokio::select! {
-        res = bootstrap => res?,
-        res = pre_handler => return res,
-    };
-
-    let hck_key = TorSecretKeyV3::generate();
-    connection
-        .add_onion_v3(
-            &hck_key,
-            false,
-            false,
-            false,
-            None,
-            &mut [(80, SocketAddr::from(([127, 0, 0, 1], 80)))].iter(),
-        )
-        .await?;
-
-    services.send_modify(|s| {
-        for (_, _, s) in s.values_mut() {
-            *s = Some(SyncState::Add);
-        }
-    });
-
-    let handler = async {
-        loop {
-            let recv = recv.recv();
-            tokio::pin!(recv);
-            let mut changed = services.changed().boxed();
-
-            match futures::future::select(recv, &mut changed).await {
-                futures::future::Either::Left((Some(command), _)) => match command {
-                    TorCommand::GetInfo { query, reply } => {
-                        reply
-                            .send(connection.get_info(&query).await.with_kind(ErrorKind::Tor))
-                            .unwrap_or_default();
-                    }
-                    TorCommand::Reset {
-                        wipe_state: new_wipe_state,
-                        context,
-                    } => {
-                        wipe_state.fetch_or(new_wipe_state, std::sync::atomic::Ordering::SeqCst);
-                        return Err(context);
-                    }
-                },
-                futures::future::Either::Left((None, _)) => break,
-                futures::future::Either::Right(_) => {
-                    drop(changed);
-                    let to_add = services.peek_and_mark_seen(|services| {
-                        services
-                            .iter()
-                            .filter(|(_, (_, _, s))| s.is_some())
-                            .map(|(k, v)| (k.clone(), (*v).clone()))
-                            .collect::<BTreeMap<_, _>>()
-                    });
-
-                    for (addr, (key, bindings, state)) in &to_add {
-                        if matches!(state, Some(SyncState::Update) | Some(SyncState::Remove)) {
-                            connection
-                                .del_onion(&addr.0.get_address_without_dot_onion())
-                                .await
-                                .with_kind(ErrorKind::Tor)?;
-                        }
-                        let bindings = bindings
-                            .iter()
-                            .filter_map(|(external, targets)| {
-                                targets
-                                    .iter()
-                                    .find(|(_, rc)| rc.strong_count() > 0)
-                                    .map(|(target, _)| (*external, *target))
-                            })
-                            .collect::<Vec<_>>();
-                        if !bindings.is_empty() {
-                            connection
-                                .add_onion_v3(
-                                    &key.0,
-                                    false,
-                                    false,
-                                    false,
-                                    None,
-                                    &mut bindings.iter(),
-                                )
-                                .await?;
-                        }
-                    }
-                    services.send_if_modified(|services| {
-                        for (addr, (_, bindings_a, _)) in to_add {
-                            if let Some((_, bindings_b, needs_sync)) = services.get_mut(&addr) {
-                                if OrdMap::ptr_eq(&bindings_a, bindings_b)
-                                    || bindings_a.len() == bindings_b.len()
-                                        && bindings_a.iter().zip(bindings_b.iter()).all(
-                                            |((a_port, a), (b_port, b))| {
-                                                a_port == b_port
-                                                    && a.len() == b.len()
-                                                    && a.keys().zip(b.keys()).all(|(a, b)| a == b)
-                                            },
-                                        )
-                                {
-                                    *needs_sync = None;
-                                } else {
-                                    *needs_sync = Some(SyncState::Update);
-                                }
-                            }
-                        }
-                        false
-                    });
-                }
-            }
-        }
-
-        Ok(())
-    };
-    let log_parser = async {
-        loop {
-            let mut logs = journalctl(
-                LogSource::Unit(SYSTEMD_UNIT),
-                Some(0),
-                None,
-                Some("0"),
-                false,
-                true,
-            )
-            .await?;
-            while let Some(log) = logs.try_next().await? {
-                for (regex, severity) in &*LOG_REGEXES {
-                    if regex.is_match(&log.message) {
-                        let (check, wipe_state) = match severity {
-                            ErrorLogSeverity::Fatal { wipe_state } => (false, *wipe_state),
-                            ErrorLogSeverity::Unknown { wipe_state } => (true, *wipe_state),
-                        };
-                        let addr = hck_key.public().get_onion_address().to_string();
-                        if !check
-                            || TcpStream::connect(tor_socks)
-                                .map_err(|e| Error::new(e, ErrorKind::Tor))
-                                .and_then(|mut tor_socks| async move {
-                                    tokio::time::timeout(
-                                        Duration::from_secs(30),
-                                        socks5_impl::client::connect(
-                                            &mut tor_socks,
-                                            (addr, 80),
-                                            None,
-                                        )
-                                        .map_err(|e| Error::new(e, ErrorKind::Tor)),
-                                    )
-                                    .map_err(|e| Error::new(e, ErrorKind::Tor))
-                                    .await?
-                                })
-                                .await
-                                .with_ctx(|_| (ErrorKind::Tor, "Tor is confirmed to be down"))
-                                .log_err()
-                                .is_some()
-                        {
-                            if wipe_state {
-                                Command::new("systemctl")
-                                    .arg("stop")
-                                    .arg("tor")
-                                    .invoke(ErrorKind::Tor)
-                                    .await?;
-                                tokio::fs::remove_dir_all("/var/lib/tor").await?;
-                            }
-                            return Err(Error::new(eyre!("{}", log.message), ErrorKind::Tor));
-                        }
-                    }
-                }
-            }
-        }
-    };
-    let health_checker = async {
-        let mut last_success = Instant::now();
-        loop {
-            tokio::time::sleep(Duration::from_secs(30)).await;
-            let addr = hck_key.public().get_onion_address().to_string();
-            if TcpStream::connect(tor_socks)
-                .map_err(|e| Error::new(e, ErrorKind::Tor))
-                .and_then(|mut tor_socks| async move {
-                    tokio::time::timeout(
-                        Duration::from_secs(30),
-                        socks5_impl::client::connect(&mut tor_socks, (addr, 80), None)
-                            .map_err(|e| Error::new(e, ErrorKind::Tor)),
-                    )
-                    .map_err(|e| Error::new(e, ErrorKind::Tor))
-                    .await
-                })
-                .await
-                .is_err()
-            {
-                if last_success.elapsed() > *health_timeout {
-                    let err = Error::new(
-                        eyre!(
-                            "Tor health check failed for longer than current timeout ({health_timeout:?})"
-                        ),
-                        crate::ErrorKind::Tor,
-                    );
-                    *health_timeout *= 2;
-                    wipe_state.store(true, std::sync::atomic::Ordering::SeqCst);
-                    return Err(err);
-                }
-            } else {
-                last_success = Instant::now();
-            }
-        }
-    };
-
-    tokio::select! {
-        res = handler => res?,
-        res = log_parser => res?,
-        res = health_checker => res?,
-    }
-
-    Ok(())
-}
-
-struct TorControl {
-    _thread: NonDetachingJoinHandle<()>,
-    send: mpsc::UnboundedSender<TorCommand>,
-    services: Watch<
-        BTreeMap<
-            OnionAddress,
-            (
-                TorSecretKey,
-                OrdMap<u16, BTreeMap<SocketAddr, Weak<()>>>,
-                Option<SyncState>,
-            ),
-        >,
-    >,
-}
-impl TorControl {
-    pub fn new(
-        tor_control: SocketAddr,
-        tor_socks: impl AsRef<[SocketAddr]> + Send + 'static,
-    ) -> Self {
-        let (send, mut recv) = mpsc::unbounded_channel();
-        let services = Watch::new(BTreeMap::new());
-        let mut thread_services = services.clone();
-        Self {
-            _thread: tokio::spawn(async move {
-                let wipe_state = AtomicBool::new(false);
-                let mut health_timeout = Duration::from_secs(STARTING_HEALTH_TIMEOUT);
-                loop {
-                    if let Err(e) = torctl(
-                        tor_control,
-                        tor_socks.as_ref(),
-                        &mut recv,
-                        &mut thread_services,
-                        &wipe_state,
-                        &mut health_timeout,
-                    )
-                    .await
-                    {
-                        tracing::error!("TorControl : {e}");
-                        tracing::debug!("{e:?}");
-                    }
-                    tracing::info!("Restarting Tor");
-                    tokio::time::sleep(Duration::from_secs(1)).await;
-                }
-            })
-            .into(),
-            send,
-            services,
-        }
-    }
-}
-
-#[tokio::test]
-#[ignore]
-async fn test_connection() {
-    let mut conn = torut::control::UnauthenticatedConn::new(
-        TcpStream::connect(SocketAddr::from(([127, 0, 0, 1], 9051)))
-            .await
-            .unwrap(),
-    );
-    let auth = conn
-        .load_protocol_info()
-        .await
-        .unwrap()
-        .make_auth_data()
-        .unwrap()
-        .ok_or_else(|| eyre!("Cookie Auth Not Available"))
-        .with_kind(crate::ErrorKind::Tor)
-        .unwrap();
-    conn.authenticate(&auth).await.unwrap();
-    let mut connection: AuthenticatedConn<
-        TcpStream,
-        fn(AsyncEvent<'static>) -> BoxFuture<'static, Result<(), ConnError>>,
-    > = conn.into_authenticated().await;
-    let tor_key = torut::onion::TorSecretKeyV3::generate();
-    connection.get_conf("SocksPort").await.unwrap();
-    connection
-        .add_onion_v3(
-            &tor_key,
-            false,
-            false,
-            false,
-            None,
-            &mut [(443_u16, SocketAddr::from(([127, 0, 0, 1], 8443)))].iter(),
-        )
-        .await
-        .unwrap();
-    connection
-        .del_onion(
-            &tor_key
-                .public()
-                .get_onion_address()
-                .get_address_without_dot_onion(),
-        )
-        .await
-        .unwrap();
-    connection
-        .add_onion_v3(
-            &tor_key,
-            false,
-            false,
-            false,
-            None,
-            &mut [(8443_u16, SocketAddr::from(([127, 0, 0, 1], 8443)))].iter(),
-        )
-        .await
-        .unwrap();
-}
diff --git a/core/src/net/tor/mod.rs b/core/src/net/tor/mod.rs
deleted file mode 100644
index d4d5c8007..000000000
--- a/core/src/net/tor/mod.rs
+++ /dev/null
@@ -1,10 +0,0 @@
-#[cfg(feature = "arti")]
-mod arti;
-
-#[cfg(not(feature = "arti"))]
-mod ctor;
-
-#[cfg(feature = "arti")]
-pub use arti::{OnionAddress, OnionStore, TorController, TorSecretKey, tor_api};
-#[cfg(not(feature = "arti"))]
-pub use ctor::{OnionAddress, OnionStore, TorController, TorSecretKey, tor_api};
diff --git a/core/src/service/effects/net/ssl.rs b/core/src/service/effects/net/ssl.rs
index fcd1dac9d..317fb50c8 100644
--- a/core/src/service/effects/net/ssl.rs
+++ b/core/src/service/effects/net/ssl.rs
@@ -55,11 +55,9 @@ pub async fn get_ssl_certificate(
                 .map(|(_, m)| m.as_hosts().as_entries())
                 .flatten_ok()
                 .map_ok(|(_, m)| {
-                    Ok(m.as_onions()
-                        .de()?
-                        .iter()
-                        .map(InternedString::from_display)
-                        .chain(m.as_public_domains().keys()?)
+                    Ok(m.as_public_domains()
+                        .keys()?
+                        .into_iter()
                         .chain(m.as_private_domains().de()?)
                         .chain(
                             m.as_hostname_info()
@@ -68,7 +66,7 @@ pub async fn get_ssl_certificate(
                                 .flatten()
                                 .map(|h| h.to_san_hostname()),
                         )
-                        .collect::<Vec<_>>())
+                        .collect::<Vec<InternedString>>())
                 })
                 .map(|a| a.and_then(|a| a))
                 .flatten_ok()
@@ -181,11 +179,9 @@ pub async fn get_ssl_key(
                 .map(|m| m.as_hosts().as_entries())
                 .flatten_ok()
                 .map_ok(|(_, m)| {
-                    Ok(m.as_onions()
-                        .de()?
-                        .iter()
-                        .map(InternedString::from_display)
-                        .chain(m.as_public_domains().keys()?)
+                    Ok(m.as_public_domains()
+                        .keys()?
+                        .into_iter()
                         .chain(m.as_private_domains().de()?)
                         .chain(
                             m.as_hostname_info()
@@ -194,7 +190,7 @@ pub async fn get_ssl_key(
                                 .flatten()
                                 .map(|h| h.to_san_hostname()),
                         )
-                        .collect::<Vec<_>>())
+                        .collect::<Vec<InternedString>>())
                 })
                 .map(|a| a.and_then(|a| a))
                 .flatten_ok()
diff --git a/core/src/version/mod.rs b/core/src/version/mod.rs
index 5c2a2a2f3..a470212f5 100644
--- a/core/src/version/mod.rs
+++ b/core/src/version/mod.rs
@@ -59,8 +59,9 @@ mod v0_4_0_alpha_16;
 mod v0_4_0_alpha_17;
 mod v0_4_0_alpha_18;
 mod v0_4_0_alpha_19;
+mod v0_4_0_alpha_20;
 
-pub type Current = v0_4_0_alpha_19::Version; // VERSION_BUMP
+pub type Current = v0_4_0_alpha_20::Version; // VERSION_BUMP
 
 impl Current {
     #[instrument(skip(self, db))]
@@ -181,7 +182,8 @@ enum Version {
     V0_4_0_alpha_16(Wrapper<v0_4_0_alpha_16::Version>),
     V0_4_0_alpha_17(Wrapper<v0_4_0_alpha_17::Version>),
     V0_4_0_alpha_18(Wrapper<v0_4_0_alpha_18::Version>),
-    V0_4_0_alpha_19(Wrapper<v0_4_0_alpha_19::Version>), // VERSION_BUMP
+    V0_4_0_alpha_19(Wrapper<v0_4_0_alpha_19::Version>),
+    V0_4_0_alpha_20(Wrapper<v0_4_0_alpha_20::Version>), // VERSION_BUMP
     Other(exver::Version),
 }
 
@@ -243,7 +245,8 @@ impl Version {
             Self::V0_4_0_alpha_16(v) => DynVersion(Box::new(v.0)),
             Self::V0_4_0_alpha_17(v) => DynVersion(Box::new(v.0)),
             Self::V0_4_0_alpha_18(v) => DynVersion(Box::new(v.0)),
-            Self::V0_4_0_alpha_19(v) => DynVersion(Box::new(v.0)), // VERSION_BUMP
+            Self::V0_4_0_alpha_19(v) => DynVersion(Box::new(v.0)),
+            Self::V0_4_0_alpha_20(v) => DynVersion(Box::new(v.0)), // VERSION_BUMP
             Self::Other(v) => {
                 return Err(Error::new(
                     eyre!("unknown version {v}"),
@@ -297,7 +300,8 @@ impl Version {
             Version::V0_4_0_alpha_16(Wrapper(x)) => x.semver(),
             Version::V0_4_0_alpha_17(Wrapper(x)) => x.semver(),
             Version::V0_4_0_alpha_18(Wrapper(x)) => x.semver(),
-            Version::V0_4_0_alpha_19(Wrapper(x)) => x.semver(), // VERSION_BUMP
+            Version::V0_4_0_alpha_19(Wrapper(x)) => x.semver(),
+            Version::V0_4_0_alpha_20(Wrapper(x)) => x.semver(), // VERSION_BUMP
             Version::Other(x) => x.clone(),
         }
     }
diff --git a/core/src/version/v0_3_6_alpha_0.rs b/core/src/version/v0_3_6_alpha_0.rs
index c048c97b2..f7a8dc0bf 100644
--- a/core/src/version/v0_3_6_alpha_0.rs
+++ b/core/src/version/v0_3_6_alpha_0.rs
@@ -1,4 +1,4 @@
-use std::collections::{BTreeMap, BTreeSet};
+use std::collections::BTreeMap;
 use std::ffi::OsStr;
 use std::path::Path;
 
@@ -23,17 +23,14 @@ use crate::disk::mount::filesystem::cifs::Cifs;
 use crate::disk::mount::util::unmount;
 use crate::hostname::Hostname;
 use crate::net::forward::AvailablePorts;
-use crate::net::host::Host;
 use crate::net::keys::KeyStore;
-use crate::net::tor::{OnionAddress, TorSecretKey};
 use crate::notifications::Notifications;
 use crate::prelude::*;
 use crate::s9pk::merkle_archive::source::multi_cursor_file::MultiCursorFile;
 use crate::ssh::{SshKeys, SshPubKey};
 use crate::util::Invoke;
-use crate::util::crypto::ed25519_expand_key;
 use crate::util::serde::Pem;
-use crate::{DATA_DIR, HostId, Id, PACKAGE_DATA, PackageId, ReplayId};
+use crate::{DATA_DIR, PACKAGE_DATA, PackageId, ReplayId};
 
 lazy_static::lazy_static! {
     static ref V0_3_6_alpha_0: exver::Version = exver::Version::new(
@@ -146,12 +143,7 @@ pub struct Version;
 
 impl VersionT for Version {
     type Previous = v0_3_5_2::Version;
-    type PreUpRes = (
-        AccountInfo,
-        SshKeys,
-        CifsTargets,
-        BTreeMap<PackageId, BTreeMap<HostId, TorSecretKey>>,
-    );
+    type PreUpRes = (AccountInfo, SshKeys, CifsTargets);
     fn semver(self) -> exver::Version {
         V0_3_6_alpha_0.clone()
     }
@@ -166,20 +158,18 @@ impl VersionT for Version {
 
         let cifs = previous_cifs(&pg).await?;
 
-        let tor_keys = previous_tor_keys(&pg).await?;
-
         Command::new("systemctl")
             .arg("stop")
             .arg("postgresql@*.service")
             .invoke(crate::ErrorKind::Database)
             .await?;
 
-        Ok((account, ssh_keys, cifs, tor_keys))
+        Ok((account, ssh_keys, cifs))
     }
     fn up(
         self,
         db: &mut Value,
-        (account, ssh_keys, cifs, tor_keys): Self::PreUpRes,
+        (account, ssh_keys, cifs): Self::PreUpRes,
     ) -> Result<Value, Error> {
         let prev_package_data = db["package-data"].clone();
 
@@ -242,11 +232,7 @@ impl VersionT for Version {
             "ui": db["ui"],
         });
 
-        let mut keystore = KeyStore::new(&account)?;
-        for key in tor_keys.values().flat_map(|v| v.values()) {
-            assert!(key.is_valid());
-            keystore.onion.insert(key.clone());
-        }
+        let keystore = KeyStore::new(&account)?;
 
         let private = {
             let mut value = json!({});
@@ -350,20 +336,6 @@ impl VersionT for Version {
                         false
                     };
 
-                    let onions = input[&*id]["installed"]["interface-addresses"]
-                        .as_object()
-                        .into_iter()
-                        .flatten()
-                        .filter_map(|(id, addrs)| {
-                            addrs["tor-address"].as_str().map(|addr| {
-                                Ok((
-                                    HostId::from(Id::try_from(id.clone())?),
-                                    addr.parse::<OnionAddress>()?,
-                                ))
-                            })
-                        })
-                        .collect::<Result<BTreeMap<_, _>, Error>>()?;
-
                     if let Err(e) = async {
                         let package_s9pk = tokio::fs::File::open(path).await?;
                         let file = MultiCursorFile::open(&package_s9pk).await?;
@@ -381,11 +353,8 @@ impl VersionT for Version {
                             .await?
                             .await?;
 
-                        let to_sync = ctx
-                            .db
+                        ctx.db
                             .mutate(|db| {
-                                let mut to_sync = BTreeSet::new();
-
                                 let package = db
                                     .as_public_mut()
                                     .as_package_data_mut()
@@ -396,29 +365,11 @@ impl VersionT for Version {
                                         .as_tasks_mut()
                                         .remove(&ReplayId::from("needs-config"))?;
                                 }
-                                for (id, onion) in onions {
-                                    package
-                                        .as_hosts_mut()
-                                        .upsert(&id, || Ok(Host::new()))?
-                                        .as_onions_mut()
-                                        .mutate(|o| {
-                                            o.clear();
-                                            o.insert(onion);
-                                            Ok(())
-                                        })?;
-                                    to_sync.insert(id);
-                                }
-                                Ok(to_sync)
+                                Ok(())
                             })
                             .await
                             .result?;
 
-                        if let Some(service) = &*ctx.services.get(&id).await {
-                            for host_id in to_sync {
-                                service.sync_host(host_id.clone()).await?;
-                            }
-                        }
-
                         Ok::<_, Error>(())
                     }
                     .await
@@ -481,33 +432,6 @@ async fn previous_account_info(pg: &sqlx::Pool<sqlx::Postgres>) -> Result<Accoun
             password: account_query
                 .try_get("password")
                 .with_ctx(|_| (ErrorKind::Database, "password"))?,
-            tor_keys: vec![TorSecretKey::from_bytes(
-                if let Some(bytes) = account_query
-                    .try_get::<Option<Vec<u8>>, _>("tor_key")
-                    .with_ctx(|_| (ErrorKind::Database, "tor_key"))?
-                {
-                    <[u8; 64]>::try_from(bytes).map_err(|e| {
-                        Error::new(
-                            eyre!("expected vec of len 64, got len {}", e.len()),
-                            ErrorKind::ParseDbField,
-                        )
-                    })?
-                } else {
-                    ed25519_expand_key(
-                        &<[u8; 32]>::try_from(
-                            account_query
-                                .try_get::<Vec<u8>, _>("network_key")
-                                .with_kind(ErrorKind::Database)?,
-                        )
-                        .map_err(|e| {
-                            Error::new(
-                                eyre!("expected vec of len 32, got len {}", e.len()),
-                                ErrorKind::ParseDbField,
-                            )
-                        })?,
-                    )
-                },
-            )?],
             server_id: account_query
                 .try_get("server_id")
                 .with_ctx(|_| (ErrorKind::Database, "server_id"))?,
@@ -579,68 +503,3 @@ async fn previous_ssh_keys(pg: &sqlx::Pool<sqlx::Postgres>) -> Result<SshKeys, E
     Ok(ssh_keys)
 }
 
-#[tracing::instrument(skip_all)]
-async fn previous_tor_keys(
-    pg: &sqlx::Pool<sqlx::Postgres>,
-) -> Result<BTreeMap<PackageId, BTreeMap<HostId, TorSecretKey>>, Error> {
-    let mut res = BTreeMap::<PackageId, BTreeMap<HostId, TorSecretKey>>::new();
-    let net_key_query = sqlx::query(r#"SELECT * FROM network_keys"#)
-        .fetch_all(pg)
-        .await
-        .with_kind(ErrorKind::Database)?;
-
-    for row in net_key_query {
-        let package_id: PackageId = row
-            .try_get::<String, _>("package")
-            .with_ctx(|_| (ErrorKind::Database, "network_keys::package"))?
-            .parse()?;
-        let interface_id: HostId = row
-            .try_get::<String, _>("interface")
-            .with_ctx(|_| (ErrorKind::Database, "network_keys::interface"))?
-            .parse()?;
-        let key = TorSecretKey::from_bytes(ed25519_expand_key(
-            &<[u8; 32]>::try_from(
-                row.try_get::<Vec<u8>, _>("key")
-                    .with_ctx(|_| (ErrorKind::Database, "network_keys::key"))?,
-            )
-            .map_err(|e| {
-                Error::new(
-                    eyre!("expected vec of len 32, got len {}", e.len()),
-                    ErrorKind::ParseDbField,
-                )
-            })?,
-        ))?;
-        res.entry(package_id).or_default().insert(interface_id, key);
-    }
-
-    let tor_key_query = sqlx::query(r#"SELECT * FROM tor"#)
-        .fetch_all(pg)
-        .await
-        .with_kind(ErrorKind::Database)?;
-
-    for row in tor_key_query {
-        let package_id: PackageId = row
-            .try_get::<String, _>("package")
-            .with_ctx(|_| (ErrorKind::Database, "tor::package"))?
-            .parse()?;
-        let interface_id: HostId = row
-            .try_get::<String, _>("interface")
-            .with_ctx(|_| (ErrorKind::Database, "tor::interface"))?
-            .parse()?;
-        let key = TorSecretKey::from_bytes(
-            <[u8; 64]>::try_from(
-                row.try_get::<Vec<u8>, _>("key")
-                    .with_ctx(|_| (ErrorKind::Database, "tor::key"))?,
-            )
-            .map_err(|e| {
-                Error::new(
-                    eyre!("expected vec of len 64, got len {}", e.len()),
-                    ErrorKind::ParseDbField,
-                )
-            })?,
-        )?;
-        res.entry(package_id).or_default().insert(interface_id, key);
-    }
-
-    Ok(res)
-}
diff --git a/core/src/version/v0_3_6_alpha_10.rs b/core/src/version/v0_3_6_alpha_10.rs
index 08543d9e1..8cbf902a9 100644
--- a/core/src/version/v0_3_6_alpha_10.rs
+++ b/core/src/version/v0_3_6_alpha_10.rs
@@ -8,7 +8,6 @@ use super::v0_3_5::V0_3_0_COMPAT;
 use super::{VersionT, v0_3_6_alpha_9};
 use crate::GatewayId;
 use crate::net::host::address::PublicDomainConfig;
-use crate::net::tor::OnionAddress;
 use crate::prelude::*;
 
 lazy_static::lazy_static! {
@@ -22,7 +21,7 @@ lazy_static::lazy_static! {
 #[serde(rename_all = "camelCase")]
 #[serde(tag = "kind")]
 enum HostAddress {
-    Onion { address: OnionAddress },
+    Onion { address: String },
     Domain { address: InternedString },
 }
 
diff --git a/core/src/version/v0_4_0_alpha_12.rs b/core/src/version/v0_4_0_alpha_12.rs
index fa7e5a189..d998945a2 100644
--- a/core/src/version/v0_4_0_alpha_12.rs
+++ b/core/src/version/v0_4_0_alpha_12.rs
@@ -1,11 +1,7 @@
-use std::collections::BTreeSet;
-
 use exver::{PreReleaseSegment, VersionRange};
-use imbl_value::InternedString;
 
 use super::v0_3_5::V0_3_0_COMPAT;
 use super::{VersionT, v0_4_0_alpha_11};
-use crate::net::tor::TorSecretKey;
 use crate::prelude::*;
 
 lazy_static::lazy_static! {
@@ -33,48 +29,6 @@ impl VersionT for Version {
     }
     #[instrument(skip_all)]
     fn up(self, db: &mut Value, _: Self::PreUpRes) -> Result<Value, Error> {
-        let mut err = None;
-        let onion_store = db["private"]["keyStore"]["onion"]
-            .as_object_mut()
-            .or_not_found("private.keyStore.onion")?;
-        onion_store.retain(|o, v| match from_value::<TorSecretKey>(v.clone()) {
-            Ok(k) => k.is_valid() && &InternedString::from_display(&k.onion_address()) == o,
-            Err(e) => {
-                err = Some(e);
-                true
-            }
-        });
-        if let Some(e) = err {
-            return Err(e);
-        }
-        let allowed_addresses = onion_store.keys().cloned().collect::<BTreeSet<_>>();
-        let fix_host = |host: &mut Value| {
-            Ok::<_, Error>(
-                host["onions"]
-                    .as_array_mut()
-                    .or_not_found("host.onions")?
-                    .retain(|addr| {
-                        addr.as_str()
-                            .map(|s| allowed_addresses.contains(s))
-                            .unwrap_or(false)
-                    }),
-            )
-        };
-        for (_, pde) in db["public"]["packageData"]
-            .as_object_mut()
-            .or_not_found("public.packageData")?
-            .iter_mut()
-        {
-            for (_, host) in pde["hosts"]
-                .as_object_mut()
-                .or_not_found("public.packageData[].hosts")?
-                .iter_mut()
-            {
-                fix_host(host)?;
-            }
-        }
-        fix_host(&mut db["public"]["serverInfo"]["network"]["host"])?;
-
         if db["private"]["keyStore"]["localCerts"].is_null() {
             db["private"]["keyStore"]["localCerts"] =
                 db["private"]["keyStore"]["local_certs"].clone();
diff --git a/core/src/version/v0_4_0_alpha_20.rs b/core/src/version/v0_4_0_alpha_20.rs
new file mode 100644
index 000000000..6cb902bde
--- /dev/null
+++ b/core/src/version/v0_4_0_alpha_20.rs
@@ -0,0 +1,110 @@
+use exver::{PreReleaseSegment, VersionRange};
+
+use super::v0_3_5::V0_3_0_COMPAT;
+use super::{VersionT, v0_4_0_alpha_19};
+use crate::prelude::*;
+
+lazy_static::lazy_static! {
+    static ref V0_4_0_alpha_20: exver::Version = exver::Version::new(
+        [0, 4, 0],
+        [PreReleaseSegment::String("alpha".into()), 20.into()]
+    );
+}
+
+#[derive(Clone, Copy, Debug, Default)]
+pub struct Version;
+
+impl VersionT for Version {
+    type Previous = v0_4_0_alpha_19::Version;
+    type PreUpRes = ();
+
+    async fn pre_up(self) -> Result<Self::PreUpRes, Error> {
+        Ok(())
+    }
+    fn semver(self) -> exver::Version {
+        V0_4_0_alpha_20.clone()
+    }
+    fn compat(self) -> &'static VersionRange {
+        &V0_3_0_COMPAT
+    }
+    #[instrument(skip_all)]
+    fn up(self, db: &mut Value, _: Self::PreUpRes) -> Result<Value, Error> {
+        // Remove onions and tor-related fields from server host
+        if let Some(host) = db
+            .get_mut("public")
+            .and_then(|p| p.get_mut("serverInfo"))
+            .and_then(|s| s.get_mut("network"))
+            .and_then(|n| n.get_mut("host"))
+            .and_then(|h| h.as_object_mut())
+        {
+            host.remove("onions");
+        }
+
+        // Remove onions from all package hosts
+        if let Some(packages) = db
+            .get_mut("public")
+            .and_then(|p| p.get_mut("packageData"))
+            .and_then(|p| p.as_object_mut())
+        {
+            for (_, package) in packages.iter_mut() {
+                if let Some(hosts) = package.get_mut("hosts").and_then(|h| h.as_object_mut()) {
+                    for (_, host) in hosts.iter_mut() {
+                        if let Some(host_obj) = host.as_object_mut() {
+                            host_obj.remove("onions");
+                        }
+                    }
+                }
+            }
+        }
+
+        // Remove onion entries from hostnameInfo in server host
+        remove_onion_hostname_info(
+            db.get_mut("public")
+                .and_then(|p| p.get_mut("serverInfo"))
+                .and_then(|s| s.get_mut("network"))
+                .and_then(|n| n.get_mut("host")),
+        );
+
+        // Remove onion entries from hostnameInfo in all package hosts
+        if let Some(packages) = db
+            .get_mut("public")
+            .and_then(|p| p.get_mut("packageData"))
+            .and_then(|p| p.as_object_mut())
+        {
+            for (_, package) in packages.iter_mut() {
+                if let Some(hosts) = package.get_mut("hosts").and_then(|h| h.as_object_mut()) {
+                    for (_, host) in hosts.iter_mut() {
+                        remove_onion_hostname_info(Some(host));
+                    }
+                }
+            }
+        }
+
+        // Remove onion store from private keyStore
+        if let Some(key_store) = db
+            .get_mut("private")
+            .and_then(|p| p.get_mut("keyStore"))
+            .and_then(|k| k.as_object_mut())
+        {
+            key_store.remove("onion");
+        }
+
+        Ok(Value::Null)
+    }
+    fn down(self, _db: &mut Value) -> Result<(), Error> {
+        Ok(())
+    }
+}
+
+fn remove_onion_hostname_info(host: Option<&mut Value>) {
+    if let Some(hostname_info) = host
+        .and_then(|h| h.get_mut("hostnameInfo"))
+        .and_then(|h| h.as_object_mut())
+    {
+        for (_, infos) in hostname_info.iter_mut() {
+            if let Some(arr) = infos.as_array_mut() {
+                arr.retain(|info| info.get("kind").and_then(|k| k.as_str()) != Some("onion"));
+            }
+        }
+    }
+}
diff --git a/sdk/base/lib/exver/exver.ts b/sdk/base/lib/exver/exver.ts
index 352178cca..94202fde1 100644
--- a/sdk/base/lib/exver/exver.ts
+++ b/sdk/base/lib/exver/exver.ts
@@ -1,3195 +1,2902 @@
 /* eslint-disable */
 
-const peggyParser: { parse: any; SyntaxError: any; DefaultTracer?: any } = // Generated by Peggy 3.0.2.
-  //
-  // https://peggyjs.org/
-  // @ts-ignore
-  (function () {
-    // @ts-ignore
-    'use strict'
 
-    // @ts-ignore
-    function peg$subclass(child, parent) {
-      // @ts-ignore
-      function C() {
-        this.constructor = child
-      }
-      // @ts-ignore
-      C.prototype = parent.prototype
-      // @ts-ignore
-      child.prototype = new C()
-    }
 
-    // @ts-ignore
-    function peg$SyntaxError(message, expected, found, location) {
-      // @ts-ignore
-      var self = Error.call(this, message)
-      // istanbul ignore next Check is a necessary evil to support older environments
-      // @ts-ignore
-      if (Object.setPrototypeOf) {
-        // @ts-ignore
-        Object.setPrototypeOf(self, peg$SyntaxError.prototype)
-      }
-      // @ts-ignore
-      self.expected = expected
-      // @ts-ignore
-      self.found = found
-      // @ts-ignore
-      self.location = location
-      // @ts-ignore
-      self.name = 'SyntaxError'
-      // @ts-ignore
-      return self
-    }
-
-    // @ts-ignore
-    peg$subclass(peg$SyntaxError, Error)
-
-    // @ts-ignore
-    function peg$padEnd(str, targetLength, padString) {
-      // @ts-ignore
-      padString = padString || ' '
-      // @ts-ignore
-      if (str.length > targetLength) {
-        return str
-      }
-      // @ts-ignore
-      targetLength -= str.length
-      // @ts-ignore
-      padString += padString.repeat(targetLength)
-      // @ts-ignore
-      return str + padString.slice(0, targetLength)
-    }
-
-    // @ts-ignore
-    peg$SyntaxError.prototype.format = function (sources) {
-      // @ts-ignore
-      var str = 'Error: ' + this.message
-      // @ts-ignore
-      if (this.location) {
-        // @ts-ignore
-        var src = null
-        // @ts-ignore
-        var k
-        // @ts-ignore
-        for (k = 0; k < sources.length; k++) {
-          // @ts-ignore
-          if (sources[k].source === this.location.source) {
-            // @ts-ignore
-            src = sources[k].text.split(/\r\n|\n|\r/g)
-            // @ts-ignore
-            break
-          }
-        }
-        // @ts-ignore
-        var s = this.location.start
-        // @ts-ignore
-        var offset_s =
-          this.location.source &&
-          typeof this.location.source.offset === 'function'
-            ? // @ts-ignore
-              this.location.source.offset(s)
-            : // @ts-ignore
-              s
-        // @ts-ignore
-        var loc =
-          this.location.source + ':' + offset_s.line + ':' + offset_s.column
-        // @ts-ignore
-        if (src) {
-          // @ts-ignore
-          var e = this.location.end
-          // @ts-ignore
-          var filler = peg$padEnd('', offset_s.line.toString().length, ' ')
-          // @ts-ignore
-          var line = src[s.line - 1]
-          // @ts-ignore
-          var last = s.line === e.line ? e.column : line.length + 1
-          // @ts-ignore
-          var hatLen = last - s.column || 1
-          // @ts-ignore
-          str +=
-            '\n --> ' +
-            loc +
-            '\n' +
-            // @ts-ignore
-            filler +
-            ' |\n' +
-            // @ts-ignore
-            offset_s.line +
-            ' | ' +
-            line +
-            '\n' +
-            // @ts-ignore
-            filler +
-            ' | ' +
-            peg$padEnd('', s.column - 1, ' ') +
-            // @ts-ignore
-            peg$padEnd('', hatLen, '^')
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          str += '\n at ' + loc
-        }
-      }
-      // @ts-ignore
-      return str
-    }
-
-    // @ts-ignore
-    peg$SyntaxError.buildMessage = function (expected, found) {
-      // @ts-ignore
-      var DESCRIBE_EXPECTATION_FNS = {
-        // @ts-ignore
-        literal: function (expectation) {
-          // @ts-ignore
-          return '"' + literalEscape(expectation.text) + '"'
-        },
-
-        // @ts-ignore
-        class: function (expectation) {
-          // @ts-ignore
-          var escapedParts = expectation.parts.map(function (part) {
-            // @ts-ignore
-            return Array.isArray(part)
-              ? // @ts-ignore
-                classEscape(part[0]) + '-' + classEscape(part[1])
-              : // @ts-ignore
-                classEscape(part)
-          })
-
-          // @ts-ignore
-          return (
-            '[' +
-            (expectation.inverted ? '^' : '') +
-            escapedParts.join('') +
-            ']'
-          )
-        },
-
-        // @ts-ignore
-        any: function () {
-          // @ts-ignore
-          return 'any character'
-        },
-
-        // @ts-ignore
-        end: function () {
-          // @ts-ignore
-          return 'end of input'
-        },
-
-        // @ts-ignore
-        other: function (expectation) {
-          // @ts-ignore
-          return expectation.description
-        },
-      }
-
-      // @ts-ignore
-      function hex(ch) {
-        // @ts-ignore
-        return ch.charCodeAt(0).toString(16).toUpperCase()
-      }
-
-      // @ts-ignore
-      function literalEscape(s) {
-        // @ts-ignore
-        return (
-          s
-            // @ts-ignore
-            .replace(/\\/g, '\\\\')
-            // @ts-ignore
-            .replace(/"/g, '\\"')
-            // @ts-ignore
-            .replace(/\0/g, '\\0')
-            // @ts-ignore
-            .replace(/\t/g, '\\t')
-            // @ts-ignore
-            .replace(/\n/g, '\\n')
-            // @ts-ignore
-            .replace(/\r/g, '\\r')
-            // @ts-ignore
-            .replace(/[\x00-\x0F]/g, function (ch) {
-              return '\\x0' + hex(ch)
-            })
-            // @ts-ignore
-            .replace(/[\x10-\x1F\x7F-\x9F]/g, function (ch) {
-              return '\\x' + hex(ch)
-            })
-        )
-      }
-
-      // @ts-ignore
-      function classEscape(s) {
-        // @ts-ignore
-        return (
-          s
-            // @ts-ignore
-            .replace(/\\/g, '\\\\')
-            // @ts-ignore
-            .replace(/\]/g, '\\]')
-            // @ts-ignore
-            .replace(/\^/g, '\\^')
-            // @ts-ignore
-            .replace(/-/g, '\\-')
-            // @ts-ignore
-            .replace(/\0/g, '\\0')
-            // @ts-ignore
-            .replace(/\t/g, '\\t')
-            // @ts-ignore
-            .replace(/\n/g, '\\n')
-            // @ts-ignore
-            .replace(/\r/g, '\\r')
-            // @ts-ignore
-            .replace(/[\x00-\x0F]/g, function (ch) {
-              return '\\x0' + hex(ch)
-            })
-            // @ts-ignore
-            .replace(/[\x10-\x1F\x7F-\x9F]/g, function (ch) {
-              return '\\x' + hex(ch)
-            })
-        )
-      }
-
-      // @ts-ignore
-      function describeExpectation(expectation) {
-        // @ts-ignore
-        return DESCRIBE_EXPECTATION_FNS[expectation.type](expectation)
-      }
-
-      // @ts-ignore
-      function describeExpected(expected) {
-        // @ts-ignore
-        var descriptions = expected.map(describeExpectation)
-        // @ts-ignore
-        var i, j
-
-        // @ts-ignore
-        descriptions.sort()
-
-        // @ts-ignore
-        if (descriptions.length > 0) {
-          // @ts-ignore
-          for (i = 1, j = 1; i < descriptions.length; i++) {
-            // @ts-ignore
-            if (descriptions[i - 1] !== descriptions[i]) {
-              // @ts-ignore
-              descriptions[j] = descriptions[i]
-              // @ts-ignore
-              j++
-            }
-          }
-          // @ts-ignore
-          descriptions.length = j
-        }
-
-        // @ts-ignore
-        switch (descriptions.length) {
-          // @ts-ignore
-          case 1:
-            // @ts-ignore
-            return descriptions[0]
-
-          // @ts-ignore
-          case 2:
-            // @ts-ignore
-            return descriptions[0] + ' or ' + descriptions[1]
-
-          // @ts-ignore
-          default:
-            // @ts-ignore
-            return (
-              descriptions.slice(0, -1).join(', ') +
-              // @ts-ignore
-              ', or ' +
-              // @ts-ignore
-              descriptions[descriptions.length - 1]
-            )
-        }
-      }
-
-      // @ts-ignore
-      function describeFound(found) {
-        // @ts-ignore
-        return found ? '"' + literalEscape(found) + '"' : 'end of input'
-      }
-
-      // @ts-ignore
-      return (
-        'Expected ' +
-        describeExpected(expected) +
-        ' but ' +
-        describeFound(found) +
-        ' found.'
-      )
-    }
-
-    // @ts-ignore
-    function peg$parse(input, options) {
-      // @ts-ignore
-      options = options !== undefined ? options : {}
-
-      // @ts-ignore
-      var peg$FAILED = {}
-      // @ts-ignore
-      var peg$source = options.grammarSource
-
-      // @ts-ignore
-      var peg$startRuleFunctions = {
-        VersionRange: peg$parseVersionRange,
-        Or: peg$parseOr,
-        And: peg$parseAnd,
-        VersionRangeAtom: peg$parseVersionRangeAtom,
-        Parens: peg$parseParens,
-        Anchor: peg$parseAnchor,
-        VersionSpec: peg$parseVersionSpec,
-        FlavorAtom: peg$parseFlavorAtom,
-        Not: peg$parseNot,
-        Any: peg$parseAny,
-        None: peg$parseNone,
-        CmpOp: peg$parseCmpOp,
-        ExtendedVersion: peg$parseExtendedVersion,
-        EmverVersionRange: peg$parseEmverVersionRange,
-        EmverVersionRangeAtom: peg$parseEmverVersionRangeAtom,
-        EmverParens: peg$parseEmverParens,
-        EmverAnchor: peg$parseEmverAnchor,
-        EmverNot: peg$parseEmverNot,
-        Emver: peg$parseEmver,
-        Flavor: peg$parseFlavor,
-        FlavorString: peg$parseFlavorString,
-        String: peg$parseString,
-        Version: peg$parseVersion,
-        PreRelease: peg$parsePreRelease,
-        PreReleaseSegment: peg$parsePreReleaseSegment,
-        VersionNumber: peg$parseVersionNumber,
-        Digit: peg$parseDigit,
-        _: peg$parse_,
-      }
-      // @ts-ignore
-      var peg$startRuleFunction = peg$parseVersionRange
-
-      // @ts-ignore
-      var peg$c0 = '||'
-      var peg$c1 = '&&'
-      var peg$c2 = '('
-      var peg$c3 = ')'
-      var peg$c4 = ':'
-      var peg$c5 = '#'
-      var peg$c6 = '!'
-      var peg$c7 = '*'
-      var peg$c8 = '>='
-      var peg$c9 = '<='
-      var peg$c10 = '>'
-      var peg$c11 = '<'
-      var peg$c12 = '='
-      var peg$c13 = '!='
-      var peg$c14 = '^'
-      var peg$c15 = '~'
-      var peg$c16 = '.'
-      var peg$c17 = '-'
-
-      var peg$r0 = /^[a-z]/
-      var peg$r1 = /^[a-zA-Z]/
-      var peg$r2 = /^[0-9]/
-      var peg$r3 = /^[ \t\n\r]/
-
-      var peg$e0 = peg$literalExpectation('||', false)
-      var peg$e1 = peg$literalExpectation('&&', false)
-      var peg$e2 = peg$literalExpectation('(', false)
-      var peg$e3 = peg$literalExpectation(')', false)
-      var peg$e4 = peg$literalExpectation(':', false)
-      var peg$e5 = peg$literalExpectation('#', false)
-      var peg$e6 = peg$literalExpectation('!', false)
-      var peg$e7 = peg$literalExpectation('*', false)
-      var peg$e8 = peg$literalExpectation('>=', false)
-      var peg$e9 = peg$literalExpectation('<=', false)
-      var peg$e10 = peg$literalExpectation('>', false)
-      var peg$e11 = peg$literalExpectation('<', false)
-      var peg$e12 = peg$literalExpectation('=', false)
-      var peg$e13 = peg$literalExpectation('!=', false)
-      var peg$e14 = peg$literalExpectation('^', false)
-      var peg$e15 = peg$literalExpectation('~', false)
-      var peg$e16 = peg$literalExpectation('.', false)
-      var peg$e17 = peg$classExpectation([['a', 'z']], false, false)
-      var peg$e18 = peg$classExpectation(
-        [
-          ['a', 'z'],
-          ['A', 'Z'],
-        ],
-        false,
-        false,
-      )
-      var peg$e19 = peg$literalExpectation('-', false)
-      var peg$e20 = peg$classExpectation([['0', '9']], false, false)
-      var peg$e21 = peg$otherExpectation('whitespace')
-      var peg$e22 = peg$classExpectation([' ', '\t', '\n', '\r'], false, false)
-      // @ts-ignore
-
-      var peg$f0 = function (expr) {
-        // @ts-ignore
-        return { type: 'Parens', expr }
-      } // @ts-ignore
-
-      var peg$f1 = function (operator, version) {
-        // @ts-ignore
-        return { type: 'Anchor', operator, version }
-      } // @ts-ignore
-
-      var peg$f2 = function (flavor, upstream, downstream) {
-        // @ts-ignore
-        return {
-          flavor: flavor || null,
-          upstream,
-          downstream: downstream
-            ? downstream[1]
-            : { number: [0], prerelease: [] },
-        }
-      } // @ts-ignore
-
-      var peg$f3 = function (flavor) {
-        // @ts-ignore
-        return { type: 'Flavor', flavor: flavor }
-      } // @ts-ignore
-
-      var peg$f4 = function (value) {
-        // @ts-ignore
-        return { type: 'Not', value: value }
-      } // @ts-ignore
-
-      var peg$f5 = function () {
-        // @ts-ignore
-        return { type: 'Any' }
-      } // @ts-ignore
-
-      var peg$f6 = function () {
-        // @ts-ignore
-        return { type: 'None' }
-      } // @ts-ignore
-
-      var peg$f7 = function () {
-        // @ts-ignore
-        return '>='
-      } // @ts-ignore
-
-      var peg$f8 = function () {
-        // @ts-ignore
-        return '<='
-      } // @ts-ignore
-
-      var peg$f9 = function () {
-        // @ts-ignore
-        return '>'
-      } // @ts-ignore
-
-      var peg$f10 = function () {
-        // @ts-ignore
-        return '<'
-      } // @ts-ignore
-
-      var peg$f11 = function () {
-        // @ts-ignore
-        return '='
-      } // @ts-ignore
-
-      var peg$f12 = function () {
-        // @ts-ignore
-        return '!='
-      } // @ts-ignore
-
-      var peg$f13 = function () {
-        // @ts-ignore
-        return '^'
-      } // @ts-ignore
-
-      var peg$f14 = function () {
-        // @ts-ignore
-        return '~'
-      } // @ts-ignore
-
-      var peg$f15 = function (flavor, upstream, downstream) {
-        // @ts-ignore
-        return { flavor: flavor || null, upstream, downstream }
-      } // @ts-ignore
-
-      var peg$f16 = function (expr) {
-        // @ts-ignore
-        return { type: 'Parens', expr }
-      } // @ts-ignore
-
-      var peg$f17 = function (operator, version) {
-        // @ts-ignore
-        return { type: 'Anchor', operator, version }
-      } // @ts-ignore
-
-      var peg$f18 = function (value) {
-        // @ts-ignore
-        return { type: 'Not', value: value }
-      } // @ts-ignore
-
-      var peg$f19 = function (major, minor, patch, revision) {
-        // @ts-ignore
-        return revision
-      } // @ts-ignore
-
-      var peg$f20 = function (major, minor, patch, revision) {
-        // @ts-ignore
-        return {
-          // @ts-ignore
-          flavor: null,
-          // @ts-ignore
-          upstream: {
-            // @ts-ignore
-            number: [major, minor, patch],
-            // @ts-ignore
-            prerelease: [],
-          },
-          // @ts-ignore
-          downstream: {
-            // @ts-ignore
-            number: [revision || 0],
-            // @ts-ignore
-            prerelease: [],
-          },
-        }
-      } // @ts-ignore
-
-      var peg$f21 = function (flavor) {
-        // @ts-ignore
-        return flavor
-      } // @ts-ignore
-
-      var peg$f22 = function () {
-        // @ts-ignore
-        return text()
-      } // @ts-ignore
-
-      var peg$f23 = function () {
-        // @ts-ignore
-        return text()
-      } // @ts-ignore
-
-      var peg$f24 = function (number, prerelease) {
-        // @ts-ignore
-        return {
-          // @ts-ignore
-          number,
-          // @ts-ignore
-          prerelease: prerelease || [],
-        }
-      } // @ts-ignore
-
-      var peg$f25 = function (first, rest) {
-        // @ts-ignore
-        return [first].concat(rest.map((r) => r[1]))
-      } // @ts-ignore
-
-      var peg$f26 = function (segment) {
-        // @ts-ignore
-        return segment
-      } // @ts-ignore
-
-      var peg$f27 = function (first, rest) {
-        // @ts-ignore
-        return [first].concat(rest.map((r) => r[1]))
-      } // @ts-ignore
-
-      var peg$f28 = function () {
-        // @ts-ignore
-        return parseInt(text(), 10)
-      }
-      // @ts-ignore
-      var peg$currPos = 0
-      // @ts-ignore
-      var peg$savedPos = 0
-      // @ts-ignore
-      var peg$posDetailsCache = [{ line: 1, column: 1 }]
-      // @ts-ignore
-      var peg$maxFailPos = 0
-      // @ts-ignore
-      var peg$maxFailExpected = []
-      // @ts-ignore
-      var peg$silentFails = 0
-
-      // @ts-ignore
-      var peg$result
-
-      // @ts-ignore
-      if ('startRule' in options) {
-        // @ts-ignore
-        if (!(options.startRule in peg$startRuleFunctions)) {
-          // @ts-ignore
-          throw new Error(
-            'Can\'t start parsing from rule "' + options.startRule + '".',
-          )
-        }
-
-        // @ts-ignore
-        peg$startRuleFunction = peg$startRuleFunctions[options.startRule]
-      }
-
-      // @ts-ignore
-      function text() {
-        // @ts-ignore
-        return input.substring(peg$savedPos, peg$currPos)
-      }
-
-      // @ts-ignore
-      function offset() {
-        // @ts-ignore
-        return peg$savedPos
-      }
-
-      // @ts-ignore
-      function range() {
-        // @ts-ignore
-        return {
-          // @ts-ignore
-          source: peg$source,
-          // @ts-ignore
-          start: peg$savedPos,
-          // @ts-ignore
-          end: peg$currPos,
-        }
-      }
-
-      // @ts-ignore
-      function location() {
-        // @ts-ignore
-        return peg$computeLocation(peg$savedPos, peg$currPos)
-      }
-
-      // @ts-ignore
-      function expected(description, location) {
-        // @ts-ignore
-        location =
-          location !== undefined
-            ? // @ts-ignore
-              location
-            : // @ts-ignore
-              peg$computeLocation(peg$savedPos, peg$currPos)
-
-        // @ts-ignore
-        throw peg$buildStructuredError(
-          // @ts-ignore
-          [peg$otherExpectation(description)],
-          // @ts-ignore
-          input.substring(peg$savedPos, peg$currPos),
-          // @ts-ignore
-          location,
-        )
-      }
-
-      // @ts-ignore
-      function error(message, location) {
-        // @ts-ignore
-        location =
-          location !== undefined
-            ? // @ts-ignore
-              location
-            : // @ts-ignore
-              peg$computeLocation(peg$savedPos, peg$currPos)
-
-        // @ts-ignore
-        throw peg$buildSimpleError(message, location)
-      }
-
-      // @ts-ignore
-      function peg$literalExpectation(text, ignoreCase) {
-        // @ts-ignore
-        return { type: 'literal', text: text, ignoreCase: ignoreCase }
-      }
-
-      // @ts-ignore
-      function peg$classExpectation(parts, inverted, ignoreCase) {
-        // @ts-ignore
-        return {
-          type: 'class',
-          parts: parts,
-          inverted: inverted,
-          ignoreCase: ignoreCase,
-        }
-      }
-
-      // @ts-ignore
-      function peg$anyExpectation() {
-        // @ts-ignore
-        return { type: 'any' }
-      }
-
-      // @ts-ignore
-      function peg$endExpectation() {
-        // @ts-ignore
-        return { type: 'end' }
-      }
-
-      // @ts-ignore
-      function peg$otherExpectation(description) {
-        // @ts-ignore
-        return { type: 'other', description: description }
-      }
-
-      // @ts-ignore
-      function peg$computePosDetails(pos) {
-        // @ts-ignore
-        var details = peg$posDetailsCache[pos]
-        // @ts-ignore
-        var p
-
-        // @ts-ignore
-        if (details) {
-          // @ts-ignore
-          return details
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          p = pos - 1
-          // @ts-ignore
-          while (!peg$posDetailsCache[p]) {
-            // @ts-ignore
-            p--
-          }
-
-          // @ts-ignore
-          details = peg$posDetailsCache[p]
-          // @ts-ignore
-          details = {
-            // @ts-ignore
-            line: details.line,
-            // @ts-ignore
-            column: details.column,
-          }
-
-          // @ts-ignore
-          while (p < pos) {
-            // @ts-ignore
-            if (input.charCodeAt(p) === 10) {
-              // @ts-ignore
-              details.line++
-              // @ts-ignore
-              details.column = 1
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              details.column++
-            }
-
-            // @ts-ignore
-            p++
-          }
-
-          // @ts-ignore
-          peg$posDetailsCache[pos] = details
-
-          // @ts-ignore
-          return details
-        }
-      }
-
-      // @ts-ignore
-      function peg$computeLocation(startPos, endPos, offset) {
-        // @ts-ignore
-        var startPosDetails = peg$computePosDetails(startPos)
-        // @ts-ignore
-        var endPosDetails = peg$computePosDetails(endPos)
-
-        // @ts-ignore
-        var res = {
-          // @ts-ignore
-          source: peg$source,
-          // @ts-ignore
-          start: {
-            // @ts-ignore
-            offset: startPos,
-            // @ts-ignore
-            line: startPosDetails.line,
-            // @ts-ignore
-            column: startPosDetails.column,
-          },
-          // @ts-ignore
-          end: {
-            // @ts-ignore
-            offset: endPos,
-            // @ts-ignore
-            line: endPosDetails.line,
-            // @ts-ignore
-            column: endPosDetails.column,
-          },
-        }
-        // @ts-ignore
-        if (offset && peg$source && typeof peg$source.offset === 'function') {
-          // @ts-ignore
-          res.start = peg$source.offset(res.start)
-          // @ts-ignore
-          res.end = peg$source.offset(res.end)
-        }
-        // @ts-ignore
-        return res
-      }
-
-      // @ts-ignore
-      function peg$fail(expected) {
-        // @ts-ignore
-        if (peg$currPos < peg$maxFailPos) {
-          return
-        }
-
-        // @ts-ignore
-        if (peg$currPos > peg$maxFailPos) {
-          // @ts-ignore
-          peg$maxFailPos = peg$currPos
-          // @ts-ignore
-          peg$maxFailExpected = []
-        }
-
-        // @ts-ignore
-        peg$maxFailExpected.push(expected)
-      }
-
-      // @ts-ignore
-      function peg$buildSimpleError(message, location) {
-        // @ts-ignore
-        return new peg$SyntaxError(message, null, null, location)
-      }
-
-      // @ts-ignore
-      function peg$buildStructuredError(expected, found, location) {
-        // @ts-ignore
-        return new peg$SyntaxError(
-          // @ts-ignore
-          peg$SyntaxError.buildMessage(expected, found),
-          // @ts-ignore
-          expected,
-          // @ts-ignore
-          found,
-          // @ts-ignore
-          location,
-        )
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseVersionRange() {
-        // @ts-ignore
-        var s0, s1, s2, s3, s4, s5, s6, s7
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = peg$parseVersionRangeAtom()
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = []
-          // @ts-ignore
-          s3 = peg$currPos
-          // @ts-ignore
-          s4 = peg$parse_()
-          // @ts-ignore
-          s5 = peg$currPos
-          // @ts-ignore
-          s6 = peg$parseOr()
-          // @ts-ignore
-          if (s6 === peg$FAILED) {
-            // @ts-ignore
-            s6 = peg$parseAnd()
-          }
-          // @ts-ignore
-          if (s6 !== peg$FAILED) {
-            // @ts-ignore
-            s7 = peg$parse_()
-            // @ts-ignore
-            s6 = [s6, s7]
-            // @ts-ignore
-            s5 = s6
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s5
-            // @ts-ignore
-            s5 = peg$FAILED
-          }
-          // @ts-ignore
-          if (s5 === peg$FAILED) {
-            // @ts-ignore
-            s5 = null
-          }
-          // @ts-ignore
-          s6 = peg$parseVersionRangeAtom()
-          // @ts-ignore
-          if (s6 !== peg$FAILED) {
-            // @ts-ignore
-            s4 = [s4, s5, s6]
-            // @ts-ignore
-            s3 = s4
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s3
-            // @ts-ignore
-            s3 = peg$FAILED
-          }
-          // @ts-ignore
-          while (s3 !== peg$FAILED) {
-            // @ts-ignore
-            s2.push(s3)
-            // @ts-ignore
-            s3 = peg$currPos
-            // @ts-ignore
-            s4 = peg$parse_()
-            // @ts-ignore
-            s5 = peg$currPos
-            // @ts-ignore
-            s6 = peg$parseOr()
-            // @ts-ignore
-            if (s6 === peg$FAILED) {
-              // @ts-ignore
-              s6 = peg$parseAnd()
-            }
-            // @ts-ignore
-            if (s6 !== peg$FAILED) {
-              // @ts-ignore
-              s7 = peg$parse_()
-              // @ts-ignore
-              s6 = [s6, s7]
-              // @ts-ignore
-              s5 = s6
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s5
-              // @ts-ignore
-              s5 = peg$FAILED
-            }
-            // @ts-ignore
-            if (s5 === peg$FAILED) {
-              // @ts-ignore
-              s5 = null
-            }
-            // @ts-ignore
-            s6 = peg$parseVersionRangeAtom()
-            // @ts-ignore
-            if (s6 !== peg$FAILED) {
-              // @ts-ignore
-              s4 = [s4, s5, s6]
-              // @ts-ignore
-              s3 = s4
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s3
-              // @ts-ignore
-              s3 = peg$FAILED
-            }
-          }
-          // @ts-ignore
-          s1 = [s1, s2]
-          // @ts-ignore
-          s0 = s1
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseOr() {
-        // @ts-ignore
-        var s0
-
-        // @ts-ignore
-        if (input.substr(peg$currPos, 2) === peg$c0) {
-          // @ts-ignore
-          s0 = peg$c0
-          // @ts-ignore
-          peg$currPos += 2
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s0 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e0)
-          }
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseAnd() {
-        // @ts-ignore
-        var s0
-
-        // @ts-ignore
-        if (input.substr(peg$currPos, 2) === peg$c1) {
-          // @ts-ignore
-          s0 = peg$c1
-          // @ts-ignore
-          peg$currPos += 2
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s0 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e1)
-          }
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseVersionRangeAtom() {
-        // @ts-ignore
-        var s0
-
-        // @ts-ignore
-        s0 = peg$parseParens()
-        // @ts-ignore
-        if (s0 === peg$FAILED) {
-          // @ts-ignore
-          s0 = peg$parseAnchor()
-          // @ts-ignore
-          if (s0 === peg$FAILED) {
-            // @ts-ignore
-            s0 = peg$parseNot()
-            // @ts-ignore
-            if (s0 === peg$FAILED) {
-              // @ts-ignore
-              s0 = peg$parseAny()
-              // @ts-ignore
-              if (s0 === peg$FAILED) {
-                // @ts-ignore
-                s0 = peg$parseNone()
-                // @ts-ignore
-                if (s0 === peg$FAILED) {
-                  // @ts-ignore
-                  s0 = peg$parseFlavorAtom()
-                }
-              }
-            }
-          }
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseParens() {
-        // @ts-ignore
-        var s0, s1, s2, s3, s4, s5
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 40) {
-          // @ts-ignore
-          s1 = peg$c2
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e2)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = peg$parse_()
-          // @ts-ignore
-          s3 = peg$parseVersionRange()
-          // @ts-ignore
-          if (s3 !== peg$FAILED) {
-            // @ts-ignore
-            s4 = peg$parse_()
-            // @ts-ignore
-            if (input.charCodeAt(peg$currPos) === 41) {
-              // @ts-ignore
-              s5 = peg$c3
-              // @ts-ignore
-              peg$currPos++
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              s5 = peg$FAILED
-              // @ts-ignore
-              if (peg$silentFails === 0) {
-                peg$fail(peg$e3)
-              }
-            }
-            // @ts-ignore
-            if (s5 !== peg$FAILED) {
-              // @ts-ignore
-              peg$savedPos = s0
-              // @ts-ignore
-              s0 = peg$f0(s3)
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s0
-              // @ts-ignore
-              s0 = peg$FAILED
-            }
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s0
-            // @ts-ignore
-            s0 = peg$FAILED
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseAnchor() {
-        // @ts-ignore
-        var s0, s1, s2, s3
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = peg$parseCmpOp()
-        // @ts-ignore
-        if (s1 === peg$FAILED) {
-          // @ts-ignore
-          s1 = null
-        }
-        // @ts-ignore
-        s2 = peg$parse_()
-        // @ts-ignore
-        s3 = peg$parseVersionSpec()
-        // @ts-ignore
-        if (s3 !== peg$FAILED) {
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s0 = peg$f1(s1, s3)
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseVersionSpec() {
-        // @ts-ignore
-        var s0, s1, s2, s3, s4, s5
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = peg$parseFlavor()
-        // @ts-ignore
-        if (s1 === peg$FAILED) {
-          // @ts-ignore
-          s1 = null
-        }
-        // @ts-ignore
-        s2 = peg$parseVersion()
-        // @ts-ignore
-        if (s2 !== peg$FAILED) {
-          // @ts-ignore
-          s3 = peg$currPos
-          // @ts-ignore
-          if (input.charCodeAt(peg$currPos) === 58) {
-            // @ts-ignore
-            s4 = peg$c4
-            // @ts-ignore
-            peg$currPos++
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            s4 = peg$FAILED
-            // @ts-ignore
-            if (peg$silentFails === 0) {
-              peg$fail(peg$e4)
-            }
-          }
-          // @ts-ignore
-          if (s4 !== peg$FAILED) {
-            // @ts-ignore
-            s5 = peg$parseVersion()
-            // @ts-ignore
-            if (s5 !== peg$FAILED) {
-              // @ts-ignore
-              s4 = [s4, s5]
-              // @ts-ignore
-              s3 = s4
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s3
-              // @ts-ignore
-              s3 = peg$FAILED
-            }
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s3
-            // @ts-ignore
-            s3 = peg$FAILED
-          }
-          // @ts-ignore
-          if (s3 === peg$FAILED) {
-            // @ts-ignore
-            s3 = null
-          }
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s0 = peg$f2(s1, s2, s3)
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseFlavorAtom() {
-        // @ts-ignore
-        var s0, s1, s2
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 35) {
-          // @ts-ignore
-          s1 = peg$c5
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e5)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = peg$parseFlavorString()
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s0 = peg$f3(s2)
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseNot() {
-        // @ts-ignore
-        var s0, s1, s2, s3
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 33) {
-          // @ts-ignore
-          s1 = peg$c6
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e6)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = peg$parse_()
-          // @ts-ignore
-          s3 = peg$parseVersionRangeAtom()
-          // @ts-ignore
-          if (s3 !== peg$FAILED) {
-            // @ts-ignore
-            peg$savedPos = s0
-            // @ts-ignore
-            s0 = peg$f4(s3)
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s0
-            // @ts-ignore
-            s0 = peg$FAILED
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseAny() {
-        // @ts-ignore
-        var s0, s1
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 42) {
-          // @ts-ignore
-          s1 = peg$c7
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e7)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s1 = peg$f5()
-        }
-        // @ts-ignore
-        s0 = s1
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseNone() {
-        // @ts-ignore
-        var s0, s1
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 33) {
-          // @ts-ignore
-          s1 = peg$c6
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e6)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s1 = peg$f6()
-        }
-        // @ts-ignore
-        s0 = s1
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseCmpOp() {
-        // @ts-ignore
-        var s0, s1
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.substr(peg$currPos, 2) === peg$c8) {
-          // @ts-ignore
-          s1 = peg$c8
-          // @ts-ignore
-          peg$currPos += 2
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e8)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s1 = peg$f7()
-        }
-        // @ts-ignore
-        s0 = s1
-        // @ts-ignore
-        if (s0 === peg$FAILED) {
-          // @ts-ignore
-          s0 = peg$currPos
-          // @ts-ignore
-          if (input.substr(peg$currPos, 2) === peg$c9) {
-            // @ts-ignore
-            s1 = peg$c9
-            // @ts-ignore
-            peg$currPos += 2
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            s1 = peg$FAILED
-            // @ts-ignore
-            if (peg$silentFails === 0) {
-              peg$fail(peg$e9)
-            }
-          }
-          // @ts-ignore
-          if (s1 !== peg$FAILED) {
-            // @ts-ignore
-            peg$savedPos = s0
-            // @ts-ignore
-            s1 = peg$f8()
-          }
-          // @ts-ignore
-          s0 = s1
-          // @ts-ignore
-          if (s0 === peg$FAILED) {
-            // @ts-ignore
-            s0 = peg$currPos
-            // @ts-ignore
-            if (input.charCodeAt(peg$currPos) === 62) {
-              // @ts-ignore
-              s1 = peg$c10
-              // @ts-ignore
-              peg$currPos++
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              s1 = peg$FAILED
-              // @ts-ignore
-              if (peg$silentFails === 0) {
-                peg$fail(peg$e10)
-              }
-            }
-            // @ts-ignore
-            if (s1 !== peg$FAILED) {
-              // @ts-ignore
-              peg$savedPos = s0
-              // @ts-ignore
-              s1 = peg$f9()
-            }
-            // @ts-ignore
-            s0 = s1
-            // @ts-ignore
-            if (s0 === peg$FAILED) {
-              // @ts-ignore
-              s0 = peg$currPos
-              // @ts-ignore
-              if (input.charCodeAt(peg$currPos) === 60) {
-                // @ts-ignore
-                s1 = peg$c11
-                // @ts-ignore
-                peg$currPos++
-                // @ts-ignore
-              } else {
-                // @ts-ignore
-                s1 = peg$FAILED
-                // @ts-ignore
-                if (peg$silentFails === 0) {
-                  peg$fail(peg$e11)
-                }
-              }
-              // @ts-ignore
-              if (s1 !== peg$FAILED) {
-                // @ts-ignore
-                peg$savedPos = s0
-                // @ts-ignore
-                s1 = peg$f10()
-              }
-              // @ts-ignore
-              s0 = s1
-              // @ts-ignore
-              if (s0 === peg$FAILED) {
-                // @ts-ignore
-                s0 = peg$currPos
-                // @ts-ignore
-                if (input.charCodeAt(peg$currPos) === 61) {
-                  // @ts-ignore
-                  s1 = peg$c12
-                  // @ts-ignore
-                  peg$currPos++
-                  // @ts-ignore
-                } else {
-                  // @ts-ignore
-                  s1 = peg$FAILED
-                  // @ts-ignore
-                  if (peg$silentFails === 0) {
-                    peg$fail(peg$e12)
-                  }
-                }
-                // @ts-ignore
-                if (s1 !== peg$FAILED) {
-                  // @ts-ignore
-                  peg$savedPos = s0
-                  // @ts-ignore
-                  s1 = peg$f11()
-                }
-                // @ts-ignore
-                s0 = s1
-                // @ts-ignore
-                if (s0 === peg$FAILED) {
-                  // @ts-ignore
-                  s0 = peg$currPos
-                  // @ts-ignore
-                  if (input.substr(peg$currPos, 2) === peg$c13) {
-                    // @ts-ignore
-                    s1 = peg$c13
-                    // @ts-ignore
-                    peg$currPos += 2
-                    // @ts-ignore
-                  } else {
-                    // @ts-ignore
-                    s1 = peg$FAILED
-                    // @ts-ignore
-                    if (peg$silentFails === 0) {
-                      peg$fail(peg$e13)
-                    }
-                  }
-                  // @ts-ignore
-                  if (s1 !== peg$FAILED) {
-                    // @ts-ignore
-                    peg$savedPos = s0
-                    // @ts-ignore
-                    s1 = peg$f12()
-                  }
-                  // @ts-ignore
-                  s0 = s1
-                  // @ts-ignore
-                  if (s0 === peg$FAILED) {
-                    // @ts-ignore
-                    s0 = peg$currPos
-                    // @ts-ignore
-                    if (input.charCodeAt(peg$currPos) === 94) {
-                      // @ts-ignore
-                      s1 = peg$c14
-                      // @ts-ignore
-                      peg$currPos++
-                      // @ts-ignore
-                    } else {
-                      // @ts-ignore
-                      s1 = peg$FAILED
-                      // @ts-ignore
-                      if (peg$silentFails === 0) {
-                        peg$fail(peg$e14)
-                      }
-                    }
-                    // @ts-ignore
-                    if (s1 !== peg$FAILED) {
-                      // @ts-ignore
-                      peg$savedPos = s0
-                      // @ts-ignore
-                      s1 = peg$f13()
-                    }
-                    // @ts-ignore
-                    s0 = s1
-                    // @ts-ignore
-                    if (s0 === peg$FAILED) {
-                      // @ts-ignore
-                      s0 = peg$currPos
-                      // @ts-ignore
-                      if (input.charCodeAt(peg$currPos) === 126) {
-                        // @ts-ignore
-                        s1 = peg$c15
-                        // @ts-ignore
-                        peg$currPos++
-                        // @ts-ignore
-                      } else {
-                        // @ts-ignore
-                        s1 = peg$FAILED
-                        // @ts-ignore
-                        if (peg$silentFails === 0) {
-                          peg$fail(peg$e15)
-                        }
-                      }
-                      // @ts-ignore
-                      if (s1 !== peg$FAILED) {
-                        // @ts-ignore
-                        peg$savedPos = s0
-                        // @ts-ignore
-                        s1 = peg$f14()
-                      }
-                      // @ts-ignore
-                      s0 = s1
-                    }
-                  }
-                }
-              }
-            }
-          }
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseExtendedVersion() {
-        // @ts-ignore
-        var s0, s1, s2, s3, s4
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = peg$parseFlavor()
-        // @ts-ignore
-        if (s1 === peg$FAILED) {
-          // @ts-ignore
-          s1 = null
-        }
-        // @ts-ignore
-        s2 = peg$parseVersion()
-        // @ts-ignore
-        if (s2 !== peg$FAILED) {
-          // @ts-ignore
-          if (input.charCodeAt(peg$currPos) === 58) {
-            // @ts-ignore
-            s3 = peg$c4
-            // @ts-ignore
-            peg$currPos++
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            s3 = peg$FAILED
-            // @ts-ignore
-            if (peg$silentFails === 0) {
-              peg$fail(peg$e4)
-            }
-          }
-          // @ts-ignore
-          if (s3 !== peg$FAILED) {
-            // @ts-ignore
-            s4 = peg$parseVersion()
-            // @ts-ignore
-            if (s4 !== peg$FAILED) {
-              // @ts-ignore
-              peg$savedPos = s0
-              // @ts-ignore
-              s0 = peg$f15(s1, s2, s4)
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s0
-              // @ts-ignore
-              s0 = peg$FAILED
-            }
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s0
-            // @ts-ignore
-            s0 = peg$FAILED
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseEmverVersionRange() {
-        // @ts-ignore
-        var s0, s1, s2, s3, s4, s5, s6, s7
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = peg$parseEmverVersionRangeAtom()
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = []
-          // @ts-ignore
-          s3 = peg$currPos
-          // @ts-ignore
-          s4 = peg$parse_()
-          // @ts-ignore
-          s5 = peg$currPos
-          // @ts-ignore
-          s6 = peg$parseOr()
-          // @ts-ignore
-          if (s6 === peg$FAILED) {
-            // @ts-ignore
-            s6 = peg$parseAnd()
-          }
-          // @ts-ignore
-          if (s6 !== peg$FAILED) {
-            // @ts-ignore
-            s7 = peg$parse_()
-            // @ts-ignore
-            s6 = [s6, s7]
-            // @ts-ignore
-            s5 = s6
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s5
-            // @ts-ignore
-            s5 = peg$FAILED
-          }
-          // @ts-ignore
-          if (s5 === peg$FAILED) {
-            // @ts-ignore
-            s5 = null
-          }
-          // @ts-ignore
-          s6 = peg$parseEmverVersionRangeAtom()
-          // @ts-ignore
-          if (s6 !== peg$FAILED) {
-            // @ts-ignore
-            s4 = [s4, s5, s6]
-            // @ts-ignore
-            s3 = s4
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s3
-            // @ts-ignore
-            s3 = peg$FAILED
-          }
-          // @ts-ignore
-          while (s3 !== peg$FAILED) {
-            // @ts-ignore
-            s2.push(s3)
-            // @ts-ignore
-            s3 = peg$currPos
-            // @ts-ignore
-            s4 = peg$parse_()
-            // @ts-ignore
-            s5 = peg$currPos
-            // @ts-ignore
-            s6 = peg$parseOr()
-            // @ts-ignore
-            if (s6 === peg$FAILED) {
-              // @ts-ignore
-              s6 = peg$parseAnd()
-            }
-            // @ts-ignore
-            if (s6 !== peg$FAILED) {
-              // @ts-ignore
-              s7 = peg$parse_()
-              // @ts-ignore
-              s6 = [s6, s7]
-              // @ts-ignore
-              s5 = s6
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s5
-              // @ts-ignore
-              s5 = peg$FAILED
-            }
-            // @ts-ignore
-            if (s5 === peg$FAILED) {
-              // @ts-ignore
-              s5 = null
-            }
-            // @ts-ignore
-            s6 = peg$parseEmverVersionRangeAtom()
-            // @ts-ignore
-            if (s6 !== peg$FAILED) {
-              // @ts-ignore
-              s4 = [s4, s5, s6]
-              // @ts-ignore
-              s3 = s4
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s3
-              // @ts-ignore
-              s3 = peg$FAILED
-            }
-          }
-          // @ts-ignore
-          s1 = [s1, s2]
-          // @ts-ignore
-          s0 = s1
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseEmverVersionRangeAtom() {
-        // @ts-ignore
-        var s0
-
-        // @ts-ignore
-        s0 = peg$parseEmverParens()
-        // @ts-ignore
-        if (s0 === peg$FAILED) {
-          // @ts-ignore
-          s0 = peg$parseEmverAnchor()
-          // @ts-ignore
-          if (s0 === peg$FAILED) {
-            // @ts-ignore
-            s0 = peg$parseEmverNot()
-            // @ts-ignore
-            if (s0 === peg$FAILED) {
-              // @ts-ignore
-              s0 = peg$parseAny()
-              // @ts-ignore
-              if (s0 === peg$FAILED) {
-                // @ts-ignore
-                s0 = peg$parseNone()
-              }
-            }
-          }
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseEmverParens() {
-        // @ts-ignore
-        var s0, s1, s2, s3, s4, s5
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 40) {
-          // @ts-ignore
-          s1 = peg$c2
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e2)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = peg$parse_()
-          // @ts-ignore
-          s3 = peg$parseEmverVersionRange()
-          // @ts-ignore
-          if (s3 !== peg$FAILED) {
-            // @ts-ignore
-            s4 = peg$parse_()
-            // @ts-ignore
-            if (input.charCodeAt(peg$currPos) === 41) {
-              // @ts-ignore
-              s5 = peg$c3
-              // @ts-ignore
-              peg$currPos++
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              s5 = peg$FAILED
-              // @ts-ignore
-              if (peg$silentFails === 0) {
-                peg$fail(peg$e3)
-              }
-            }
-            // @ts-ignore
-            if (s5 !== peg$FAILED) {
-              // @ts-ignore
-              peg$savedPos = s0
-              // @ts-ignore
-              s0 = peg$f16(s3)
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s0
-              // @ts-ignore
-              s0 = peg$FAILED
-            }
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s0
-            // @ts-ignore
-            s0 = peg$FAILED
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseEmverAnchor() {
-        // @ts-ignore
-        var s0, s1, s2, s3
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = peg$parseCmpOp()
-        // @ts-ignore
-        if (s1 === peg$FAILED) {
-          // @ts-ignore
-          s1 = null
-        }
-        // @ts-ignore
-        s2 = peg$parse_()
-        // @ts-ignore
-        s3 = peg$parseEmver()
-        // @ts-ignore
-        if (s3 !== peg$FAILED) {
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s0 = peg$f17(s1, s3)
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseEmverNot() {
-        // @ts-ignore
-        var s0, s1, s2, s3
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 33) {
-          // @ts-ignore
-          s1 = peg$c6
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e6)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = peg$parse_()
-          // @ts-ignore
-          s3 = peg$parseEmverVersionRangeAtom()
-          // @ts-ignore
-          if (s3 !== peg$FAILED) {
-            // @ts-ignore
-            peg$savedPos = s0
-            // @ts-ignore
-            s0 = peg$f18(s3)
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s0
-            // @ts-ignore
-            s0 = peg$FAILED
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseEmver() {
-        // @ts-ignore
-        var s0, s1, s2, s3, s4, s5, s6, s7, s8
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = peg$parseDigit()
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          if (input.charCodeAt(peg$currPos) === 46) {
-            // @ts-ignore
-            s2 = peg$c16
-            // @ts-ignore
-            peg$currPos++
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            s2 = peg$FAILED
-            // @ts-ignore
-            if (peg$silentFails === 0) {
-              peg$fail(peg$e16)
-            }
-          }
-          // @ts-ignore
-          if (s2 !== peg$FAILED) {
-            // @ts-ignore
-            s3 = peg$parseDigit()
-            // @ts-ignore
-            if (s3 !== peg$FAILED) {
-              // @ts-ignore
-              if (input.charCodeAt(peg$currPos) === 46) {
-                // @ts-ignore
-                s4 = peg$c16
-                // @ts-ignore
-                peg$currPos++
-                // @ts-ignore
-              } else {
-                // @ts-ignore
-                s4 = peg$FAILED
-                // @ts-ignore
-                if (peg$silentFails === 0) {
-                  peg$fail(peg$e16)
-                }
-              }
-              // @ts-ignore
-              if (s4 !== peg$FAILED) {
-                // @ts-ignore
-                s5 = peg$parseDigit()
-                // @ts-ignore
-                if (s5 !== peg$FAILED) {
-                  // @ts-ignore
-                  s6 = peg$currPos
-                  // @ts-ignore
-                  if (input.charCodeAt(peg$currPos) === 46) {
-                    // @ts-ignore
-                    s7 = peg$c16
-                    // @ts-ignore
-                    peg$currPos++
-                    // @ts-ignore
-                  } else {
-                    // @ts-ignore
-                    s7 = peg$FAILED
-                    // @ts-ignore
-                    if (peg$silentFails === 0) {
-                      peg$fail(peg$e16)
-                    }
-                  }
-                  // @ts-ignore
-                  if (s7 !== peg$FAILED) {
-                    // @ts-ignore
-                    s8 = peg$parseDigit()
-                    // @ts-ignore
-                    if (s8 !== peg$FAILED) {
-                      // @ts-ignore
-                      peg$savedPos = s6
-                      // @ts-ignore
-                      s6 = peg$f19(s1, s3, s5, s8)
-                      // @ts-ignore
-                    } else {
-                      // @ts-ignore
-                      peg$currPos = s6
-                      // @ts-ignore
-                      s6 = peg$FAILED
-                    }
-                    // @ts-ignore
-                  } else {
-                    // @ts-ignore
-                    peg$currPos = s6
-                    // @ts-ignore
-                    s6 = peg$FAILED
-                  }
-                  // @ts-ignore
-                  if (s6 === peg$FAILED) {
-                    // @ts-ignore
-                    s6 = null
-                  }
-                  // @ts-ignore
-                  peg$savedPos = s0
-                  // @ts-ignore
-                  s0 = peg$f20(s1, s3, s5, s6)
-                  // @ts-ignore
-                } else {
-                  // @ts-ignore
-                  peg$currPos = s0
-                  // @ts-ignore
-                  s0 = peg$FAILED
-                }
-                // @ts-ignore
-              } else {
-                // @ts-ignore
-                peg$currPos = s0
-                // @ts-ignore
-                s0 = peg$FAILED
-              }
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s0
-              // @ts-ignore
-              s0 = peg$FAILED
-            }
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s0
-            // @ts-ignore
-            s0 = peg$FAILED
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseFlavor() {
-        // @ts-ignore
-        var s0, s1, s2, s3
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 35) {
-          // @ts-ignore
-          s1 = peg$c5
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e5)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = peg$parseFlavorString()
-          // @ts-ignore
-          if (input.charCodeAt(peg$currPos) === 58) {
-            // @ts-ignore
-            s3 = peg$c4
-            // @ts-ignore
-            peg$currPos++
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            s3 = peg$FAILED
-            // @ts-ignore
-            if (peg$silentFails === 0) {
-              peg$fail(peg$e4)
-            }
-          }
-          // @ts-ignore
-          if (s3 !== peg$FAILED) {
-            // @ts-ignore
-            peg$savedPos = s0
-            // @ts-ignore
-            s0 = peg$f21(s2)
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s0
-            // @ts-ignore
-            s0 = peg$FAILED
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseFlavorString() {
-        // @ts-ignore
-        var s0, s1, s2
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = []
-        // @ts-ignore
-        if (peg$r0.test(input.charAt(peg$currPos))) {
-          // @ts-ignore
-          s2 = input.charAt(peg$currPos)
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s2 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e17)
-          }
-        }
-        // @ts-ignore
-        while (s2 !== peg$FAILED) {
-          // @ts-ignore
-          s1.push(s2)
-          // @ts-ignore
-          if (peg$r0.test(input.charAt(peg$currPos))) {
-            // @ts-ignore
-            s2 = input.charAt(peg$currPos)
-            // @ts-ignore
-            peg$currPos++
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            s2 = peg$FAILED
-            // @ts-ignore
-            if (peg$silentFails === 0) {
-              peg$fail(peg$e17)
-            }
-          }
-        }
-        // @ts-ignore
-        peg$savedPos = s0
-        // @ts-ignore
-        s1 = peg$f22()
-        // @ts-ignore
-        s0 = s1
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseString() {
-        // @ts-ignore
-        var s0, s1, s2
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = []
-        // @ts-ignore
-        if (peg$r1.test(input.charAt(peg$currPos))) {
-          // @ts-ignore
-          s2 = input.charAt(peg$currPos)
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s2 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e18)
-          }
-        }
-        // @ts-ignore
-        if (s2 !== peg$FAILED) {
-          // @ts-ignore
-          while (s2 !== peg$FAILED) {
-            // @ts-ignore
-            s1.push(s2)
-            // @ts-ignore
-            if (peg$r1.test(input.charAt(peg$currPos))) {
-              // @ts-ignore
-              s2 = input.charAt(peg$currPos)
-              // @ts-ignore
-              peg$currPos++
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              s2 = peg$FAILED
-              // @ts-ignore
-              if (peg$silentFails === 0) {
-                peg$fail(peg$e18)
-              }
-            }
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s1 = peg$f23()
-        }
-        // @ts-ignore
-        s0 = s1
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseVersion() {
-        // @ts-ignore
-        var s0, s1, s2
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = peg$parseVersionNumber()
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = peg$parsePreRelease()
-          // @ts-ignore
-          if (s2 === peg$FAILED) {
-            // @ts-ignore
-            s2 = null
-          }
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s0 = peg$f24(s1, s2)
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parsePreRelease() {
-        // @ts-ignore
-        var s0, s1, s2, s3, s4, s5, s6
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 45) {
-          // @ts-ignore
-          s1 = peg$c17
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e19)
-          }
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = peg$parsePreReleaseSegment()
-          // @ts-ignore
-          if (s2 !== peg$FAILED) {
-            // @ts-ignore
-            s3 = []
-            // @ts-ignore
-            s4 = peg$currPos
-            // @ts-ignore
-            if (input.charCodeAt(peg$currPos) === 46) {
-              // @ts-ignore
-              s5 = peg$c16
-              // @ts-ignore
-              peg$currPos++
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              s5 = peg$FAILED
-              // @ts-ignore
-              if (peg$silentFails === 0) {
-                peg$fail(peg$e16)
-              }
-            }
-            // @ts-ignore
-            if (s5 !== peg$FAILED) {
-              // @ts-ignore
-              s6 = peg$parsePreReleaseSegment()
-              // @ts-ignore
-              if (s6 !== peg$FAILED) {
-                // @ts-ignore
-                s5 = [s5, s6]
-                // @ts-ignore
-                s4 = s5
-                // @ts-ignore
-              } else {
-                // @ts-ignore
-                peg$currPos = s4
-                // @ts-ignore
-                s4 = peg$FAILED
-              }
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s4
-              // @ts-ignore
-              s4 = peg$FAILED
-            }
-            // @ts-ignore
-            while (s4 !== peg$FAILED) {
-              // @ts-ignore
-              s3.push(s4)
-              // @ts-ignore
-              s4 = peg$currPos
-              // @ts-ignore
-              if (input.charCodeAt(peg$currPos) === 46) {
-                // @ts-ignore
-                s5 = peg$c16
-                // @ts-ignore
-                peg$currPos++
-                // @ts-ignore
-              } else {
-                // @ts-ignore
-                s5 = peg$FAILED
-                // @ts-ignore
-                if (peg$silentFails === 0) {
-                  peg$fail(peg$e16)
-                }
-              }
-              // @ts-ignore
-              if (s5 !== peg$FAILED) {
-                // @ts-ignore
-                s6 = peg$parsePreReleaseSegment()
-                // @ts-ignore
-                if (s6 !== peg$FAILED) {
-                  // @ts-ignore
-                  s5 = [s5, s6]
-                  // @ts-ignore
-                  s4 = s5
-                  // @ts-ignore
-                } else {
-                  // @ts-ignore
-                  peg$currPos = s4
-                  // @ts-ignore
-                  s4 = peg$FAILED
-                }
-                // @ts-ignore
-              } else {
-                // @ts-ignore
-                peg$currPos = s4
-                // @ts-ignore
-                s4 = peg$FAILED
-              }
-            }
-            // @ts-ignore
-            peg$savedPos = s0
-            // @ts-ignore
-            s0 = peg$f25(s2, s3)
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s0
-            // @ts-ignore
-            s0 = peg$FAILED
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parsePreReleaseSegment() {
-        // @ts-ignore
-        var s0, s1, s2
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        if (input.charCodeAt(peg$currPos) === 46) {
-          // @ts-ignore
-          s1 = peg$c16
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e16)
-          }
-        }
-        // @ts-ignore
-        if (s1 === peg$FAILED) {
-          // @ts-ignore
-          s1 = null
-        }
-        // @ts-ignore
-        s2 = peg$parseDigit()
-        // @ts-ignore
-        if (s2 === peg$FAILED) {
-          // @ts-ignore
-          s2 = peg$parseString()
-        }
-        // @ts-ignore
-        if (s2 !== peg$FAILED) {
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s0 = peg$f26(s2)
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseVersionNumber() {
-        // @ts-ignore
-        var s0, s1, s2, s3, s4, s5
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = peg$parseDigit()
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s2 = []
-          // @ts-ignore
-          s3 = peg$currPos
-          // @ts-ignore
-          if (input.charCodeAt(peg$currPos) === 46) {
-            // @ts-ignore
-            s4 = peg$c16
-            // @ts-ignore
-            peg$currPos++
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            s4 = peg$FAILED
-            // @ts-ignore
-            if (peg$silentFails === 0) {
-              peg$fail(peg$e16)
-            }
-          }
-          // @ts-ignore
-          if (s4 !== peg$FAILED) {
-            // @ts-ignore
-            s5 = peg$parseDigit()
-            // @ts-ignore
-            if (s5 !== peg$FAILED) {
-              // @ts-ignore
-              s4 = [s4, s5]
-              // @ts-ignore
-              s3 = s4
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s3
-              // @ts-ignore
-              s3 = peg$FAILED
-            }
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            peg$currPos = s3
-            // @ts-ignore
-            s3 = peg$FAILED
-          }
-          // @ts-ignore
-          while (s3 !== peg$FAILED) {
-            // @ts-ignore
-            s2.push(s3)
-            // @ts-ignore
-            s3 = peg$currPos
-            // @ts-ignore
-            if (input.charCodeAt(peg$currPos) === 46) {
-              // @ts-ignore
-              s4 = peg$c16
-              // @ts-ignore
-              peg$currPos++
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              s4 = peg$FAILED
-              // @ts-ignore
-              if (peg$silentFails === 0) {
-                peg$fail(peg$e16)
-              }
-            }
-            // @ts-ignore
-            if (s4 !== peg$FAILED) {
-              // @ts-ignore
-              s5 = peg$parseDigit()
-              // @ts-ignore
-              if (s5 !== peg$FAILED) {
-                // @ts-ignore
-                s4 = [s4, s5]
-                // @ts-ignore
-                s3 = s4
-                // @ts-ignore
-              } else {
-                // @ts-ignore
-                peg$currPos = s3
-                // @ts-ignore
-                s3 = peg$FAILED
-              }
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              peg$currPos = s3
-              // @ts-ignore
-              s3 = peg$FAILED
-            }
-          }
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s0 = peg$f27(s1, s2)
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          peg$currPos = s0
-          // @ts-ignore
-          s0 = peg$FAILED
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parseDigit() {
-        // @ts-ignore
-        var s0, s1, s2
-
-        // @ts-ignore
-        s0 = peg$currPos
-        // @ts-ignore
-        s1 = []
-        // @ts-ignore
-        if (peg$r2.test(input.charAt(peg$currPos))) {
-          // @ts-ignore
-          s2 = input.charAt(peg$currPos)
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s2 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e20)
-          }
-        }
-        // @ts-ignore
-        if (s2 !== peg$FAILED) {
-          // @ts-ignore
-          while (s2 !== peg$FAILED) {
-            // @ts-ignore
-            s1.push(s2)
-            // @ts-ignore
-            if (peg$r2.test(input.charAt(peg$currPos))) {
-              // @ts-ignore
-              s2 = input.charAt(peg$currPos)
-              // @ts-ignore
-              peg$currPos++
-              // @ts-ignore
-            } else {
-              // @ts-ignore
-              s2 = peg$FAILED
-              // @ts-ignore
-              if (peg$silentFails === 0) {
-                peg$fail(peg$e20)
-              }
-            }
-          }
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-        }
-        // @ts-ignore
-        if (s1 !== peg$FAILED) {
-          // @ts-ignore
-          peg$savedPos = s0
-          // @ts-ignore
-          s1 = peg$f28()
-        }
-        // @ts-ignore
-        s0 = s1
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      function // @ts-ignore
-      peg$parse_() {
-        // @ts-ignore
-        var s0, s1
-
-        // @ts-ignore
-        peg$silentFails++
-        // @ts-ignore
-        s0 = []
-        // @ts-ignore
-        if (peg$r3.test(input.charAt(peg$currPos))) {
-          // @ts-ignore
-          s1 = input.charAt(peg$currPos)
-          // @ts-ignore
-          peg$currPos++
-          // @ts-ignore
-        } else {
-          // @ts-ignore
-          s1 = peg$FAILED
-          // @ts-ignore
-          if (peg$silentFails === 0) {
-            peg$fail(peg$e22)
-          }
-        }
-        // @ts-ignore
-        while (s1 !== peg$FAILED) {
-          // @ts-ignore
-          s0.push(s1)
-          // @ts-ignore
-          if (peg$r3.test(input.charAt(peg$currPos))) {
-            // @ts-ignore
-            s1 = input.charAt(peg$currPos)
-            // @ts-ignore
-            peg$currPos++
-            // @ts-ignore
-          } else {
-            // @ts-ignore
-            s1 = peg$FAILED
-            // @ts-ignore
-            if (peg$silentFails === 0) {
-              peg$fail(peg$e22)
-            }
-          }
-        }
-        // @ts-ignore
-        peg$silentFails--
-        // @ts-ignore
-        s1 = peg$FAILED
-        // @ts-ignore
-        if (peg$silentFails === 0) {
-          peg$fail(peg$e21)
-        }
-
-        // @ts-ignore
-        return s0
-      }
-
-      // @ts-ignore
-      peg$result = peg$startRuleFunction()
-
-      // @ts-ignore
-      if (peg$result !== peg$FAILED && peg$currPos === input.length) {
-        // @ts-ignore
-        return peg$result
-        // @ts-ignore
-      } else {
-        // @ts-ignore
-        if (peg$result !== peg$FAILED && peg$currPos < input.length) {
-          // @ts-ignore
-          peg$fail(peg$endExpectation())
-        }
-
-        // @ts-ignore
-        throw peg$buildStructuredError(
-          // @ts-ignore
-          peg$maxFailExpected,
-          // @ts-ignore
-          peg$maxFailPos < input.length ? input.charAt(peg$maxFailPos) : null,
-          // @ts-ignore
-          peg$maxFailPos < input.length
-            ? // @ts-ignore
-              peg$computeLocation(peg$maxFailPos, peg$maxFailPos + 1)
-            : // @ts-ignore
-              peg$computeLocation(peg$maxFailPos, peg$maxFailPos),
-        )
+const peggyParser: {parse: any, SyntaxError: any, DefaultTracer?: any} = // Generated by Peggy 3.0.2.
+//
+// https://peggyjs.org/
+// @ts-ignore
+(function() {
+// @ts-ignore
+  "use strict";
+
+// @ts-ignore
+function peg$subclass(child, parent) {
+// @ts-ignore
+  function C() { this.constructor = child; }
+// @ts-ignore
+  C.prototype = parent.prototype;
+// @ts-ignore
+  child.prototype = new C();
+}
+
+// @ts-ignore
+function peg$SyntaxError(message, expected, found, location) {
+// @ts-ignore
+  var self = Error.call(this, message);
+  // istanbul ignore next Check is a necessary evil to support older environments
+// @ts-ignore
+  if (Object.setPrototypeOf) {
+// @ts-ignore
+    Object.setPrototypeOf(self, peg$SyntaxError.prototype);
+  }
+// @ts-ignore
+  self.expected = expected;
+// @ts-ignore
+  self.found = found;
+// @ts-ignore
+  self.location = location;
+// @ts-ignore
+  self.name = "SyntaxError";
+// @ts-ignore
+  return self;
+}
+
+// @ts-ignore
+peg$subclass(peg$SyntaxError, Error);
+
+// @ts-ignore
+function peg$padEnd(str, targetLength, padString) {
+// @ts-ignore
+  padString = padString || " ";
+// @ts-ignore
+  if (str.length > targetLength) { return str; }
+// @ts-ignore
+  targetLength -= str.length;
+// @ts-ignore
+  padString += padString.repeat(targetLength);
+// @ts-ignore
+  return str + padString.slice(0, targetLength);
+}
+
+// @ts-ignore
+peg$SyntaxError.prototype.format = function(sources) {
+// @ts-ignore
+  var str = "Error: " + this.message;
+// @ts-ignore
+  if (this.location) {
+// @ts-ignore
+    var src = null;
+// @ts-ignore
+    var k;
+// @ts-ignore
+    for (k = 0; k < sources.length; k++) {
+// @ts-ignore
+      if (sources[k].source === this.location.source) {
+// @ts-ignore
+        src = sources[k].text.split(/\r\n|\n|\r/g);
+// @ts-ignore
+        break;
       }
     }
+// @ts-ignore
+    var s = this.location.start;
+// @ts-ignore
+    var offset_s = (this.location.source && (typeof this.location.source.offset === "function"))
+// @ts-ignore
+      ? this.location.source.offset(s)
+// @ts-ignore
+      : s;
+// @ts-ignore
+    var loc = this.location.source + ":" + offset_s.line + ":" + offset_s.column;
+// @ts-ignore
+    if (src) {
+// @ts-ignore
+      var e = this.location.end;
+// @ts-ignore
+      var filler = peg$padEnd("", offset_s.line.toString().length, ' ');
+// @ts-ignore
+      var line = src[s.line - 1];
+// @ts-ignore
+      var last = s.line === e.line ? e.column : line.length + 1;
+// @ts-ignore
+      var hatLen = (last - s.column) || 1;
+// @ts-ignore
+      str += "\n --> " + loc + "\n"
+// @ts-ignore
+          + filler + " |\n"
+// @ts-ignore
+          + offset_s.line + " | " + line + "\n"
+// @ts-ignore
+          + filler + " | " + peg$padEnd("", s.column - 1, ' ')
+// @ts-ignore
+          + peg$padEnd("", hatLen, "^");
+// @ts-ignore
+    } else {
+// @ts-ignore
+      str += "\n at " + loc;
+    }
+  }
+// @ts-ignore
+  return str;
+};
 
-    // @ts-ignore
+// @ts-ignore
+peg$SyntaxError.buildMessage = function(expected, found) {
+// @ts-ignore
+  var DESCRIBE_EXPECTATION_FNS = {
+// @ts-ignore
+    literal: function(expectation) {
+// @ts-ignore
+      return "\"" + literalEscape(expectation.text) + "\"";
+    },
+
+// @ts-ignore
+    class: function(expectation) {
+// @ts-ignore
+      var escapedParts = expectation.parts.map(function(part) {
+// @ts-ignore
+        return Array.isArray(part)
+// @ts-ignore
+          ? classEscape(part[0]) + "-" + classEscape(part[1])
+// @ts-ignore
+          : classEscape(part);
+      });
+
+// @ts-ignore
+      return "[" + (expectation.inverted ? "^" : "") + escapedParts.join("") + "]";
+    },
+
+// @ts-ignore
+    any: function() {
+// @ts-ignore
+      return "any character";
+    },
+
+// @ts-ignore
+    end: function() {
+// @ts-ignore
+      return "end of input";
+    },
+
+// @ts-ignore
+    other: function(expectation) {
+// @ts-ignore
+      return expectation.description;
+    }
+  };
+
+// @ts-ignore
+  function hex(ch) {
+// @ts-ignore
+    return ch.charCodeAt(0).toString(16).toUpperCase();
+  }
+
+// @ts-ignore
+  function literalEscape(s) {
+// @ts-ignore
+    return s
+// @ts-ignore
+      .replace(/\\/g, "\\\\")
+// @ts-ignore
+      .replace(/"/g,  "\\\"")
+// @ts-ignore
+      .replace(/\0/g, "\\0")
+// @ts-ignore
+      .replace(/\t/g, "\\t")
+// @ts-ignore
+      .replace(/\n/g, "\\n")
+// @ts-ignore
+      .replace(/\r/g, "\\r")
+// @ts-ignore
+      .replace(/[\x00-\x0F]/g,          function(ch) { return "\\x0" + hex(ch); })
+// @ts-ignore
+      .replace(/[\x10-\x1F\x7F-\x9F]/g, function(ch) { return "\\x"  + hex(ch); });
+  }
+
+// @ts-ignore
+  function classEscape(s) {
+// @ts-ignore
+    return s
+// @ts-ignore
+      .replace(/\\/g, "\\\\")
+// @ts-ignore
+      .replace(/\]/g, "\\]")
+// @ts-ignore
+      .replace(/\^/g, "\\^")
+// @ts-ignore
+      .replace(/-/g,  "\\-")
+// @ts-ignore
+      .replace(/\0/g, "\\0")
+// @ts-ignore
+      .replace(/\t/g, "\\t")
+// @ts-ignore
+      .replace(/\n/g, "\\n")
+// @ts-ignore
+      .replace(/\r/g, "\\r")
+// @ts-ignore
+      .replace(/[\x00-\x0F]/g,          function(ch) { return "\\x0" + hex(ch); })
+// @ts-ignore
+      .replace(/[\x10-\x1F\x7F-\x9F]/g, function(ch) { return "\\x"  + hex(ch); });
+  }
+
+// @ts-ignore
+  function describeExpectation(expectation) {
+// @ts-ignore
+    return DESCRIBE_EXPECTATION_FNS[expectation.type](expectation);
+  }
+
+// @ts-ignore
+  function describeExpected(expected) {
+// @ts-ignore
+    var descriptions = expected.map(describeExpectation);
+// @ts-ignore
+    var i, j;
+
+// @ts-ignore
+    descriptions.sort();
+
+// @ts-ignore
+    if (descriptions.length > 0) {
+// @ts-ignore
+      for (i = 1, j = 1; i < descriptions.length; i++) {
+// @ts-ignore
+        if (descriptions[i - 1] !== descriptions[i]) {
+// @ts-ignore
+          descriptions[j] = descriptions[i];
+// @ts-ignore
+          j++;
+        }
+      }
+// @ts-ignore
+      descriptions.length = j;
+    }
+
+// @ts-ignore
+    switch (descriptions.length) {
+// @ts-ignore
+      case 1:
+// @ts-ignore
+        return descriptions[0];
+
+// @ts-ignore
+      case 2:
+// @ts-ignore
+        return descriptions[0] + " or " + descriptions[1];
+
+// @ts-ignore
+      default:
+// @ts-ignore
+        return descriptions.slice(0, -1).join(", ")
+// @ts-ignore
+          + ", or "
+// @ts-ignore
+          + descriptions[descriptions.length - 1];
+    }
+  }
+
+// @ts-ignore
+  function describeFound(found) {
+// @ts-ignore
+    return found ? "\"" + literalEscape(found) + "\"" : "end of input";
+  }
+
+// @ts-ignore
+  return "Expected " + describeExpected(expected) + " but " + describeFound(found) + " found.";
+};
+
+// @ts-ignore
+function peg$parse(input, options) {
+// @ts-ignore
+  options = options !== undefined ? options : {};
+
+// @ts-ignore
+  var peg$FAILED = {};
+// @ts-ignore
+  var peg$source = options.grammarSource;
+
+// @ts-ignore
+  var peg$startRuleFunctions = { VersionRange: peg$parseVersionRange, Or: peg$parseOr, And: peg$parseAnd, VersionRangeAtom: peg$parseVersionRangeAtom, Parens: peg$parseParens, Anchor: peg$parseAnchor, VersionSpec: peg$parseVersionSpec, FlavorAtom: peg$parseFlavorAtom, Not: peg$parseNot, Any: peg$parseAny, None: peg$parseNone, CmpOp: peg$parseCmpOp, ExtendedVersion: peg$parseExtendedVersion, EmverVersionRange: peg$parseEmverVersionRange, EmverVersionRangeAtom: peg$parseEmverVersionRangeAtom, EmverParens: peg$parseEmverParens, EmverAnchor: peg$parseEmverAnchor, EmverNot: peg$parseEmverNot, Emver: peg$parseEmver, Flavor: peg$parseFlavor, FlavorString: peg$parseFlavorString, String: peg$parseString, Version: peg$parseVersion, PreRelease: peg$parsePreRelease, PreReleaseSegment: peg$parsePreReleaseSegment, VersionNumber: peg$parseVersionNumber, Digit: peg$parseDigit, _: peg$parse_ };
+// @ts-ignore
+  var peg$startRuleFunction = peg$parseVersionRange;
+
+// @ts-ignore
+  var peg$c0 = "||";
+  var peg$c1 = "&&";
+  var peg$c2 = "(";
+  var peg$c3 = ")";
+  var peg$c4 = ":";
+  var peg$c5 = "#";
+  var peg$c6 = "!";
+  var peg$c7 = "*";
+  var peg$c8 = ">=";
+  var peg$c9 = "<=";
+  var peg$c10 = ">";
+  var peg$c11 = "<";
+  var peg$c12 = "=";
+  var peg$c13 = "!=";
+  var peg$c14 = "^";
+  var peg$c15 = "~";
+  var peg$c16 = ".";
+  var peg$c17 = "-";
+
+  var peg$r0 = /^[a-z]/;
+  var peg$r1 = /^[a-zA-Z]/;
+  var peg$r2 = /^[0-9]/;
+  var peg$r3 = /^[ \t\n\r]/;
+
+  var peg$e0 = peg$literalExpectation("||", false);
+  var peg$e1 = peg$literalExpectation("&&", false);
+  var peg$e2 = peg$literalExpectation("(", false);
+  var peg$e3 = peg$literalExpectation(")", false);
+  var peg$e4 = peg$literalExpectation(":", false);
+  var peg$e5 = peg$literalExpectation("#", false);
+  var peg$e6 = peg$literalExpectation("!", false);
+  var peg$e7 = peg$literalExpectation("*", false);
+  var peg$e8 = peg$literalExpectation(">=", false);
+  var peg$e9 = peg$literalExpectation("<=", false);
+  var peg$e10 = peg$literalExpectation(">", false);
+  var peg$e11 = peg$literalExpectation("<", false);
+  var peg$e12 = peg$literalExpectation("=", false);
+  var peg$e13 = peg$literalExpectation("!=", false);
+  var peg$e14 = peg$literalExpectation("^", false);
+  var peg$e15 = peg$literalExpectation("~", false);
+  var peg$e16 = peg$literalExpectation(".", false);
+  var peg$e17 = peg$classExpectation([["a", "z"]], false, false);
+  var peg$e18 = peg$classExpectation([["a", "z"], ["A", "Z"]], false, false);
+  var peg$e19 = peg$literalExpectation("-", false);
+  var peg$e20 = peg$classExpectation([["0", "9"]], false, false);
+  var peg$e21 = peg$otherExpectation("whitespace");
+  var peg$e22 = peg$classExpectation([" ", "\t", "\n", "\r"], false, false);
+// @ts-ignore
+
+  var peg$f0 = function(expr) {// @ts-ignore
+ return { type: "Parens", expr } };// @ts-ignore
+
+  var peg$f1 = function(operator, version) {// @ts-ignore
+ return { type: "Anchor", operator, version } };// @ts-ignore
+
+  var peg$f2 = function(flavor, upstream, downstream) {// @ts-ignore
+ return { flavor: flavor || null, upstream, downstream: downstream ? downstream[1] : { number: [0], prerelease: [] } } };// @ts-ignore
+
+  var peg$f3 = function(flavor) {// @ts-ignore
+ return { type: "Flavor", flavor: flavor } };// @ts-ignore
+
+  var peg$f4 = function(value) {// @ts-ignore
+ return { type: "Not", value: value }};// @ts-ignore
+
+  var peg$f5 = function() {// @ts-ignore
+ return { type: "Any" } };// @ts-ignore
+
+  var peg$f6 = function() {// @ts-ignore
+ return { type: "None" } };// @ts-ignore
+
+  var peg$f7 = function() {// @ts-ignore
+ return ">="; };// @ts-ignore
+
+  var peg$f8 = function() {// @ts-ignore
+ return "<="; };// @ts-ignore
+
+  var peg$f9 = function() {// @ts-ignore
+ return ">"; };// @ts-ignore
+
+  var peg$f10 = function() {// @ts-ignore
+ return "<"; };// @ts-ignore
+
+  var peg$f11 = function() {// @ts-ignore
+ return "="; };// @ts-ignore
+
+  var peg$f12 = function() {// @ts-ignore
+ return "!="; };// @ts-ignore
+
+  var peg$f13 = function() {// @ts-ignore
+ return "^"; };// @ts-ignore
+
+  var peg$f14 = function() {// @ts-ignore
+ return "~"; };// @ts-ignore
+
+  var peg$f15 = function(flavor, upstream, downstream) {
+// @ts-ignore
+    return { flavor: flavor || null, upstream, downstream }
+  };// @ts-ignore
+
+  var peg$f16 = function(expr) {// @ts-ignore
+ return { type: "Parens", expr } };// @ts-ignore
+
+  var peg$f17 = function(operator, version) {// @ts-ignore
+ return { type: "Anchor", operator, version } };// @ts-ignore
+
+  var peg$f18 = function(value) {// @ts-ignore
+ return { type: "Not", value: value }};// @ts-ignore
+
+  var peg$f19 = function(major, minor, patch, revision) {// @ts-ignore
+ return revision };// @ts-ignore
+
+  var peg$f20 = function(major, minor, patch, revision) {
+// @ts-ignore
     return {
-      SyntaxError: peg$SyntaxError,
-      parse: peg$parse,
+// @ts-ignore
+      flavor: null,
+// @ts-ignore
+      upstream: {
+// @ts-ignore
+        number: [major, minor, patch],
+// @ts-ignore
+        prerelease: [],
+      },
+// @ts-ignore
+      downstream: {
+// @ts-ignore
+        number: [revision || 0],
+// @ts-ignore
+        prerelease: [],
+      },
     }
-  })()
+  };// @ts-ignore
+
+  var peg$f21 = function(flavor) {// @ts-ignore
+ return flavor };// @ts-ignore
+
+  var peg$f22 = function() {// @ts-ignore
+ return text() };// @ts-ignore
+
+  var peg$f23 = function() {// @ts-ignore
+ return text(); };// @ts-ignore
+
+  var peg$f24 = function(number, prerelease) {
+// @ts-ignore
+    return {
+// @ts-ignore
+      number,
+// @ts-ignore
+      prerelease: prerelease || []
+    };
+  };// @ts-ignore
+
+  var peg$f25 = function(first, rest) {
+// @ts-ignore
+    return [first].concat(rest.map(r => r[1]));
+  };// @ts-ignore
+
+  var peg$f26 = function(segment) {
+// @ts-ignore
+    return segment;
+  };// @ts-ignore
+
+  var peg$f27 = function(first, rest) {
+// @ts-ignore
+    return [first].concat(rest.map(r => r[1]));
+  };// @ts-ignore
+
+  var peg$f28 = function() {// @ts-ignore
+ return parseInt(text(), 10); };
+// @ts-ignore
+  var peg$currPos = 0;
+// @ts-ignore
+  var peg$savedPos = 0;
+// @ts-ignore
+  var peg$posDetailsCache = [{ line: 1, column: 1 }];
+// @ts-ignore
+  var peg$maxFailPos = 0;
+// @ts-ignore
+  var peg$maxFailExpected = [];
+// @ts-ignore
+  var peg$silentFails = 0;
+
+// @ts-ignore
+  var peg$result;
+
+// @ts-ignore
+  if ("startRule" in options) {
+// @ts-ignore
+    if (!(options.startRule in peg$startRuleFunctions)) {
+// @ts-ignore
+      throw new Error("Can't start parsing from rule \"" + options.startRule + "\".");
+    }
+
+// @ts-ignore
+    peg$startRuleFunction = peg$startRuleFunctions[options.startRule];
+  }
+
+// @ts-ignore
+  function text() {
+// @ts-ignore
+    return input.substring(peg$savedPos, peg$currPos);
+  }
+
+// @ts-ignore
+  function offset() {
+// @ts-ignore
+    return peg$savedPos;
+  }
+
+// @ts-ignore
+  function range() {
+// @ts-ignore
+    return {
+// @ts-ignore
+      source: peg$source,
+// @ts-ignore
+      start: peg$savedPos,
+// @ts-ignore
+      end: peg$currPos
+    };
+  }
+
+// @ts-ignore
+  function location() {
+// @ts-ignore
+    return peg$computeLocation(peg$savedPos, peg$currPos);
+  }
+
+// @ts-ignore
+  function expected(description, location) {
+// @ts-ignore
+    location = location !== undefined
+// @ts-ignore
+      ? location
+// @ts-ignore
+      : peg$computeLocation(peg$savedPos, peg$currPos);
+
+// @ts-ignore
+    throw peg$buildStructuredError(
+// @ts-ignore
+      [peg$otherExpectation(description)],
+// @ts-ignore
+      input.substring(peg$savedPos, peg$currPos),
+// @ts-ignore
+      location
+    );
+  }
+
+// @ts-ignore
+  function error(message, location) {
+// @ts-ignore
+    location = location !== undefined
+// @ts-ignore
+      ? location
+// @ts-ignore
+      : peg$computeLocation(peg$savedPos, peg$currPos);
+
+// @ts-ignore
+    throw peg$buildSimpleError(message, location);
+  }
+
+// @ts-ignore
+  function peg$literalExpectation(text, ignoreCase) {
+// @ts-ignore
+    return { type: "literal", text: text, ignoreCase: ignoreCase };
+  }
+
+// @ts-ignore
+  function peg$classExpectation(parts, inverted, ignoreCase) {
+// @ts-ignore
+    return { type: "class", parts: parts, inverted: inverted, ignoreCase: ignoreCase };
+  }
+
+// @ts-ignore
+  function peg$anyExpectation() {
+// @ts-ignore
+    return { type: "any" };
+  }
+
+// @ts-ignore
+  function peg$endExpectation() {
+// @ts-ignore
+    return { type: "end" };
+  }
+
+// @ts-ignore
+  function peg$otherExpectation(description) {
+// @ts-ignore
+    return { type: "other", description: description };
+  }
+
+// @ts-ignore
+  function peg$computePosDetails(pos) {
+// @ts-ignore
+    var details = peg$posDetailsCache[pos];
+// @ts-ignore
+    var p;
+
+// @ts-ignore
+    if (details) {
+// @ts-ignore
+      return details;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      p = pos - 1;
+// @ts-ignore
+      while (!peg$posDetailsCache[p]) {
+// @ts-ignore
+        p--;
+      }
+
+// @ts-ignore
+      details = peg$posDetailsCache[p];
+// @ts-ignore
+      details = {
+// @ts-ignore
+        line: details.line,
+// @ts-ignore
+        column: details.column
+      };
+
+// @ts-ignore
+      while (p < pos) {
+// @ts-ignore
+        if (input.charCodeAt(p) === 10) {
+// @ts-ignore
+          details.line++;
+// @ts-ignore
+          details.column = 1;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          details.column++;
+        }
+
+// @ts-ignore
+        p++;
+      }
+
+// @ts-ignore
+      peg$posDetailsCache[pos] = details;
+
+// @ts-ignore
+      return details;
+    }
+  }
+
+// @ts-ignore
+  function peg$computeLocation(startPos, endPos, offset) {
+// @ts-ignore
+    var startPosDetails = peg$computePosDetails(startPos);
+// @ts-ignore
+    var endPosDetails = peg$computePosDetails(endPos);
+
+// @ts-ignore
+    var res = {
+// @ts-ignore
+      source: peg$source,
+// @ts-ignore
+      start: {
+// @ts-ignore
+        offset: startPos,
+// @ts-ignore
+        line: startPosDetails.line,
+// @ts-ignore
+        column: startPosDetails.column
+      },
+// @ts-ignore
+      end: {
+// @ts-ignore
+        offset: endPos,
+// @ts-ignore
+        line: endPosDetails.line,
+// @ts-ignore
+        column: endPosDetails.column
+      }
+    };
+// @ts-ignore
+    if (offset && peg$source && (typeof peg$source.offset === "function")) {
+// @ts-ignore
+      res.start = peg$source.offset(res.start);
+// @ts-ignore
+      res.end = peg$source.offset(res.end);
+    }
+// @ts-ignore
+    return res;
+  }
+
+// @ts-ignore
+  function peg$fail(expected) {
+// @ts-ignore
+    if (peg$currPos < peg$maxFailPos) { return; }
+
+// @ts-ignore
+    if (peg$currPos > peg$maxFailPos) {
+// @ts-ignore
+      peg$maxFailPos = peg$currPos;
+// @ts-ignore
+      peg$maxFailExpected = [];
+    }
+
+// @ts-ignore
+    peg$maxFailExpected.push(expected);
+  }
+
+// @ts-ignore
+  function peg$buildSimpleError(message, location) {
+// @ts-ignore
+    return new peg$SyntaxError(message, null, null, location);
+  }
+
+// @ts-ignore
+  function peg$buildStructuredError(expected, found, location) {
+// @ts-ignore
+    return new peg$SyntaxError(
+// @ts-ignore
+      peg$SyntaxError.buildMessage(expected, found),
+// @ts-ignore
+      expected,
+// @ts-ignore
+      found,
+// @ts-ignore
+      location
+    );
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseVersionRange() {
+// @ts-ignore
+    var s0, s1, s2, s3, s4, s5, s6, s7;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = peg$parseVersionRangeAtom();
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = [];
+// @ts-ignore
+      s3 = peg$currPos;
+// @ts-ignore
+      s4 = peg$parse_();
+// @ts-ignore
+      s5 = peg$currPos;
+// @ts-ignore
+      s6 = peg$parseOr();
+// @ts-ignore
+      if (s6 === peg$FAILED) {
+// @ts-ignore
+        s6 = peg$parseAnd();
+      }
+// @ts-ignore
+      if (s6 !== peg$FAILED) {
+// @ts-ignore
+        s7 = peg$parse_();
+// @ts-ignore
+        s6 = [s6, s7];
+// @ts-ignore
+        s5 = s6;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s5;
+// @ts-ignore
+        s5 = peg$FAILED;
+      }
+// @ts-ignore
+      if (s5 === peg$FAILED) {
+// @ts-ignore
+        s5 = null;
+      }
+// @ts-ignore
+      s6 = peg$parseVersionRangeAtom();
+// @ts-ignore
+      if (s6 !== peg$FAILED) {
+// @ts-ignore
+        s4 = [s4, s5, s6];
+// @ts-ignore
+        s3 = s4;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s3;
+// @ts-ignore
+        s3 = peg$FAILED;
+      }
+// @ts-ignore
+      while (s3 !== peg$FAILED) {
+// @ts-ignore
+        s2.push(s3);
+// @ts-ignore
+        s3 = peg$currPos;
+// @ts-ignore
+        s4 = peg$parse_();
+// @ts-ignore
+        s5 = peg$currPos;
+// @ts-ignore
+        s6 = peg$parseOr();
+// @ts-ignore
+        if (s6 === peg$FAILED) {
+// @ts-ignore
+          s6 = peg$parseAnd();
+        }
+// @ts-ignore
+        if (s6 !== peg$FAILED) {
+// @ts-ignore
+          s7 = peg$parse_();
+// @ts-ignore
+          s6 = [s6, s7];
+// @ts-ignore
+          s5 = s6;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s5;
+// @ts-ignore
+          s5 = peg$FAILED;
+        }
+// @ts-ignore
+        if (s5 === peg$FAILED) {
+// @ts-ignore
+          s5 = null;
+        }
+// @ts-ignore
+        s6 = peg$parseVersionRangeAtom();
+// @ts-ignore
+        if (s6 !== peg$FAILED) {
+// @ts-ignore
+          s4 = [s4, s5, s6];
+// @ts-ignore
+          s3 = s4;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s3;
+// @ts-ignore
+          s3 = peg$FAILED;
+        }
+      }
+// @ts-ignore
+      s1 = [s1, s2];
+// @ts-ignore
+      s0 = s1;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseOr() {
+// @ts-ignore
+    var s0;
+
+// @ts-ignore
+    if (input.substr(peg$currPos, 2) === peg$c0) {
+// @ts-ignore
+      s0 = peg$c0;
+// @ts-ignore
+      peg$currPos += 2;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s0 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e0); }
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseAnd() {
+// @ts-ignore
+    var s0;
+
+// @ts-ignore
+    if (input.substr(peg$currPos, 2) === peg$c1) {
+// @ts-ignore
+      s0 = peg$c1;
+// @ts-ignore
+      peg$currPos += 2;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s0 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e1); }
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseVersionRangeAtom() {
+// @ts-ignore
+    var s0;
+
+// @ts-ignore
+    s0 = peg$parseParens();
+// @ts-ignore
+    if (s0 === peg$FAILED) {
+// @ts-ignore
+      s0 = peg$parseAnchor();
+// @ts-ignore
+      if (s0 === peg$FAILED) {
+// @ts-ignore
+        s0 = peg$parseNot();
+// @ts-ignore
+        if (s0 === peg$FAILED) {
+// @ts-ignore
+          s0 = peg$parseAny();
+// @ts-ignore
+          if (s0 === peg$FAILED) {
+// @ts-ignore
+            s0 = peg$parseNone();
+// @ts-ignore
+            if (s0 === peg$FAILED) {
+// @ts-ignore
+              s0 = peg$parseFlavorAtom();
+            }
+          }
+        }
+      }
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseParens() {
+// @ts-ignore
+    var s0, s1, s2, s3, s4, s5;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 40) {
+// @ts-ignore
+      s1 = peg$c2;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e2); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = peg$parse_();
+// @ts-ignore
+      s3 = peg$parseVersionRange();
+// @ts-ignore
+      if (s3 !== peg$FAILED) {
+// @ts-ignore
+        s4 = peg$parse_();
+// @ts-ignore
+        if (input.charCodeAt(peg$currPos) === 41) {
+// @ts-ignore
+          s5 = peg$c3;
+// @ts-ignore
+          peg$currPos++;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          s5 = peg$FAILED;
+// @ts-ignore
+          if (peg$silentFails === 0) { peg$fail(peg$e3); }
+        }
+// @ts-ignore
+        if (s5 !== peg$FAILED) {
+// @ts-ignore
+          peg$savedPos = s0;
+// @ts-ignore
+          s0 = peg$f0(s3);
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s0;
+// @ts-ignore
+          s0 = peg$FAILED;
+        }
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s0;
+// @ts-ignore
+        s0 = peg$FAILED;
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseAnchor() {
+// @ts-ignore
+    var s0, s1, s2, s3;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = peg$parseCmpOp();
+// @ts-ignore
+    if (s1 === peg$FAILED) {
+// @ts-ignore
+      s1 = null;
+    }
+// @ts-ignore
+    s2 = peg$parse_();
+// @ts-ignore
+    s3 = peg$parseVersionSpec();
+// @ts-ignore
+    if (s3 !== peg$FAILED) {
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s0 = peg$f1(s1, s3);
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseVersionSpec() {
+// @ts-ignore
+    var s0, s1, s2, s3, s4, s5;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = peg$parseFlavor();
+// @ts-ignore
+    if (s1 === peg$FAILED) {
+// @ts-ignore
+      s1 = null;
+    }
+// @ts-ignore
+    s2 = peg$parseVersion();
+// @ts-ignore
+    if (s2 !== peg$FAILED) {
+// @ts-ignore
+      s3 = peg$currPos;
+// @ts-ignore
+      if (input.charCodeAt(peg$currPos) === 58) {
+// @ts-ignore
+        s4 = peg$c4;
+// @ts-ignore
+        peg$currPos++;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        s4 = peg$FAILED;
+// @ts-ignore
+        if (peg$silentFails === 0) { peg$fail(peg$e4); }
+      }
+// @ts-ignore
+      if (s4 !== peg$FAILED) {
+// @ts-ignore
+        s5 = peg$parseVersion();
+// @ts-ignore
+        if (s5 !== peg$FAILED) {
+// @ts-ignore
+          s4 = [s4, s5];
+// @ts-ignore
+          s3 = s4;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s3;
+// @ts-ignore
+          s3 = peg$FAILED;
+        }
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s3;
+// @ts-ignore
+        s3 = peg$FAILED;
+      }
+// @ts-ignore
+      if (s3 === peg$FAILED) {
+// @ts-ignore
+        s3 = null;
+      }
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s0 = peg$f2(s1, s2, s3);
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseFlavorAtom() {
+// @ts-ignore
+    var s0, s1, s2;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 35) {
+// @ts-ignore
+      s1 = peg$c5;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e5); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = peg$parseFlavorString();
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s0 = peg$f3(s2);
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseNot() {
+// @ts-ignore
+    var s0, s1, s2, s3;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 33) {
+// @ts-ignore
+      s1 = peg$c6;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e6); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = peg$parse_();
+// @ts-ignore
+      s3 = peg$parseVersionRangeAtom();
+// @ts-ignore
+      if (s3 !== peg$FAILED) {
+// @ts-ignore
+        peg$savedPos = s0;
+// @ts-ignore
+        s0 = peg$f4(s3);
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s0;
+// @ts-ignore
+        s0 = peg$FAILED;
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseAny() {
+// @ts-ignore
+    var s0, s1;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 42) {
+// @ts-ignore
+      s1 = peg$c7;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e7); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s1 = peg$f5();
+    }
+// @ts-ignore
+    s0 = s1;
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseNone() {
+// @ts-ignore
+    var s0, s1;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 33) {
+// @ts-ignore
+      s1 = peg$c6;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e6); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s1 = peg$f6();
+    }
+// @ts-ignore
+    s0 = s1;
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseCmpOp() {
+// @ts-ignore
+    var s0, s1;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.substr(peg$currPos, 2) === peg$c8) {
+// @ts-ignore
+      s1 = peg$c8;
+// @ts-ignore
+      peg$currPos += 2;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e8); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s1 = peg$f7();
+    }
+// @ts-ignore
+    s0 = s1;
+// @ts-ignore
+    if (s0 === peg$FAILED) {
+// @ts-ignore
+      s0 = peg$currPos;
+// @ts-ignore
+      if (input.substr(peg$currPos, 2) === peg$c9) {
+// @ts-ignore
+        s1 = peg$c9;
+// @ts-ignore
+        peg$currPos += 2;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        s1 = peg$FAILED;
+// @ts-ignore
+        if (peg$silentFails === 0) { peg$fail(peg$e9); }
+      }
+// @ts-ignore
+      if (s1 !== peg$FAILED) {
+// @ts-ignore
+        peg$savedPos = s0;
+// @ts-ignore
+        s1 = peg$f8();
+      }
+// @ts-ignore
+      s0 = s1;
+// @ts-ignore
+      if (s0 === peg$FAILED) {
+// @ts-ignore
+        s0 = peg$currPos;
+// @ts-ignore
+        if (input.charCodeAt(peg$currPos) === 62) {
+// @ts-ignore
+          s1 = peg$c10;
+// @ts-ignore
+          peg$currPos++;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          s1 = peg$FAILED;
+// @ts-ignore
+          if (peg$silentFails === 0) { peg$fail(peg$e10); }
+        }
+// @ts-ignore
+        if (s1 !== peg$FAILED) {
+// @ts-ignore
+          peg$savedPos = s0;
+// @ts-ignore
+          s1 = peg$f9();
+        }
+// @ts-ignore
+        s0 = s1;
+// @ts-ignore
+        if (s0 === peg$FAILED) {
+// @ts-ignore
+          s0 = peg$currPos;
+// @ts-ignore
+          if (input.charCodeAt(peg$currPos) === 60) {
+// @ts-ignore
+            s1 = peg$c11;
+// @ts-ignore
+            peg$currPos++;
+// @ts-ignore
+          } else {
+// @ts-ignore
+            s1 = peg$FAILED;
+// @ts-ignore
+            if (peg$silentFails === 0) { peg$fail(peg$e11); }
+          }
+// @ts-ignore
+          if (s1 !== peg$FAILED) {
+// @ts-ignore
+            peg$savedPos = s0;
+// @ts-ignore
+            s1 = peg$f10();
+          }
+// @ts-ignore
+          s0 = s1;
+// @ts-ignore
+          if (s0 === peg$FAILED) {
+// @ts-ignore
+            s0 = peg$currPos;
+// @ts-ignore
+            if (input.charCodeAt(peg$currPos) === 61) {
+// @ts-ignore
+              s1 = peg$c12;
+// @ts-ignore
+              peg$currPos++;
+// @ts-ignore
+            } else {
+// @ts-ignore
+              s1 = peg$FAILED;
+// @ts-ignore
+              if (peg$silentFails === 0) { peg$fail(peg$e12); }
+            }
+// @ts-ignore
+            if (s1 !== peg$FAILED) {
+// @ts-ignore
+              peg$savedPos = s0;
+// @ts-ignore
+              s1 = peg$f11();
+            }
+// @ts-ignore
+            s0 = s1;
+// @ts-ignore
+            if (s0 === peg$FAILED) {
+// @ts-ignore
+              s0 = peg$currPos;
+// @ts-ignore
+              if (input.substr(peg$currPos, 2) === peg$c13) {
+// @ts-ignore
+                s1 = peg$c13;
+// @ts-ignore
+                peg$currPos += 2;
+// @ts-ignore
+              } else {
+// @ts-ignore
+                s1 = peg$FAILED;
+// @ts-ignore
+                if (peg$silentFails === 0) { peg$fail(peg$e13); }
+              }
+// @ts-ignore
+              if (s1 !== peg$FAILED) {
+// @ts-ignore
+                peg$savedPos = s0;
+// @ts-ignore
+                s1 = peg$f12();
+              }
+// @ts-ignore
+              s0 = s1;
+// @ts-ignore
+              if (s0 === peg$FAILED) {
+// @ts-ignore
+                s0 = peg$currPos;
+// @ts-ignore
+                if (input.charCodeAt(peg$currPos) === 94) {
+// @ts-ignore
+                  s1 = peg$c14;
+// @ts-ignore
+                  peg$currPos++;
+// @ts-ignore
+                } else {
+// @ts-ignore
+                  s1 = peg$FAILED;
+// @ts-ignore
+                  if (peg$silentFails === 0) { peg$fail(peg$e14); }
+                }
+// @ts-ignore
+                if (s1 !== peg$FAILED) {
+// @ts-ignore
+                  peg$savedPos = s0;
+// @ts-ignore
+                  s1 = peg$f13();
+                }
+// @ts-ignore
+                s0 = s1;
+// @ts-ignore
+                if (s0 === peg$FAILED) {
+// @ts-ignore
+                  s0 = peg$currPos;
+// @ts-ignore
+                  if (input.charCodeAt(peg$currPos) === 126) {
+// @ts-ignore
+                    s1 = peg$c15;
+// @ts-ignore
+                    peg$currPos++;
+// @ts-ignore
+                  } else {
+// @ts-ignore
+                    s1 = peg$FAILED;
+// @ts-ignore
+                    if (peg$silentFails === 0) { peg$fail(peg$e15); }
+                  }
+// @ts-ignore
+                  if (s1 !== peg$FAILED) {
+// @ts-ignore
+                    peg$savedPos = s0;
+// @ts-ignore
+                    s1 = peg$f14();
+                  }
+// @ts-ignore
+                  s0 = s1;
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseExtendedVersion() {
+// @ts-ignore
+    var s0, s1, s2, s3, s4;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = peg$parseFlavor();
+// @ts-ignore
+    if (s1 === peg$FAILED) {
+// @ts-ignore
+      s1 = null;
+    }
+// @ts-ignore
+    s2 = peg$parseVersion();
+// @ts-ignore
+    if (s2 !== peg$FAILED) {
+// @ts-ignore
+      if (input.charCodeAt(peg$currPos) === 58) {
+// @ts-ignore
+        s3 = peg$c4;
+// @ts-ignore
+        peg$currPos++;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        s3 = peg$FAILED;
+// @ts-ignore
+        if (peg$silentFails === 0) { peg$fail(peg$e4); }
+      }
+// @ts-ignore
+      if (s3 !== peg$FAILED) {
+// @ts-ignore
+        s4 = peg$parseVersion();
+// @ts-ignore
+        if (s4 !== peg$FAILED) {
+// @ts-ignore
+          peg$savedPos = s0;
+// @ts-ignore
+          s0 = peg$f15(s1, s2, s4);
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s0;
+// @ts-ignore
+          s0 = peg$FAILED;
+        }
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s0;
+// @ts-ignore
+        s0 = peg$FAILED;
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseEmverVersionRange() {
+// @ts-ignore
+    var s0, s1, s2, s3, s4, s5, s6, s7;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = peg$parseEmverVersionRangeAtom();
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = [];
+// @ts-ignore
+      s3 = peg$currPos;
+// @ts-ignore
+      s4 = peg$parse_();
+// @ts-ignore
+      s5 = peg$currPos;
+// @ts-ignore
+      s6 = peg$parseOr();
+// @ts-ignore
+      if (s6 === peg$FAILED) {
+// @ts-ignore
+        s6 = peg$parseAnd();
+      }
+// @ts-ignore
+      if (s6 !== peg$FAILED) {
+// @ts-ignore
+        s7 = peg$parse_();
+// @ts-ignore
+        s6 = [s6, s7];
+// @ts-ignore
+        s5 = s6;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s5;
+// @ts-ignore
+        s5 = peg$FAILED;
+      }
+// @ts-ignore
+      if (s5 === peg$FAILED) {
+// @ts-ignore
+        s5 = null;
+      }
+// @ts-ignore
+      s6 = peg$parseEmverVersionRangeAtom();
+// @ts-ignore
+      if (s6 !== peg$FAILED) {
+// @ts-ignore
+        s4 = [s4, s5, s6];
+// @ts-ignore
+        s3 = s4;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s3;
+// @ts-ignore
+        s3 = peg$FAILED;
+      }
+// @ts-ignore
+      while (s3 !== peg$FAILED) {
+// @ts-ignore
+        s2.push(s3);
+// @ts-ignore
+        s3 = peg$currPos;
+// @ts-ignore
+        s4 = peg$parse_();
+// @ts-ignore
+        s5 = peg$currPos;
+// @ts-ignore
+        s6 = peg$parseOr();
+// @ts-ignore
+        if (s6 === peg$FAILED) {
+// @ts-ignore
+          s6 = peg$parseAnd();
+        }
+// @ts-ignore
+        if (s6 !== peg$FAILED) {
+// @ts-ignore
+          s7 = peg$parse_();
+// @ts-ignore
+          s6 = [s6, s7];
+// @ts-ignore
+          s5 = s6;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s5;
+// @ts-ignore
+          s5 = peg$FAILED;
+        }
+// @ts-ignore
+        if (s5 === peg$FAILED) {
+// @ts-ignore
+          s5 = null;
+        }
+// @ts-ignore
+        s6 = peg$parseEmverVersionRangeAtom();
+// @ts-ignore
+        if (s6 !== peg$FAILED) {
+// @ts-ignore
+          s4 = [s4, s5, s6];
+// @ts-ignore
+          s3 = s4;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s3;
+// @ts-ignore
+          s3 = peg$FAILED;
+        }
+      }
+// @ts-ignore
+      s1 = [s1, s2];
+// @ts-ignore
+      s0 = s1;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseEmverVersionRangeAtom() {
+// @ts-ignore
+    var s0;
+
+// @ts-ignore
+    s0 = peg$parseEmverParens();
+// @ts-ignore
+    if (s0 === peg$FAILED) {
+// @ts-ignore
+      s0 = peg$parseEmverAnchor();
+// @ts-ignore
+      if (s0 === peg$FAILED) {
+// @ts-ignore
+        s0 = peg$parseEmverNot();
+// @ts-ignore
+        if (s0 === peg$FAILED) {
+// @ts-ignore
+          s0 = peg$parseAny();
+// @ts-ignore
+          if (s0 === peg$FAILED) {
+// @ts-ignore
+            s0 = peg$parseNone();
+          }
+        }
+      }
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseEmverParens() {
+// @ts-ignore
+    var s0, s1, s2, s3, s4, s5;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 40) {
+// @ts-ignore
+      s1 = peg$c2;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e2); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = peg$parse_();
+// @ts-ignore
+      s3 = peg$parseEmverVersionRange();
+// @ts-ignore
+      if (s3 !== peg$FAILED) {
+// @ts-ignore
+        s4 = peg$parse_();
+// @ts-ignore
+        if (input.charCodeAt(peg$currPos) === 41) {
+// @ts-ignore
+          s5 = peg$c3;
+// @ts-ignore
+          peg$currPos++;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          s5 = peg$FAILED;
+// @ts-ignore
+          if (peg$silentFails === 0) { peg$fail(peg$e3); }
+        }
+// @ts-ignore
+        if (s5 !== peg$FAILED) {
+// @ts-ignore
+          peg$savedPos = s0;
+// @ts-ignore
+          s0 = peg$f16(s3);
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s0;
+// @ts-ignore
+          s0 = peg$FAILED;
+        }
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s0;
+// @ts-ignore
+        s0 = peg$FAILED;
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseEmverAnchor() {
+// @ts-ignore
+    var s0, s1, s2, s3;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = peg$parseCmpOp();
+// @ts-ignore
+    if (s1 === peg$FAILED) {
+// @ts-ignore
+      s1 = null;
+    }
+// @ts-ignore
+    s2 = peg$parse_();
+// @ts-ignore
+    s3 = peg$parseEmver();
+// @ts-ignore
+    if (s3 !== peg$FAILED) {
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s0 = peg$f17(s1, s3);
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseEmverNot() {
+// @ts-ignore
+    var s0, s1, s2, s3;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 33) {
+// @ts-ignore
+      s1 = peg$c6;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e6); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = peg$parse_();
+// @ts-ignore
+      s3 = peg$parseEmverVersionRangeAtom();
+// @ts-ignore
+      if (s3 !== peg$FAILED) {
+// @ts-ignore
+        peg$savedPos = s0;
+// @ts-ignore
+        s0 = peg$f18(s3);
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s0;
+// @ts-ignore
+        s0 = peg$FAILED;
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseEmver() {
+// @ts-ignore
+    var s0, s1, s2, s3, s4, s5, s6, s7, s8;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = peg$parseDigit();
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      if (input.charCodeAt(peg$currPos) === 46) {
+// @ts-ignore
+        s2 = peg$c16;
+// @ts-ignore
+        peg$currPos++;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        s2 = peg$FAILED;
+// @ts-ignore
+        if (peg$silentFails === 0) { peg$fail(peg$e16); }
+      }
+// @ts-ignore
+      if (s2 !== peg$FAILED) {
+// @ts-ignore
+        s3 = peg$parseDigit();
+// @ts-ignore
+        if (s3 !== peg$FAILED) {
+// @ts-ignore
+          if (input.charCodeAt(peg$currPos) === 46) {
+// @ts-ignore
+            s4 = peg$c16;
+// @ts-ignore
+            peg$currPos++;
+// @ts-ignore
+          } else {
+// @ts-ignore
+            s4 = peg$FAILED;
+// @ts-ignore
+            if (peg$silentFails === 0) { peg$fail(peg$e16); }
+          }
+// @ts-ignore
+          if (s4 !== peg$FAILED) {
+// @ts-ignore
+            s5 = peg$parseDigit();
+// @ts-ignore
+            if (s5 !== peg$FAILED) {
+// @ts-ignore
+              s6 = peg$currPos;
+// @ts-ignore
+              if (input.charCodeAt(peg$currPos) === 46) {
+// @ts-ignore
+                s7 = peg$c16;
+// @ts-ignore
+                peg$currPos++;
+// @ts-ignore
+              } else {
+// @ts-ignore
+                s7 = peg$FAILED;
+// @ts-ignore
+                if (peg$silentFails === 0) { peg$fail(peg$e16); }
+              }
+// @ts-ignore
+              if (s7 !== peg$FAILED) {
+// @ts-ignore
+                s8 = peg$parseDigit();
+// @ts-ignore
+                if (s8 !== peg$FAILED) {
+// @ts-ignore
+                  peg$savedPos = s6;
+// @ts-ignore
+                  s6 = peg$f19(s1, s3, s5, s8);
+// @ts-ignore
+                } else {
+// @ts-ignore
+                  peg$currPos = s6;
+// @ts-ignore
+                  s6 = peg$FAILED;
+                }
+// @ts-ignore
+              } else {
+// @ts-ignore
+                peg$currPos = s6;
+// @ts-ignore
+                s6 = peg$FAILED;
+              }
+// @ts-ignore
+              if (s6 === peg$FAILED) {
+// @ts-ignore
+                s6 = null;
+              }
+// @ts-ignore
+              peg$savedPos = s0;
+// @ts-ignore
+              s0 = peg$f20(s1, s3, s5, s6);
+// @ts-ignore
+            } else {
+// @ts-ignore
+              peg$currPos = s0;
+// @ts-ignore
+              s0 = peg$FAILED;
+            }
+// @ts-ignore
+          } else {
+// @ts-ignore
+            peg$currPos = s0;
+// @ts-ignore
+            s0 = peg$FAILED;
+          }
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s0;
+// @ts-ignore
+          s0 = peg$FAILED;
+        }
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s0;
+// @ts-ignore
+        s0 = peg$FAILED;
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseFlavor() {
+// @ts-ignore
+    var s0, s1, s2, s3;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 35) {
+// @ts-ignore
+      s1 = peg$c5;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e5); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = peg$parseFlavorString();
+// @ts-ignore
+      if (input.charCodeAt(peg$currPos) === 58) {
+// @ts-ignore
+        s3 = peg$c4;
+// @ts-ignore
+        peg$currPos++;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        s3 = peg$FAILED;
+// @ts-ignore
+        if (peg$silentFails === 0) { peg$fail(peg$e4); }
+      }
+// @ts-ignore
+      if (s3 !== peg$FAILED) {
+// @ts-ignore
+        peg$savedPos = s0;
+// @ts-ignore
+        s0 = peg$f21(s2);
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s0;
+// @ts-ignore
+        s0 = peg$FAILED;
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseFlavorString() {
+// @ts-ignore
+    var s0, s1, s2;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = [];
+// @ts-ignore
+    if (peg$r0.test(input.charAt(peg$currPos))) {
+// @ts-ignore
+      s2 = input.charAt(peg$currPos);
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s2 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e17); }
+    }
+// @ts-ignore
+    while (s2 !== peg$FAILED) {
+// @ts-ignore
+      s1.push(s2);
+// @ts-ignore
+      if (peg$r0.test(input.charAt(peg$currPos))) {
+// @ts-ignore
+        s2 = input.charAt(peg$currPos);
+// @ts-ignore
+        peg$currPos++;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        s2 = peg$FAILED;
+// @ts-ignore
+        if (peg$silentFails === 0) { peg$fail(peg$e17); }
+      }
+    }
+// @ts-ignore
+    peg$savedPos = s0;
+// @ts-ignore
+    s1 = peg$f22();
+// @ts-ignore
+    s0 = s1;
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseString() {
+// @ts-ignore
+    var s0, s1, s2;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = [];
+// @ts-ignore
+    if (peg$r1.test(input.charAt(peg$currPos))) {
+// @ts-ignore
+      s2 = input.charAt(peg$currPos);
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s2 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e18); }
+    }
+// @ts-ignore
+    if (s2 !== peg$FAILED) {
+// @ts-ignore
+      while (s2 !== peg$FAILED) {
+// @ts-ignore
+        s1.push(s2);
+// @ts-ignore
+        if (peg$r1.test(input.charAt(peg$currPos))) {
+// @ts-ignore
+          s2 = input.charAt(peg$currPos);
+// @ts-ignore
+          peg$currPos++;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          s2 = peg$FAILED;
+// @ts-ignore
+          if (peg$silentFails === 0) { peg$fail(peg$e18); }
+        }
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s1 = peg$f23();
+    }
+// @ts-ignore
+    s0 = s1;
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseVersion() {
+// @ts-ignore
+    var s0, s1, s2;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = peg$parseVersionNumber();
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = peg$parsePreRelease();
+// @ts-ignore
+      if (s2 === peg$FAILED) {
+// @ts-ignore
+        s2 = null;
+      }
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s0 = peg$f24(s1, s2);
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parsePreRelease() {
+// @ts-ignore
+    var s0, s1, s2, s3, s4, s5, s6;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 45) {
+// @ts-ignore
+      s1 = peg$c17;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e19); }
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = peg$parsePreReleaseSegment();
+// @ts-ignore
+      if (s2 !== peg$FAILED) {
+// @ts-ignore
+        s3 = [];
+// @ts-ignore
+        s4 = peg$currPos;
+// @ts-ignore
+        if (input.charCodeAt(peg$currPos) === 46) {
+// @ts-ignore
+          s5 = peg$c16;
+// @ts-ignore
+          peg$currPos++;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          s5 = peg$FAILED;
+// @ts-ignore
+          if (peg$silentFails === 0) { peg$fail(peg$e16); }
+        }
+// @ts-ignore
+        if (s5 !== peg$FAILED) {
+// @ts-ignore
+          s6 = peg$parsePreReleaseSegment();
+// @ts-ignore
+          if (s6 !== peg$FAILED) {
+// @ts-ignore
+            s5 = [s5, s6];
+// @ts-ignore
+            s4 = s5;
+// @ts-ignore
+          } else {
+// @ts-ignore
+            peg$currPos = s4;
+// @ts-ignore
+            s4 = peg$FAILED;
+          }
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s4;
+// @ts-ignore
+          s4 = peg$FAILED;
+        }
+// @ts-ignore
+        while (s4 !== peg$FAILED) {
+// @ts-ignore
+          s3.push(s4);
+// @ts-ignore
+          s4 = peg$currPos;
+// @ts-ignore
+          if (input.charCodeAt(peg$currPos) === 46) {
+// @ts-ignore
+            s5 = peg$c16;
+// @ts-ignore
+            peg$currPos++;
+// @ts-ignore
+          } else {
+// @ts-ignore
+            s5 = peg$FAILED;
+// @ts-ignore
+            if (peg$silentFails === 0) { peg$fail(peg$e16); }
+          }
+// @ts-ignore
+          if (s5 !== peg$FAILED) {
+// @ts-ignore
+            s6 = peg$parsePreReleaseSegment();
+// @ts-ignore
+            if (s6 !== peg$FAILED) {
+// @ts-ignore
+              s5 = [s5, s6];
+// @ts-ignore
+              s4 = s5;
+// @ts-ignore
+            } else {
+// @ts-ignore
+              peg$currPos = s4;
+// @ts-ignore
+              s4 = peg$FAILED;
+            }
+// @ts-ignore
+          } else {
+// @ts-ignore
+            peg$currPos = s4;
+// @ts-ignore
+            s4 = peg$FAILED;
+          }
+        }
+// @ts-ignore
+        peg$savedPos = s0;
+// @ts-ignore
+        s0 = peg$f25(s2, s3);
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s0;
+// @ts-ignore
+        s0 = peg$FAILED;
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parsePreReleaseSegment() {
+// @ts-ignore
+    var s0, s1, s2;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    if (input.charCodeAt(peg$currPos) === 46) {
+// @ts-ignore
+      s1 = peg$c16;
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e16); }
+    }
+// @ts-ignore
+    if (s1 === peg$FAILED) {
+// @ts-ignore
+      s1 = null;
+    }
+// @ts-ignore
+    s2 = peg$parseDigit();
+// @ts-ignore
+    if (s2 === peg$FAILED) {
+// @ts-ignore
+      s2 = peg$parseString();
+    }
+// @ts-ignore
+    if (s2 !== peg$FAILED) {
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s0 = peg$f26(s2);
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseVersionNumber() {
+// @ts-ignore
+    var s0, s1, s2, s3, s4, s5;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = peg$parseDigit();
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      s2 = [];
+// @ts-ignore
+      s3 = peg$currPos;
+// @ts-ignore
+      if (input.charCodeAt(peg$currPos) === 46) {
+// @ts-ignore
+        s4 = peg$c16;
+// @ts-ignore
+        peg$currPos++;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        s4 = peg$FAILED;
+// @ts-ignore
+        if (peg$silentFails === 0) { peg$fail(peg$e16); }
+      }
+// @ts-ignore
+      if (s4 !== peg$FAILED) {
+// @ts-ignore
+        s5 = peg$parseDigit();
+// @ts-ignore
+        if (s5 !== peg$FAILED) {
+// @ts-ignore
+          s4 = [s4, s5];
+// @ts-ignore
+          s3 = s4;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s3;
+// @ts-ignore
+          s3 = peg$FAILED;
+        }
+// @ts-ignore
+      } else {
+// @ts-ignore
+        peg$currPos = s3;
+// @ts-ignore
+        s3 = peg$FAILED;
+      }
+// @ts-ignore
+      while (s3 !== peg$FAILED) {
+// @ts-ignore
+        s2.push(s3);
+// @ts-ignore
+        s3 = peg$currPos;
+// @ts-ignore
+        if (input.charCodeAt(peg$currPos) === 46) {
+// @ts-ignore
+          s4 = peg$c16;
+// @ts-ignore
+          peg$currPos++;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          s4 = peg$FAILED;
+// @ts-ignore
+          if (peg$silentFails === 0) { peg$fail(peg$e16); }
+        }
+// @ts-ignore
+        if (s4 !== peg$FAILED) {
+// @ts-ignore
+          s5 = peg$parseDigit();
+// @ts-ignore
+          if (s5 !== peg$FAILED) {
+// @ts-ignore
+            s4 = [s4, s5];
+// @ts-ignore
+            s3 = s4;
+// @ts-ignore
+          } else {
+// @ts-ignore
+            peg$currPos = s3;
+// @ts-ignore
+            s3 = peg$FAILED;
+          }
+// @ts-ignore
+        } else {
+// @ts-ignore
+          peg$currPos = s3;
+// @ts-ignore
+          s3 = peg$FAILED;
+        }
+      }
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s0 = peg$f27(s1, s2);
+// @ts-ignore
+    } else {
+// @ts-ignore
+      peg$currPos = s0;
+// @ts-ignore
+      s0 = peg$FAILED;
+    }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parseDigit() {
+// @ts-ignore
+    var s0, s1, s2;
+
+// @ts-ignore
+    s0 = peg$currPos;
+// @ts-ignore
+    s1 = [];
+// @ts-ignore
+    if (peg$r2.test(input.charAt(peg$currPos))) {
+// @ts-ignore
+      s2 = input.charAt(peg$currPos);
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s2 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e20); }
+    }
+// @ts-ignore
+    if (s2 !== peg$FAILED) {
+// @ts-ignore
+      while (s2 !== peg$FAILED) {
+// @ts-ignore
+        s1.push(s2);
+// @ts-ignore
+        if (peg$r2.test(input.charAt(peg$currPos))) {
+// @ts-ignore
+          s2 = input.charAt(peg$currPos);
+// @ts-ignore
+          peg$currPos++;
+// @ts-ignore
+        } else {
+// @ts-ignore
+          s2 = peg$FAILED;
+// @ts-ignore
+          if (peg$silentFails === 0) { peg$fail(peg$e20); }
+        }
+      }
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+    }
+// @ts-ignore
+    if (s1 !== peg$FAILED) {
+// @ts-ignore
+      peg$savedPos = s0;
+// @ts-ignore
+      s1 = peg$f28();
+    }
+// @ts-ignore
+    s0 = s1;
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  function // @ts-ignore
+peg$parse_() {
+// @ts-ignore
+    var s0, s1;
+
+// @ts-ignore
+    peg$silentFails++;
+// @ts-ignore
+    s0 = [];
+// @ts-ignore
+    if (peg$r3.test(input.charAt(peg$currPos))) {
+// @ts-ignore
+      s1 = input.charAt(peg$currPos);
+// @ts-ignore
+      peg$currPos++;
+// @ts-ignore
+    } else {
+// @ts-ignore
+      s1 = peg$FAILED;
+// @ts-ignore
+      if (peg$silentFails === 0) { peg$fail(peg$e22); }
+    }
+// @ts-ignore
+    while (s1 !== peg$FAILED) {
+// @ts-ignore
+      s0.push(s1);
+// @ts-ignore
+      if (peg$r3.test(input.charAt(peg$currPos))) {
+// @ts-ignore
+        s1 = input.charAt(peg$currPos);
+// @ts-ignore
+        peg$currPos++;
+// @ts-ignore
+      } else {
+// @ts-ignore
+        s1 = peg$FAILED;
+// @ts-ignore
+        if (peg$silentFails === 0) { peg$fail(peg$e22); }
+      }
+    }
+// @ts-ignore
+    peg$silentFails--;
+// @ts-ignore
+    s1 = peg$FAILED;
+// @ts-ignore
+    if (peg$silentFails === 0) { peg$fail(peg$e21); }
+
+// @ts-ignore
+    return s0;
+  }
+
+// @ts-ignore
+  peg$result = peg$startRuleFunction();
+
+// @ts-ignore
+  if (peg$result !== peg$FAILED && peg$currPos === input.length) {
+// @ts-ignore
+    return peg$result;
+// @ts-ignore
+  } else {
+// @ts-ignore
+    if (peg$result !== peg$FAILED && peg$currPos < input.length) {
+// @ts-ignore
+      peg$fail(peg$endExpectation());
+    }
+
+// @ts-ignore
+    throw peg$buildStructuredError(
+// @ts-ignore
+      peg$maxFailExpected,
+// @ts-ignore
+      peg$maxFailPos < input.length ? input.charAt(peg$maxFailPos) : null,
+// @ts-ignore
+      peg$maxFailPos < input.length
+// @ts-ignore
+        ? peg$computeLocation(peg$maxFailPos, peg$maxFailPos + 1)
+// @ts-ignore
+        : peg$computeLocation(peg$maxFailPos, peg$maxFailPos)
+    );
+  }
+}
+
+// @ts-ignore
+  return {
+    SyntaxError: peg$SyntaxError,
+    parse: peg$parse
+  };
+})()
 
 export interface FilePosition {
-  offset: number
-  line: number
-  column: number
+  offset: number;
+  line: number;
+  column: number;
 }
 
 export interface FileRange {
-  start: FilePosition
-  end: FilePosition
-  source: string
+  start: FilePosition;
+  end: FilePosition;
+  source: string;
 }
 
 export interface LiteralExpectation {
-  type: 'literal'
-  text: string
-  ignoreCase: boolean
+  type: "literal";
+  text: string;
+  ignoreCase: boolean;
 }
 
 export interface ClassParts extends Array<string | ClassParts> {}
 
 export interface ClassExpectation {
-  type: 'class'
-  parts: ClassParts
-  inverted: boolean
-  ignoreCase: boolean
+  type: "class";
+  parts: ClassParts;
+  inverted: boolean;
+  ignoreCase: boolean;
 }
 
 export interface AnyExpectation {
-  type: 'any'
+  type: "any";
 }
 
 export interface EndExpectation {
-  type: 'end'
+  type: "end";
 }
 
 export interface OtherExpectation {
-  type: 'other'
-  description: string
+  type: "other";
+  description: string;
 }
 
-export type Expectation =
-  | LiteralExpectation
-  | ClassExpectation
-  | AnyExpectation
-  | EndExpectation
-  | OtherExpectation
+export type Expectation = LiteralExpectation | ClassExpectation | AnyExpectation | EndExpectation | OtherExpectation;
 
 declare class _PeggySyntaxError extends Error {
-  public static buildMessage(
-    expected: Expectation[],
-    found: string | null,
-  ): string
-  public message: string
-  public expected: Expectation[]
-  public found: string | null
-  public location: FileRange
-  public name: string
-  constructor(
-    message: string,
-    expected: Expectation[],
-    found: string | null,
-    location: FileRange,
-  )
-  format(
-    sources: {
-      source?: any
-      text: string
-    }[],
-  ): string
+  public static buildMessage(expected: Expectation[], found: string | null): string;
+  public message: string;
+  public expected: Expectation[];
+  public found: string | null;
+  public location: FileRange;
+  public name: string;
+  constructor(message: string, expected: Expectation[], found: string | null, location: FileRange);
+  format(sources: {
+    source?: any;
+    text: string;
+  }[]): string;
 }
 
 export interface TraceEvent {
-  type: string
-  rule: string
-  result?: any
-  location: FileRange
-}
+    type: string;
+    rule: string;
+    result?: any;
+    location: FileRange;
+  }
 
 declare class _DefaultTracer {
-  private indentLevel: number
-  public trace(event: TraceEvent): void
+  private indentLevel: number;
+  public trace(event: TraceEvent): void;
 }
 
-peggyParser.SyntaxError.prototype.name = 'PeggySyntaxError'
+peggyParser.SyntaxError.prototype.name = "PeggySyntaxError";
 
 export interface ParseOptions {
-  filename?: string
-  startRule?:
-    | 'VersionRange'
-    | 'Or'
-    | 'And'
-    | 'VersionRangeAtom'
-    | 'Parens'
-    | 'Anchor'
-    | 'VersionSpec'
-    | 'FlavorAtom'
-    | 'Not'
-    | 'Any'
-    | 'None'
-    | 'CmpOp'
-    | 'ExtendedVersion'
-    | 'EmverVersionRange'
-    | 'EmverVersionRangeAtom'
-    | 'EmverParens'
-    | 'EmverAnchor'
-    | 'EmverNot'
-    | 'Emver'
-    | 'Flavor'
-    | 'FlavorString'
-    | 'String'
-    | 'Version'
-    | 'PreRelease'
-    | 'PreReleaseSegment'
-    | 'VersionNumber'
-    | 'Digit'
-    | '_'
-  tracer?: any
-  [key: string]: any
+  filename?: string;
+  startRule?: "VersionRange" | "Or" | "And" | "VersionRangeAtom" | "Parens" | "Anchor" | "VersionSpec" | "FlavorAtom" | "Not" | "Any" | "None" | "CmpOp" | "ExtendedVersion" | "EmverVersionRange" | "EmverVersionRangeAtom" | "EmverParens" | "EmverAnchor" | "EmverNot" | "Emver" | "Flavor" | "FlavorString" | "String" | "Version" | "PreRelease" | "PreReleaseSegment" | "VersionNumber" | "Digit" | "_";
+  tracer?: any;
+  [key: string]: any;
 }
 export type ParseFunction = <Options extends ParseOptions>(
-  input: string,
-  options?: Options,
-) => Options extends { startRule: infer StartRule }
-  ? StartRule extends 'VersionRange'
-    ? VersionRange
-    : StartRule extends 'Or'
-      ? Or
-      : StartRule extends 'And'
-        ? And
-        : StartRule extends 'VersionRangeAtom'
-          ? VersionRangeAtom
-          : StartRule extends 'Parens'
-            ? Parens
-            : StartRule extends 'Anchor'
-              ? Anchor
-              : StartRule extends 'VersionSpec'
-                ? VersionSpec
-                : StartRule extends 'FlavorAtom'
-                  ? FlavorAtom
-                  : StartRule extends 'Not'
-                    ? Not
-                    : StartRule extends 'Any'
-                      ? Any
-                      : StartRule extends 'None'
-                        ? None
-                        : StartRule extends 'CmpOp'
-                          ? CmpOp
-                          : StartRule extends 'ExtendedVersion'
-                            ? ExtendedVersion
-                            : StartRule extends 'EmverVersionRange'
-                              ? EmverVersionRange
-                              : StartRule extends 'EmverVersionRangeAtom'
-                                ? EmverVersionRangeAtom
-                                : StartRule extends 'EmverParens'
-                                  ? EmverParens
-                                  : StartRule extends 'EmverAnchor'
-                                    ? EmverAnchor
-                                    : StartRule extends 'EmverNot'
-                                      ? EmverNot
-                                      : StartRule extends 'Emver'
-                                        ? Emver
-                                        : StartRule extends 'Flavor'
-                                          ? Flavor
-                                          : StartRule extends 'FlavorString'
-                                            ? FlavorString
-                                            : StartRule extends 'String'
-                                              ? String_1
-                                              : StartRule extends 'Version'
-                                                ? Version
-                                                : StartRule extends 'PreRelease'
-                                                  ? PreRelease
-                                                  : StartRule extends 'PreReleaseSegment'
-                                                    ? PreReleaseSegment
-                                                    : StartRule extends 'VersionNumber'
-                                                      ? VersionNumber
-                                                      : StartRule extends 'Digit'
-                                                        ? Digit
-                                                        : StartRule extends '_'
-                                                          ? _
-                                                          : VersionRange
-  : VersionRange
-export const parse: ParseFunction = peggyParser.parse
+    input: string,
+    options?: Options
+  ) => Options extends { startRule: infer StartRule } ?
+    StartRule extends "VersionRange" ? VersionRange :
+    StartRule extends "Or" ? Or :
+    StartRule extends "And" ? And :
+    StartRule extends "VersionRangeAtom" ? VersionRangeAtom :
+    StartRule extends "Parens" ? Parens :
+    StartRule extends "Anchor" ? Anchor :
+    StartRule extends "VersionSpec" ? VersionSpec :
+    StartRule extends "FlavorAtom" ? FlavorAtom :
+    StartRule extends "Not" ? Not :
+    StartRule extends "Any" ? Any :
+    StartRule extends "None" ? None :
+    StartRule extends "CmpOp" ? CmpOp :
+    StartRule extends "ExtendedVersion" ? ExtendedVersion :
+    StartRule extends "EmverVersionRange" ? EmverVersionRange :
+    StartRule extends "EmverVersionRangeAtom" ? EmverVersionRangeAtom :
+    StartRule extends "EmverParens" ? EmverParens :
+    StartRule extends "EmverAnchor" ? EmverAnchor :
+    StartRule extends "EmverNot" ? EmverNot :
+    StartRule extends "Emver" ? Emver :
+    StartRule extends "Flavor" ? Flavor :
+    StartRule extends "FlavorString" ? FlavorString :
+    StartRule extends "String" ? String_1 :
+    StartRule extends "Version" ? Version :
+    StartRule extends "PreRelease" ? PreRelease :
+    StartRule extends "PreReleaseSegment" ? PreReleaseSegment :
+    StartRule extends "VersionNumber" ? VersionNumber :
+    StartRule extends "Digit" ? Digit :
+    StartRule extends "_" ? _ : VersionRange
+    : VersionRange;
+export const parse: ParseFunction = peggyParser.parse;
 
-export const PeggySyntaxError =
-  peggyParser.SyntaxError as typeof _PeggySyntaxError
+export const PeggySyntaxError = peggyParser.SyntaxError as typeof _PeggySyntaxError;
 
-export type PeggySyntaxError = _PeggySyntaxError
+export type PeggySyntaxError = _PeggySyntaxError;
 
 // These types were autogenerated by ts-pegjs
 export type VersionRange = [
   VersionRangeAtom,
-  [_, [Or | And, _] | null, VersionRangeAtom][],
-]
-export type Or = '||'
-export type And = '&&'
-export type VersionRangeAtom = Parens | Anchor | Not | Any | None | FlavorAtom
-export type Parens = { type: 'Parens'; expr: VersionRange }
+  [_, [Or | And, _] | null, VersionRangeAtom][]
+];
+export type Or = "||";
+export type And = "&&";
+export type VersionRangeAtom = Parens | Anchor | Not | Any | None | FlavorAtom;
+export type Parens = { type: "Parens"; expr: VersionRange };
 export type Anchor = {
-  type: 'Anchor'
-  operator: CmpOp | null
-  version: VersionSpec
-}
+  type: "Anchor";
+  operator: CmpOp | null;
+  version: VersionSpec;
+};
 export type VersionSpec = {
-  flavor: NonNullable<Flavor | null> | null
-  upstream: Version
-  downstream: any
-}
-export type FlavorAtom = { type: 'Flavor'; flavor: FlavorString }
-export type Not = { type: 'Not'; value: VersionRangeAtom }
-export type Any = { type: 'Any' }
-export type None = { type: 'None' }
-export type CmpOp = '>=' | '<=' | '>' | '<' | '=' | '!=' | '^' | '~'
+  flavor: NonNullable<Flavor | null> | null;
+  upstream: Version;
+  downstream: any;
+};
+export type FlavorAtom = { type: "Flavor"; flavor: FlavorString };
+export type Not = { type: "Not"; value: VersionRangeAtom };
+export type Any = { type: "Any" };
+export type None = { type: "None" };
+export type CmpOp = ">=" | "<=" | ">" | "<" | "=" | "!=" | "^" | "~";
 export type ExtendedVersion = {
-  flavor: NonNullable<Flavor | null> | null
-  upstream: Version
-  downstream: Version
-}
+  flavor: NonNullable<Flavor | null> | null;
+  upstream: Version;
+  downstream: Version;
+};
 export type EmverVersionRange = [
   EmverVersionRangeAtom,
-  [_, [Or | And, _] | null, EmverVersionRangeAtom][],
-]
+  [_, [Or | And, _] | null, EmverVersionRangeAtom][]
+];
 export type EmverVersionRangeAtom =
   | EmverParens
   | EmverAnchor
   | EmverNot
   | Any
-  | None
-export type EmverParens = { type: 'Parens'; expr: EmverVersionRange }
+  | None;
+export type EmverParens = { type: "Parens"; expr: EmverVersionRange };
 export type EmverAnchor = {
-  type: 'Anchor'
-  operator: CmpOp | null
-  version: Emver
-}
-export type EmverNot = { type: 'Not'; value: EmverVersionRangeAtom }
+  type: "Anchor";
+  operator: CmpOp | null;
+  version: Emver;
+};
+export type EmverNot = { type: "Not"; value: EmverVersionRangeAtom };
 export type Emver = {
-  flavor: null
-  upstream: { number: [Digit, Digit, Digit]; prerelease: [] }
-  downstream: { number: [0 | NonNullable<Digit | null>]; prerelease: [] }
-}
-export type Flavor = FlavorString
-export type FlavorString = string
-export type String_1 = string
+  flavor: null;
+  upstream: { number: [Digit, Digit, Digit]; prerelease: [] };
+  downstream: { number: [0 | NonNullable<Digit | null>]; prerelease: [] };
+};
+export type Flavor = FlavorString;
+export type FlavorString = string;
+export type String_1 = string;
 export type Version = {
-  number: VersionNumber
-  prerelease: never[] | NonNullable<PreRelease | null>
-}
-export type PreRelease = PreReleaseSegment[]
-export type PreReleaseSegment = Digit | String_1
-export type VersionNumber = Digit[]
-export type Digit = number
-export type _ = string[]
+  number: VersionNumber;
+  prerelease: never[] | NonNullable<PreRelease | null>;
+};
+export type PreRelease = PreReleaseSegment[];
+export type PreReleaseSegment = Digit | String_1;
+export type VersionNumber = Digit[];
+export type Digit = number;
+export type _ = string[];
diff --git a/sdk/base/lib/osBindings/ErrorData.ts b/sdk/base/lib/osBindings/ErrorData.ts
index 3485b2f8b..fc2fa1e9a 100644
--- a/sdk/base/lib/osBindings/ErrorData.ts
+++ b/sdk/base/lib/osBindings/ErrorData.ts
@@ -1,3 +1,3 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ErrorData = { details: string; debug: string }
+export type ErrorData = { details: string; debug: string; info: unknown }
diff --git a/sdk/base/lib/osBindings/Host.ts b/sdk/base/lib/osBindings/Host.ts
index e34af2ae8..1cbe0b84e 100644
--- a/sdk/base/lib/osBindings/Host.ts
+++ b/sdk/base/lib/osBindings/Host.ts
@@ -5,7 +5,6 @@ import type { PublicDomainConfig } from './PublicDomainConfig'
 
 export type Host = {
   bindings: { [key: number]: BindInfo }
-  onions: string[]
   publicDomains: { [key: string]: PublicDomainConfig }
   privateDomains: Array<string>
   /**
diff --git a/sdk/base/lib/osBindings/HostnameInfo.ts b/sdk/base/lib/osBindings/HostnameInfo.ts
index f2bb5e226..5865c6381 100644
--- a/sdk/base/lib/osBindings/HostnameInfo.ts
+++ b/sdk/base/lib/osBindings/HostnameInfo.ts
@@ -1,8 +1,10 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { GatewayInfo } from './GatewayInfo'
 import type { IpHostname } from './IpHostname'
-import type { OnionHostname } from './OnionHostname'
 
-export type HostnameInfo =
-  | { kind: 'ip'; gateway: GatewayInfo; public: boolean; hostname: IpHostname }
-  | { kind: 'onion'; hostname: OnionHostname }
+export type HostnameInfo = {
+  kind: 'ip'
+  gateway: GatewayInfo
+  public: boolean
+  hostname: IpHostname
+}
diff --git a/sdk/base/lib/osBindings/OnionHostname.ts b/sdk/base/lib/osBindings/OnionHostname.ts
deleted file mode 100644
index 0bea8245e..000000000
--- a/sdk/base/lib/osBindings/OnionHostname.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type OnionHostname = {
-  value: string
-  port: number | null
-  sslPort: number | null
-}
diff --git a/sdk/base/lib/osBindings/index.ts b/sdk/base/lib/osBindings/index.ts
index 4d9049856..3f02322d8 100644
--- a/sdk/base/lib/osBindings/index.ts
+++ b/sdk/base/lib/osBindings/index.ts
@@ -149,7 +149,6 @@ export { NetInfo } from './NetInfo'
 export { NetworkInfo } from './NetworkInfo'
 export { NetworkInterfaceInfo } from './NetworkInterfaceInfo'
 export { NetworkInterfaceType } from './NetworkInterfaceType'
-export { OnionHostname } from './OnionHostname'
 export { OsIndex } from './OsIndex'
 export { OsVersionInfoMap } from './OsVersionInfoMap'
 export { OsVersionInfo } from './OsVersionInfo'
diff --git a/sdk/base/lib/util/getServiceInterface.ts b/sdk/base/lib/util/getServiceInterface.ts
index 17186b7d7..d0f5fe6d5 100644
--- a/sdk/base/lib/util/getServiceInterface.ts
+++ b/sdk/base/lib/util/getServiceInterface.ts
@@ -20,7 +20,6 @@ export const getHostname = (url: string): Hostname | null => {
 }
 
 type FilterKinds =
-  | 'onion'
   | 'mdns'
   | 'domain'
   | 'ip'
@@ -42,27 +41,25 @@ type VisibilityFilter<V extends 'public' | 'private'> = V extends 'public'
         | (HostnameInfo & { public: false })
         | VisibilityFilter<Exclude<V, 'private'>>
     : never
-type KindFilter<K extends FilterKinds> = K extends 'onion'
-  ? (HostnameInfo & { kind: 'onion' }) | KindFilter<Exclude<K, 'onion'>>
-  : K extends 'mdns'
+type KindFilter<K extends FilterKinds> = K extends 'mdns'
+  ?
+      | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'local' } })
+      | KindFilter<Exclude<K, 'mdns'>>
+  : K extends 'domain'
     ?
-        | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'local' } })
-        | KindFilter<Exclude<K, 'mdns'>>
-    : K extends 'domain'
+        | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'domain' } })
+        | KindFilter<Exclude<K, 'domain'>>
+    : K extends 'ipv4'
       ?
-          | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'domain' } })
-          | KindFilter<Exclude<K, 'domain'>>
-      : K extends 'ipv4'
+          | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'ipv4' } })
+          | KindFilter<Exclude<K, 'ipv4'>>
+      : K extends 'ipv6'
         ?
-            | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'ipv4' } })
-            | KindFilter<Exclude<K, 'ipv4'>>
-        : K extends 'ipv6'
-          ?
-              | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'ipv6' } })
-              | KindFilter<Exclude<K, 'ipv6'>>
-          : K extends 'ip'
-            ? KindFilter<Exclude<K, 'ip'> | 'ipv4' | 'ipv6'>
-            : never
+            | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'ipv6' } })
+            | KindFilter<Exclude<K, 'ipv6'>>
+        : K extends 'ip'
+          ? KindFilter<Exclude<K, 'ip'> | 'ipv4' | 'ipv6'>
+          : never
 
 type FilterReturnTy<F extends Filter> = F extends {
   visibility: infer V extends 'public' | 'private'
@@ -90,10 +87,6 @@ const nonLocalFilter = {
 const publicFilter = {
   visibility: 'public',
 } as const
-const onionFilter = {
-  kind: 'onion',
-} as const
-
 type Formats = 'hostname-info' | 'urlstring' | 'url'
 type FormatReturnTy<
   F extends Filter,
@@ -124,7 +117,6 @@ export type Filled<F extends Filter = {}> = {
 
   nonLocal: Filled<typeof nonLocalFilter & Filter>
   public: Filled<typeof publicFilter & Filter>
-  onion: Filled<typeof onionFilter & Filter>
 }
 export type FilledAddressInfo = AddressInfo & Filled
 export type ServiceInterfaceFilled = {
@@ -162,9 +154,7 @@ export const addressHostToUrl = (
       scheme in knownProtocols &&
       port === knownProtocols[scheme as keyof typeof knownProtocols].defaultPort
     let hostname
-    if (host.kind === 'onion') {
-      hostname = host.hostname.value
-    } else if (host.kind === 'ip') {
+    if (host.kind === 'ip') {
       if (host.hostname.kind === 'domain') {
         hostname = host.hostname.value
       } else if (host.hostname.kind === 'ipv6') {
@@ -201,13 +191,9 @@ function filterRec(
     hostnames = hostnames.filter((h) => invert !== pred(h))
   }
   if (filter.visibility === 'public')
-    hostnames = hostnames.filter(
-      (h) => invert !== (h.kind === 'onion' || h.public),
-    )
+    hostnames = hostnames.filter((h) => invert !== h.public)
   if (filter.visibility === 'private')
-    hostnames = hostnames.filter(
-      (h) => invert !== (h.kind !== 'onion' && !h.public),
-    )
+    hostnames = hostnames.filter((h) => invert !== !h.public)
   if (filter.kind) {
     const kind = new Set(
       Array.isArray(filter.kind) ? filter.kind : [filter.kind],
@@ -219,10 +205,7 @@ function filterRec(
     hostnames = hostnames.filter(
       (h) =>
         invert !==
-        ((kind.has('onion') && h.kind === 'onion') ||
-          (kind.has('mdns') &&
-            h.kind === 'ip' &&
-            h.hostname.kind === 'local') ||
+        ((kind.has('mdns') && h.kind === 'ip' && h.hostname.kind === 'local') ||
           (kind.has('domain') &&
             h.kind === 'ip' &&
             h.hostname.kind === 'domain') ||
@@ -266,11 +249,6 @@ export const filledAddress = (
         filterRec(hostnames, publicFilter, false),
       ),
     )
-    const getOnion = once(() =>
-      filledAddressFromHostnames<typeof onionFilter & F>(
-        filterRec(hostnames, onionFilter, false),
-      ),
-    )
     return {
       ...addressInfo,
       hostnames,
@@ -294,9 +272,6 @@ export const filledAddress = (
       get public(): Filled<typeof publicFilter & F> {
         return getPublic()
       },
-      get onion(): Filled<typeof onionFilter & F> {
-        return getOnion()
-      },
     }
   }
 
diff --git a/sdk/base/lib/util/patterns.ts b/sdk/base/lib/util/patterns.ts
index 59f7a863b..b1f54c44d 100644
--- a/sdk/base/lib/util/patterns.ts
+++ b/sdk/base/lib/util/patterns.ts
@@ -21,11 +21,6 @@ export const localHostname: Pattern = {
   description: 'Must be a valid ".local" hostname',
 }
 
-export const torHostname: Pattern = {
-  regex: regexes.torHostname.matches(),
-  description: 'Must be a valid Tor (".onion") hostname',
-}
-
 export const url: Pattern = {
   regex: regexes.url.matches(),
   description: 'Must be a valid URL',
@@ -36,11 +31,6 @@ export const localUrl: Pattern = {
   description: 'Must be a valid ".local" URL',
 }
 
-export const torUrl: Pattern = {
-  regex: regexes.torUrl.matches(),
-  description: 'Must be a valid Tor (".onion") URL',
-}
-
 export const ascii: Pattern = {
   regex: regexes.ascii.matches(),
   description:
diff --git a/sdk/base/lib/util/regexes.ts b/sdk/base/lib/util/regexes.ts
index 65213a7b3..c5a78b2bb 100644
--- a/sdk/base/lib/util/regexes.ts
+++ b/sdk/base/lib/util/regexes.ts
@@ -39,10 +39,6 @@ export const localHostname = new ComposableRegex(
   /[-a-zA-Z0-9@:%._\+~#=]{1,256}\.local/,
 )
 
-export const torHostname = new ComposableRegex(
-  /[-a-zA-Z0-9@:%._\+~#=]{1,256}\.onion/,
-)
-
 // https://ihateregex.io/expr/url/
 export const url = new ComposableRegex(
   /https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()!@:%_\+.~#?&\/\/=]*)/,
@@ -52,10 +48,6 @@ export const localUrl = new ComposableRegex(
   /https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.local\b([-a-zA-Z0-9()!@:%_\+.~#?&\/\/=]*)/,
 )
 
-export const torUrl = new ComposableRegex(
-  /https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.onion\b([-a-zA-Z0-9()!@:%_\+.~#?&\/\/=]*)/,
-)
-
 // https://ihateregex.io/expr/ascii/
 export const ascii = new ComposableRegex(/[ -~]*/)
 
diff --git a/sdk/package/scripts/oldSpecToBuilder.ts b/sdk/package/scripts/oldSpecToBuilder.ts
index c8a275d57..22d377083 100644
--- a/sdk/package/scripts/oldSpecToBuilder.ts
+++ b/sdk/package/scripts/oldSpecToBuilder.ts
@@ -1,9 +1,9 @@
-import * as fs from "fs"
+import * as fs from 'fs'
 
 // https://stackoverflow.com/questions/2970525/converting-any-string-into-camel-case
 export function camelCase(value: string) {
   return value
-    .replace(/([\(\)\[\]])/g, "")
+    .replace(/([\(\)\[\]])/g, '')
     .replace(/^([A-Z])|[\s-_](\w)/g, function (match, p1, p2, offset) {
       if (p2) return p2.toUpperCase()
       return p1.toLowerCase()
@@ -23,12 +23,12 @@ export async function oldSpecToBuilder(
 }
 
 function isString(x: unknown): x is string {
-  return typeof x === "string"
+  return typeof x === 'string'
 }
 
 export default async function makeFileContentFromOld(
   inputData: Promise<any> | any,
-  { StartSdk = "start-sdk", nested = true } = {},
+  { StartSdk = 'start-sdk', nested = true } = {},
 ) {
   const outputLines: string[] = []
   outputLines.push(`
@@ -37,16 +37,16 @@ const {InputSpec, List, Value, Variants} = sdk
 `)
   const data = await inputData
 
-  const namedConsts = new Set(["InputSpec", "Value", "List"])
-  const inputSpecName = newConst("inputSpecSpec", convertInputSpec(data))
+  const namedConsts = new Set(['InputSpec', 'Value', 'List'])
+  const inputSpecName = newConst('inputSpecSpec', convertInputSpec(data))
   outputLines.push(`export type InputSpecSpec = typeof ${inputSpecName}._TYPE;`)
 
-  return outputLines.join("\n")
+  return outputLines.join('\n')
 
   function newConst(key: string, data: string, type?: string) {
     const variableName = getNextConstName(camelCase(key))
     outputLines.push(
-      `export const ${variableName}${!type ? "" : `: ${type}`} = ${data};`,
+      `export const ${variableName}${!type ? '' : `: ${type}`} = ${data};`,
     )
     return variableName
   }
@@ -55,7 +55,7 @@ const {InputSpec, List, Value, Variants} = sdk
     return newConst(key, data)
   }
   function convertInputSpecInner(data: any) {
-    let answer = "{"
+    let answer = '{'
     for (const [key, value] of Object.entries(data)) {
       const variableName = maybeNewConst(key, convertValueSpec(value))
 
@@ -69,7 +69,7 @@ const {InputSpec, List, Value, Variants} = sdk
   }
   function convertValueSpec(value: any): string {
     switch (value.type) {
-      case "string": {
+      case 'string': {
         if (value.textarea) {
           return `${rangeToTodoComment(
             value?.range,
@@ -99,12 +99,12 @@ const {InputSpec, List, Value, Variants} = sdk
             warning: value.warning || null,
             masked: value.masked || false,
             placeholder: value.placeholder || null,
-            inputmode: "text",
+            inputmode: 'text',
             patterns: value.pattern
               ? [
                   {
                     regex: value.pattern,
-                    description: value["pattern-description"],
+                    description: value['pattern-description'],
                   },
                 ]
               : [],
@@ -115,7 +115,7 @@ const {InputSpec, List, Value, Variants} = sdk
           2,
         )})`
       }
-      case "number": {
+      case 'number': {
         return `${rangeToTodoComment(
           value?.range,
         )}Value.number(${JSON.stringify(
@@ -136,7 +136,7 @@ const {InputSpec, List, Value, Variants} = sdk
           2,
         )})`
       }
-      case "boolean": {
+      case 'boolean': {
         return `Value.toggle(${JSON.stringify(
           {
             name: value.name || null,
@@ -148,15 +148,15 @@ const {InputSpec, List, Value, Variants} = sdk
           2,
         )})`
       }
-      case "enum": {
+      case 'enum': {
         const allValueNames = new Set([
-          ...(value?.["values"] || []),
-          ...Object.keys(value?.["value-names"] || {}),
+          ...(value?.['values'] || []),
+          ...Object.keys(value?.['value-names'] || {}),
         ])
         const values = Object.fromEntries(
           Array.from(allValueNames)
             .filter(isString)
-            .map((key) => [key, value?.spec?.["value-names"]?.[key] || key]),
+            .map((key) => [key, value?.spec?.['value-names']?.[key] || key]),
         )
         return `Value.select(${JSON.stringify(
           {
@@ -170,9 +170,9 @@ const {InputSpec, List, Value, Variants} = sdk
           2,
         )} as const)`
       }
-      case "object": {
+      case 'object': {
         const specName = maybeNewConst(
-          value.name + "_spec",
+          value.name + '_spec',
           convertInputSpec(value.spec),
         )
         return `Value.object({
@@ -180,10 +180,10 @@ const {InputSpec, List, Value, Variants} = sdk
         description: ${JSON.stringify(value.description || null)},
       }, ${specName})`
       }
-      case "union": {
+      case 'union': {
         const variants = maybeNewConst(
-          value.name + "_variants",
-          convertVariants(value.variants, value.tag["variant-names"] || {}),
+          value.name + '_variants',
+          convertVariants(value.variants, value.tag['variant-names'] || {}),
         )
 
         return `Value.union({
@@ -194,18 +194,18 @@ const {InputSpec, List, Value, Variants} = sdk
         variants: ${variants},
       })`
       }
-      case "list": {
-        if (value.subtype === "enum") {
+      case 'list': {
+        if (value.subtype === 'enum') {
           const allValueNames = new Set([
-            ...(value?.spec?.["values"] || []),
-            ...Object.keys(value?.spec?.["value-names"] || {}),
+            ...(value?.spec?.['values'] || []),
+            ...Object.keys(value?.spec?.['value-names'] || {}),
           ])
           const values = Object.fromEntries(
             Array.from(allValueNames)
               .filter(isString)
               .map((key: string) => [
                 key,
-                value?.spec?.["value-names"]?.[key] ?? key,
+                value?.spec?.['value-names']?.[key] ?? key,
               ]),
           )
           return `Value.multiselect(${JSON.stringify(
@@ -222,10 +222,10 @@ const {InputSpec, List, Value, Variants} = sdk
             2,
           )})`
         }
-        const list = maybeNewConst(value.name + "_list", convertList(value))
+        const list = maybeNewConst(value.name + '_list', convertList(value))
         return `Value.list(${list})`
       }
-      case "pointer": {
+      case 'pointer': {
         return `/* TODO deal with point removed point "${value.name}" */null as any`
       }
     }
@@ -234,7 +234,7 @@ const {InputSpec, List, Value, Variants} = sdk
 
   function convertList(value: any) {
     switch (value.subtype) {
-      case "string": {
+      case 'string': {
         return `${rangeToTodoComment(value?.range)}List.text(${JSON.stringify(
           {
             name: value.name || null,
@@ -253,7 +253,7 @@ const {InputSpec, List, Value, Variants} = sdk
             ? [
                 {
                   regex: value.spec.pattern,
-                  description: value?.spec?.["pattern-description"],
+                  description: value?.spec?.['pattern-description'],
                 },
               ]
             : [],
@@ -281,12 +281,12 @@ const {InputSpec, List, Value, Variants} = sdk
       //     placeholder: value?.spec?.placeholder || null,
       //   })})`
       // }
-      case "enum": {
-        return "/* error!! list.enum */"
+      case 'enum': {
+        return '/* error!! list.enum */'
       }
-      case "object": {
+      case 'object': {
         const specName = maybeNewConst(
-          value.name + "_spec",
+          value.name + '_spec',
           convertInputSpec(value.spec.spec),
         )
         return `${rangeToTodoComment(value?.range)}List.obj({
@@ -297,20 +297,20 @@ const {InputSpec, List, Value, Variants} = sdk
           description: ${JSON.stringify(value.description || null)},
         }, {
           spec: ${specName},
-          displayAs: ${JSON.stringify(value?.spec?.["display-as"] || null)},
-          uniqueBy: ${JSON.stringify(value?.spec?.["unique-by"] || null)},
+          displayAs: ${JSON.stringify(value?.spec?.['display-as'] || null)},
+          uniqueBy: ${JSON.stringify(value?.spec?.['unique-by'] || null)},
         })`
       }
-      case "union": {
+      case 'union': {
         const variants = maybeNewConst(
-          value.name + "_variants",
+          value.name + '_variants',
           convertVariants(
             value.spec.variants,
-            value.spec["variant-names"] || {},
+            value.spec['variant-names'] || {},
           ),
         )
         const unionValueName = maybeNewConst(
-          value.name + "_union",
+          value.name + '_union',
           `${rangeToTodoComment(value?.range)}
           Value.union({
             name: ${JSON.stringify(value?.spec?.tag?.name || null)},
@@ -324,7 +324,7 @@ const {InputSpec, List, Value, Variants} = sdk
         `,
         )
         const listInputSpec = maybeNewConst(
-          value.name + "_list_inputSpec",
+          value.name + '_list_inputSpec',
           `
           InputSpec.of({
             "union": ${unionValueName}
@@ -340,8 +340,8 @@ const {InputSpec, List, Value, Variants} = sdk
           warning: ${JSON.stringify(value.warning || null)},
         }, {
           spec: ${listInputSpec},
-          displayAs: ${JSON.stringify(value?.spec?.["display-as"] || null)},
-          uniqueBy: ${JSON.stringify(value?.spec?.["unique-by"] || null)},
+          displayAs: ${JSON.stringify(value?.spec?.['display-as'] || null)},
+          uniqueBy: ${JSON.stringify(value?.spec?.['unique-by'] || null)},
         })`
       }
     }
@@ -352,7 +352,7 @@ const {InputSpec, List, Value, Variants} = sdk
     variants: Record<string, unknown>,
     variantNames: Record<string, string>,
   ): string {
-    let answer = "Variants.of({"
+    let answer = 'Variants.of({'
     for (const [key, value] of Object.entries(variants)) {
       const variantSpec = maybeNewConst(key, convertInputSpec(value))
       answer += `"${key}": {name: "${
@@ -373,7 +373,7 @@ const {InputSpec, List, Value, Variants} = sdk
 }
 
 function rangeToTodoComment(range: string | undefined) {
-  if (!range) return ""
+  if (!range) return ''
   return `/* TODO: Convert range for this value (${range})*/`
 }
 
diff --git a/web/projects/shared/src/types/workspace-config.ts b/web/projects/shared/src/types/workspace-config.ts
index ebc678ccd..a00d66050 100644
--- a/web/projects/shared/src/types/workspace-config.ts
+++ b/web/projects/shared/src/types/workspace-config.ts
@@ -1,5 +1,4 @@
 export type AccessType =
-  | 'tor'
   | 'mdns'
   | 'localhost'
   | 'ipv4'
diff --git a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.component.ts b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.component.ts
index a1deaf339..1284e1396 100644
--- a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.component.ts
+++ b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.component.ts
@@ -2,7 +2,6 @@ import { ChangeDetectionStrategy, Component, input } from '@angular/core'
 import { tuiButtonOptionsProvider } from '@taiga-ui/core'
 import { MappedServiceInterface } from './interface.service'
 import { InterfaceGatewaysComponent } from './gateways.component'
-import { InterfaceTorDomainsComponent } from './tor-domains.component'
 import { PublicDomainsComponent } from './public-domains/pd.component'
 import { InterfacePrivateDomainsComponent } from './private-domains.component'
 import { InterfaceAddressesComponent } from './addresses/addresses.component'
@@ -16,7 +15,6 @@ import { InterfaceAddressesComponent } from './addresses/addresses.component'
         [publicDomains]="value()?.publicDomains"
         [addSsl]="value()?.addSsl || false"
       ></section>
-      <section [torDomains]="value()?.torDomains"></section>
       <section [privateDomains]="value()?.privateDomains"></section>
     </div>
     <hr [style.width.rem]="10" />
@@ -52,7 +50,6 @@ import { InterfaceAddressesComponent } from './addresses/addresses.component'
   providers: [tuiButtonOptionsProvider({ size: 'xs' })],
   imports: [
     InterfaceGatewaysComponent,
-    InterfaceTorDomainsComponent,
     PublicDomainsComponent,
     InterfacePrivateDomainsComponent,
     InterfaceAddressesComponent,
diff --git a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
index 65e3055bb..218e4d7f3 100644
--- a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
+++ b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
@@ -27,14 +27,6 @@ function cmpWithRankedPredicates<T extends AddressWithInfo>(
   return 0
 }
 
-type TorAddress = AddressWithInfo & { info: { kind: 'onion' } }
-function filterTor(a: AddressWithInfo): a is TorAddress {
-  return a.info.kind === 'onion'
-}
-function cmpTor(a: TorAddress, b: TorAddress): -1 | 0 | 1 {
-  return cmpWithRankedPredicates(a, b, [x => !x.showSsl])
-}
-
 type LanAddress = AddressWithInfo & { info: { kind: 'ip'; public: false } }
 function filterLan(a: AddressWithInfo): a is LanAddress {
   return a.info.kind === 'ip' && !a.info.public
@@ -171,7 +163,6 @@ export class InterfaceService {
       },
     )
 
-    const torAddrs = allAddressesWithInfo.filter(filterTor).sort(cmpTor)
     const lanAddrs = allAddressesWithInfo
       .filter(filterLan)
       .sort((a, b) => cmpLan(host, a, b))
@@ -188,7 +179,6 @@ export class InterfaceService {
         clearnetAddrs[0],
       lanAddrs[0],
       vpnAddrs[0],
-      torAddrs[0],
     ]
       .filter(a => !!a)
       .reduce((acc, x) => {
@@ -214,9 +204,8 @@ export class InterfaceService {
       kind: 'domain',
       visibility: 'public',
     })
-    const tor = addresses.filter({ kind: 'onion' })
     const wanIp = addresses.filter({ kind: 'ipv4', visibility: 'public' })
-    const bestPublic = [publicDomains, tor, wanIp].flatMap(h =>
+    const bestPublic = [publicDomains, wanIp].flatMap(h =>
       h.format('urlstring'),
     )[0]
     const privateDomains = addresses.filter({
@@ -254,9 +243,6 @@ export class InterfaceService {
           .format('urlstring')[0]
         onLan = true
         break
-      case 'tor':
-        matching = tor.format('urlstring')[0]
-        break
       case 'mdns':
         matching = mdns.format('urlstring')[0]
         onLan = true
@@ -302,31 +288,7 @@ export class InterfaceService {
       "Requires trusting your server's Root CA",
     )
 
-    // ** Tor **
-    if (info.kind === 'onion') {
-      access = null
-      gatewayName = null
-      type = 'Tor'
-      bullets = [
-        this.i18n.transform('Connections can be slow or unreliable at times'),
-        this.i18n.transform(
-          'Public if you share the address publicly, otherwise private',
-        ),
-        this.i18n.transform('Requires using a Tor-enabled device or browser'),
-      ]
-      // Tor (SSL)
-      if (showSsl) {
-        bullets = [rootCaRequired, ...bullets]
-        // Tor (NON-SSL)
-      } else {
-        bullets.unshift(
-          this.i18n.transform(
-            'Ideal for anonymous, censorship-resistant hosting and remote access',
-          ),
-        )
-      }
-      // ** Not Tor **
-    } else {
+    {
       const port = info.hostname.sslPort || info.hostname.port
       gatewayName = info.gateway.name
 
@@ -479,7 +441,6 @@ export class InterfaceService {
 
 export type MappedServiceInterface = T.ServiceInterface & {
   gateways: InterfaceGateway[]
-  torDomains: string[]
   publicDomains: PublicDomain[]
   privateDomains: string[]
   addresses: {
diff --git a/web/projects/ui/src/app/routes/portal/components/interfaces/tor-domains.component.ts b/web/projects/ui/src/app/routes/portal/components/interfaces/tor-domains.component.ts
deleted file mode 100644
index 9fb233423..000000000
--- a/web/projects/ui/src/app/routes/portal/components/interfaces/tor-domains.component.ts
+++ /dev/null
@@ -1,193 +0,0 @@
-import {
-  ChangeDetectionStrategy,
-  Component,
-  inject,
-  input,
-} from '@angular/core'
-import {
-  DialogService,
-  DocsLinkDirective,
-  ErrorService,
-  i18nPipe,
-  LoadingService,
-} from '@start9labs/shared'
-import { ISB, utils } from '@start9labs/start-sdk'
-import { TuiButton, TuiTitle } from '@taiga-ui/core'
-import { TuiSkeleton } from '@taiga-ui/kit'
-import { TuiCell } from '@taiga-ui/layout'
-import { filter } from 'rxjs'
-import {
-  FormComponent,
-  FormContext,
-} from 'src/app/routes/portal/components/form.component'
-import { PlaceholderComponent } from 'src/app/routes/portal/components/placeholder.component'
-import { ApiService } from 'src/app/services/api/embassy-api.service'
-import { FormDialogService } from 'src/app/services/form-dialog.service'
-import { configBuilderToSpec } from 'src/app/utils/configBuilderToSpec'
-
-import { InterfaceComponent } from './interface.component'
-
-type OnionForm = {
-  key: string
-}
-
-@Component({
-  selector: 'section[torDomains]',
-  template: `
-    <header>
-      Tor Domains
-      <a
-        tuiIconButton
-        docsLink
-        path="/user-manual/connecting-remotely/tor.html"
-        appearance="icon"
-        iconStart="@tui.external-link"
-      >
-        {{ 'Documentation' | i18n }}
-      </a>
-      <button
-        tuiButton
-        iconStart="@tui.plus"
-        [style.margin-inline-start]="'auto'"
-        (click)="add()"
-        [disabled]="!torDomains()"
-      >
-        {{ 'Add' | i18n }}
-      </button>
-    </header>
-    @for (domain of torDomains(); track domain) {
-      <div tuiCell="s">
-        <span tuiTitle>{{ domain }}</span>
-        <button
-          tuiIconButton
-          iconStart="@tui.trash"
-          appearance="action-destructive"
-          (click)="remove(domain)"
-        >
-          {{ 'Delete' | i18n }}
-        </button>
-      </div>
-    } @empty {
-      @if (torDomains()) {
-        <app-placeholder icon="@tui.target">
-          {{ 'No Tor domains' | i18n }}
-        </app-placeholder>
-      } @else {
-        @for (_ of [0, 1]; track $index) {
-          <label tuiCell="s">
-            <span tuiTitle [tuiSkeleton]="true">{{ 'Loading' | i18n }}</span>
-          </label>
-        }
-      }
-    }
-  `,
-  styles: `
-    :host {
-      grid-column: span 6;
-      overflow-wrap: break-word;
-    }
-  `,
-  host: { class: 'g-card' },
-  imports: [
-    TuiCell,
-    TuiTitle,
-    TuiButton,
-    PlaceholderComponent,
-    i18nPipe,
-    DocsLinkDirective,
-    TuiSkeleton,
-  ],
-  changeDetection: ChangeDetectionStrategy.OnPush,
-})
-export class InterfaceTorDomainsComponent {
-  private readonly dialog = inject(DialogService)
-  private readonly formDialog = inject(FormDialogService)
-  private readonly loader = inject(LoadingService)
-  private readonly errorService = inject(ErrorService)
-  private readonly api = inject(ApiService)
-  private readonly interface = inject(InterfaceComponent)
-  private readonly i18n = inject(i18nPipe)
-
-  readonly torDomains = input.required<readonly string[] | undefined>()
-
-  async remove(onion: string) {
-    this.dialog
-      .openConfirm({ label: 'Are you sure?', size: 's' })
-      .pipe(filter(Boolean))
-      .subscribe(async () => {
-        const loader = this.loader.open('Removing').subscribe()
-        const params = { onion }
-
-        try {
-          if (this.interface.packageId()) {
-            await this.api.pkgRemoveOnion({
-              ...params,
-              package: this.interface.packageId(),
-              host: this.interface.value()?.addressInfo.hostId || '',
-            })
-          } else {
-            await this.api.serverRemoveOnion(params)
-          }
-          return true
-        } catch (e: any) {
-          this.errorService.handleError(e)
-          return false
-        } finally {
-          loader.unsubscribe()
-        }
-      })
-  }
-
-  async add() {
-    this.formDialog.open<FormContext<OnionForm>>(FormComponent, {
-      label: 'New Tor domain',
-      data: {
-        spec: await configBuilderToSpec(
-          ISB.InputSpec.of({
-            key: ISB.Value.text({
-              name: this.i18n.transform('Private Key (optional)')!,
-              description: this.i18n.transform(
-                'Optionally provide a base64-encoded ed25519 private key for generating the Tor V3 (.onion) domain. If not provided, a random key will be generated.',
-              ),
-              required: false,
-              default: null,
-              patterns: [utils.Patterns.base64],
-            }),
-          }),
-        ),
-        buttons: [
-          {
-            text: this.i18n.transform('Save')!,
-            handler: async value => this.save(value.key),
-          },
-        ],
-      },
-    })
-  }
-
-  private async save(key?: string): Promise<boolean> {
-    const loader = this.loader.open('Saving').subscribe()
-
-    try {
-      const onion = key
-        ? await this.api.addTorKey({ key })
-        : await this.api.generateTorKey({})
-
-      if (this.interface.packageId()) {
-        await this.api.pkgAddOnion({
-          onion,
-          package: this.interface.packageId(),
-          host: this.interface.value()?.addressInfo.hostId || '',
-        })
-      } else {
-        await this.api.serverAddOnion({ onion })
-      }
-      return true
-    } catch (e: any) {
-      this.errorService.handleError(e)
-      return false
-    } finally {
-      loader.unsubscribe()
-    }
-  }
-}
diff --git a/web/projects/ui/src/app/routes/portal/routes/logs/logs.routes.ts b/web/projects/ui/src/app/routes/portal/routes/logs/logs.routes.ts
index 281683fcd..c42623ea9 100644
--- a/web/projects/ui/src/app/routes/portal/routes/logs/logs.routes.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/logs/logs.routes.ts
@@ -13,10 +13,6 @@ export const ROUTES: Routes = [
     path: 'os',
     loadComponent: () => import('./routes/os.component'),
   },
-  {
-    path: 'tor',
-    loadComponent: () => import('./routes/tor.component'),
-  },
 ]
 
 export default ROUTES
diff --git a/web/projects/ui/src/app/routes/portal/routes/logs/routes/outlet.component.ts b/web/projects/ui/src/app/routes/portal/routes/logs/routes/outlet.component.ts
index 97d3f69cd..524a997da 100644
--- a/web/projects/ui/src/app/routes/portal/routes/logs/routes/outlet.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/logs/routes/outlet.component.ts
@@ -79,12 +79,6 @@ export default class SystemLogsComponent {
       subtitle: 'Raw, unfiltered operating system logs',
       icon: '@tui.square-dashed-bottom-code',
     },
-    {
-      link: 'tor',
-      title: 'Tor Logs',
-      subtitle: 'Diagnostics for the Tor daemon on this server',
-      icon: '@tui.target',
-    },
     {
       link: 'kernel',
       title: 'Kernel Logs',
diff --git a/web/projects/ui/src/app/routes/portal/routes/logs/routes/tor.component.ts b/web/projects/ui/src/app/routes/portal/routes/logs/routes/tor.component.ts
deleted file mode 100644
index 45b711fa5..000000000
--- a/web/projects/ui/src/app/routes/portal/routes/logs/routes/tor.component.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-import { ChangeDetectionStrategy, Component, inject } from '@angular/core'
-import { i18nPipe } from '@start9labs/shared'
-import { LogsComponent } from 'src/app/routes/portal/components/logs/logs.component'
-import { LogsHeaderComponent } from 'src/app/routes/portal/routes/logs/components/header.component'
-import { RR } from 'src/app/services/api/api.types'
-import { ApiService } from 'src/app/services/api/embassy-api.service'
-
-@Component({
-  template: `
-    <logs-header [title]="'Tor Logs' | i18n">
-      {{ 'Diagnostics for the Tor daemon on this server' | i18n }}
-    </logs-header>
-    <logs context="tor" [followLogs]="follow" [fetchLogs]="fetch" />
-  `,
-  styles: `
-    :host {
-      padding: 1rem;
-    }
-  `,
-  changeDetection: ChangeDetectionStrategy.OnPush,
-  imports: [LogsComponent, LogsHeaderComponent, i18nPipe],
-  host: { class: 'g-page' },
-})
-export default class SystemTorComponent {
-  private readonly api = inject(ApiService)
-
-  protected readonly follow = (params: RR.FollowServerLogsReq) =>
-    this.api.followTorLogs(params)
-
-  protected readonly fetch = (params: RR.GetServerLogsReq) =>
-    this.api.getTorLogs(params)
-}
diff --git a/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts b/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts
index 2b42dacc9..0fa1b4766 100644
--- a/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts
@@ -139,7 +139,6 @@ export default class ServiceInterfaceRoute {
               : !binding?.net.privateDisabled.includes(g.id)) ?? false,
           ...g,
         })) || [],
-      torDomains: host.onions,
       publicDomains: getPublicDomains(host.publicDomains, gateways),
       privateDomains: host.privateDomains,
       addSsl: !!binding?.options.addSsl,
diff --git a/web/projects/ui/src/app/routes/portal/routes/sideload/sideload.component.ts b/web/projects/ui/src/app/routes/portal/routes/sideload/sideload.component.ts
index 8f2055787..ebf7b2587 100644
--- a/web/projects/ui/src/app/routes/portal/routes/sideload/sideload.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/sideload/sideload.component.ts
@@ -13,7 +13,6 @@ import {
   TuiFiles,
   tuiInputFilesOptionsProvider,
 } from '@taiga-ui/kit'
-import { ConfigService } from 'src/app/services/config.service'
 import { TitleDirective } from 'src/app/services/title.service'
 
 import { SideloadPackageComponent } from './package.component'
@@ -55,11 +54,6 @@ import { MarketplacePkgSideload, validateS9pk } from './sideload.utils'
             <div>
               <tui-avatar appearance="secondary" src="@tui.upload" />
               <p>{{ 'Upload .s9pk package file' | i18n }}</p>
-              @if (isTor) {
-                <p class="g-warning">
-                  {{ 'Warning: package upload will be slow over Tor.' | i18n }}
-                </p>
-              }
               <button tuiButton>{{ 'Select' | i18n }}</button>
             </div>
           }
@@ -92,8 +86,6 @@ import { MarketplacePkgSideload, validateS9pk } from './sideload.utils'
   ],
 })
 export default class SideloadComponent {
-  readonly isTor = inject(ConfigService).accessType === 'tor'
-
   file: File | null = null
   readonly package = signal<MarketplacePkgSideload | null>(null)
   readonly error = signal<i18nKey | null>(null)
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/general/general.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/general/general.component.ts
index aaff817d0..cdf664e86 100644
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/general/general.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/system/routes/general/general.component.ts
@@ -47,13 +47,11 @@ import { PolymorpheusComponent } from '@taiga-ui/polymorpheus'
 import { PatchDB } from 'patch-db-client'
 import { filter } from 'rxjs'
 import { ApiService } from 'src/app/services/api/embassy-api.service'
-import { ConfigService } from 'src/app/services/config.service'
 import { OSService } from 'src/app/services/os.service'
 import { DataModel } from 'src/app/services/patch-db/data-model'
 import { TitleDirective } from 'src/app/services/title.service'
 import { SnekDirective } from './snek.directive'
 import { UPDATE } from './update.component'
-import { SystemWipeComponent } from './wipe.component'
 import { KeyboardSelectComponent } from './keyboard-select.component'
 
 @Component({
@@ -66,7 +64,7 @@ import { KeyboardSelectComponent } from './keyboard-select.component'
     </ng-container>
     @if (server(); as server) {
       <div tuiCell tuiAppearance="outline-grayscale">
-        <tui-icon icon="@tui.zap" />
+        <tui-icon icon="@tui.zap" (click)="count = count + 1" />
         <span tuiTitle>
           <strong>{{ 'Software Update' | i18n }}</strong>
           <span tuiSubtitle [style.flex-wrap]="'wrap'">
@@ -178,18 +176,6 @@ import { KeyboardSelectComponent } from './keyboard-select.component'
           </button>
         }
       </div>
-      <div tuiCell tuiAppearance="outline-grayscale">
-        <tui-icon icon="@tui.rotate-cw" (click)="count = count + 1" />
-        <span tuiTitle>
-          <strong>{{ 'Restart Tor' | i18n }}</strong>
-          <span tuiSubtitle>
-            {{ 'Restart the Tor daemon on your server' | i18n }}
-          </span>
-        </span>
-        <button tuiButton appearance="glass" (click)="onTorRestart()">
-          {{ 'Restart' | i18n }}
-        </button>
-      </div>
       @if (count > 4) {
         <div tuiCell tuiAppearance="outline-grayscale" tuiAnimated>
           <tui-icon icon="@tui.briefcase-medical" />
@@ -283,12 +269,10 @@ export default class SystemGeneralComponent {
   private readonly errorService = inject(ErrorService)
   private readonly patch = inject<PatchDB<DataModel>>(PatchDB)
   private readonly api = inject(ApiService)
-  private readonly isTor = inject(ConfigService).accessType === 'tor'
   private readonly dialog = inject(DialogService)
   private readonly i18n = inject(i18nPipe)
   private readonly injector = inject(INJECTOR)
 
-  wipe = false
   count = 0
 
   readonly server = toSignal(this.patch.watch$('serverInfo'))
@@ -392,24 +376,6 @@ export default class SystemGeneralComponent {
       })
   }
 
-  onTorRestart() {
-    this.wipe = false
-    this.dialog
-      .openConfirm({
-        label: this.isTor ? 'Warning' : 'Confirm',
-        data: {
-          content: new PolymorpheusComponent(
-            SystemWipeComponent,
-            this.injector,
-          ),
-          yes: 'Restart',
-          no: 'Cancel',
-        },
-      })
-      .pipe(filter(Boolean))
-      .subscribe(() => this.resetTor(this.wipe))
-  }
-
   async onRepair() {
     this.dialog
       .openConfirm({
@@ -532,19 +498,6 @@ export default class SystemGeneralComponent {
       .subscribe(() => this.restart())
   }
 
-  private async resetTor(wipeState: boolean) {
-    const loader = this.loader.open().subscribe()
-
-    try {
-      await this.api.resetTor({ wipeState, reason: 'User triggered' })
-      this.dialog.openAlert('Tor restart in progress').subscribe()
-    } catch (e: any) {
-      this.errorService.handleError(e)
-    } finally {
-      loader.unsubscribe()
-    }
-  }
-
   private update() {
     this.dialogs
       .open(UPDATE, {
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/general/wipe.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/general/wipe.component.ts
deleted file mode 100644
index 0456cbed3..000000000
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/general/wipe.component.ts
+++ /dev/null
@@ -1,36 +0,0 @@
-import { ChangeDetectionStrategy, Component, inject } from '@angular/core'
-import { FormsModule } from '@angular/forms'
-import { TuiLabel } from '@taiga-ui/core'
-import { TuiCheckbox } from '@taiga-ui/kit'
-import { ConfigService } from 'src/app/services/config.service'
-import SystemGeneralComponent from './general.component'
-import { i18nPipe } from '@start9labs/shared'
-
-@Component({
-  template: `
-    @if (isTor) {
-      <p>
-        {{
-          'You are currently connected over Tor. If you restart the Tor daemon, you will lose connectivity until it comes back online.'
-            | i18n
-        }}
-      </p>
-    }
-    <p>
-      {{
-        'Optionally wipe state to forcibly acquire new guard nodes. It is recommended to try without wiping state first.'
-          | i18n
-      }}
-    </p>
-    <label tuiLabel>
-      <input type="checkbox" tuiCheckbox [(ngModel)]="component.wipe" />
-      {{ 'Wipe state' | i18n }}
-    </label>
-  `,
-  changeDetection: ChangeDetectionStrategy.OnPush,
-  imports: [TuiLabel, FormsModule, TuiCheckbox, i18nPipe],
-})
-export class SystemWipeComponent {
-  readonly isTor = inject(ConfigService).accessType === 'tor'
-  readonly component = inject(SystemGeneralComponent)
-}
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts
index 524eb92dc..08ba78d94 100644
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts
@@ -100,7 +100,6 @@ export default class StartOsUiComponent {
             : !binding?.net.privateDisabled.includes(g.id)) ?? false,
         ...g,
       })),
-      torDomains: network.host.onions,
       publicDomains: getPublicDomains(network.host.publicDomains, gateways),
       privateDomains: network.host.privateDomains,
       addSsl: true,
diff --git a/web/projects/ui/src/app/services/api/api.fixures.ts b/web/projects/ui/src/app/services/api/api.fixures.ts
index 4a30d43f6..a5280f5f4 100644
--- a/web/projects/ui/src/app/services/api/api.fixures.ts
+++ b/web/projects/ui/src/app/services/api/api.fixures.ts
@@ -2138,7 +2138,6 @@ export namespace Mock {
         },
         publicDomains: {},
         privateDomains: [],
-        onions: [],
         hostnameInfo: {
           80: [
             {
@@ -2209,14 +2208,6 @@ export namespace Mock {
                 sslPort: 1234,
               },
             },
-            {
-              kind: 'onion',
-              hostname: {
-                value: 'bitcoin-p2p.onion',
-                port: 80,
-                sslPort: 443,
-              },
-            },
           ],
         },
       },
@@ -2239,7 +2230,6 @@ export namespace Mock {
         },
         publicDomains: {},
         privateDomains: [],
-        onions: [],
         hostnameInfo: {
           8332: [],
         },
@@ -2263,7 +2253,6 @@ export namespace Mock {
         },
         publicDomains: {},
         privateDomains: [],
-        onions: [],
         hostnameInfo: {
           8333: [],
         },
diff --git a/web/projects/ui/src/app/services/api/api.types.ts b/web/projects/ui/src/app/services/api/api.types.ts
index 565bca8e4..85abac31a 100644
--- a/web/projects/ui/src/app/services/api/api.types.ts
+++ b/web/projects/ui/src/app/services/api/api.types.ts
@@ -79,14 +79,14 @@ export namespace RR {
     uptime: number // seconds
   }
 
-  export type GetServerLogsReq = FetchLogsReq // server.logs & server.kernel-logs & net.tor.logs
+  export type GetServerLogsReq = FetchLogsReq // server.logs & server.kernel-logs
   export type GetServerLogsRes = FetchLogsRes
 
   export type FollowServerLogsReq = {
     limit?: number // (optional) default is 50. Ignored if cursor provided
     boot?: number | string | null // (optional) number is offset (0: current, -1 prev, +1 first), string is a specific boot id, null is all. Default is undefined
     cursor?: string // the last known log. Websocket will return all logs since this log
-  } // server.logs.follow & server.kernel-logs.follow & net.tor.follow-logs
+  } // server.logs.follow & server.kernel-logs.follow
   export type FollowServerLogsRes = {
     startCursor: string
     guid: string
@@ -120,12 +120,6 @@ export namespace RR {
   } // net.dns.query
   export type QueryDnsRes = string | null
 
-  export type ResetTorReq = {
-    wipeState: boolean
-    reason: string
-  } // net.tor.reset
-  export type ResetTorRes = null
-
   export type SetKeyboardReq = FullKeyboard // server.set-keyboard
   export type SetKeyboardRes = null
 
@@ -287,13 +281,6 @@ export namespace RR {
   }
   export type RemoveAcmeRes = null
 
-  export type AddTorKeyReq = {
-    // net.tor.key.add
-    key: string
-  }
-  export type GenerateTorKeyReq = {} // net.tor.key.generate
-  export type AddTorKeyRes = string // onion address *with* .onion suffix
-
   export type ServerBindingToggleGatewayReq = {
     // server.host.binding.set-gateway-enabled
     gateway: T.GatewayId
@@ -302,15 +289,6 @@ export namespace RR {
   }
   export type ServerBindingToggleGatewayRes = null
 
-  export type ServerAddOnionReq = {
-    // server.host.address.onion.add
-    onion: string // address *with* .onion suffix
-  }
-  export type AddOnionRes = null
-
-  export type ServerRemoveOnionReq = ServerAddOnionReq // server.host.address.onion.remove
-  export type RemoveOnionRes = null
-
   export type OsUiAddPublicDomainReq = {
     // server.host.address.domain.public.add
     fqdn: string // FQDN
@@ -348,13 +326,6 @@ export namespace RR {
   }
   export type PkgBindingToggleGatewayRes = null
 
-  export type PkgAddOnionReq = ServerAddOnionReq & {
-    // package.host.address.onion.add
-    package: T.PackageId // string
-    host: T.HostId // string
-  }
-  export type PkgRemoveOnionReq = PkgAddOnionReq // package.host.address.onion.remove
-
   export type PkgAddPublicDomainReq = OsUiAddPublicDomainReq & {
     // package.host.address.domain.public.add
     package: T.PackageId // string
diff --git a/web/projects/ui/src/app/services/api/embassy-api.service.ts b/web/projects/ui/src/app/services/api/embassy-api.service.ts
index 41d918ef0..c55dc8441 100644
--- a/web/projects/ui/src/app/services/api/embassy-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-api.service.ts
@@ -81,8 +81,6 @@ export abstract class ApiService {
     params: RR.GetServerLogsReq,
   ): Promise<RR.GetServerLogsRes>
 
-  abstract getTorLogs(params: RR.GetServerLogsReq): Promise<RR.GetServerLogsRes>
-
   abstract getKernelLogs(
     params: RR.GetServerLogsReq,
   ): Promise<RR.GetServerLogsRes>
@@ -91,10 +89,6 @@ export abstract class ApiService {
     params: RR.FollowServerLogsReq,
   ): Promise<RR.FollowServerLogsRes>
 
-  abstract followTorLogs(
-    params: RR.FollowServerLogsReq,
-  ): Promise<RR.FollowServerLogsRes>
-
   abstract followKernelLogs(
     params: RR.FollowServerLogsReq,
   ): Promise<RR.FollowServerLogsRes>
@@ -125,8 +119,6 @@ export abstract class ApiService {
 
   abstract queryDns(params: RR.QueryDnsReq): Promise<RR.QueryDnsRes>
 
-  abstract resetTor(params: RR.ResetTorReq): Promise<RR.ResetTorRes>
-
   // smtp
 
   abstract setSmtp(params: RR.SetSMTPReq): Promise<RR.SetSMTPRes>
@@ -344,22 +336,10 @@ export abstract class ApiService {
 
   abstract removeAcme(params: RR.RemoveAcmeReq): Promise<RR.RemoveAcmeRes>
 
-  abstract addTorKey(params: RR.AddTorKeyReq): Promise<RR.AddTorKeyRes>
-
-  abstract generateTorKey(
-    params: RR.GenerateTorKeyReq,
-  ): Promise<RR.AddTorKeyRes>
-
   abstract serverBindingToggleGateway(
     params: RR.ServerBindingToggleGatewayReq,
   ): Promise<RR.ServerBindingToggleGatewayRes>
 
-  abstract serverAddOnion(params: RR.ServerAddOnionReq): Promise<RR.AddOnionRes>
-
-  abstract serverRemoveOnion(
-    params: RR.ServerRemoveOnionReq,
-  ): Promise<RR.RemoveOnionRes>
-
   abstract osUiAddPublicDomain(
     params: RR.OsUiAddPublicDomainReq,
   ): Promise<RR.OsUiAddPublicDomainRes>
@@ -380,12 +360,6 @@ export abstract class ApiService {
     params: RR.PkgBindingToggleGatewayReq,
   ): Promise<RR.PkgBindingToggleGatewayRes>
 
-  abstract pkgAddOnion(params: RR.PkgAddOnionReq): Promise<RR.AddOnionRes>
-
-  abstract pkgRemoveOnion(
-    params: RR.PkgRemoveOnionReq,
-  ): Promise<RR.RemoveOnionRes>
-
   abstract pkgAddPublicDomain(
     params: RR.PkgAddPublicDomainReq,
   ): Promise<RR.PkgAddPublicDomainRes>
diff --git a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
index 47890f047..00524e2ef 100644
--- a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
@@ -195,10 +195,6 @@ export class LiveApiService extends ApiService {
     return this.rpcRequest({ method: 'server.logs', params })
   }
 
-  async getTorLogs(params: RR.GetServerLogsReq): Promise<RR.GetServerLogsRes> {
-    return this.rpcRequest({ method: 'net.tor.logs', params })
-  }
-
   async getKernelLogs(
     params: RR.GetServerLogsReq,
   ): Promise<RR.GetServerLogsRes> {
@@ -211,12 +207,6 @@ export class LiveApiService extends ApiService {
     return this.rpcRequest({ method: 'server.logs.follow', params })
   }
 
-  async followTorLogs(
-    params: RR.FollowServerLogsReq,
-  ): Promise<RR.FollowServerLogsRes> {
-    return this.rpcRequest({ method: 'net.tor.logs.follow', params })
-  }
-
   async followKernelLogs(
     params: RR.FollowServerLogsReq,
   ): Promise<RR.FollowServerLogsRes> {
@@ -278,10 +268,6 @@ export class LiveApiService extends ApiService {
     })
   }
 
-  async resetTor(params: RR.ResetTorReq): Promise<RR.ResetTorRes> {
-    return this.rpcRequest({ method: 'net.tor.reset', params })
-  }
-
   // marketplace URLs
 
   async checkOSUpdate(
@@ -621,20 +607,6 @@ export class LiveApiService extends ApiService {
     })
   }
 
-  async addTorKey(params: RR.AddTorKeyReq): Promise<RR.AddTorKeyRes> {
-    return this.rpcRequest({
-      method: 'net.tor.key.add',
-      params,
-    })
-  }
-
-  async generateTorKey(params: RR.GenerateTorKeyReq): Promise<RR.AddTorKeyRes> {
-    return this.rpcRequest({
-      method: 'net.tor.key.generate',
-      params,
-    })
-  }
-
   async serverBindingToggleGateway(
     params: RR.ServerBindingToggleGatewayReq,
   ): Promise<RR.ServerBindingToggleGatewayRes> {
@@ -644,22 +616,6 @@ export class LiveApiService extends ApiService {
     })
   }
 
-  async serverAddOnion(params: RR.ServerAddOnionReq): Promise<RR.AddOnionRes> {
-    return this.rpcRequest({
-      method: 'server.host.address.onion.add',
-      params,
-    })
-  }
-
-  async serverRemoveOnion(
-    params: RR.ServerRemoveOnionReq,
-  ): Promise<RR.RemoveOnionRes> {
-    return this.rpcRequest({
-      method: 'server.host.address.onion.remove',
-      params,
-    })
-  }
-
   async osUiAddPublicDomain(
     params: RR.OsUiAddPublicDomainReq,
   ): Promise<RR.OsUiAddPublicDomainRes> {
@@ -705,22 +661,6 @@ export class LiveApiService extends ApiService {
     })
   }
 
-  async pkgAddOnion(params: RR.PkgAddOnionReq): Promise<RR.AddOnionRes> {
-    return this.rpcRequest({
-      method: 'package.host.address.onion.add',
-      params,
-    })
-  }
-
-  async pkgRemoveOnion(
-    params: RR.PkgRemoveOnionReq,
-  ): Promise<RR.RemoveOnionRes> {
-    return this.rpcRequest({
-      method: 'package.host.address.onion.remove',
-      params,
-    })
-  }
-
   async pkgAddPublicDomain(
     params: RR.PkgAddPublicDomainReq,
   ): Promise<RR.PkgAddPublicDomainRes> {
diff --git a/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts b/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
index c2f8d953b..e91a732e5 100644
--- a/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
@@ -281,17 +281,6 @@ export class MockApiService extends ApiService {
     }
   }
 
-  async getTorLogs(params: RR.GetServerLogsReq): Promise<RR.GetServerLogsRes> {
-    await pauseFor(2000)
-    const entries = this.randomLogs(params.limit)
-
-    return {
-      entries,
-      startCursor: 'start-cursor',
-      endCursor: 'end-cursor',
-    }
-  }
-
   async getKernelLogs(
     params: RR.GetServerLogsReq,
   ): Promise<RR.GetServerLogsRes> {
@@ -315,16 +304,6 @@ export class MockApiService extends ApiService {
     }
   }
 
-  async followTorLogs(
-    params: RR.FollowServerLogsReq,
-  ): Promise<RR.FollowServerLogsRes> {
-    await pauseFor(2000)
-    return {
-      startCursor: 'start-cursor',
-      guid: 'logs-guid',
-    }
-  }
-
   async followKernelLogs(
     params: RR.FollowServerLogsReq,
   ): Promise<RR.FollowServerLogsRes> {
@@ -504,11 +483,6 @@ export class MockApiService extends ApiService {
     return null
   }
 
-  async resetTor(params: RR.ResetTorReq): Promise<RR.ResetTorRes> {
-    await pauseFor(2000)
-    return null
-  }
-
   // marketplace URLs
 
   async checkOSUpdate(
@@ -1374,16 +1348,6 @@ export class MockApiService extends ApiService {
     return null
   }
 
-  async addTorKey(params: RR.AddTorKeyReq): Promise<RR.AddTorKeyRes> {
-    await pauseFor(2000)
-    return 'vanityabcdefghijklmnop.onion'
-  }
-
-  async generateTorKey(params: RR.GenerateTorKeyReq): Promise<RR.AddTorKeyRes> {
-    await pauseFor(2000)
-    return 'abcdefghijklmnopqrstuv.onion'
-  }
-
   async serverBindingToggleGateway(
     params: RR.ServerBindingToggleGatewayReq,
   ): Promise<RR.ServerBindingToggleGatewayRes> {
@@ -1401,53 +1365,6 @@ export class MockApiService extends ApiService {
     return null
   }
 
-  async serverAddOnion(params: RR.ServerAddOnionReq): Promise<RR.AddOnionRes> {
-    await pauseFor(2000)
-
-    const patch: Operation<any>[] = [
-      {
-        op: PatchOp.ADD,
-        path: `/serverInfo/host/onions/0`,
-        value: params.onion,
-      },
-      {
-        op: PatchOp.ADD,
-        path: `/serverInfo/host/hostnameInfo/80/0`,
-        value: {
-          kind: 'onion',
-          hostname: {
-            port: 80,
-            sslPort: 443,
-            value: params.onion,
-          },
-        },
-      },
-    ]
-    this.mockRevision(patch)
-
-    return null
-  }
-
-  async serverRemoveOnion(
-    params: RR.ServerRemoveOnionReq,
-  ): Promise<RR.RemoveOnionRes> {
-    await pauseFor(2000)
-
-    const patch: RemoveOperation[] = [
-      {
-        op: PatchOp.REMOVE,
-        path: `/serverInfo/host/onions/0`,
-      },
-      {
-        op: PatchOp.REMOVE,
-        path: `/serverInfo/host/hostnameInfo/80/-1`,
-      },
-    ]
-    this.mockRevision(patch)
-
-    return null
-  }
-
   async osUiAddPublicDomain(
     params: RR.OsUiAddPublicDomainReq,
   ): Promise<RR.OsUiAddPublicDomainRes> {
@@ -1574,53 +1491,6 @@ export class MockApiService extends ApiService {
     return null
   }
 
-  async pkgAddOnion(params: RR.PkgAddOnionReq): Promise<RR.AddOnionRes> {
-    await pauseFor(2000)
-
-    const patch: Operation<any>[] = [
-      {
-        op: PatchOp.ADD,
-        path: `/packageData/${params.package}/hosts/${params.host}/onions/0`,
-        value: params.onion,
-      },
-      {
-        op: PatchOp.ADD,
-        path: `/packageData/${params.package}/hosts/${params.host}/hostnameInfo/80/0`,
-        value: {
-          kind: 'onion',
-          hostname: {
-            port: 80,
-            sslPort: 443,
-            value: params.onion,
-          },
-        },
-      },
-    ]
-    this.mockRevision(patch)
-
-    return null
-  }
-
-  async pkgRemoveOnion(
-    params: RR.PkgRemoveOnionReq,
-  ): Promise<RR.RemoveOnionRes> {
-    await pauseFor(2000)
-
-    const patch: RemoveOperation[] = [
-      {
-        op: PatchOp.REMOVE,
-        path: `/packageData/${params.package}/hosts/${params.host}/onions/0`,
-      },
-      {
-        op: PatchOp.REMOVE,
-        path: `/packageData/${params.package}/hosts/${params.host}/hostnameInfo/80/0`,
-      },
-    ]
-    this.mockRevision(patch)
-
-    return null
-  }
-
   async pkgAddPublicDomain(
     params: RR.PkgAddPublicDomainReq,
   ): Promise<RR.PkgAddPublicDomainRes> {
diff --git a/web/projects/ui/src/app/services/api/mock-patch.ts b/web/projects/ui/src/app/services/api/mock-patch.ts
index b7da8d5b9..6effc3827 100644
--- a/web/projects/ui/src/app/services/api/mock-patch.ts
+++ b/web/projects/ui/src/app/services/api/mock-patch.ts
@@ -54,7 +54,6 @@ export const mockPatchData: DataModel = {
         },
         publicDomains: {},
         privateDomains: [],
-        onions: ['myveryownspecialtoraddress'],
         hostnameInfo: {
           80: [
             {
@@ -125,14 +124,6 @@ export const mockPatchData: DataModel = {
                 sslPort: 443,
               },
             },
-            {
-              kind: 'onion',
-              hostname: {
-                value: 'myveryownspecialtoraddress.onion',
-                port: 80,
-                sslPort: 443,
-              },
-            },
           ],
         },
       },
@@ -524,7 +515,6 @@ export const mockPatchData: DataModel = {
           },
           publicDomains: {},
           privateDomains: [],
-          onions: [],
           hostnameInfo: {
             80: [
               {
@@ -595,14 +585,6 @@ export const mockPatchData: DataModel = {
                   sslPort: 1234,
                 },
               },
-              {
-                kind: 'onion',
-                hostname: {
-                  value: 'bitcoin-p2p.onion',
-                  port: 80,
-                  sslPort: 443,
-                },
-              },
             ],
           },
         },
@@ -625,7 +607,6 @@ export const mockPatchData: DataModel = {
           },
           publicDomains: {},
           privateDomains: [],
-          onions: [],
           hostnameInfo: {
             8332: [],
           },
@@ -649,7 +630,6 @@ export const mockPatchData: DataModel = {
           },
           publicDomains: {},
           privateDomains: [],
-          onions: [],
           hostnameInfo: {
             8333: [],
           },
diff --git a/web/projects/ui/src/app/services/config.service.ts b/web/projects/ui/src/app/services/config.service.ts
index 3e9097b54..4e56e8e46 100644
--- a/web/projects/ui/src/app/services/config.service.ts
+++ b/web/projects/ui/src/app/services/config.service.ts
@@ -32,7 +32,6 @@ export class ConfigService {
   private getAccessType = utils.once(() => {
     if (useMocks) return mocks.maskAs
     if (this.hostname === 'localhost') return 'localhost'
-    if (this.hostname.endsWith('.onion')) return 'tor'
     if (this.hostname.endsWith('.local')) return 'mdns'
     let ip = null
     try {
@@ -51,7 +50,7 @@ export class ConfigService {
   }
 
   isLanHttp(): boolean {
-    return !this.isHttps() && !['localhost', 'tor'].includes(this.accessType)
+    return !this.isHttps() && this.accessType !== 'localhost'
   }
 
   isHttps(): boolean {

From 8204074bdfbdedff39de1dcb82f9f7a86925a267 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Tue, 10 Feb 2026 13:38:12 -0700
Subject: [PATCH 06/17] chore: flatten HostnameInfo from enum to struct

HostnameInfo only had one variant (Ip) after removing Tor. Flatten it
into a plain struct with fields gateway, public, hostname. Remove all
kind === 'ip' type guards and narrowing across SDK, frontend, and
container runtime. Update DB migration to strip the kind field.
---
 .../DockerProcedureContainer.ts               |  2 +-
 .../Systems/SystemForEmbassy/index.ts         |  8 +---
 core/src/net/net_controller.rs                | 12 +++---
 core/src/net/service_interface.rs             | 16 +++-----
 core/src/version/v0_4_0_alpha_20.rs           | 13 +++++--
 sdk/base/lib/osBindings/HostnameInfo.ts       |  1 -
 sdk/base/lib/util/getServiceInterface.ts      | 37 ++++++++-----------
 .../interfaces/interface.service.ts           | 22 ++++-------
 8 files changed, 47 insertions(+), 64 deletions(-)

diff --git a/container-runtime/src/Adapters/Systems/SystemForEmbassy/DockerProcedureContainer.ts b/container-runtime/src/Adapters/Systems/SystemForEmbassy/DockerProcedureContainer.ts
index 029483212..b6fd6f033 100644
--- a/container-runtime/src/Adapters/Systems/SystemForEmbassy/DockerProcedureContainer.ts
+++ b/container-runtime/src/Adapters/Systems/SystemForEmbassy/DockerProcedureContainer.ts
@@ -93,7 +93,7 @@ export class DockerProcedureContainer extends Drop {
                 )?.hostnameInfo || {},
               )
                 .flatMap((h) => h)
-                .flatMap((h) => (h.kind === "onion" ? [h.hostname.value] : [])),
+                .map((h) => h.hostname.value),
             ).values(),
           ]
           const certChain = await effects.getSslCertificate({
diff --git a/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts b/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts
index c2f84c19f..82dc037f9 100644
--- a/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts
+++ b/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts
@@ -1244,12 +1244,8 @@ async function updateConfig(
             ? ""
             : catchFn(
                 () =>
-                  (specValue.target === "lan-address"
-                    ? filled.addressInfo!.filter({ kind: "mdns" }) ||
-                      filled.addressInfo!.onion
-                    : filled.addressInfo!.onion ||
-                      filled.addressInfo!.filter({ kind: "mdns" })
-                  ).hostnames[0].hostname.value,
+                  filled.addressInfo!.filter({ kind: "mdns" })!
+                    .hostnames[0].hostname.value,
               ) || ""
         mutConfigValue[key] = url
       }
diff --git a/core/src/net/net_controller.rs b/core/src/net/net_controller.rs
index b1c6e0a6a..06cc087b5 100644
--- a/core/src/net/net_controller.rs
+++ b/core/src/net/net_controller.rs
@@ -481,7 +481,7 @@ impl NetServiceData {
                             i.device_type != Some(NetworkInterfaceType::Wireguard)
                         })
                     {
-                        bind_hostname_info.push(HostnameInfo::Ip {
+                        bind_hostname_info.push(HostnameInfo {
                             gateway: gateway.clone(),
                             public: false,
                             hostname: IpHostname::Local {
@@ -514,7 +514,7 @@ impl NetServiceData {
                                     .as_ref()
                                     .map_or(false, |ssl| ssl.preferred_external_port == 443)
                                 {
-                                    bind_hostname_info.push(HostnameInfo::Ip {
+                                    bind_hostname_info.push(HostnameInfo {
                                         gateway: gateway.clone(),
                                         public,
                                         hostname: IpHostname::Domain {
@@ -524,7 +524,7 @@ impl NetServiceData {
                                         },
                                     });
                                 } else {
-                                    bind_hostname_info.push(HostnameInfo::Ip {
+                                    bind_hostname_info.push(HostnameInfo {
                                         gateway: gateway.clone(),
                                         public,
                                         hostname: IpHostname::Domain {
@@ -540,7 +540,7 @@ impl NetServiceData {
                     if let Some(ip_info) = &info.ip_info {
                         let public = info.public();
                         if let Some(wan_ip) = ip_info.wan_ip {
-                            bind_hostname_info.push(HostnameInfo::Ip {
+                            bind_hostname_info.push(HostnameInfo {
                                 gateway: gateway.clone(),
                                 public: true,
                                 hostname: IpHostname::Ipv4 {
@@ -554,7 +554,7 @@ impl NetServiceData {
                             match ipnet {
                                 IpNet::V4(net) => {
                                     if !public {
-                                        bind_hostname_info.push(HostnameInfo::Ip {
+                                        bind_hostname_info.push(HostnameInfo {
                                             gateway: gateway.clone(),
                                             public,
                                             hostname: IpHostname::Ipv4 {
@@ -566,7 +566,7 @@ impl NetServiceData {
                                     }
                                 }
                                 IpNet::V6(net) => {
-                                    bind_hostname_info.push(HostnameInfo::Ip {
+                                    bind_hostname_info.push(HostnameInfo {
                                         gateway: gateway.clone(),
                                         public: public && !ipv6_is_local(net.addr()),
                                         hostname: IpHostname::Ipv6 {
diff --git a/core/src/net/service_interface.rs b/core/src/net/service_interface.rs
index ca960e569..6d04ae891 100644
--- a/core/src/net/service_interface.rs
+++ b/core/src/net/service_interface.rs
@@ -9,20 +9,14 @@ use crate::{GatewayId, HostId, ServiceInterfaceId};
 #[derive(Clone, Debug, Deserialize, Serialize, TS)]
 #[ts(export)]
 #[serde(rename_all = "camelCase")]
-#[serde(rename_all_fields = "camelCase")]
-#[serde(tag = "kind")]
-pub enum HostnameInfo {
-    Ip {
-        gateway: GatewayInfo,
-        public: bool,
-        hostname: IpHostname,
-    },
+pub struct HostnameInfo {
+    pub gateway: GatewayInfo,
+    pub public: bool,
+    pub hostname: IpHostname,
 }
 impl HostnameInfo {
     pub fn to_san_hostname(&self) -> InternedString {
-        match self {
-            Self::Ip { hostname, .. } => hostname.to_san_hostname(),
-        }
+        self.hostname.to_san_hostname()
     }
 }
 
diff --git a/core/src/version/v0_4_0_alpha_20.rs b/core/src/version/v0_4_0_alpha_20.rs
index 6cb902bde..3320af322 100644
--- a/core/src/version/v0_4_0_alpha_20.rs
+++ b/core/src/version/v0_4_0_alpha_20.rs
@@ -58,7 +58,7 @@ impl VersionT for Version {
         }
 
         // Remove onion entries from hostnameInfo in server host
-        remove_onion_hostname_info(
+        migrate_hostname_info(
             db.get_mut("public")
                 .and_then(|p| p.get_mut("serverInfo"))
                 .and_then(|s| s.get_mut("network"))
@@ -74,7 +74,7 @@ impl VersionT for Version {
             for (_, package) in packages.iter_mut() {
                 if let Some(hosts) = package.get_mut("hosts").and_then(|h| h.as_object_mut()) {
                     for (_, host) in hosts.iter_mut() {
-                        remove_onion_hostname_info(Some(host));
+                        migrate_hostname_info(Some(host));
                     }
                 }
             }
@@ -96,14 +96,21 @@ impl VersionT for Version {
     }
 }
 
-fn remove_onion_hostname_info(host: Option<&mut Value>) {
+fn migrate_hostname_info(host: Option<&mut Value>) {
     if let Some(hostname_info) = host
         .and_then(|h| h.get_mut("hostnameInfo"))
         .and_then(|h| h.as_object_mut())
     {
         for (_, infos) in hostname_info.iter_mut() {
             if let Some(arr) = infos.as_array_mut() {
+                // Remove onion entries
                 arr.retain(|info| info.get("kind").and_then(|k| k.as_str()) != Some("onion"));
+                // Strip "kind" field from remaining entries (HostnameInfo flattened from enum to struct)
+                for info in arr.iter_mut() {
+                    if let Some(obj) = info.as_object_mut() {
+                        obj.remove("kind");
+                    }
+                }
             }
         }
     }
diff --git a/sdk/base/lib/osBindings/HostnameInfo.ts b/sdk/base/lib/osBindings/HostnameInfo.ts
index 5865c6381..4d80dd43f 100644
--- a/sdk/base/lib/osBindings/HostnameInfo.ts
+++ b/sdk/base/lib/osBindings/HostnameInfo.ts
@@ -3,7 +3,6 @@ import type { GatewayInfo } from './GatewayInfo'
 import type { IpHostname } from './IpHostname'
 
 export type HostnameInfo = {
-  kind: 'ip'
   gateway: GatewayInfo
   public: boolean
   hostname: IpHostname
diff --git a/sdk/base/lib/util/getServiceInterface.ts b/sdk/base/lib/util/getServiceInterface.ts
index d0f5fe6d5..cc80e3aec 100644
--- a/sdk/base/lib/util/getServiceInterface.ts
+++ b/sdk/base/lib/util/getServiceInterface.ts
@@ -43,19 +43,19 @@ type VisibilityFilter<V extends 'public' | 'private'> = V extends 'public'
     : never
 type KindFilter<K extends FilterKinds> = K extends 'mdns'
   ?
-      | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'local' } })
+      | (HostnameInfo & { hostname: { kind: 'local' } })
       | KindFilter<Exclude<K, 'mdns'>>
   : K extends 'domain'
     ?
-        | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'domain' } })
+        | (HostnameInfo & { hostname: { kind: 'domain' } })
         | KindFilter<Exclude<K, 'domain'>>
     : K extends 'ipv4'
       ?
-          | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'ipv4' } })
+          | (HostnameInfo & { hostname: { kind: 'ipv4' } })
           | KindFilter<Exclude<K, 'ipv4'>>
       : K extends 'ipv6'
         ?
-            | (HostnameInfo & { kind: 'ip'; hostname: { kind: 'ipv6' } })
+            | (HostnameInfo & { hostname: { kind: 'ipv6' } })
             | KindFilter<Exclude<K, 'ipv6'>>
         : K extends 'ip'
           ? KindFilter<Exclude<K, 'ip'> | 'ipv4' | 'ipv6'>
@@ -154,16 +154,14 @@ export const addressHostToUrl = (
       scheme in knownProtocols &&
       port === knownProtocols[scheme as keyof typeof knownProtocols].defaultPort
     let hostname
-    if (host.kind === 'ip') {
-      if (host.hostname.kind === 'domain') {
-        hostname = host.hostname.value
-      } else if (host.hostname.kind === 'ipv6') {
-        hostname = IPV6_LINK_LOCAL.contains(host.hostname.value)
-          ? `[${host.hostname.value}%${host.hostname.scopeId}]`
-          : `[${host.hostname.value}]`
-      } else {
-        hostname = host.hostname.value
-      }
+    if (host.hostname.kind === 'domain') {
+      hostname = host.hostname.value
+    } else if (host.hostname.kind === 'ipv6') {
+      hostname = IPV6_LINK_LOCAL.contains(host.hostname.value)
+        ? `[${host.hostname.value}%${host.hostname.scopeId}]`
+        : `[${host.hostname.value}]`
+    } else {
+      hostname = host.hostname.value
     }
     return `${scheme ? `${scheme}://` : ''}${
       username ? `${username}@` : ''
@@ -205,16 +203,13 @@ function filterRec(
     hostnames = hostnames.filter(
       (h) =>
         invert !==
-        ((kind.has('mdns') && h.kind === 'ip' && h.hostname.kind === 'local') ||
-          (kind.has('domain') &&
-            h.kind === 'ip' &&
-            h.hostname.kind === 'domain') ||
-          (kind.has('ipv4') && h.kind === 'ip' && h.hostname.kind === 'ipv4') ||
-          (kind.has('ipv6') && h.kind === 'ip' && h.hostname.kind === 'ipv6') ||
+        ((kind.has('mdns') && h.hostname.kind === 'local') ||
+          (kind.has('domain') && h.hostname.kind === 'domain') ||
+          (kind.has('ipv4') && h.hostname.kind === 'ipv4') ||
+          (kind.has('ipv6') && h.hostname.kind === 'ipv6') ||
           (kind.has('localhost') &&
             ['localhost', '127.0.0.1', '::1'].includes(h.hostname.value)) ||
           (kind.has('link-local') &&
-            h.kind === 'ip' &&
             h.hostname.kind === 'ipv6' &&
             IPV6_LINK_LOCAL.contains(IpAddress.parse(h.hostname.value)))),
     )
diff --git a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
index 218e4d7f3..21bc013b7 100644
--- a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
+++ b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
@@ -27,9 +27,9 @@ function cmpWithRankedPredicates<T extends AddressWithInfo>(
   return 0
 }
 
-type LanAddress = AddressWithInfo & { info: { kind: 'ip'; public: false } }
+type LanAddress = AddressWithInfo & { info: { public: false } }
 function filterLan(a: AddressWithInfo): a is LanAddress {
-  return a.info.kind === 'ip' && !a.info.public
+  return !a.info.public
 }
 function cmpLan(host: T.Host, a: LanAddress, b: LanAddress): -1 | 0 | 1 {
   return cmpWithRankedPredicates(a, b, [
@@ -45,15 +45,12 @@ function cmpLan(host: T.Host, a: LanAddress, b: LanAddress): -1 | 0 | 1 {
 
 type VpnAddress = AddressWithInfo & {
   info: {
-    kind: 'ip'
     public: false
     hostname: { kind: 'ipv4' | 'ipv6' | 'domain' }
   }
 }
 function filterVpn(a: AddressWithInfo): a is VpnAddress {
-  return (
-    a.info.kind === 'ip' && !a.info.public && a.info.hostname.kind !== 'local'
-  )
+  return !a.info.public && a.info.hostname.kind !== 'local'
 }
 function cmpVpn(host: T.Host, a: VpnAddress, b: VpnAddress): -1 | 0 | 1 {
   return cmpWithRankedPredicates(a, b, [
@@ -68,13 +65,12 @@ function cmpVpn(host: T.Host, a: VpnAddress, b: VpnAddress): -1 | 0 | 1 {
 
 type ClearnetAddress = AddressWithInfo & {
   info: {
-    kind: 'ip'
     public: true
     hostname: { kind: 'ipv4' | 'ipv6' | 'domain' }
   }
 }
 function filterClearnet(a: AddressWithInfo): a is ClearnetAddress {
-  return a.info.kind === 'ip' && a.info.public
+  return a.info.public
 }
 function cmpClearnet(
   host: T.Host,
@@ -134,10 +130,7 @@ export class InterfaceService {
           h,
         )
         const info = h
-        const gateway =
-          h.kind === 'ip'
-            ? gateways.find(g => h.gateway.id === g.id)
-            : undefined
+        const gateway = gateways.find(g => h.gateway.id === g.id)
         const res = []
         if (url) {
           res.push({
@@ -266,10 +259,9 @@ export class InterfaceService {
         h =>
           this.config.accessType === 'localhost' ||
           !(
-            h.kind === 'ip' &&
-            ((h.hostname.kind === 'ipv6' &&
+            (h.hostname.kind === 'ipv6' &&
               utils.IPV6_LINK_LOCAL.contains(h.hostname.value)) ||
-              h.gateway.id === 'lo')
+              h.gateway.id === 'lo'
           ),
       ) || []
     )

From e1915bf497f9f351f96d6c4e7d98d62ce72acb56 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Tue, 10 Feb 2026 13:38:40 -0700
Subject: [PATCH 07/17] chore: format RPCSpec.md markdown table

---
 container-runtime/RPCSpec.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/container-runtime/RPCSpec.md b/container-runtime/RPCSpec.md
index 7c43467ba..57ff31348 100644
--- a/container-runtime/RPCSpec.md
+++ b/container-runtime/RPCSpec.md
@@ -139,8 +139,8 @@ Evaluate a script in the runtime context. Used for debugging.
 
 The `execute` and `sandbox` methods route to procedures based on the `procedure` path:
 
-| Procedure | Description |
-|-----------|-------------|
-| `/backup/create` | Create a backup |
+| Procedure                  | Description                  |
+| -------------------------- | ---------------------------- |
+| `/backup/create`           | Create a backup              |
 | `/actions/{name}/getInput` | Get input spec for an action |
-| `/actions/{name}/run` | Run an action with input |
+| `/actions/{name}/run`      | Run an action with input     |

From 73274ef6e05e2afffb1528b05fcc5d432b8ad996 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Tue, 10 Feb 2026 14:45:50 -0700
Subject: [PATCH 08/17] docs: update TODO.md with DerivedAddressInfo design,
 remove completed tor task

---
 agents/TODO.md | 96 +++++++++++++++++++++-----------------------------
 1 file changed, 41 insertions(+), 55 deletions(-)

diff --git a/agents/TODO.md b/agents/TODO.md
index e38dbdec4..34adf08c6 100644
--- a/agents/TODO.md
+++ b/agents/TODO.md
@@ -65,8 +65,26 @@ Pending tasks for AI agents. Remove items when completed.
   `InterfaceFilter` impl on `NetInfo` use these sets. This model is unintuitive because users think in
   terms of individual addresses, not gateways.
 
-  **New model**: Per-address enable/disable. Each computed address in `hostname_info` gets an `enabled`
-  field. Users toggle individual addresses on the View page (see Section 6).
+  **New model**: Per-address enable/disable using `DerivedAddressInfo` on `BindInfo`. Instead of
+  gateway-level toggles, users toggle individual addresses. The `hostnameInfo` field moves from `Host`
+  to `BindInfo.addresses` (as the computed `possible` set).
+
+  **`DerivedAddressInfo` struct** (added to `BindInfo`):
+
+  ```rust
+  pub struct DerivedAddressInfo {
+      /// User-controlled: private-gateway addresses the user has disabled
+      pub private_disabled: BTreeSet<HostnameInfo>,
+      /// User-controlled: public-gateway addresses the user has enabled
+      pub public_enabled: BTreeSet<HostnameInfo>,
+      /// COMPUTED by update(): all possible addresses for this binding
+      pub possible: BTreeSet<HostnameInfo>,
+  }
+  ```
+
+  `DerivedAddressInfo::enabled()` returns `possible` filtered by the two sets: private addresses are
+  enabled by default (disabled if in `private_disabled`), public addresses are disabled by default
+  (enabled if in `public_enabled`). Requires `HostnameInfo` to derive `Ord` for `BTreeSet` usage.
 
   **How disabling works per address type**:
 
@@ -86,24 +104,20 @@ Pending tasks for AI agents. Remove items when completed.
     entry** for that hostname. Since hostname-based routing uses SNI (SSL) or Host header (HTTP),
     removing the entry means the hostname simply doesn't resolve to a backend. No traffic reaches
     the service for that hostname.
-  - **Onion addresses**: Disabled by **not creating the Tor hidden service mapping**. The Tor
-    daemon won't advertise the onion:port, so no traffic arrives.
 
   **Backend changes**:
 
   - **Remove from `NetInfo`**: Delete the `private_disabled` and `public_enabled` fields entirely.
-  - **Add to `NetInfo`**: A `disabled` set containing identifiers for addresses the user has explicitly
-    disabled. The identifier must be stable across network changes — e.g., `(gateway_id, hostname_kind)`
-    for IP/Local addresses, `(gateway_id, domain_value)` for domain addresses, or `onion_value` for
-    onion addresses. Exact format TBD at implementation time.
+    `NetInfo` becomes just `{ assigned_port: Option<u16>, assigned_ssl_port: Option<u16> }`.
+  - **Add `addresses: DerivedAddressInfo` to `BindInfo`**: User-controlled sets (`private_disabled`,
+    `public_enabled`) are preserved across updates; `possible` is recomputed by `update()`.
+  - **Remove `hostname_info` from `Host`**: Computed addresses now live in `BindInfo.addresses.possible`
+    instead of being a top-level field on `Host` that was never persisted to the DB.
   - **Default behavior preserved**: Private-gateway addresses default to enabled, public-gateway
-    addresses default to disabled. An address is enabled if it's not in the `disabled` set AND either
-    (a) the gateway is private, or (b) the user has explicitly enabled it.
-  - **Add `enabled` field to `HostnameInfo`**: The computed `hostname_info` output should include
-    whether each address is enabled, derived from the `disabled` set during `NetServiceData::update()`.
+    addresses default to disabled, via the `enabled()` method on `DerivedAddressInfo`.
   - **Remove `set-gateway-enabled`** RPC endpoint from `binding.rs`.
   - **Remove `InterfaceFilter` impl for `NetInfo`**: The per-gateway filter logic is replaced by
-    per-address filtering in `update()`.
+    per-address filtering derived from `DerivedAddressInfo`.
 
   **New RPC endpoint** (`binding.rs`):
 
@@ -114,12 +128,15 @@ Pending tasks for AI agents. Remove items when completed.
     ```ts
     interface BindingSetAddressEnabledParams {
       internalPort: number
-      addressId: AddressId   // identifies a specific HostnameInfo entry
-      enabled: boolean
+      address: HostnameInfo   // identifies the address directly (no separate AddressId type needed)
+      enabled: boolean | null // null = reset to default
     }
     ```
 
-    Mutates `NetInfo.disabled` and syncs the host. Uses `sync_db` metadata.
+    Mutates `BindInfo.addresses.private_disabled` / `.public_enabled` based on the address's `public`
+    field. If `public == true` and enabled, add to `public_enabled`; if disabled, remove. If
+    `public == false` and enabled, remove from `private_disabled`; if disabled, add. Uses `sync_db`
+    metadata.
 
     This yields two RPC methods:
     - `server.host.binding.set-address-enabled`
@@ -183,16 +200,15 @@ Pending tasks for AI agents. Remove items when completed.
   #### 6. Frontend: Interfaces Page Overhaul (View/Manage Split)
 
   The current interfaces page is a single page showing gateways (with toggle), addresses, public
-  domains, Tor domains, and private domains. It gets split into two pages: **View** and **Manage**.
+  domains, and private domains. It gets split into two pages: **View** and **Manage**.
 
   **SDK**: `preferredExternalPort` is already exposed. No additional SDK changes needed.
 
   ##### View Page
 
   Displays all computed addresses for the interface (from `hostname_info`) as a flat list. For each
-  address, show: URL, type (IPv4, IPv6, .local, domain, onion), access level (public/private),
-  gateway name, SSL indicator (especially relevant for onion addresses which may have both SSL and
-  non-SSL entries), enable/disable state, port forward info for public addresses, and a test button
+  address, show: URL, type (IPv4, IPv6, .local, domain), access level (public/private),
+  gateway name, SSL indicator, enable/disable state, port forward info for public addresses, and a test button
   for reachability (see Section 7).
 
   No gateway-level toggles. The old `gateways.component.ts` toggle UI is removed.
@@ -202,7 +218,7 @@ Pending tasks for AI agents. Remove items when completed.
 
   ##### Manage Page
 
-  Simple CRUD interface for configuring which addresses exist. Three sections:
+  Simple CRUD interface for configuring which addresses exist. Two sections:
 
   - **Public domains**: Add/remove. Uses existing RPC endpoints:
     - `{server,package}.host.address.domain.public.add`
@@ -210,9 +226,6 @@ Pending tasks for AI agents. Remove items when completed.
   - **Private domains**: Add/remove. Uses existing RPC endpoints:
     - `{server,package}.host.address.domain.private.add`
     - `{server,package}.host.address.domain.private.remove`
-  - **Onion addresses**: Add/remove. Uses existing RPC endpoints:
-    - `{server,package}.host.address.onion.add`
-    - `{server,package}.host.address.onion.remove`
 
   ##### Key Frontend Files to Modify
 
@@ -220,7 +233,7 @@ Pending tasks for AI agents. Remove items when completed.
   |------|--------|
   | `web/projects/ui/src/app/routes/portal/components/interfaces/` | Overhaul: split into view/manage |
   | `web/projects/ui/src/app/routes/portal/components/interfaces/gateways.component.ts` | Remove (replaced by per-address toggles on View page) |
-  | `web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts` | Update `MappedServiceInterface` to use `enabled` field from `HostnameInfo` |
+  | `web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts` | Update `MappedServiceInterface` to compute enabled addresses from `DerivedAddressInfo` |
   | `web/projects/ui/src/app/routes/portal/components/interfaces/addresses/` | Refactor for View page with overflow menu (enable/disable) and test buttons |
   | `web/projects/ui/src/app/routes/portal/routes/services/services.routes.ts` | Add routes for view/manage sub-pages |
   | `web/projects/ui/src/app/routes/portal/routes/system/system.routes.ts` | Add routes for view/manage sub-pages |
@@ -237,7 +250,7 @@ Pending tasks for AI agents. Remove items when completed.
     ```ts
     interface BindingTestAddressParams {
       internalPort: number
-      addressId: AddressId
+      address: HostnameInfo
     }
     ```
 
@@ -270,42 +283,15 @@ Pending tasks for AI agents. Remove items when completed.
   | File | Role |
   |------|------|
   | `core/src/net/forward.rs` | `AvailablePorts` — port pool allocation |
-  | `core/src/net/host/binding.rs` | `BindInfo`/`NetInfo` — remove gateway overrides, add per-address disable set, new RPC endpoints |
+  | `core/src/net/host/binding.rs` | `BindInfo`/`NetInfo`/`DerivedAddressInfo` — remove gateway overrides, add per-address enable/disable sets, new RPC endpoints |
   | `core/src/net/net_controller.rs:259` | `NetServiceData::update()` — compute `enabled` on `HostnameInfo`, vhost/forward/DNS reconciliation, 5443 hack removal |
   | `core/src/net/vhost.rs` | `VHostController` / `ProxyTarget` — source-IP gating for public/private |
   | `core/src/net/gateway.rs` | `InterfaceFilter` — remove `NetInfo` impl, simplify |
-  | `core/src/net/service_interface.rs` | `HostnameInfo` — add `enabled` field |
+  | `core/src/net/service_interface.rs` | `HostnameInfo` — add `Ord` derives for use in `BTreeSet` |
   | `core/src/net/host/address.rs` | Existing domain/onion CRUD endpoints (no changes needed) |
   | `sdk/base/lib/interfaces/Host.ts` | SDK `MultiHost.bindPort()` — no changes needed |
   | `core/src/db/model/public.rs` | Public DB model — port forward mapping |
 
-- [ ] Remove Tor from StartOS core - @dr-bonez
-
-  **Goal**: Remove all built-in Tor functionality from StartOS. Tor will now be provided by a service
-  running on StartOS rather than being integrated into the core OS.
-
-  **Scope**: Remove the Arti-based Tor client, onion address management in the networking stack, Tor
-  hidden service creation in the vhost/net controller layers, and any Tor-specific configuration in the
-  database models. The core should no longer start, manage, or depend on a Tor daemon.
-
-  **Key areas to modify**:
-
-  | Area | Change |
-  |------|--------|
-  | `core/src/net/tor/` | Remove the Tor module entirely (Arti client, hidden service management) |
-  | `core/src/net/net_controller.rs` | Remove Tor hidden service creation/teardown in `update()` |
-  | `core/src/net/host/address.rs` | Remove onion address CRUD RPC endpoints (`address.onion.add`, `address.onion.remove`) |
-  | `core/src/net/host/binding.rs` | Remove onion-related fields from `NetInfo` |
-  | `core/src/net/service_interface.rs` | Remove onion-related variants from `HostnameInfo` |
-  | `core/src/db/model/` | Remove Tor/onion fields from public and private DB models |
-  | `sdk/base/lib/interfaces/Host.ts` | Remove onion-related types and options from the SDK |
-  | `web/projects/ui/` | Remove onion address UI from interfaces pages |
-  | `Cargo.toml` / dependencies | Remove Arti and related Tor crate dependencies |
-
-  **Migration**: Existing onion address data in the database should be cleaned up during migration.
-  Services that previously relied on the OS-provided Tor integration will need to use the new Tor
-  service instead (service-level integration is out of scope for this task).
-
 - [ ] Auto-configure port forwards via UPnP/NAT-PMP/PCP - @dr-bonez
 
   **Blocked by**: "Support preferred external ports besides 443" (must be implemented and tested

From 4e638fb58e1dc0727f930e08309501e899dabd8f Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Tue, 10 Feb 2026 17:38:51 -0700
Subject: [PATCH 09/17] feat: implement preferred port allocation and
 per-address enable/disable

- Add AvailablePorts::try_alloc() with SSL tracking (BTreeMap<u16, bool>)
- Add DerivedAddressInfo on BindInfo with private_disabled/public_enabled/possible sets
- Add Bindings wrapper with Map impl for patchdb indexed access
- Flatten HostAddress from single-variant enum to struct
- Replace set-gateway-enabled RPC with set-address-enabled
- Remove hostname_info from Host; computed addresses now in BindInfo.addresses.possible
- Compute possible addresses inline in NetServiceData::update()
- Update DB migration, SDK types, frontend, and container-runtime
---
 CLAUDE.md                                     |  18 +
 agents/TODO.md                                | 123 +---
 .../DockerProcedureContainer.ts               |  13 +-
 .../Systems/SystemForEmbassy/index.ts         |   4 +-
 core/src/db/model/public.rs                   |  54 +-
 core/src/net/forward.rs                       |  48 +-
 core/src/net/gateway.rs                       |  12 +-
 core/src/net/host/address.rs                  |  49 +-
 core/src/net/host/binding.rs                  | 193 ++++--
 core/src/net/host/mod.rs                      |  11 +-
 core/src/net/net_controller.rs                | 618 +++++++++---------
 core/src/net/service_interface.rs             |   6 +-
 core/src/net/tunnel.rs                        |   8 +-
 core/src/service/effects/net/ssl.rs           |   8 +-
 core/src/version/v0_4_0_alpha_20.rs           |  89 +--
 sdk/base/lib/osBindings/BindInfo.ts           |   8 +-
 ...s.ts => BindingSetAddressEnabledParams.ts} |   5 +-
 sdk/base/lib/osBindings/Bindings.ts           |   4 +
 sdk/base/lib/osBindings/DerivedAddressInfo.ts |  17 +
 sdk/base/lib/osBindings/Host.ts               |   9 +-
 sdk/base/lib/osBindings/NetInfo.ts            |   3 -
 sdk/base/lib/osBindings/index.ts              |   4 +-
 sdk/base/lib/util/getServiceInterface.ts      |  19 +-
 .../interfaces/gateways.component.ts          |  30 +-
 .../interfaces/interface.service.ts           |  29 +-
 .../services/routes/interface.component.ts    |   4 +-
 .../routes/startos-ui/startos-ui.component.ts |   4 +-
 .../ui/src/app/services/api/api.fixures.ts    | 156 +++--
 .../ui/src/app/services/api/api.types.ts      |  18 +-
 .../app/services/api/embassy-api.service.ts   |  12 +-
 .../services/api/embassy-live-api.service.ts  |  16 +-
 .../services/api/embassy-mock-api.service.ts  |  60 +-
 .../ui/src/app/services/api/mock-patch.ts     | 296 ++++-----
 33 files changed, 996 insertions(+), 952 deletions(-)
 rename sdk/base/lib/osBindings/{BindingGatewaySetEnabledParams.ts => BindingSetAddressEnabledParams.ts} (58%)
 create mode 100644 sdk/base/lib/osBindings/Bindings.ts
 create mode 100644 sdk/base/lib/osBindings/DerivedAddressInfo.ts

diff --git a/CLAUDE.md b/CLAUDE.md
index 22d94db31..2ed0a6368 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -29,6 +29,24 @@ make update-startbox REMOTE=start9@<ip>   # Fastest iteration (binary + UI)
 make test-core                            # Run Rust tests
 ```
 
+### Verifying code changes
+
+When making changes across multiple layers (Rust, SDK, web, container-runtime), verify in this order:
+
+1. **Rust**: `cargo check -p start-os` — verifies core compiles
+2. **TS bindings**: `make ts-bindings` — regenerates TypeScript types from Rust `#[ts(export)]` structs
+   - Runs `./core/build/build-ts.sh` to export ts-rs types to `core/bindings/`
+   - Syncs `core/bindings/` → `sdk/base/lib/osBindings/` via rsync
+   - If you manually edit files in `sdk/base/lib/osBindings/`, you must still rebuild the SDK (step 3)
+3. **SDK bundle**: `cd sdk && make baseDist dist` — compiles SDK source into packages
+   - `baseDist/` is consumed by `/web` (via `@start9labs/start-sdk-base`)
+   - `dist/` is consumed by `/container-runtime` (via `@start9labs/start-sdk`)
+   - Web and container-runtime reference the **built** SDK, not source files
+4. **Web type check**: `cd web && npm run check` — type-checks all Angular projects
+5. **Container runtime type check**: `cd container-runtime && npm run check` — type-checks the runtime
+
+**Important**: Editing `sdk/base/lib/osBindings/*.ts` alone is NOT sufficient — you must rebuild the SDK bundle (step 3) before web/container-runtime can see the changes.
+
 ## Architecture
 
 ### Core (`/core`)
diff --git a/agents/TODO.md b/agents/TODO.md
index 34adf08c6..cabae12fb 100644
--- a/agents/TODO.md
+++ b/agents/TODO.md
@@ -33,114 +33,39 @@ Pending tasks for AI agents. Remove items when completed.
   `preferred_external_port: 443` won't get 443 as its `assigned_ssl_port` (it's taken), but it CAN
   still have domain vhost entries on port 443 — SNI routes by hostname.
 
-  #### 1. Preferred Port Allocation for Ownership (`forward.rs`, `binding.rs`)
+  #### 1. Preferred Port Allocation for Ownership ✅ DONE
 
-  Expand `AvailablePorts` to support trying a preferred port before falling back to the dynamic range:
+  `AvailablePorts::try_alloc(port) -> Option<u16>` added to `forward.rs`. `BindInfo::new()` and
+  `BindInfo::update()` attempt the preferred port first, falling back to dynamic-range allocation.
 
-  - Add `try_alloc(port) -> Option<u16>`: Attempts to exclusively allocate a specific port. Returns
-    `None` if the port is already allocated or restricted.
-  - Enforce the restricted port list (currently noted in `vhost.rs:89`: `<=1024, >=32768, 5355, 5432,
-    9050, 6010, 9051, 5353`) — skip the preferred port if restricted, except for ports the OS itself
-    uses (80, 443).
-  - No SSL-vs-non-SSL distinction or refcounting needed at this layer — ownership is always exclusive.
-    SSL port sharing for domains is handled entirely by the VHostController via SNI.
+  #### 2. Per-Address Enable/Disable ✅ DONE
 
-  Modify `BindInfo::new()` and `BindInfo::update()` to attempt the preferred port first:
+  Gateway-level `private_disabled`/`public_enabled` on `NetInfo` replaced with per-address
+  `DerivedAddressInfo` on `BindInfo`. `hostname_info` removed from `Host` — computed addresses now
+  live in `BindInfo.addresses.possible`.
 
-  ```
-  assigned_ssl_port = try_alloc(ssl.preferred_external_port)
-                      .unwrap_or(dynamic_pool.alloc())
-  assigned_port     = try_alloc(options.preferred_external_port)
-                      .unwrap_or(dynamic_pool.alloc())
-  ```
-
-  After this change, `assigned_ssl_port` may match the preferred port if it was available, or fall back
-  to the dynamic range as before.
-
-  #### 2. Per-Address Enable/Disable (replaces gateway overrides)
-
-  **Current model being removed**: `NetInfo` has `private_disabled: OrdSet<GatewayId>` and
-  `public_enabled: OrdSet<GatewayId>` — gateway-level toggles where private gateways are enabled by
-  default and public gateways are disabled by default. The `set-gateway-enabled` RPC endpoint and the
-  `InterfaceFilter` impl on `NetInfo` use these sets. This model is unintuitive because users think in
-  terms of individual addresses, not gateways.
-
-  **New model**: Per-address enable/disable using `DerivedAddressInfo` on `BindInfo`. Instead of
-  gateway-level toggles, users toggle individual addresses. The `hostnameInfo` field moves from `Host`
-  to `BindInfo.addresses` (as the computed `possible` set).
-
-  **`DerivedAddressInfo` struct** (added to `BindInfo`):
+  **`DerivedAddressInfo` struct** (on `BindInfo`):
 
   ```rust
   pub struct DerivedAddressInfo {
-      /// User-controlled: private-gateway addresses the user has disabled
       pub private_disabled: BTreeSet<HostnameInfo>,
-      /// User-controlled: public-gateway addresses the user has enabled
       pub public_enabled: BTreeSet<HostnameInfo>,
-      /// COMPUTED by update(): all possible addresses for this binding
-      pub possible: BTreeSet<HostnameInfo>,
+      pub possible: BTreeSet<HostnameInfo>,  // COMPUTED by update()
   }
   ```
 
-  `DerivedAddressInfo::enabled()` returns `possible` filtered by the two sets: private addresses are
-  enabled by default (disabled if in `private_disabled`), public addresses are disabled by default
-  (enabled if in `public_enabled`). Requires `HostnameInfo` to derive `Ord` for `BTreeSet` usage.
+  `DerivedAddressInfo::enabled()` returns `possible` filtered by the two sets. `HostnameInfo` derives
+  `Ord` for `BTreeSet` usage. `AddressFilter` (implementing `InterfaceFilter`) derives enabled
+  gateway set from `DerivedAddressInfo` for vhost/forward filtering.
 
-  **How disabling works per address type**:
+  **RPC endpoint**: `set-gateway-enabled` replaced with `set-address-enabled` (on both
+  `server.host.binding` and `package.host.binding`).
 
-  The enforcement mechanism varies by address type because different addresses are reached through
-  different network paths:
+  **How disabling works per address type** (enforcement deferred to Section 3):
 
-  - **WAN IP:port** (public gateway IP addresses): Disabled via **source-IP gating** in the vhost
-    layer (Section 3). Public and private traffic share the same port listener, so we can't just
-    remove the vhost entry — that would also block private traffic. Instead, the vhost target is
-    tagged with which source-IP classes it accepts. When a WAN IP address is disabled, the vhost
-    target rejects connections whose source IP matches the gateway (i.e., NAT'd internet traffic)
-    or falls outside the gateway's LAN subnets. LAN traffic to the same port is unaffected.
-  - **LAN IP:port** (private gateway IP addresses): Also enforced via **source-IP gating**. When
-    disabled, the vhost target rejects connections from LAN subnets on that gateway. This is the
-    inverse of the WAN case — same mechanism, different source-IP class.
+  - **WAN/LAN IP:port**: Will be enforced via **source-IP gating** in the vhost layer (Section 3).
   - **Hostname-based addresses** (`.local`, domains): Disabled by **not creating the vhost/SNI
-    entry** for that hostname. Since hostname-based routing uses SNI (SSL) or Host header (HTTP),
-    removing the entry means the hostname simply doesn't resolve to a backend. No traffic reaches
-    the service for that hostname.
-
-  **Backend changes**:
-
-  - **Remove from `NetInfo`**: Delete the `private_disabled` and `public_enabled` fields entirely.
-    `NetInfo` becomes just `{ assigned_port: Option<u16>, assigned_ssl_port: Option<u16> }`.
-  - **Add `addresses: DerivedAddressInfo` to `BindInfo`**: User-controlled sets (`private_disabled`,
-    `public_enabled`) are preserved across updates; `possible` is recomputed by `update()`.
-  - **Remove `hostname_info` from `Host`**: Computed addresses now live in `BindInfo.addresses.possible`
-    instead of being a top-level field on `Host` that was never persisted to the DB.
-  - **Default behavior preserved**: Private-gateway addresses default to enabled, public-gateway
-    addresses default to disabled, via the `enabled()` method on `DerivedAddressInfo`.
-  - **Remove `set-gateway-enabled`** RPC endpoint from `binding.rs`.
-  - **Remove `InterfaceFilter` impl for `NetInfo`**: The per-gateway filter logic is replaced by
-    per-address filtering derived from `DerivedAddressInfo`.
-
-  **New RPC endpoint** (`binding.rs`):
-
-  Following the existing `HostApiKind` pattern, replace `set-gateway-enabled` with:
-
-  - **`set-address-enabled`** — Toggle an individual address on or off.
-
-    ```ts
-    interface BindingSetAddressEnabledParams {
-      internalPort: number
-      address: HostnameInfo   // identifies the address directly (no separate AddressId type needed)
-      enabled: boolean | null // null = reset to default
-    }
-    ```
-
-    Mutates `BindInfo.addresses.private_disabled` / `.public_enabled` based on the address's `public`
-    field. If `public == true` and enabled, add to `public_enabled`; if disabled, remove. If
-    `public == false` and enabled, remove from `private_disabled`; if disabled, add. Uses `sync_db`
-    metadata.
-
-    This yields two RPC methods:
-    - `server.host.binding.set-address-enabled`
-    - `package.host.binding.set-address-enabled`
+    entry** for that hostname.
 
   #### 3. Eliminate the Port 5443 Hack: Source-IP-Based WAN Blocking (`vhost.rs`, `net_controller.rs`)
 
@@ -206,7 +131,7 @@ Pending tasks for AI agents. Remove items when completed.
 
   ##### View Page
 
-  Displays all computed addresses for the interface (from `hostname_info`) as a flat list. For each
+  Displays all computed addresses for the interface (from `BindInfo.addresses`) as a flat list. For each
   address, show: URL, type (IPv4, IPv6, .local, domain), access level (public/private),
   gateway name, SSL indicator, enable/disable state, port forward info for public addresses, and a test button
   for reachability (see Section 7).
@@ -282,13 +207,13 @@ Pending tasks for AI agents. Remove items when completed.
 
   | File | Role |
   |------|------|
-  | `core/src/net/forward.rs` | `AvailablePorts` — port pool allocation |
-  | `core/src/net/host/binding.rs` | `BindInfo`/`NetInfo`/`DerivedAddressInfo` — remove gateway overrides, add per-address enable/disable sets, new RPC endpoints |
-  | `core/src/net/net_controller.rs:259` | `NetServiceData::update()` — compute `enabled` on `HostnameInfo`, vhost/forward/DNS reconciliation, 5443 hack removal |
+  | `core/src/net/forward.rs` | `AvailablePorts` — port pool allocation, `try_alloc()` for preferred ports |
+  | `core/src/net/host/binding.rs` | `Bindings` (Map wrapper for patchdb), `BindInfo`/`NetInfo`/`DerivedAddressInfo`/`AddressFilter` — per-address enable/disable, `set-address-enabled` RPC |
+  | `core/src/net/net_controller.rs:259` | `NetServiceData::update()` — computes `DerivedAddressInfo.possible`, vhost/forward/DNS reconciliation, 5443 hack removal |
   | `core/src/net/vhost.rs` | `VHostController` / `ProxyTarget` — source-IP gating for public/private |
-  | `core/src/net/gateway.rs` | `InterfaceFilter` — remove `NetInfo` impl, simplify |
-  | `core/src/net/service_interface.rs` | `HostnameInfo` — add `Ord` derives for use in `BTreeSet` |
-  | `core/src/net/host/address.rs` | Existing domain/onion CRUD endpoints (no changes needed) |
+  | `core/src/net/gateway.rs` | `InterfaceFilter` trait and filter types (`AddressFilter`, `PublicFilter`, etc.) |
+  | `core/src/net/service_interface.rs` | `HostnameInfo` — derives `Ord` for `BTreeSet` usage |
+  | `core/src/net/host/address.rs` | `HostAddress` (flattened struct), domain CRUD endpoints |
   | `sdk/base/lib/interfaces/Host.ts` | SDK `MultiHost.bindPort()` — no changes needed |
   | `core/src/db/model/public.rs` | Public DB model — port forward mapping |
 
diff --git a/container-runtime/src/Adapters/Systems/SystemForEmbassy/DockerProcedureContainer.ts b/container-runtime/src/Adapters/Systems/SystemForEmbassy/DockerProcedureContainer.ts
index b6fd6f033..1a8975317 100644
--- a/container-runtime/src/Adapters/Systems/SystemForEmbassy/DockerProcedureContainer.ts
+++ b/container-runtime/src/Adapters/Systems/SystemForEmbassy/DockerProcedureContainer.ts
@@ -82,17 +82,14 @@ export class DockerProcedureContainer extends Drop {
             }),
           )
         } else if (volumeMount.type === "certificate") {
+          const hostInfo = await effects.getHostInfo({
+            hostId: volumeMount["interface-id"],
+          })
           const hostnames = [
             `${packageId}.embassy`,
             ...new Set(
-              Object.values(
-                (
-                  await effects.getHostInfo({
-                    hostId: volumeMount["interface-id"],
-                  })
-                )?.hostnameInfo || {},
-              )
-                .flatMap((h) => h)
+              Object.values(hostInfo?.bindings || {})
+                .flatMap((b) => b.addresses.possible)
                 .map((h) => h.hostname.value),
             ).values(),
           ]
diff --git a/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts b/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts
index 82dc037f9..cb7585ac9 100644
--- a/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts
+++ b/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts
@@ -1244,8 +1244,8 @@ async function updateConfig(
             ? ""
             : catchFn(
                 () =>
-                  filled.addressInfo!.filter({ kind: "mdns" })!
-                    .hostnames[0].hostname.value,
+                  filled.addressInfo!.filter({ kind: "mdns" })!.hostnames[0]
+                    .hostname.value,
               ) || ""
         mutConfigValue[key] = url
       }
diff --git a/core/src/db/model/public.rs b/core/src/db/model/public.rs
index d038577a6..cd2dc2169 100644
--- a/core/src/db/model/public.rs
+++ b/core/src/db/model/public.rs
@@ -20,7 +20,7 @@ use crate::db::model::Database;
 use crate::db::model::package::AllPackageData;
 use crate::net::acme::AcmeProvider;
 use crate::net::host::Host;
-use crate::net::host::binding::{AddSslOptions, BindInfo, BindOptions, NetInfo};
+use crate::net::host::binding::{AddSslOptions, BindInfo, BindOptions, Bindings, DerivedAddressInfo, NetInfo};
 use crate::net::utils::ipv6_is_local;
 use crate::net::vhost::AlpnInfo;
 use crate::prelude::*;
@@ -63,35 +63,35 @@ impl Public {
                 post_init_migration_todos: BTreeMap::new(),
                 network: NetworkInfo {
                     host: Host {
-                        bindings: [(
-                            80,
-                            BindInfo {
-                                enabled: false,
-                                options: BindOptions {
-                                    preferred_external_port: 80,
-                                    add_ssl: Some(AddSslOptions {
-                                        preferred_external_port: 443,
-                                        add_x_forwarded_headers: false,
-                                        alpn: Some(AlpnInfo::Specified(vec![
-                                            MaybeUtf8String("h2".into()),
-                                            MaybeUtf8String("http/1.1".into()),
-                                        ])),
-                                    }),
-                                    secure: None,
+                        bindings: Bindings(
+                            [(
+                                80,
+                                BindInfo {
+                                    enabled: false,
+                                    options: BindOptions {
+                                        preferred_external_port: 80,
+                                        add_ssl: Some(AddSslOptions {
+                                            preferred_external_port: 443,
+                                            add_x_forwarded_headers: false,
+                                            alpn: Some(AlpnInfo::Specified(vec![
+                                                MaybeUtf8String("h2".into()),
+                                                MaybeUtf8String("http/1.1".into()),
+                                            ])),
+                                        }),
+                                        secure: None,
+                                    },
+                                    net: NetInfo {
+                                        assigned_port: None,
+                                        assigned_ssl_port: Some(443),
+                                    },
+                                    addresses: DerivedAddressInfo::default(),
                                 },
-                                net: NetInfo {
-                                    assigned_port: None,
-                                    assigned_ssl_port: Some(443),
-                                    private_disabled: OrdSet::new(),
-                                    public_enabled: OrdSet::new(),
-                                },
-                            },
-                        )]
-                        .into_iter()
-                        .collect(),
+                            )]
+                            .into_iter()
+                            .collect(),
+                        ),
                         public_domains: BTreeMap::new(),
                         private_domains: BTreeSet::new(),
-                        hostname_info: BTreeMap::new(),
                     },
                     wifi: WifiInfo {
                         enabled: true,
diff --git a/core/src/net/forward.rs b/core/src/net/forward.rs
index b18ed7f1b..7cf5e7985 100644
--- a/core/src/net/forward.rs
+++ b/core/src/net/forward.rs
@@ -4,8 +4,8 @@ use std::sync::{Arc, Weak};
 use std::time::Duration;
 
 use futures::channel::oneshot;
-use id_pool::IdPool;
 use iddqd::{IdOrdItem, IdOrdMap};
+use rand::Rng;
 use imbl::OrdMap;
 use rpc_toolkit::{Context, HandlerArgs, HandlerExt, ParentHandler, from_fn_async};
 use serde::{Deserialize, Serialize};
@@ -23,25 +23,49 @@ use crate::util::serde::{HandlerExtSerde, display_serializable};
 use crate::util::sync::Watch;
 
 pub const START9_BRIDGE_IFACE: &str = "lxcbr0";
-pub const FIRST_DYNAMIC_PRIVATE_PORT: u16 = 49152;
+const EPHEMERAL_PORT_START: u16 = 49152;
+// vhost.rs:89 — not allowed: <=1024, >=32768, 5355, 5432, 9050, 6010, 9051, 5353
+const RESTRICTED_PORTS: &[u16] = &[5353, 5355, 5432, 6010, 9050, 9051];
+
+fn is_restricted(port: u16) -> bool {
+    port <= 1024 || RESTRICTED_PORTS.contains(&port)
+}
 
 #[derive(Debug, Deserialize, Serialize)]
-pub struct AvailablePorts(IdPool);
+pub struct AvailablePorts(BTreeMap<u16, bool>);
 impl AvailablePorts {
     pub fn new() -> Self {
-        Self(IdPool::new_ranged(FIRST_DYNAMIC_PRIVATE_PORT..u16::MAX))
+        Self(BTreeMap::new())
     }
-    pub fn alloc(&mut self) -> Result<u16, Error> {
-        self.0.request_id().ok_or_else(|| {
-            Error::new(
-                eyre!("{}", t!("net.forward.no-dynamic-ports-available")),
-                ErrorKind::Network,
-            )
-        })
+    pub fn alloc(&mut self, ssl: bool) -> Result<u16, Error> {
+        let mut rng = rand::rng();
+        for _ in 0..1000 {
+            let port = rng.random_range(EPHEMERAL_PORT_START..u16::MAX);
+            if !self.0.contains_key(&port) {
+                self.0.insert(port, ssl);
+                return Ok(port);
+            }
+        }
+        Err(Error::new(
+            eyre!("{}", t!("net.forward.no-dynamic-ports-available")),
+            ErrorKind::Network,
+        ))
+    }
+    /// Try to allocate a specific port. Returns Some(port) if available, None if taken/restricted.
+    pub fn try_alloc(&mut self, port: u16, ssl: bool) -> Option<u16> {
+        if is_restricted(port) || self.0.contains_key(&port) {
+            return None;
+        }
+        self.0.insert(port, ssl);
+        Some(port)
+    }
+    /// Returns whether a given allocated port is SSL.
+    pub fn is_ssl(&self, port: u16) -> bool {
+        self.0.get(&port).copied().unwrap_or(false)
     }
     pub fn free(&mut self, ports: impl IntoIterator<Item = u16>) {
         for port in ports {
-            self.0.return_id(port).unwrap_or_default();
+            self.0.remove(&port);
         }
     }
 }
diff --git a/core/src/net/gateway.rs b/core/src/net/gateway.rs
index 6079efd76..688892f85 100644
--- a/core/src/net/gateway.rs
+++ b/core/src/net/gateway.rs
@@ -1685,19 +1685,9 @@ where
 
 #[test]
 fn test_filter() {
-    use crate::net::host::binding::NetInfo;
     let wg1 = "wg1".parse::<GatewayId>().unwrap();
     assert!(!InterfaceFilter::filter(
-        &AndFilter(
-            NetInfo {
-                private_disabled: [wg1.clone()].into_iter().collect(),
-                public_enabled: Default::default(),
-                assigned_port: None,
-                assigned_ssl_port: None,
-            },
-            AndFilter(IdFilter(wg1.clone()), PublicFilter { public: false }),
-        )
-        .into_dyn(),
+        &AndFilter(IdFilter(wg1.clone()), PublicFilter { public: false }).into_dyn(),
         &wg1,
         &NetworkInterfaceInfo {
             name: None,
diff --git a/core/src/net/host/address.rs b/core/src/net/host/address.rs
index 59f74fdb8..33c32073b 100644
--- a/core/src/net/host/address.rs
+++ b/core/src/net/host/address.rs
@@ -16,15 +16,11 @@ use crate::prelude::*;
 use crate::util::serde::{HandlerExtSerde, display_serializable};
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
-#[serde(rename_all = "kebab-case")]
-#[serde(rename_all_fields = "camelCase")]
-#[serde(tag = "kind")]
-pub enum HostAddress {
-    Domain {
-        address: InternedString,
-        public: Option<PublicDomainConfig>,
-        private: bool,
-    },
+#[serde(rename_all = "camelCase")]
+pub struct HostAddress {
+    pub address: InternedString,
+    pub public: Option<PublicDomainConfig>,
+    pub private: bool,
 }
 
 #[derive(Debug, Clone, Deserialize, Serialize, TS)]
@@ -151,29 +147,18 @@ pub fn address_api<C: Context, Kind: HostApiKind>()
 
                     let mut table = Table::new();
                     table.add_row(row![bc => "ADDRESS", "PUBLIC", "ACME PROVIDER"]);
-                    for address in &res {
-                        match address {
-                            HostAddress::Domain {
-                                address,
-                                public: Some(PublicDomainConfig { gateway, acme }),
-                                private,
-                            } => {
-                                table.add_row(row![
-                                    address,
-                                    &format!(
-                                        "{} ({gateway})",
-                                        if *private { "YES" } else { "ONLY" }
-                                    ),
-                                    acme.as_ref().map(|a| a.0.as_str()).unwrap_or("NONE")
-                                ]);
-                            }
-                            HostAddress::Domain {
-                                address,
-                                public: None,
-                                ..
-                            } => {
-                                table.add_row(row![address, &format!("NO"), "N/A"]);
-                            }
+                    for entry in &res {
+                        if let Some(PublicDomainConfig { gateway, acme }) = &entry.public {
+                            table.add_row(row![
+                                entry.address,
+                                &format!(
+                                    "{} ({gateway})",
+                                    if entry.private { "YES" } else { "ONLY" }
+                                ),
+                                acme.as_ref().map(|a| a.0.as_str()).unwrap_or("NONE")
+                            ]);
+                        } else {
+                            table.add_row(row![entry.address, &format!("NO"), "N/A"]);
                         }
                     }
 
diff --git a/core/src/net/host/binding.rs b/core/src/net/host/binding.rs
index 8862e2bda..3c78c4338 100644
--- a/core/src/net/host/binding.rs
+++ b/core/src/net/host/binding.rs
@@ -3,16 +3,17 @@ use std::str::FromStr;
 
 use clap::Parser;
 use clap::builder::ValueParserFactory;
-use imbl::OrdSet;
 use rpc_toolkit::{Context, Empty, HandlerArgs, HandlerExt, ParentHandler, from_fn_async};
 use serde::{Deserialize, Serialize};
 use ts_rs::TS;
 
 use crate::context::{CliContext, RpcContext};
 use crate::db::model::public::NetworkInterfaceInfo;
+use crate::db::prelude::Map;
 use crate::net::forward::AvailablePorts;
 use crate::net::gateway::InterfaceFilter;
 use crate::net::host::HostApiKind;
+use crate::net::service_interface::HostnameInfo;
 use crate::net::vhost::AlpnInfo;
 use crate::prelude::*;
 use crate::util::FromStrParser;
@@ -45,51 +46,137 @@ impl FromStr for BindId {
     }
 }
 
-#[derive(Debug, Deserialize, Serialize, TS)]
+#[derive(Debug, Default, Clone, Deserialize, Serialize, TS, HasModel)]
 #[serde(rename_all = "camelCase")]
 #[ts(export)]
+#[model = "Model<Self>"]
+pub struct DerivedAddressInfo {
+    /// User-controlled: private-gateway addresses the user has disabled
+    pub private_disabled: BTreeSet<HostnameInfo>,
+    /// User-controlled: public-gateway addresses the user has enabled
+    pub public_enabled: BTreeSet<HostnameInfo>,
+    /// COMPUTED: NetServiceData::update — all possible addresses for this binding
+    pub possible: BTreeSet<HostnameInfo>,
+}
+
+impl DerivedAddressInfo {
+    /// Returns addresses that are currently enabled.
+    /// Private addresses are enabled by default (disabled if in private_disabled).
+    /// Public addresses are disabled by default (enabled if in public_enabled).
+    pub fn enabled(&self) -> BTreeSet<&HostnameInfo> {
+        self.possible
+            .iter()
+            .filter(|h| {
+                if h.public {
+                    self.public_enabled.contains(h)
+                } else {
+                    !self.private_disabled.contains(h)
+                }
+            })
+            .collect()
+    }
+
+    /// Derive a gateway-level InterfaceFilter from the enabled addresses.
+    /// A gateway passes the filter if it has any enabled address for this binding.
+    pub fn gateway_filter(&self) -> AddressFilter {
+        let enabled_gateways: BTreeSet<GatewayId> = self
+            .enabled()
+            .into_iter()
+            .map(|h| h.gateway.id.clone())
+            .collect();
+        AddressFilter(enabled_gateways)
+    }
+}
+
+/// Gateway-level filter derived from DerivedAddressInfo.
+/// Passes if the gateway has at least one enabled address.
+#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
+pub struct AddressFilter(pub BTreeSet<GatewayId>);
+impl InterfaceFilter for AddressFilter {
+    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
+        info.ip_info.is_some() && self.0.contains(id)
+    }
+}
+
+#[derive(Debug, Default, Deserialize, Serialize, HasModel, TS)]
+#[model = "Model<Self>"]
+#[ts(export)]
+pub struct Bindings(pub BTreeMap<u16, BindInfo>);
+
+impl Map for Bindings {
+    type Key = u16;
+    type Value = BindInfo;
+    fn key_str(key: &Self::Key) -> Result<impl AsRef<str>, Error> {
+        Self::key_string(key)
+    }
+    fn key_string(key: &Self::Key) -> Result<InternedString, Error> {
+        Ok(InternedString::from_display(key))
+    }
+}
+
+impl std::ops::Deref for Bindings {
+    type Target = BTreeMap<u16, BindInfo>;
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+impl std::ops::DerefMut for Bindings {
+    fn deref_mut(&mut self) -> &mut Self::Target {
+        &mut self.0
+    }
+}
+
+#[derive(Debug, Deserialize, Serialize, HasModel, TS)]
+#[serde(rename_all = "camelCase")]
+#[model = "Model<Self>"]
+#[ts(export)]
 pub struct BindInfo {
     pub enabled: bool,
     pub options: BindOptions,
     pub net: NetInfo,
+    pub addresses: DerivedAddressInfo,
 }
 
 #[derive(Clone, Debug, Deserialize, Serialize, TS, PartialEq, Eq, PartialOrd, Ord)]
 #[serde(rename_all = "camelCase")]
 #[ts(export)]
 pub struct NetInfo {
-    #[ts(as = "BTreeSet::<GatewayId>")]
-    #[serde(default)]
-    pub private_disabled: OrdSet<GatewayId>,
-    #[ts(as = "BTreeSet::<GatewayId>")]
-    #[serde(default)]
-    pub public_enabled: OrdSet<GatewayId>,
     pub assigned_port: Option<u16>,
     pub assigned_ssl_port: Option<u16>,
 }
+impl InterfaceFilter for NetInfo {
+    fn filter(&self, _id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
+        info.ip_info.is_some()
+    }
+}
+
 impl BindInfo {
     pub fn new(available_ports: &mut AvailablePorts, options: BindOptions) -> Result<Self, Error> {
         let mut assigned_port = None;
         let mut assigned_ssl_port = None;
-        if options.add_ssl.is_some() {
-            assigned_ssl_port = Some(available_ports.alloc()?);
+        if let Some(ssl) = &options.add_ssl {
+            assigned_ssl_port = available_ports
+                .try_alloc(ssl.preferred_external_port, true)
+                .or_else(|| Some(available_ports.alloc(true).ok()?));
         }
         if options
             .secure
             .map_or(true, |s| !(s.ssl && options.add_ssl.is_some()))
         {
-            assigned_port = Some(available_ports.alloc()?);
+            assigned_port = available_ports
+                .try_alloc(options.preferred_external_port, false)
+                .or_else(|| Some(available_ports.alloc(false).ok()?));
         }
 
         Ok(Self {
             enabled: true,
             options,
             net: NetInfo {
-                private_disabled: OrdSet::new(),
-                public_enabled: OrdSet::new(),
                 assigned_port,
                 assigned_ssl_port,
             },
+            addresses: DerivedAddressInfo::default(),
         })
     }
     pub fn update(
@@ -97,7 +184,11 @@ impl BindInfo {
         available_ports: &mut AvailablePorts,
         options: BindOptions,
     ) -> Result<Self, Error> {
-        let Self { net: mut lan, .. } = self;
+        let Self {
+            net: mut lan,
+            addresses,
+            ..
+        } = self;
         if options
             .secure
             .map_or(true, |s| !(s.ssl && options.add_ssl.is_some()))
@@ -105,19 +196,26 @@ impl BindInfo {
         {
             lan.assigned_port = if let Some(port) = lan.assigned_port.take() {
                 Some(port)
+            } else if let Some(port) =
+                available_ports.try_alloc(options.preferred_external_port, false)
+            {
+                Some(port)
             } else {
-                Some(available_ports.alloc()?)
+                Some(available_ports.alloc(false)?)
             };
         } else {
             if let Some(port) = lan.assigned_port.take() {
                 available_ports.free([port]);
             }
         }
-        if options.add_ssl.is_some() {
+        if let Some(ssl) = &options.add_ssl {
             lan.assigned_ssl_port = if let Some(port) = lan.assigned_ssl_port.take() {
                 Some(port)
+            } else if let Some(port) = available_ports.try_alloc(ssl.preferred_external_port, true)
+            {
+                Some(port)
             } else {
-                Some(available_ports.alloc()?)
+                Some(available_ports.alloc(true)?)
             };
         } else {
             if let Some(port) = lan.assigned_ssl_port.take() {
@@ -128,22 +226,17 @@ impl BindInfo {
             enabled: true,
             options,
             net: lan,
+            addresses: DerivedAddressInfo {
+                private_disabled: addresses.private_disabled,
+                public_enabled: addresses.public_enabled,
+                possible: BTreeSet::new(),
+            },
         })
     }
     pub fn disable(&mut self) {
         self.enabled = false;
     }
 }
-impl InterfaceFilter for NetInfo {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        info.ip_info.is_some()
-            && if info.public() {
-                self.public_enabled.contains(id)
-            } else {
-                !self.private_disabled.contains(id)
-            }
-    }
-}
 
 #[derive(Debug, Clone, Copy, serde::Serialize, serde::Deserialize, TS)]
 #[ts(export)]
@@ -188,7 +281,7 @@ pub fn binding<C: Context, Kind: HostApiKind>()
 
                     let mut table = Table::new();
                     table.add_row(row![bc => "INTERNAL PORT", "ENABLED", "EXTERNAL PORT", "EXTERNAL SSL PORT"]);
-                    for (internal, info) in res {
+                    for (internal, info) in res.iter() {
                         table.add_row(row![
                             internal,
                             info.enabled,
@@ -213,12 +306,12 @@ pub fn binding<C: Context, Kind: HostApiKind>()
                 .with_call_remote::<CliContext>(),
         )
         .subcommand(
-            "set-gateway-enabled",
-            from_fn_async(set_gateway_enabled::<Kind>)
+            "set-address-enabled",
+            from_fn_async(set_address_enabled::<Kind>)
                 .with_metadata("sync_db", Value::Bool(true))
                 .with_inherited(Kind::inheritance)
                 .no_display()
-                .with_about("about.set-gateway-enabled-for-binding")
+                .with_about("about.set-address-enabled-for-binding")
                 .with_call_remote::<CliContext>(),
         )
 }
@@ -227,7 +320,7 @@ pub async fn list_bindings<Kind: HostApiKind>(
     ctx: RpcContext,
     _: Empty,
     inheritance: Kind::Inheritance,
-) -> Result<BTreeMap<u16, BindInfo>, Error> {
+) -> Result<Bindings, Error> {
     Kind::host_for(&inheritance, &mut ctx.db.peek().await)?
         .as_bindings()
         .de()
@@ -236,50 +329,44 @@ pub async fn list_bindings<Kind: HostApiKind>(
 #[derive(Deserialize, Serialize, Parser, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export)]
-pub struct BindingGatewaySetEnabledParams {
+pub struct BindingSetAddressEnabledParams {
     #[arg(help = "help.arg.internal-port")]
     internal_port: u16,
-    #[arg(help = "help.arg.gateway-id")]
-    gateway: GatewayId,
+    #[arg(long, help = "help.arg.address")]
+    address: String,
     #[arg(long, help = "help.arg.binding-enabled")]
     enabled: Option<bool>,
 }
 
-pub async fn set_gateway_enabled<Kind: HostApiKind>(
+pub async fn set_address_enabled<Kind: HostApiKind>(
     ctx: RpcContext,
-    BindingGatewaySetEnabledParams {
+    BindingSetAddressEnabledParams {
         internal_port,
-        gateway,
+        address,
         enabled,
-    }: BindingGatewaySetEnabledParams,
+    }: BindingSetAddressEnabledParams,
     inheritance: Kind::Inheritance,
 ) -> Result<(), Error> {
     let enabled = enabled.unwrap_or(true);
-    let gateway_public = ctx
-        .net_controller
-        .net_iface
-        .watcher
-        .ip_info()
-        .get(&gateway)
-        .or_not_found(&gateway)?
-        .public();
+    let address: HostnameInfo =
+        serde_json::from_str(&address).with_kind(ErrorKind::Deserialization)?;
     ctx.db
         .mutate(|db| {
             Kind::host_for(&inheritance, db)?
                 .as_bindings_mut()
                 .mutate(|b| {
-                    let net = &mut b.get_mut(&internal_port).or_not_found(internal_port)?.net;
-                    if gateway_public {
+                    let bind = b.get_mut(&internal_port).or_not_found(internal_port)?;
+                    if address.public {
                         if enabled {
-                            net.public_enabled.insert(gateway);
+                            bind.addresses.public_enabled.insert(address.clone());
                         } else {
-                            net.public_enabled.remove(&gateway);
+                            bind.addresses.public_enabled.remove(&address);
                         }
                     } else {
                         if enabled {
-                            net.private_disabled.remove(&gateway);
+                            bind.addresses.private_disabled.remove(&address);
                         } else {
-                            net.private_disabled.insert(gateway);
+                            bind.addresses.private_disabled.insert(address.clone());
                         }
                     }
                     Ok(())
diff --git a/core/src/net/host/mod.rs b/core/src/net/host/mod.rs
index 6fdd65d92..ef06313dd 100644
--- a/core/src/net/host/mod.rs
+++ b/core/src/net/host/mod.rs
@@ -13,8 +13,7 @@ use crate::context::RpcContext;
 use crate::db::model::DatabaseModel;
 use crate::net::forward::AvailablePorts;
 use crate::net::host::address::{HostAddress, PublicDomainConfig, address_api};
-use crate::net::host::binding::{BindInfo, BindOptions, binding};
-use crate::net::service_interface::HostnameInfo;
+use crate::net::host::binding::{BindInfo, BindOptions, Bindings, binding};
 use crate::prelude::*;
 use crate::{HostId, PackageId};
 
@@ -26,11 +25,9 @@ pub mod binding;
 #[model = "Model<Self>"]
 #[ts(export)]
 pub struct Host {
-    pub bindings: BTreeMap<u16, BindInfo>,
+    pub bindings: Bindings,
     pub public_domains: BTreeMap<InternedString, PublicDomainConfig>,
     pub private_domains: BTreeSet<InternedString>,
-    /// COMPUTED: NetService::update
-    pub hostname_info: BTreeMap<u16, Vec<HostnameInfo>>, // internal port -> Hostnames
 }
 
 impl AsRef<Host> for Host {
@@ -45,7 +42,7 @@ impl Host {
     pub fn addresses<'a>(&'a self) -> impl Iterator<Item = HostAddress> + 'a {
         self.public_domains
             .iter()
-            .map(|(address, config)| HostAddress::Domain {
+            .map(|(address, config)| HostAddress {
                 address: address.clone(),
                 public: Some(config.clone()),
                 private: self.private_domains.contains(address),
@@ -54,7 +51,7 @@ impl Host {
                 self.private_domains
                     .iter()
                     .filter(|a| !self.public_domains.contains_key(*a))
-                    .map(|address| HostAddress::Domain {
+                    .map(|address| HostAddress {
                         address: address.clone(),
                         public: None,
                         private: true,
diff --git a/core/src/net/net_controller.rs b/core/src/net/net_controller.rs
index 06cc087b5..56c30ed4e 100644
--- a/core/src/net/net_controller.rs
+++ b/core/src/net/net_controller.rs
@@ -18,8 +18,8 @@ use crate::hostname::Hostname;
 use crate::net::dns::DnsController;
 use crate::net::forward::{InterfacePortForwardController, START9_BRIDGE_IFACE, add_iptables_rule};
 use crate::net::gateway::{
-    AndFilter, DynInterfaceFilter, IdFilter, InterfaceFilter, NetworkInterfaceController, OrFilter,
-    PublicFilter, SecureFilter,
+    AndFilter, AnyFilter, DynInterfaceFilter, IdFilter, InterfaceFilter,
+    NetworkInterfaceController, OrFilter, PublicFilter, SecureFilter,
 };
 use crate::net::host::address::HostAddress;
 use crate::net::host::binding::{AddSslOptions, BindId, BindOptions};
@@ -202,7 +202,7 @@ impl NetServiceData {
                         .as_entries_mut()?
                     {
                         host.as_bindings_mut().mutate(|b| {
-                            for (internal_port, info) in b {
+                            for (internal_port, info) in b.iter_mut() {
                                 if !except.contains(&BindId {
                                     id: host_id.clone(),
                                     internal_port: *internal_port,
@@ -233,7 +233,7 @@ impl NetServiceData {
                         .as_network_mut()
                         .as_host_mut();
                     host.as_bindings_mut().mutate(|b| {
-                        for (internal_port, info) in b {
+                        for (internal_port, info) in b.iter_mut() {
                             if !except.contains(&BindId {
                                 id: HostId::default(),
                                 internal_port: *internal_port,
@@ -251,11 +251,15 @@ impl NetServiceData {
         }
     }
 
-    async fn update(&mut self, ctrl: &NetController, id: HostId, host: Host) -> Result<(), Error> {
+    async fn update(
+        &mut self,
+        ctrl: &NetController,
+        id: HostId,
+        mut host: Host,
+    ) -> Result<(), Error> {
         let mut forwards: BTreeMap<u16, (SocketAddrV4, DynInterfaceFilter)> = BTreeMap::new();
         let mut vhosts: BTreeMap<(Option<InternedString>, u16), ProxyTarget> = BTreeMap::new();
         let mut private_dns: BTreeSet<InternedString> = BTreeSet::new();
-        let mut hostname_info: BTreeMap<u16, Vec<HostnameInfo>> = BTreeMap::new();
         let binds = self.binds.entry(id.clone()).or_default();
 
         let peek = ctrl.db.peek().await;
@@ -264,324 +268,327 @@ impl NetServiceData {
         let server_info = peek.as_public().as_server_info();
         let net_ifaces = ctrl.net_iface.watcher.ip_info();
         let hostname = server_info.as_hostname().de()?;
-        for (port, bind) in &host.bindings {
+        let host_addresses: Vec<_> = host.addresses().collect();
+        for (port, bind) in host.bindings.iter_mut() {
             if !bind.enabled {
                 continue;
             }
-            if bind.net.assigned_port.is_some() || bind.net.assigned_ssl_port.is_some() {
-                let mut hostnames = BTreeSet::new();
-                if let Some(ssl) = &bind.options.add_ssl {
-                    let external = bind
-                        .net
-                        .assigned_ssl_port
-                        .or_not_found("assigned ssl port")?;
-                    let addr = (self.ip, *port).into();
-                    let connect_ssl = if let Some(alpn) = ssl.alpn.clone() {
-                        Err(alpn)
+            if bind.net.assigned_port.is_none() && bind.net.assigned_ssl_port.is_none() {
+                continue;
+            }
+            let mut hostnames = BTreeSet::new();
+            let mut gw_filter = AnyFilter(
+                [PublicFilter { public: false }.into_dyn()]
+                    .into_iter()
+                    .chain(
+                        bind.addresses
+                            .public_enabled
+                            .iter()
+                            .map(|a| a.gateway.id.clone())
+                            .collect::<BTreeSet<_>>()
+                            .into_iter()
+                            .map(IdFilter)
+                            .map(InterfaceFilter::into_dyn),
+                    )
+                    .collect(),
+            );
+            if let Some(ssl) = &bind.options.add_ssl {
+                let external = bind
+                    .net
+                    .assigned_ssl_port
+                    .or_not_found("assigned ssl port")?;
+                let addr = (self.ip, *port).into();
+                let connect_ssl = if let Some(alpn) = ssl.alpn.clone() {
+                    Err(alpn)
+                } else {
+                    if bind.options.secure.as_ref().map_or(false, |s| s.ssl) {
+                        Ok(())
                     } else {
-                        if bind.options.secure.as_ref().map_or(false, |s| s.ssl) {
-                            Ok(())
-                        } else {
-                            Err(AlpnInfo::Reflect)
-                        }
-                    };
-                    for hostname in ctrl.server_hostnames.iter().cloned() {
-                        vhosts.insert(
-                            (hostname, external),
-                            ProxyTarget {
-                                filter: bind.net.clone().into_dyn(),
-                                acme: None,
-                                addr,
-                                add_x_forwarded_headers: ssl.add_x_forwarded_headers,
-                                connect_ssl: connect_ssl
-                                    .clone()
-                                    .map(|_| ctrl.tls_client_config.clone()),
-                            },
-                        );
+                        Err(AlpnInfo::Reflect)
                     }
-                    for address in host.addresses() {
-                        match address {
-                            HostAddress::Domain {
-                                address,
-                                public,
-                                private,
-                            } => {
-                                if hostnames.insert(address.clone()) {
-                                    let address = Some(address.clone());
-                                    if ssl.preferred_external_port == 443 {
-                                        if let Some(public) = &public {
-                                            vhosts.insert(
-                                                (address.clone(), 5443),
-                                                ProxyTarget {
-                                                    filter: AndFilter(
-                                                        bind.net.clone(),
-                                                        AndFilter(
-                                                            IdFilter(public.gateway.clone()),
-                                                            PublicFilter { public: false },
-                                                        ),
-                                                    )
-                                                    .into_dyn(),
-                                                    acme: public.acme.clone(),
-                                                    addr,
-                                                    add_x_forwarded_headers: ssl
-                                                        .add_x_forwarded_headers,
-                                                    connect_ssl: connect_ssl
-                                                        .clone()
-                                                        .map(|_| ctrl.tls_client_config.clone()),
-                                                },
-                                            );
-                                            vhosts.insert(
-                                                (address.clone(), 443),
-                                                ProxyTarget {
-                                                    filter: AndFilter(
-                                                        bind.net.clone(),
-                                                        if private {
-                                                            OrFilter(
-                                                                IdFilter(public.gateway.clone()),
-                                                                PublicFilter { public: false },
-                                                            )
-                                                            .into_dyn()
-                                                        } else {
-                                                            AndFilter(
-                                                                IdFilter(public.gateway.clone()),
-                                                                PublicFilter { public: true },
-                                                            )
-                                                            .into_dyn()
-                                                        },
-                                                    )
-                                                    .into_dyn(),
-                                                    acme: public.acme.clone(),
-                                                    addr,
-                                                    add_x_forwarded_headers: ssl
-                                                        .add_x_forwarded_headers,
-                                                    connect_ssl: connect_ssl
-                                                        .clone()
-                                                        .map(|_| ctrl.tls_client_config.clone()),
-                                                },
-                                            );
-                                        } else {
-                                            vhosts.insert(
-                                                (address.clone(), 443),
-                                                ProxyTarget {
-                                                    filter: AndFilter(
-                                                        bind.net.clone(),
-                                                        PublicFilter { public: false },
-                                                    )
-                                                    .into_dyn(),
-                                                    acme: None,
-                                                    addr,
-                                                    add_x_forwarded_headers: ssl
-                                                        .add_x_forwarded_headers,
-                                                    connect_ssl: connect_ssl
-                                                        .clone()
-                                                        .map(|_| ctrl.tls_client_config.clone()),
-                                                },
-                                            );
-                                        }
-                                    } else {
-                                        if let Some(public) = public {
-                                            vhosts.insert(
-                                                (address.clone(), external),
-                                                ProxyTarget {
-                                                    filter: AndFilter(
-                                                        bind.net.clone(),
-                                                        if private {
-                                                            OrFilter(
-                                                                IdFilter(public.gateway.clone()),
-                                                                PublicFilter { public: false },
-                                                            )
-                                                            .into_dyn()
-                                                        } else {
-                                                            IdFilter(public.gateway.clone())
-                                                                .into_dyn()
-                                                        },
-                                                    )
-                                                    .into_dyn(),
-                                                    acme: public.acme.clone(),
-                                                    addr,
-                                                    add_x_forwarded_headers: ssl
-                                                        .add_x_forwarded_headers,
-                                                    connect_ssl: connect_ssl
-                                                        .clone()
-                                                        .map(|_| ctrl.tls_client_config.clone()),
-                                                },
-                                            );
-                                        } else {
-                                            vhosts.insert(
-                                                (address.clone(), external),
-                                                ProxyTarget {
-                                                    filter: AndFilter(
-                                                        bind.net.clone(),
-                                                        PublicFilter { public: false },
-                                                    )
-                                                    .into_dyn(),
-                                                    acme: None,
-                                                    addr,
-                                                    add_x_forwarded_headers: ssl
-                                                        .add_x_forwarded_headers,
-                                                    connect_ssl: connect_ssl
-                                                        .clone()
-                                                        .map(|_| ctrl.tls_client_config.clone()),
-                                                },
-                                            );
-                                        }
-                                    }
-                                }
-                            }
-                        }
-                    }
-                }
-                if bind
-                    .options
-                    .secure
-                    .map_or(true, |s| !(s.ssl && bind.options.add_ssl.is_some()))
-                {
-                    let external = bind.net.assigned_port.or_not_found("assigned lan port")?;
-                    forwards.insert(
-                        external,
-                        (
-                            SocketAddrV4::new(self.ip, *port),
-                            AndFilter(
-                                SecureFilter {
-                                    secure: bind.options.secure.is_some(),
-                                },
-                                bind.net.clone(),
-                            )
-                            .into_dyn(),
-                        ),
+                };
+                for hostname in ctrl.server_hostnames.iter().cloned() {
+                    vhosts.insert(
+                        (hostname, external),
+                        ProxyTarget {
+                            filter: gw_filter.clone().into_dyn(),
+                            acme: None,
+                            addr,
+                            add_x_forwarded_headers: ssl.add_x_forwarded_headers,
+                            connect_ssl: connect_ssl
+                                .clone()
+                                .map(|_| ctrl.tls_client_config.clone()),
+                        }, // TODO: allow public traffic?
                     );
                 }
-                let mut bind_hostname_info: Vec<HostnameInfo> =
-                    hostname_info.remove(port).unwrap_or_default();
-                for (gateway_id, info) in net_ifaces
-                    .iter()
-                    .filter(|(_, info)| {
-                        info.ip_info.as_ref().map_or(false, |i| {
-                            !matches!(i.device_type, Some(NetworkInterfaceType::Bridge))
-                        })
-                    })
-                    .filter(|(id, info)| bind.net.filter(id, info))
+                for HostAddress {
+                    address,
+                    public,
+                    private,
+                } in host_addresses.iter().cloned()
                 {
-                    let gateway = GatewayInfo {
-                        id: gateway_id.clone(),
-                        name: info
-                            .name
-                            .clone()
-                            .or_else(|| info.ip_info.as_ref().map(|i| i.name.clone()))
-                            .unwrap_or_else(|| gateway_id.clone().into()),
-                        public: info.public(),
-                    };
-                    let port = bind.net.assigned_port.filter(|_| {
-                        bind.options.secure.map_or(false, |s| {
-                            !(s.ssl && bind.options.add_ssl.is_some()) || info.secure()
-                        })
-                    });
-                    if !info.public()
-                        && info.ip_info.as_ref().map_or(false, |i| {
-                            i.device_type != Some(NetworkInterfaceType::Wireguard)
-                        })
-                    {
-                        bind_hostname_info.push(HostnameInfo {
-                            gateway: gateway.clone(),
-                            public: false,
-                            hostname: IpHostname::Local {
-                                value: InternedString::from_display(&{
-                                    let hostname = &hostname;
-                                    lazy_format!("{hostname}.local")
-                                }),
-                                port,
-                                ssl_port: bind.net.assigned_ssl_port,
-                            },
-                        });
-                    }
-                    for address in host.addresses() {
-                        if let HostAddress::Domain {
-                            address,
-                            public,
-                            private,
-                        } = address
-                        {
-                            if public.is_none() {
-                                private_dns.insert(address.clone());
+                    if hostnames.insert(address.clone()) {
+                        let address = Some(address.clone());
+                        if ssl.preferred_external_port == 443 {
+                            if let Some(public) = &public {
+                                vhosts.insert(
+                                    (address.clone(), 5443),
+                                    ProxyTarget {
+                                        filter: AndFilter(
+                                            bind.net.clone(),
+                                            AndFilter(
+                                                IdFilter(public.gateway.clone()),
+                                                PublicFilter { public: false },
+                                            ),
+                                        )
+                                        .into_dyn(),
+                                        acme: public.acme.clone(),
+                                        addr,
+                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
+                                        connect_ssl: connect_ssl
+                                            .clone()
+                                            .map(|_| ctrl.tls_client_config.clone()),
+                                    },
+                                );
+                                vhosts.insert(
+                                    (address.clone(), 443),
+                                    ProxyTarget {
+                                        filter: AndFilter(
+                                            bind.net.clone(),
+                                            if private {
+                                                OrFilter(
+                                                    IdFilter(public.gateway.clone()),
+                                                    PublicFilter { public: false },
+                                                )
+                                                .into_dyn()
+                                            } else {
+                                                AndFilter(
+                                                    IdFilter(public.gateway.clone()),
+                                                    PublicFilter { public: true },
+                                                )
+                                                .into_dyn()
+                                            },
+                                        )
+                                        .into_dyn(),
+                                        acme: public.acme.clone(),
+                                        addr,
+                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
+                                        connect_ssl: connect_ssl
+                                            .clone()
+                                            .map(|_| ctrl.tls_client_config.clone()),
+                                    },
+                                );
+                            } else {
+                                vhosts.insert(
+                                    (address.clone(), 443),
+                                    ProxyTarget {
+                                        filter: AndFilter(
+                                            bind.net.clone(),
+                                            PublicFilter { public: false },
+                                        )
+                                        .into_dyn(),
+                                        acme: None,
+                                        addr,
+                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
+                                        connect_ssl: connect_ssl
+                                            .clone()
+                                            .map(|_| ctrl.tls_client_config.clone()),
+                                    },
+                                );
                             }
-                            let private = private && !info.public();
-                            let public =
-                                public.as_ref().map_or(false, |p| &p.gateway == gateway_id);
-                            if public || private {
-                                if bind
-                                    .options
-                                    .add_ssl
-                                    .as_ref()
-                                    .map_or(false, |ssl| ssl.preferred_external_port == 443)
-                                {
-                                    bind_hostname_info.push(HostnameInfo {
-                                        gateway: gateway.clone(),
-                                        public,
-                                        hostname: IpHostname::Domain {
-                                            value: address.clone(),
-                                            port: None,
-                                            ssl_port: Some(443),
-                                        },
-                                    });
-                                } else {
-                                    bind_hostname_info.push(HostnameInfo {
-                                        gateway: gateway.clone(),
-                                        public,
-                                        hostname: IpHostname::Domain {
-                                            value: address.clone(),
-                                            port,
-                                            ssl_port: bind.net.assigned_ssl_port,
-                                        },
-                                    });
-                                }
+                        } else {
+                            if let Some(public) = public {
+                                vhosts.insert(
+                                    (address.clone(), external),
+                                    ProxyTarget {
+                                        filter: AndFilter(
+                                            bind.net.clone(),
+                                            if private {
+                                                OrFilter(
+                                                    IdFilter(public.gateway.clone()),
+                                                    PublicFilter { public: false },
+                                                )
+                                                .into_dyn()
+                                            } else {
+                                                IdFilter(public.gateway.clone()).into_dyn()
+                                            },
+                                        )
+                                        .into_dyn(),
+                                        acme: public.acme.clone(),
+                                        addr,
+                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
+                                        connect_ssl: connect_ssl
+                                            .clone()
+                                            .map(|_| ctrl.tls_client_config.clone()),
+                                    },
+                                );
+                            } else {
+                                vhosts.insert(
+                                    (address.clone(), external),
+                                    ProxyTarget {
+                                        filter: AndFilter(
+                                            bind.net.clone(),
+                                            PublicFilter { public: false },
+                                        )
+                                        .into_dyn(),
+                                        acme: None,
+                                        addr,
+                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
+                                        connect_ssl: connect_ssl
+                                            .clone()
+                                            .map(|_| ctrl.tls_client_config.clone()),
+                                    },
+                                );
                             }
                         }
                     }
-                    if let Some(ip_info) = &info.ip_info {
-                        let public = info.public();
-                        if let Some(wan_ip) = ip_info.wan_ip {
-                            bind_hostname_info.push(HostnameInfo {
+                }
+            }
+            if bind
+                .options
+                .secure
+                .map_or(true, |s| !(s.ssl && bind.options.add_ssl.is_some()))
+            {
+                let external = bind.net.assigned_port.or_not_found("assigned lan port")?;
+                forwards.insert(
+                    external,
+                    (
+                        SocketAddrV4::new(self.ip, *port),
+                        AndFilter(
+                            SecureFilter {
+                                secure: bind.options.secure.is_some(),
+                            },
+                            bind.net.clone(),
+                        )
+                        .into_dyn(),
+                    ),
+                );
+            }
+            bind.addresses.possible.clear();
+            for (gateway_id, info) in net_ifaces
+                .iter()
+                .filter(|(_, info)| {
+                    info.ip_info.as_ref().map_or(false, |i| {
+                        !matches!(i.device_type, Some(NetworkInterfaceType::Bridge))
+                    })
+                })
+                .filter(|(id, info)| bind.net.filter(id, info))
+            {
+                let gateway = GatewayInfo {
+                    id: gateway_id.clone(),
+                    name: info
+                        .name
+                        .clone()
+                        .or_else(|| info.ip_info.as_ref().map(|i| i.name.clone()))
+                        .unwrap_or_else(|| gateway_id.clone().into()),
+                    public: info.public(),
+                };
+                let port = bind.net.assigned_port.filter(|_| {
+                    bind.options.secure.map_or(false, |s| {
+                        !(s.ssl && bind.options.add_ssl.is_some()) || info.secure()
+                    })
+                });
+                if !info.public()
+                    && info.ip_info.as_ref().map_or(false, |i| {
+                        i.device_type != Some(NetworkInterfaceType::Wireguard)
+                    })
+                {
+                    bind.addresses.possible.insert(HostnameInfo {
+                        gateway: gateway.clone(),
+                        public: false,
+                        hostname: IpHostname::Local {
+                            value: InternedString::from_display(&{
+                                let hostname = &hostname;
+                                lazy_format!("{hostname}.local")
+                            }),
+                            port,
+                            ssl_port: bind.net.assigned_ssl_port,
+                        },
+                    });
+                }
+                for HostAddress {
+                    address,
+                    public,
+                    private,
+                } in host_addresses.iter().cloned()
+                {
+                    if public.is_none() {
+                        private_dns.insert(address.clone());
+                    }
+                    let private = private && !info.public();
+                    let public = public.as_ref().map_or(false, |p| &p.gateway == gateway_id);
+                    if public || private {
+                        if bind
+                            .options
+                            .add_ssl
+                            .as_ref()
+                            .map_or(false, |ssl| ssl.preferred_external_port == 443)
+                        {
+                            bind.addresses.possible.insert(HostnameInfo {
                                 gateway: gateway.clone(),
-                                public: true,
-                                hostname: IpHostname::Ipv4 {
-                                    value: wan_ip,
+                                public,
+                                hostname: IpHostname::Domain {
+                                    value: address.clone(),
+                                    port: None,
+                                    ssl_port: Some(443),
+                                },
+                            });
+                        } else {
+                            bind.addresses.possible.insert(HostnameInfo {
+                                gateway: gateway.clone(),
+                                public,
+                                hostname: IpHostname::Domain {
+                                    value: address.clone(),
                                     port,
                                     ssl_port: bind.net.assigned_ssl_port,
                                 },
                             });
                         }
-                        for ipnet in &ip_info.subnets {
-                            match ipnet {
-                                IpNet::V4(net) => {
-                                    if !public {
-                                        bind_hostname_info.push(HostnameInfo {
-                                            gateway: gateway.clone(),
-                                            public,
-                                            hostname: IpHostname::Ipv4 {
-                                                value: net.addr(),
-                                                port,
-                                                ssl_port: bind.net.assigned_ssl_port,
-                                            },
-                                        });
-                                    }
-                                }
-                                IpNet::V6(net) => {
-                                    bind_hostname_info.push(HostnameInfo {
+                    }
+                }
+                if let Some(ip_info) = &info.ip_info {
+                    let public = info.public();
+                    if let Some(wan_ip) = ip_info.wan_ip {
+                        bind.addresses.possible.insert(HostnameInfo {
+                            gateway: gateway.clone(),
+                            public: true,
+                            hostname: IpHostname::Ipv4 {
+                                value: wan_ip,
+                                port,
+                                ssl_port: bind.net.assigned_ssl_port,
+                            },
+                        });
+                    }
+                    for ipnet in &ip_info.subnets {
+                        match ipnet {
+                            IpNet::V4(net) => {
+                                if !public {
+                                    bind.addresses.possible.insert(HostnameInfo {
                                         gateway: gateway.clone(),
-                                        public: public && !ipv6_is_local(net.addr()),
-                                        hostname: IpHostname::Ipv6 {
+                                        public,
+                                        hostname: IpHostname::Ipv4 {
                                             value: net.addr(),
-                                            scope_id: ip_info.scope_id,
                                             port,
                                             ssl_port: bind.net.assigned_ssl_port,
                                         },
                                     });
                                 }
                             }
+                            IpNet::V6(net) => {
+                                bind.addresses.possible.insert(HostnameInfo {
+                                    gateway: gateway.clone(),
+                                    public: public && !ipv6_is_local(net.addr()),
+                                    hostname: IpHostname::Ipv6 {
+                                        value: net.addr(),
+                                        scope_id: ip_info.scope_id,
+                                        port,
+                                        ssl_port: bind.net.assigned_ssl_port,
+                                    },
+                                });
+                            }
                         }
                     }
                 }
-                hostname_info.insert(*port, bind_hostname_info);
             }
         }
 
@@ -673,9 +680,26 @@ impl NetServiceData {
         }
         ctrl.dns.gc_private_domains(&rm)?;
 
+        let res = ctrl
+            .db
+            .mutate(|db| {
+                let bindings = host_for(db, self.id.as_ref(), &id)?.as_bindings_mut();
+                for (port, bind) in host.bindings.0 {
+                    if let Some(b) = bindings.as_idx_mut(&port) {
+                        b.as_addresses_mut()
+                            .as_possible_mut()
+                            .ser(&bind.addresses.possible)?;
+                    }
+                }
+                Ok(())
+            })
+            .await;
+        res.result?;
         if let Some(pkg_id) = self.id.as_ref() {
-            if let Some(cbs) = ctrl.callbacks.get_host_info(&(pkg_id.clone(), id)) {
-                cbs.call(vector![]).await?;
+            if res.revision.is_some() {
+                if let Some(cbs) = ctrl.callbacks.get_host_info(&(pkg_id.clone(), id)) {
+                    cbs.call(vector![]).await?;
+                }
             }
         }
         Ok(())
diff --git a/core/src/net/service_interface.rs b/core/src/net/service_interface.rs
index 6d04ae891..1eae3ebca 100644
--- a/core/src/net/service_interface.rs
+++ b/core/src/net/service_interface.rs
@@ -6,7 +6,7 @@ use ts_rs::TS;
 
 use crate::{GatewayId, HostId, ServiceInterfaceId};
 
-#[derive(Clone, Debug, Deserialize, Serialize, TS)]
+#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, TS)]
 #[ts(export)]
 #[serde(rename_all = "camelCase")]
 pub struct HostnameInfo {
@@ -20,7 +20,7 @@ impl HostnameInfo {
     }
 }
 
-#[derive(Clone, Debug, Deserialize, Serialize, TS)]
+#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, TS)]
 #[ts(export)]
 #[serde(rename_all = "camelCase")]
 pub struct GatewayInfo {
@@ -29,7 +29,7 @@ pub struct GatewayInfo {
     pub public: bool,
 }
 
-#[derive(Clone, Debug, Deserialize, Serialize, TS)]
+#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, TS)]
 #[ts(export)]
 #[serde(rename_all = "camelCase")]
 #[serde(rename_all_fields = "camelCase")]
diff --git a/core/src/net/tunnel.rs b/core/src/net/tunnel.rs
index f3b505850..8635475e1 100644
--- a/core/src/net/tunnel.rs
+++ b/core/src/net/tunnel.rs
@@ -175,8 +175,12 @@ pub async fn remove_tunnel(
                 let host = host?;
                 host.as_bindings_mut().mutate(|b| {
                     Ok(b.values_mut().for_each(|v| {
-                        v.net.private_disabled.remove(&id);
-                        v.net.public_enabled.remove(&id);
+                        v.addresses
+                            .private_disabled
+                            .retain(|h| h.gateway.id != id);
+                        v.addresses
+                            .public_enabled
+                            .retain(|h| h.gateway.id != id);
                     }))
                 })?;
             }
diff --git a/core/src/service/effects/net/ssl.rs b/core/src/service/effects/net/ssl.rs
index 317fb50c8..7de40aed6 100644
--- a/core/src/service/effects/net/ssl.rs
+++ b/core/src/service/effects/net/ssl.rs
@@ -60,10 +60,10 @@ pub async fn get_ssl_certificate(
                         .into_iter()
                         .chain(m.as_private_domains().de()?)
                         .chain(
-                            m.as_hostname_info()
+                            m.as_bindings()
                                 .de()?
                                 .values()
-                                .flatten()
+                                .flat_map(|b| b.addresses.possible.iter().cloned())
                                 .map(|h| h.to_san_hostname()),
                         )
                         .collect::<Vec<InternedString>>())
@@ -184,10 +184,10 @@ pub async fn get_ssl_key(
                         .into_iter()
                         .chain(m.as_private_domains().de()?)
                         .chain(
-                            m.as_hostname_info()
+                            m.as_bindings()
                                 .de()?
                                 .values()
-                                .flatten()
+                                .flat_map(|b| b.addresses.possible.iter().cloned())
                                 .map(|h| h.to_san_hostname()),
                         )
                         .collect::<Vec<InternedString>>())
diff --git a/core/src/version/v0_4_0_alpha_20.rs b/core/src/version/v0_4_0_alpha_20.rs
index 3320af322..3da7caf5c 100644
--- a/core/src/version/v0_4_0_alpha_20.rs
+++ b/core/src/version/v0_4_0_alpha_20.rs
@@ -57,29 +57,6 @@ impl VersionT for Version {
             }
         }
 
-        // Remove onion entries from hostnameInfo in server host
-        migrate_hostname_info(
-            db.get_mut("public")
-                .and_then(|p| p.get_mut("serverInfo"))
-                .and_then(|s| s.get_mut("network"))
-                .and_then(|n| n.get_mut("host")),
-        );
-
-        // Remove onion entries from hostnameInfo in all package hosts
-        if let Some(packages) = db
-            .get_mut("public")
-            .and_then(|p| p.get_mut("packageData"))
-            .and_then(|p| p.as_object_mut())
-        {
-            for (_, package) in packages.iter_mut() {
-                if let Some(hosts) = package.get_mut("hosts").and_then(|h| h.as_object_mut()) {
-                    for (_, host) in hosts.iter_mut() {
-                        migrate_hostname_info(Some(host));
-                    }
-                }
-            }
-        }
-
         // Remove onion store from private keyStore
         if let Some(key_store) = db
             .get_mut("private")
@@ -89,6 +66,29 @@ impl VersionT for Version {
             key_store.remove("onion");
         }
 
+        // Migrate server host: remove hostnameInfo, add addresses to bindings, clean net
+        migrate_host(
+            db.get_mut("public")
+                .and_then(|p| p.get_mut("serverInfo"))
+                .and_then(|s| s.get_mut("network"))
+                .and_then(|n| n.get_mut("host")),
+        );
+
+        // Migrate all package hosts
+        if let Some(packages) = db
+            .get_mut("public")
+            .and_then(|p| p.get_mut("packageData"))
+            .and_then(|p| p.as_object_mut())
+        {
+            for (_, package) in packages.iter_mut() {
+                if let Some(hosts) = package.get_mut("hosts").and_then(|h| h.as_object_mut()) {
+                    for (_, host) in hosts.iter_mut() {
+                        migrate_host(Some(host));
+                    }
+                }
+            }
+        }
+
         Ok(Value::Null)
     }
     fn down(self, _db: &mut Value) -> Result<(), Error> {
@@ -96,20 +96,35 @@ impl VersionT for Version {
     }
 }
 
-fn migrate_hostname_info(host: Option<&mut Value>) {
-    if let Some(hostname_info) = host
-        .and_then(|h| h.get_mut("hostnameInfo"))
-        .and_then(|h| h.as_object_mut())
-    {
-        for (_, infos) in hostname_info.iter_mut() {
-            if let Some(arr) = infos.as_array_mut() {
-                // Remove onion entries
-                arr.retain(|info| info.get("kind").and_then(|k| k.as_str()) != Some("onion"));
-                // Strip "kind" field from remaining entries (HostnameInfo flattened from enum to struct)
-                for info in arr.iter_mut() {
-                    if let Some(obj) = info.as_object_mut() {
-                        obj.remove("kind");
-                    }
+fn migrate_host(host: Option<&mut Value>) {
+    let Some(host) = host.and_then(|h| h.as_object_mut()) else {
+        return;
+    };
+
+    // Remove hostnameInfo from host
+    host.remove("hostnameInfo");
+
+    // For each binding: add "addresses" field, remove gateway-level fields from "net"
+    if let Some(bindings) = host.get_mut("bindings").and_then(|b| b.as_object_mut()) {
+        for (_, binding) in bindings.iter_mut() {
+            if let Some(binding_obj) = binding.as_object_mut() {
+                // Add addresses if not present
+                if !binding_obj.contains_key("addresses") {
+                    binding_obj.insert(
+                        "addresses".into(),
+                        serde_json::json!({
+                            "privateDisabled": [],
+                            "publicEnabled": [],
+                            "possible": []
+                        })
+                        .into(),
+                    );
+                }
+
+                // Remove gateway-level privateDisabled/publicEnabled from net
+                if let Some(net) = binding_obj.get_mut("net").and_then(|n| n.as_object_mut()) {
+                    net.remove("privateDisabled");
+                    net.remove("publicEnabled");
                 }
             }
         }
diff --git a/sdk/base/lib/osBindings/BindInfo.ts b/sdk/base/lib/osBindings/BindInfo.ts
index eba1fe446..d83c6948f 100644
--- a/sdk/base/lib/osBindings/BindInfo.ts
+++ b/sdk/base/lib/osBindings/BindInfo.ts
@@ -1,5 +1,11 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { BindOptions } from './BindOptions'
+import type { DerivedAddressInfo } from './DerivedAddressInfo'
 import type { NetInfo } from './NetInfo'
 
-export type BindInfo = { enabled: boolean; options: BindOptions; net: NetInfo }
+export type BindInfo = {
+  enabled: boolean
+  options: BindOptions
+  net: NetInfo
+  addresses: DerivedAddressInfo
+}
diff --git a/sdk/base/lib/osBindings/BindingGatewaySetEnabledParams.ts b/sdk/base/lib/osBindings/BindingSetAddressEnabledParams.ts
similarity index 58%
rename from sdk/base/lib/osBindings/BindingGatewaySetEnabledParams.ts
rename to sdk/base/lib/osBindings/BindingSetAddressEnabledParams.ts
index fb90cdaa7..2dfeff757 100644
--- a/sdk/base/lib/osBindings/BindingGatewaySetEnabledParams.ts
+++ b/sdk/base/lib/osBindings/BindingSetAddressEnabledParams.ts
@@ -1,8 +1,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { GatewayId } from './GatewayId'
 
-export type BindingGatewaySetEnabledParams = {
+export type BindingSetAddressEnabledParams = {
   internalPort: number
-  gateway: GatewayId
+  address: string
   enabled: boolean | null
 }
diff --git a/sdk/base/lib/osBindings/Bindings.ts b/sdk/base/lib/osBindings/Bindings.ts
new file mode 100644
index 000000000..ef921868e
--- /dev/null
+++ b/sdk/base/lib/osBindings/Bindings.ts
@@ -0,0 +1,4 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { BindInfo } from './BindInfo'
+
+export type Bindings = { [key: number]: BindInfo }
diff --git a/sdk/base/lib/osBindings/DerivedAddressInfo.ts b/sdk/base/lib/osBindings/DerivedAddressInfo.ts
new file mode 100644
index 000000000..2c83191fd
--- /dev/null
+++ b/sdk/base/lib/osBindings/DerivedAddressInfo.ts
@@ -0,0 +1,17 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { HostnameInfo } from './HostnameInfo'
+
+export type DerivedAddressInfo = {
+  /**
+   * User-controlled: private-gateway addresses the user has disabled
+   */
+  privateDisabled: Array<HostnameInfo>
+  /**
+   * User-controlled: public-gateway addresses the user has enabled
+   */
+  publicEnabled: Array<HostnameInfo>
+  /**
+   * COMPUTED: NetServiceData::update — all possible addresses for this binding
+   */
+  possible: Array<HostnameInfo>
+}
diff --git a/sdk/base/lib/osBindings/Host.ts b/sdk/base/lib/osBindings/Host.ts
index 1cbe0b84e..cecc24475 100644
--- a/sdk/base/lib/osBindings/Host.ts
+++ b/sdk/base/lib/osBindings/Host.ts
@@ -1,14 +1,9 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { BindInfo } from './BindInfo'
-import type { HostnameInfo } from './HostnameInfo'
+import type { Bindings } from './Bindings'
 import type { PublicDomainConfig } from './PublicDomainConfig'
 
 export type Host = {
-  bindings: { [key: number]: BindInfo }
+  bindings: Bindings
   publicDomains: { [key: string]: PublicDomainConfig }
   privateDomains: Array<string>
-  /**
-   * COMPUTED: NetService::update
-   */
-  hostnameInfo: { [key: number]: Array<HostnameInfo> }
 }
diff --git a/sdk/base/lib/osBindings/NetInfo.ts b/sdk/base/lib/osBindings/NetInfo.ts
index 4483f81b8..90abe2cd8 100644
--- a/sdk/base/lib/osBindings/NetInfo.ts
+++ b/sdk/base/lib/osBindings/NetInfo.ts
@@ -1,9 +1,6 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { GatewayId } from './GatewayId'
 
 export type NetInfo = {
-  privateDisabled: Array<GatewayId>
-  publicEnabled: Array<GatewayId>
   assignedPort: number | null
   assignedSslPort: number | null
 }
diff --git a/sdk/base/lib/osBindings/index.ts b/sdk/base/lib/osBindings/index.ts
index 3f02322d8..18cca9c9a 100644
--- a/sdk/base/lib/osBindings/index.ts
+++ b/sdk/base/lib/osBindings/index.ts
@@ -36,7 +36,8 @@ export { BackupTargetFS } from './BackupTargetFS'
 export { Base64 } from './Base64'
 export { BindId } from './BindId'
 export { BindInfo } from './BindInfo'
-export { BindingGatewaySetEnabledParams } from './BindingGatewaySetEnabledParams'
+export { BindingSetAddressEnabledParams } from './BindingSetAddressEnabledParams'
+export { Bindings } from './Bindings'
 export { BindOptions } from './BindOptions'
 export { BindParams } from './BindParams'
 export { Blake3Commitment } from './Blake3Commitment'
@@ -64,6 +65,7 @@ export { Dependencies } from './Dependencies'
 export { DependencyMetadata } from './DependencyMetadata'
 export { DependencyRequirement } from './DependencyRequirement'
 export { DepInfo } from './DepInfo'
+export { DerivedAddressInfo } from './DerivedAddressInfo'
 export { Description } from './Description'
 export { DesiredStatus } from './DesiredStatus'
 export { DestroySubcontainerFsParams } from './DestroySubcontainerFsParams'
diff --git a/sdk/base/lib/util/getServiceInterface.ts b/sdk/base/lib/util/getServiceInterface.ts
index cc80e3aec..bc22e70c6 100644
--- a/sdk/base/lib/util/getServiceInterface.ts
+++ b/sdk/base/lib/util/getServiceInterface.ts
@@ -1,6 +1,12 @@
 import { PackageId, ServiceInterfaceId, ServiceInterfaceType } from '../types'
 import { knownProtocols } from '../interfaces/Host'
-import { AddressInfo, Host, Hostname, HostnameInfo } from '../types'
+import {
+  AddressInfo,
+  DerivedAddressInfo,
+  Host,
+  Hostname,
+  HostnameInfo,
+} from '../types'
 import { Effects } from '../Effects'
 import { DropGenerator, DropPromise } from './Drop'
 import { IpAddress, IPV6_LINK_LOCAL } from './ip'
@@ -220,6 +226,14 @@ function filterRec(
   return hostnames
 }
 
+function enabledAddresses(addr: DerivedAddressInfo): HostnameInfo[] {
+  return addr.possible.filter((h) =>
+    h.public
+      ? addr.publicEnabled.some((e) => deepEqual(e, h))
+      : !addr.privateDisabled.some((d) => deepEqual(d, h)),
+  )
+}
+
 export const filledAddress = (
   host: Host,
   addressInfo: AddressInfo,
@@ -229,7 +243,8 @@ export const filledAddress = (
     const u = toUrls(h)
     return [u.url, u.sslUrl].filter((u) => u !== null)
   }
-  const hostnames = host.hostnameInfo[addressInfo.internalPort] ?? []
+  const binding = host.bindings[addressInfo.internalPort]
+  const hostnames = binding ? enabledAddresses(binding.addresses) : []
 
   function filledAddressFromHostnames<F extends Filter>(
     hostnames: HostnameInfo[],
diff --git a/web/projects/ui/src/app/routes/portal/components/interfaces/gateways.component.ts b/web/projects/ui/src/app/routes/portal/components/interfaces/gateways.component.ts
index 077fa87bd..1a3a4d632 100644
--- a/web/projects/ui/src/app/routes/portal/components/interfaces/gateways.component.ts
+++ b/web/projects/ui/src/app/routes/portal/components/interfaces/gateways.component.ts
@@ -83,32 +83,8 @@ export class InterfaceGatewaysComponent {
 
   readonly gateways = input.required<InterfaceGateway[] | undefined>()
 
-  async onToggle(gateway: InterfaceGateway) {
-    const addressInfo = this.interface.value()!.addressInfo
-    const pkgId = this.interface.packageId()
-
-    const loader = this.loader.open().subscribe()
-
-    try {
-      if (pkgId) {
-        await this.api.pkgBindingToggleGateway({
-          gateway: gateway.id,
-          enabled: !gateway.enabled,
-          internalPort: addressInfo.internalPort,
-          host: addressInfo.hostId,
-          package: pkgId,
-        })
-      } else {
-        await this.api.serverBindingToggleGateway({
-          gateway: gateway.id,
-          enabled: !gateway.enabled,
-          internalPort: 80,
-        })
-      }
-    } catch (e: any) {
-      this.errorService.handleError(e)
-    } finally {
-      loader.unsubscribe()
-    }
+  async onToggle(_gateway: InterfaceGateway) {
+    // TODO: Replace with per-address toggle UI (Section 6 frontend overhaul).
+    // Gateway-level toggle replaced by set-address-enabled RPC.
   }
 }
diff --git a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
index 21bc013b7..6e05c02d9 100644
--- a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
+++ b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
@@ -252,18 +252,23 @@ export class InterfaceService {
     serviceInterface: T.ServiceInterface,
     host: T.Host,
   ): T.HostnameInfo[] {
-    let hostnameInfo =
-      host.hostnameInfo[serviceInterface.addressInfo.internalPort]
-    return (
-      hostnameInfo?.filter(
-        h =>
-          this.config.accessType === 'localhost' ||
-          !(
-            (h.hostname.kind === 'ipv6' &&
-              utils.IPV6_LINK_LOCAL.contains(h.hostname.value)) ||
-              h.gateway.id === 'lo'
-          ),
-      ) || []
+    const binding =
+      host.bindings[serviceInterface.addressInfo.internalPort]
+    if (!binding) return []
+    const addr = binding.addresses
+    const enabled = addr.possible.filter(h =>
+      h.public
+        ? addr.publicEnabled.some(e => utils.deepEqual(e, h))
+        : !addr.privateDisabled.some(d => utils.deepEqual(d, h)),
+    )
+    return enabled.filter(
+      h =>
+        this.config.accessType === 'localhost' ||
+        !(
+          (h.hostname.kind === 'ipv6' &&
+            utils.IPV6_LINK_LOCAL.contains(h.hostname.value)) ||
+            h.gateway.id === 'lo'
+        ),
     )
   }
 
diff --git a/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts b/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts
index 0fa1b4766..03ec3d3ee 100644
--- a/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts
@@ -135,8 +135,8 @@ export default class ServiceInterfaceRoute {
         gateways.map(g => ({
           enabled:
             (g.public
-              ? binding?.net.publicEnabled.includes(g.id)
-              : !binding?.net.privateDisabled.includes(g.id)) ?? false,
+              ? binding?.addresses.publicEnabled.some(a => a.gateway.id === g.id)
+              : !binding?.addresses.privateDisabled.some(a => a.gateway.id === g.id)) ?? false,
           ...g,
         })) || [],
       publicDomains: getPublicDomains(host.publicDomains, gateways),
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts
index 08ba78d94..6d2246f98 100644
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts
@@ -96,8 +96,8 @@ export default class StartOsUiComponent {
       gateways: gateways.map(g => ({
         enabled:
           (g.public
-            ? binding?.net.publicEnabled.includes(g.id)
-            : !binding?.net.privateDisabled.includes(g.id)) ?? false,
+            ? binding?.addresses.publicEnabled.some(a => a.gateway.id === g.id)
+            : !binding?.addresses.privateDisabled.some(a => a.gateway.id === g.id)) ?? false,
         ...g,
       })),
       publicDomains: getPublicDomains(network.host.publicDomains, gateways),
diff --git a/web/projects/ui/src/app/services/api/api.fixures.ts b/web/projects/ui/src/app/services/api/api.fixures.ts
index a5280f5f4..06f482e99 100644
--- a/web/projects/ui/src/app/services/api/api.fixures.ts
+++ b/web/projects/ui/src/app/services/api/api.fixures.ts
@@ -2126,8 +2126,74 @@ export namespace Mock {
             net: {
               assignedPort: 80,
               assignedSslPort: 443,
-              publicEnabled: [],
+            },
+            addresses: {
               privateDisabled: [],
+              publicEnabled: [],
+              possible: [
+                {
+                  gateway: { id: 'eth0', name: 'Ethernet', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'local',
+                    value: 'adjective-noun.local',
+                    port: null,
+                    sslPort: 1234,
+                  },
+                },
+                {
+                  gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'local',
+                    value: 'adjective-noun.local',
+                    port: null,
+                    sslPort: 1234,
+                  },
+                },
+                {
+                  gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'ipv4',
+                    value: '192.168.10.11',
+                    port: null,
+                    sslPort: 1234,
+                  },
+                },
+                {
+                  gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'ipv4',
+                    value: '10.0.0.2',
+                    port: null,
+                    sslPort: 1234,
+                  },
+                },
+                {
+                  gateway: { id: 'eth0', name: 'Ethernet', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'ipv6',
+                    value: '[fe80:cd00:0000:0cde:1257:0000:211e:72cd]',
+                    scopeId: 2,
+                    port: null,
+                    sslPort: 1234,
+                  },
+                },
+                {
+                  gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'ipv6',
+                    value: '[fe80:cd00:0000:0cde:1257:0000:211e:1234]',
+                    scopeId: 3,
+                    port: null,
+                    sslPort: 1234,
+                  },
+                },
+              ],
             },
             options: {
               addSsl: null,
@@ -2138,78 +2204,6 @@ export namespace Mock {
         },
         publicDomains: {},
         privateDomains: [],
-        hostnameInfo: {
-          80: [
-            {
-              kind: 'ip',
-              gateway: { id: 'eth0', name: 'Ethernet', public: false },
-              public: false,
-              hostname: {
-                kind: 'local',
-                value: 'adjective-noun.local',
-                port: null,
-                sslPort: 1234,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'wlan0', name: 'Wireless', public: false },
-              public: false,
-              hostname: {
-                kind: 'local',
-                value: 'adjective-noun.local',
-                port: null,
-                sslPort: 1234,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'wlan0', name: 'Wireless', public: false },
-              public: false,
-              hostname: {
-                kind: 'ipv4',
-                value: '192.168.10.11',
-                port: null,
-                sslPort: 1234,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'wlan0', name: 'Wireless', public: false },
-              public: false,
-              hostname: {
-                kind: 'ipv4',
-                value: '10.0.0.2',
-                port: null,
-                sslPort: 1234,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'eth0', name: 'Ethernet', public: false },
-              public: false,
-              hostname: {
-                kind: 'ipv6',
-                value: '[fe80:cd00:0000:0cde:1257:0000:211e:72cd]',
-                scopeId: 2,
-                port: null,
-                sslPort: 1234,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'wlan0', name: 'Wireless', public: false },
-              public: false,
-              hostname: {
-                kind: 'ipv6',
-                value: '[fe80:cd00:0000:0cde:1257:0000:211e:1234]',
-                scopeId: 3,
-                port: null,
-                sslPort: 1234,
-              },
-            },
-          ],
-        },
       },
       bcdefgh: {
         bindings: {
@@ -2218,8 +2212,11 @@ export namespace Mock {
             net: {
               assignedPort: 8332,
               assignedSslPort: null,
-              publicEnabled: [],
+            },
+            addresses: {
               privateDisabled: [],
+              publicEnabled: [],
+              possible: [],
             },
             options: {
               addSsl: null,
@@ -2230,9 +2227,6 @@ export namespace Mock {
         },
         publicDomains: {},
         privateDomains: [],
-        hostnameInfo: {
-          8332: [],
-        },
       },
       cdefghi: {
         bindings: {
@@ -2241,8 +2235,11 @@ export namespace Mock {
             net: {
               assignedPort: 8333,
               assignedSslPort: null,
-              publicEnabled: [],
+            },
+            addresses: {
               privateDisabled: [],
+              publicEnabled: [],
+              possible: [],
             },
             options: {
               addSsl: null,
@@ -2253,9 +2250,6 @@ export namespace Mock {
         },
         publicDomains: {},
         privateDomains: [],
-        hostnameInfo: {
-          8333: [],
-        },
       },
     },
     storeExposedDependents: [],
diff --git a/web/projects/ui/src/app/services/api/api.types.ts b/web/projects/ui/src/app/services/api/api.types.ts
index 85abac31a..73d42ee68 100644
--- a/web/projects/ui/src/app/services/api/api.types.ts
+++ b/web/projects/ui/src/app/services/api/api.types.ts
@@ -281,13 +281,13 @@ export namespace RR {
   }
   export type RemoveAcmeRes = null
 
-  export type ServerBindingToggleGatewayReq = {
-    // server.host.binding.set-gateway-enabled
-    gateway: T.GatewayId
+  export type ServerBindingSetAddressEnabledReq = {
+    // server.host.binding.set-address-enabled
     internalPort: 80
-    enabled: boolean
+    address: string // JSON-serialized HostnameInfo
+    enabled: boolean | null // null = reset to default
   }
-  export type ServerBindingToggleGatewayRes = null
+  export type ServerBindingSetAddressEnabledRes = null
 
   export type OsUiAddPublicDomainReq = {
     // server.host.address.domain.public.add
@@ -315,16 +315,16 @@ export namespace RR {
   }
   export type OsUiRemovePrivateDomainRes = null
 
-  export type PkgBindingToggleGatewayReq = Omit<
-    ServerBindingToggleGatewayReq,
+  export type PkgBindingSetAddressEnabledReq = Omit<
+    ServerBindingSetAddressEnabledReq,
     'internalPort'
   > & {
-    // package.host.binding.set-gateway-enabled
+    // package.host.binding.set-address-enabled
     internalPort: number
     package: T.PackageId // string
     host: T.HostId // string
   }
-  export type PkgBindingToggleGatewayRes = null
+  export type PkgBindingSetAddressEnabledRes = null
 
   export type PkgAddPublicDomainReq = OsUiAddPublicDomainReq & {
     // package.host.address.domain.public.add
diff --git a/web/projects/ui/src/app/services/api/embassy-api.service.ts b/web/projects/ui/src/app/services/api/embassy-api.service.ts
index c55dc8441..ee79644f8 100644
--- a/web/projects/ui/src/app/services/api/embassy-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-api.service.ts
@@ -336,9 +336,9 @@ export abstract class ApiService {
 
   abstract removeAcme(params: RR.RemoveAcmeReq): Promise<RR.RemoveAcmeRes>
 
-  abstract serverBindingToggleGateway(
-    params: RR.ServerBindingToggleGatewayReq,
-  ): Promise<RR.ServerBindingToggleGatewayRes>
+  abstract serverBindingSetAddressEnabled(
+    params: RR.ServerBindingSetAddressEnabledReq,
+  ): Promise<RR.ServerBindingSetAddressEnabledRes>
 
   abstract osUiAddPublicDomain(
     params: RR.OsUiAddPublicDomainReq,
@@ -356,9 +356,9 @@ export abstract class ApiService {
     params: RR.OsUiRemovePrivateDomainReq,
   ): Promise<RR.OsUiRemovePrivateDomainRes>
 
-  abstract pkgBindingToggleGateway(
-    params: RR.PkgBindingToggleGatewayReq,
-  ): Promise<RR.PkgBindingToggleGatewayRes>
+  abstract pkgBindingSetAddressEnabled(
+    params: RR.PkgBindingSetAddressEnabledReq,
+  ): Promise<RR.PkgBindingSetAddressEnabledRes>
 
   abstract pkgAddPublicDomain(
     params: RR.PkgAddPublicDomainReq,
diff --git a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
index 00524e2ef..ad7085c40 100644
--- a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
@@ -607,11 +607,11 @@ export class LiveApiService extends ApiService {
     })
   }
 
-  async serverBindingToggleGateway(
-    params: RR.ServerBindingToggleGatewayReq,
-  ): Promise<RR.ServerBindingToggleGatewayRes> {
+  async serverBindingSetAddressEnabled(
+    params: RR.ServerBindingSetAddressEnabledReq,
+  ): Promise<RR.ServerBindingSetAddressEnabledRes> {
     return this.rpcRequest({
-      method: 'server.host.binding.set-gateway-enabled',
+      method: 'server.host.binding.set-address-enabled',
       params,
     })
   }
@@ -652,11 +652,11 @@ export class LiveApiService extends ApiService {
     })
   }
 
-  async pkgBindingToggleGateway(
-    params: RR.PkgBindingToggleGatewayReq,
-  ): Promise<RR.PkgBindingToggleGatewayRes> {
+  async pkgBindingSetAddressEnabled(
+    params: RR.PkgBindingSetAddressEnabledReq,
+  ): Promise<RR.PkgBindingSetAddressEnabledRes> {
     return this.rpcRequest({
-      method: 'package.host.binding.set-gateway-enabled',
+      method: 'package.host.binding.set-address-enabled',
       params,
     })
   }
diff --git a/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts b/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
index e91a732e5..3c3e7a1d7 100644
--- a/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
@@ -1348,20 +1348,12 @@ export class MockApiService extends ApiService {
     return null
   }
 
-  async serverBindingToggleGateway(
-    params: RR.ServerBindingToggleGatewayReq,
-  ): Promise<RR.ServerBindingToggleGatewayRes> {
+  async serverBindingSetAddressEnabled(
+    params: RR.ServerBindingSetAddressEnabledReq,
+  ): Promise<RR.ServerBindingSetAddressEnabledRes> {
     await pauseFor(2000)
 
-    const patch = [
-      {
-        op: PatchOp.REPLACE,
-        path: `/serverInfo/network/host/bindings/${params.internalPort}/net/publicEnabled`,
-        value: params.enabled ? [params.gateway] : [],
-      },
-    ]
-    this.mockRevision(patch)
-
+    // Mock: no-op since address enable/disable modifies DerivedAddressInfo sets
     return null
   }
 
@@ -1380,10 +1372,9 @@ export class MockApiService extends ApiService {
       },
       {
         op: PatchOp.ADD,
-        path: `/serverInfo/host/hostnameInfo/80/0`,
+        path: `/serverInfo/network/host/bindings/80/addresses/possible/0`,
         value: {
-          kind: 'ip',
-          gatewayId: 'eth0',
+          gateway: { id: 'eth0', name: 'Ethernet', public: false },
           public: true,
           hostname: {
             kind: 'domain',
@@ -1412,7 +1403,7 @@ export class MockApiService extends ApiService {
       },
       {
         op: PatchOp.REMOVE,
-        path: `/serverInfo/host/hostnameInfo/80/0`,
+        path: `/serverInfo/network/host/bindings/80/addresses/possible/0`,
       },
     ]
     this.mockRevision(patch)
@@ -1433,10 +1424,9 @@ export class MockApiService extends ApiService {
       },
       {
         op: PatchOp.ADD,
-        path: `/serverInfo/host/hostnameInfo/80/0`,
+        path: `/serverInfo/network/host/bindings/80/addresses/possible/0`,
         value: {
-          kind: 'ip',
-          gatewayId: 'eth0',
+          gateway: { id: 'eth0', name: 'Ethernet', public: false },
           public: false,
           hostname: {
             kind: 'domain',
@@ -1466,7 +1456,7 @@ export class MockApiService extends ApiService {
       },
       {
         op: PatchOp.REMOVE,
-        path: `/serverInfo/host/hostnameInfo/80/0`,
+        path: `/serverInfo/network/host/bindings/80/addresses/possible/0`,
       },
     ]
     this.mockRevision(patch)
@@ -1474,20 +1464,12 @@ export class MockApiService extends ApiService {
     return null
   }
 
-  async pkgBindingToggleGateway(
-    params: RR.PkgBindingToggleGatewayReq,
-  ): Promise<RR.PkgBindingToggleGatewayRes> {
+  async pkgBindingSetAddressEnabled(
+    params: RR.PkgBindingSetAddressEnabledReq,
+  ): Promise<RR.PkgBindingSetAddressEnabledRes> {
     await pauseFor(2000)
 
-    const patch = [
-      {
-        op: PatchOp.REPLACE,
-        path: `/packageData/${params.package}/hosts/${params.host}/bindings/${params.internalPort}/net/privateDisabled`,
-        value: params.enabled ? [] : [params.gateway],
-      },
-    ]
-    this.mockRevision(patch)
-
+    // Mock: no-op since address enable/disable modifies DerivedAddressInfo sets
     return null
   }
 
@@ -1506,10 +1488,9 @@ export class MockApiService extends ApiService {
       },
       {
         op: PatchOp.ADD,
-        path: `/packageData/${params.package}/hosts/${params.host}/hostnameInfo/80/0`,
+        path: `/packageData/${params.package}/hosts/${params.host}/bindings/80/addresses/possible/0`,
         value: {
-          kind: 'ip',
-          gatewayId: 'eth0',
+          gateway: { id: 'eth0', name: 'Ethernet', public: false },
           public: true,
           hostname: {
             kind: 'domain',
@@ -1538,7 +1519,7 @@ export class MockApiService extends ApiService {
       },
       {
         op: PatchOp.REMOVE,
-        path: `/packageData/${params.package}/hosts/${params.host}/hostnameInfo/80/0`,
+        path: `/packageData/${params.package}/hosts/${params.host}/bindings/80/addresses/possible/0`,
       },
     ]
     this.mockRevision(patch)
@@ -1559,10 +1540,9 @@ export class MockApiService extends ApiService {
       },
       {
         op: PatchOp.ADD,
-        path: `/packageData/${params.package}/hosts/${params.host}/hostnameInfo/80/0`,
+        path: `/packageData/${params.package}/hosts/${params.host}/bindings/80/addresses/possible/0`,
         value: {
-          kind: 'ip',
-          gatewayId: 'eth0',
+          gateway: { id: 'eth0', name: 'Ethernet', public: false },
           public: false,
           hostname: {
             kind: 'domain',
@@ -1592,7 +1572,7 @@ export class MockApiService extends ApiService {
       },
       {
         op: PatchOp.REMOVE,
-        path: `/packageData/${params.package}/hosts/${params.host}/hostnameInfo/80/0`,
+        path: `/packageData/${params.package}/hosts/${params.host}/bindings/80/addresses/possible/0`,
       },
     ]
     this.mockRevision(patch)
diff --git a/web/projects/ui/src/app/services/api/mock-patch.ts b/web/projects/ui/src/app/services/api/mock-patch.ts
index 6effc3827..c1d0c793a 100644
--- a/web/projects/ui/src/app/services/api/mock-patch.ts
+++ b/web/projects/ui/src/app/services/api/mock-patch.ts
@@ -38,8 +38,74 @@ export const mockPatchData: DataModel = {
             net: {
               assignedPort: null,
               assignedSslPort: 443,
-              publicEnabled: [],
+            },
+            addresses: {
               privateDisabled: [],
+              publicEnabled: [],
+              possible: [
+                {
+                  gateway: { id: 'eth0', name: 'Ethernet', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'local',
+                    value: 'adjective-noun.local',
+                    port: null,
+                    sslPort: 443,
+                  },
+                },
+                {
+                  gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'local',
+                    value: 'adjective-noun.local',
+                    port: null,
+                    sslPort: 443,
+                  },
+                },
+                {
+                  gateway: { id: 'eth0', name: 'Ethernet', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'ipv4',
+                    value: '10.0.0.1',
+                    port: null,
+                    sslPort: 443,
+                  },
+                },
+                {
+                  gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'ipv4',
+                    value: '10.0.0.2',
+                    port: null,
+                    sslPort: 443,
+                  },
+                },
+                {
+                  gateway: { id: 'eth0', name: 'Ethernet', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'ipv6',
+                    value: 'fe80::cd00:0000:0cde:1257:0000:211e:72cd',
+                    scopeId: 2,
+                    port: null,
+                    sslPort: 443,
+                  },
+                },
+                {
+                  gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                  public: false,
+                  hostname: {
+                    kind: 'ipv6',
+                    value: 'fe80::cd00:0000:0cde:1257:0000:211e:1234',
+                    scopeId: 3,
+                    port: null,
+                    sslPort: 443,
+                  },
+                },
+              ],
             },
             options: {
               preferredExternalPort: 80,
@@ -54,78 +120,6 @@ export const mockPatchData: DataModel = {
         },
         publicDomains: {},
         privateDomains: [],
-        hostnameInfo: {
-          80: [
-            {
-              kind: 'ip',
-              gateway: { id: 'eth0', name: 'Ethernet', public: false },
-              public: false,
-              hostname: {
-                kind: 'local',
-                value: 'adjective-noun.local',
-                port: null,
-                sslPort: 443,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'wlan0', name: 'Wireless', public: false },
-              public: false,
-              hostname: {
-                kind: 'local',
-                value: 'adjective-noun.local',
-                port: null,
-                sslPort: 443,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'eth0', name: 'Ethernet', public: false },
-              public: false,
-              hostname: {
-                kind: 'ipv4',
-                value: '10.0.0.1',
-                port: null,
-                sslPort: 443,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'wlan0', name: 'Wireless', public: false },
-              public: false,
-              hostname: {
-                kind: 'ipv4',
-                value: '10.0.0.2',
-                port: null,
-                sslPort: 443,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'eth0', name: 'Ethernet', public: false },
-              public: false,
-              hostname: {
-                kind: 'ipv6',
-                value: 'fe80::cd00:0000:0cde:1257:0000:211e:72cd',
-                scopeId: 2,
-                port: null,
-                sslPort: 443,
-              },
-            },
-            {
-              kind: 'ip',
-              gateway: { id: 'wlan0', name: 'Wireless', public: false },
-              public: false,
-              hostname: {
-                kind: 'ipv6',
-                value: 'fe80::cd00:0000:0cde:1257:0000:211e:1234',
-                scopeId: 3,
-                port: null,
-                sslPort: 443,
-              },
-            },
-          ],
-        },
       },
       gateways: {
         eth0: {
@@ -503,8 +497,74 @@ export const mockPatchData: DataModel = {
               net: {
                 assignedPort: 80,
                 assignedSslPort: 443,
-                publicEnabled: [],
+              },
+              addresses: {
                 privateDisabled: [],
+                publicEnabled: [],
+                possible: [
+                  {
+                    gateway: { id: 'eth0', name: 'Ethernet', public: false },
+                    public: false,
+                    hostname: {
+                      kind: 'local',
+                      value: 'adjective-noun.local',
+                      port: null,
+                      sslPort: 1234,
+                    },
+                  },
+                  {
+                    gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                    public: false,
+                    hostname: {
+                      kind: 'local',
+                      value: 'adjective-noun.local',
+                      port: null,
+                      sslPort: 1234,
+                    },
+                  },
+                  {
+                    gateway: { id: 'eth0', name: 'Ethernet', public: false },
+                    public: false,
+                    hostname: {
+                      kind: 'ipv4',
+                      value: '10.0.0.1',
+                      port: null,
+                      sslPort: 1234,
+                    },
+                  },
+                  {
+                    gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                    public: false,
+                    hostname: {
+                      kind: 'ipv4',
+                      value: '10.0.0.2',
+                      port: null,
+                      sslPort: 1234,
+                    },
+                  },
+                  {
+                    gateway: { id: 'eth0', name: 'Ethernet', public: false },
+                    public: false,
+                    hostname: {
+                      kind: 'ipv6',
+                      value: 'fe80::cd00:0000:0cde:1257:0000:211e:72cd',
+                      scopeId: 2,
+                      port: null,
+                      sslPort: 1234,
+                    },
+                  },
+                  {
+                    gateway: { id: 'wlan0', name: 'Wireless', public: false },
+                    public: false,
+                    hostname: {
+                      kind: 'ipv6',
+                      value: 'fe80::cd00:0000:0cde:1257:0000:211e:1234',
+                      scopeId: 3,
+                      port: null,
+                      sslPort: 1234,
+                    },
+                  },
+                ],
               },
               options: {
                 addSsl: null,
@@ -515,78 +575,6 @@ export const mockPatchData: DataModel = {
           },
           publicDomains: {},
           privateDomains: [],
-          hostnameInfo: {
-            80: [
-              {
-                kind: 'ip',
-                gateway: { id: 'eth0', name: 'Ethernet', public: false },
-                public: false,
-                hostname: {
-                  kind: 'local',
-                  value: 'adjective-noun.local',
-                  port: null,
-                  sslPort: 1234,
-                },
-              },
-              {
-                kind: 'ip',
-                gateway: { id: 'wlan0', name: 'Wireless', public: false },
-                public: false,
-                hostname: {
-                  kind: 'local',
-                  value: 'adjective-noun.local',
-                  port: null,
-                  sslPort: 1234,
-                },
-              },
-              {
-                kind: 'ip',
-                gateway: { id: 'eth0', name: 'Ethernet', public: false },
-                public: false,
-                hostname: {
-                  kind: 'ipv4',
-                  value: '10.0.0.1',
-                  port: null,
-                  sslPort: 1234,
-                },
-              },
-              {
-                kind: 'ip',
-                gateway: { id: 'wlan0', name: 'Wireless', public: false },
-                public: false,
-                hostname: {
-                  kind: 'ipv4',
-                  value: '10.0.0.2',
-                  port: null,
-                  sslPort: 1234,
-                },
-              },
-              {
-                kind: 'ip',
-                gateway: { id: 'eth0', name: 'Ethernet', public: false },
-                public: false,
-                hostname: {
-                  kind: 'ipv6',
-                  value: 'fe80::cd00:0000:0cde:1257:0000:211e:72cd',
-                  scopeId: 2,
-                  port: null,
-                  sslPort: 1234,
-                },
-              },
-              {
-                kind: 'ip',
-                gateway: { id: 'wlan0', name: 'Wireless', public: false },
-                public: false,
-                hostname: {
-                  kind: 'ipv6',
-                  value: 'fe80::cd00:0000:0cde:1257:0000:211e:1234',
-                  scopeId: 3,
-                  port: null,
-                  sslPort: 1234,
-                },
-              },
-            ],
-          },
         },
         bcdefgh: {
           bindings: {
@@ -595,8 +583,11 @@ export const mockPatchData: DataModel = {
               net: {
                 assignedPort: 8332,
                 assignedSslPort: null,
-                publicEnabled: [],
+              },
+              addresses: {
                 privateDisabled: [],
+                publicEnabled: [],
+                possible: [],
               },
               options: {
                 addSsl: null,
@@ -607,9 +598,6 @@ export const mockPatchData: DataModel = {
           },
           publicDomains: {},
           privateDomains: [],
-          hostnameInfo: {
-            8332: [],
-          },
         },
         cdefghi: {
           bindings: {
@@ -618,8 +606,11 @@ export const mockPatchData: DataModel = {
               net: {
                 assignedPort: 8333,
                 assignedSslPort: null,
-                publicEnabled: [],
+              },
+              addresses: {
                 privateDisabled: [],
+                publicEnabled: [],
+                possible: [],
               },
               options: {
                 addSsl: null,
@@ -630,9 +621,6 @@ export const mockPatchData: DataModel = {
           },
           publicDomains: {},
           privateDomains: [],
-          hostnameInfo: {
-            8333: [],
-          },
         },
       },
       storeExposedDependents: [],

From 2a54625f431cc49d5675914669c985dc3ac57ada Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Wed, 11 Feb 2026 18:10:27 -0700
Subject: [PATCH 10/17] feat: replace InterfaceFilter with ForwardRequirements,
 add WildcardListener, complete alpha.20 bump

- Replace DynInterfaceFilter with ForwardRequirements for per-IP forward
  precision with source-subnet iptables filtering for private forwards
- Add WildcardListener (binds [::]:port) to replace the per-gateway
  NetworkInterfaceListener/SelfContainedNetworkInterfaceListener/
  UpgradableListener infrastructure
- Update forward-port script with src_subnet and excluded_src env vars
- Remove unused filter types and listener infrastructure from gateway.rs
- Add availablePorts migration (IdPool -> BTreeMap<u16, bool>) to alpha.20
- Complete version bump to 0.4.0-alpha.20 in SDK and web
---
 build/lib/scripts/forward-port      |  22 +-
 core/src/bins/start_init.rs         |   6 +-
 core/src/bins/startd.rs             |   6 +-
 core/src/bins/tunnel.rs             |   9 +-
 core/src/context/rpc.rs             |   6 +-
 core/src/context/setup.rs           |   6 +-
 core/src/init.rs                    |   6 +-
 core/src/net/forward.rs             | 206 ++++++----
 core/src/net/gateway.rs             | 566 ++++------------------------
 core/src/net/host/binding.rs        |  34 +-
 core/src/net/net_controller.rs      | 401 +++++++++-----------
 core/src/net/vhost.rs               | 248 ++++++++++--
 core/src/net/web_server.rs          |  22 --
 core/src/tunnel/api.rs              |   2 +-
 core/src/tunnel/context.rs          |   2 +-
 core/src/version/v0_4_0_alpha_20.rs |  60 +++
 sdk/package/lib/StartSdk.ts         |   2 +-
 web/package-lock.json               |   4 +-
 web/package.json                    |   2 +-
 19 files changed, 714 insertions(+), 896 deletions(-)

diff --git a/build/lib/scripts/forward-port b/build/lib/scripts/forward-port
index 705c1e6a7..31f42a39e 100755
--- a/build/lib/scripts/forward-port
+++ b/build/lib/scripts/forward-port
@@ -5,7 +5,7 @@ if [ -z "$sip" ] || [ -z "$dip" ] || [ -z "$dprefix" ] || [ -z "$sport" ] || [ -
     exit 1
 fi
 
-NAME="F$(echo "$sip:$sport -> $dip/$dprefix:$dport" | sha256sum | head -c 15)"
+NAME="F$(echo "$sip:$sport -> $dip/$dprefix:$dport ${src_subnet:-any} ${excluded_src:-none}" | sha256sum | head -c 15)"
 
 for kind in INPUT FORWARD ACCEPT; do
     if ! iptables -C $kind -j "${NAME}_${kind}" 2> /dev/null; then
@@ -36,8 +36,22 @@ if [ "$UNDO" = 1 ]; then
 fi
 
 # DNAT: rewrite destination for incoming packets (external traffic)
-iptables -t nat -A ${NAME}_PREROUTING -d "$sip" -p tcp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
-iptables -t nat -A ${NAME}_PREROUTING -d "$sip" -p udp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
+# When src_subnet is set, only forward traffic from that subnet (private forwards)
+# excluded_src: comma-separated gateway/router IPs to reject (they may masquerade internet traffic)
+if [ -n "$src_subnet" ]; then
+    if [ -n "$excluded_src" ]; then
+        IFS=',' read -ra EXCLUDED <<< "$excluded_src"
+        for excl in "${EXCLUDED[@]}"; do
+            iptables -t nat -A ${NAME}_PREROUTING -s "$excl" -d "$sip" -p tcp --dport "$sport" -j RETURN
+            iptables -t nat -A ${NAME}_PREROUTING -s "$excl" -d "$sip" -p udp --dport "$sport" -j RETURN
+        done
+    fi
+    iptables -t nat -A ${NAME}_PREROUTING -s "$src_subnet" -d "$sip" -p tcp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
+    iptables -t nat -A ${NAME}_PREROUTING -s "$src_subnet" -d "$sip" -p udp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
+else
+    iptables -t nat -A ${NAME}_PREROUTING -d "$sip" -p tcp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
+    iptables -t nat -A ${NAME}_PREROUTING -d "$sip" -p udp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
+fi
 
 # DNAT: rewrite destination for locally-originated packets (hairpin from host itself)
 iptables -t nat -A ${NAME}_OUTPUT -d "$sip" -p tcp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
@@ -52,4 +66,4 @@ iptables -t nat -A ${NAME}_POSTROUTING -d "$dip" -p udp --dport "$dport" -j MASQ
 iptables -A ${NAME}_FORWARD -d $dip -p tcp --dport $dport -m state --state NEW -j ACCEPT
 iptables -A ${NAME}_FORWARD -d $dip -p udp --dport $dport -m state --state NEW -j ACCEPT
 
-exit $err
\ No newline at end of file
+exit $err
diff --git a/core/src/bins/start_init.rs b/core/src/bins/start_init.rs
index 48e65f5af..5c53a6e0c 100644
--- a/core/src/bins/start_init.rs
+++ b/core/src/bins/start_init.rs
@@ -9,7 +9,7 @@ use crate::disk::fsck::RepairStrategy;
 use crate::disk::main::DEFAULT_PASSWORD;
 use crate::firmware::{check_for_firmware_update, update_firmware};
 use crate::init::{InitPhases, STANDBY_MODE_PATH};
-use crate::net::gateway::UpgradableListener;
+use crate::net::gateway::WildcardListener;
 use crate::net::web_server::WebServer;
 use crate::prelude::*;
 use crate::progress::FullProgressTracker;
@@ -19,7 +19,7 @@ use crate::{DATA_DIR, PLATFORM};
 
 #[instrument(skip_all)]
 async fn setup_or_init(
-    server: &mut WebServer<UpgradableListener>,
+    server: &mut WebServer<WildcardListener>,
     config: &ServerConfig,
 ) -> Result<Result<(RpcContext, FullProgressTracker), Shutdown>, Error> {
     if let Some(firmware) = check_for_firmware_update()
@@ -204,7 +204,7 @@ async fn setup_or_init(
 
 #[instrument(skip_all)]
 pub async fn main(
-    server: &mut WebServer<UpgradableListener>,
+    server: &mut WebServer<WildcardListener>,
     config: &ServerConfig,
 ) -> Result<Result<(RpcContext, FullProgressTracker), Shutdown>, Error> {
     if &*PLATFORM == "raspberrypi" && tokio::fs::metadata(STANDBY_MODE_PATH).await.is_ok() {
diff --git a/core/src/bins/startd.rs b/core/src/bins/startd.rs
index f4a7784f4..b88f622e5 100644
--- a/core/src/bins/startd.rs
+++ b/core/src/bins/startd.rs
@@ -12,7 +12,7 @@ use tracing::instrument;
 use crate::context::config::ServerConfig;
 use crate::context::rpc::InitRpcContextPhases;
 use crate::context::{DiagnosticContext, InitContext, RpcContext};
-use crate::net::gateway::{BindTcp, SelfContainedNetworkInterfaceListener, UpgradableListener};
+use crate::net::gateway::WildcardListener;
 use crate::net::static_server::refresher;
 use crate::net::web_server::{Acceptor, WebServer};
 use crate::prelude::*;
@@ -23,7 +23,7 @@ use crate::util::logger::LOGGER;
 
 #[instrument(skip_all)]
 async fn inner_main(
-    server: &mut WebServer<UpgradableListener>,
+    server: &mut WebServer<WildcardListener>,
     config: &ServerConfig,
 ) -> Result<Option<Shutdown>, Error> {
     let rpc_ctx = if !tokio::fs::metadata("/run/startos/initialized")
@@ -148,7 +148,7 @@ pub fn main(args: impl IntoIterator<Item = OsString>) {
             .expect(&t!("bins.startd.failed-to-initialize-runtime"));
         let res = rt.block_on(async {
             let mut server = WebServer::new(
-                Acceptor::bind_upgradable(SelfContainedNetworkInterfaceListener::bind(BindTcp, 80)),
+                Acceptor::new(WildcardListener::new(80)?),
                 refresher(),
             );
             match inner_main(&mut server, &config).await {
diff --git a/core/src/bins/tunnel.rs b/core/src/bins/tunnel.rs
index 97fb818ea..57615c00c 100644
--- a/core/src/bins/tunnel.rs
+++ b/core/src/bins/tunnel.rs
@@ -13,7 +13,7 @@ use visit_rs::Visit;
 
 use crate::context::CliContext;
 use crate::context::config::ClientConfig;
-use crate::net::gateway::{Bind, BindTcp};
+use tokio::net::TcpListener;
 use crate::net::tls::TlsListener;
 use crate::net::web_server::{Accept, Acceptor, MetadataVisitor, WebServer};
 use crate::prelude::*;
@@ -57,7 +57,12 @@ async fn inner_main(config: &TunnelConfig) -> Result<(), Error> {
                             if !a.contains_key(&key) {
                                 match (|| {
                                     Ok::<_, Error>(TlsListener::new(
-                                        BindTcp.bind(addr)?,
+                                        TcpListener::from_std(
+                                            mio::net::TcpListener::bind(addr)
+                                                .with_kind(ErrorKind::Network)?
+                                                .into(),
+                                        )
+                                        .with_kind(ErrorKind::Network)?,
                                         TunnelCertHandler {
                                             db: https_db.clone(),
                                             crypto_provider: Arc::new(tokio_rustls::rustls::crypto::ring::default_provider()),
diff --git a/core/src/context/rpc.rs b/core/src/context/rpc.rs
index a59d60236..6350672f1 100644
--- a/core/src/context/rpc.rs
+++ b/core/src/context/rpc.rs
@@ -34,7 +34,7 @@ use crate::disk::mount::guard::MountGuard;
 use crate::init::{InitResult, check_time_is_synchronized};
 use crate::install::PKG_ARCHIVE_DIR;
 use crate::lxc::LxcManager;
-use crate::net::gateway::UpgradableListener;
+use crate::net::gateway::WildcardListener;
 use crate::net::net_controller::{NetController, NetService};
 use crate::net::socks::DEFAULT_SOCKS_LISTEN;
 use crate::net::utils::{find_eth_iface, find_wifi_iface};
@@ -132,7 +132,7 @@ pub struct RpcContext(Arc<RpcContextSeed>);
 impl RpcContext {
     #[instrument(skip_all)]
     pub async fn init(
-        webserver: &WebServerAcceptorSetter<UpgradableListener>,
+        webserver: &WebServerAcceptorSetter<WildcardListener>,
         config: &ServerConfig,
         disk_guid: InternedString,
         init_result: Option<InitResult>,
@@ -167,7 +167,7 @@ impl RpcContext {
         } else {
             let net_ctrl =
                 Arc::new(NetController::init(db.clone(), &account.hostname, socks_proxy).await?);
-            webserver.try_upgrade(|a| net_ctrl.net_iface.watcher.upgrade_listener(a))?;
+            webserver.send_modify(|wl| wl.set_ip_info(net_ctrl.net_iface.watcher.subscribe()));
             let os_net_service = net_ctrl.os_bindings().await?;
             (net_ctrl, os_net_service)
         };
diff --git a/core/src/context/setup.rs b/core/src/context/setup.rs
index bbfee9862..39a6b5fd3 100644
--- a/core/src/context/setup.rs
+++ b/core/src/context/setup.rs
@@ -20,7 +20,7 @@ use crate::context::RpcContext;
 use crate::context::config::ServerConfig;
 use crate::disk::mount::guard::{MountGuard, TmpMountGuard};
 use crate::hostname::Hostname;
-use crate::net::gateway::UpgradableListener;
+use crate::net::gateway::WildcardListener;
 use crate::net::web_server::{WebServer, WebServerAcceptorSetter};
 use crate::prelude::*;
 use crate::progress::FullProgressTracker;
@@ -51,7 +51,7 @@ pub struct SetupResult {
 }
 
 pub struct SetupContextSeed {
-    pub webserver: WebServerAcceptorSetter<UpgradableListener>,
+    pub webserver: WebServerAcceptorSetter<WildcardListener>,
     pub config: SyncMutex<ServerConfig>,
     pub disable_encryption: bool,
     pub progress: FullProgressTracker,
@@ -70,7 +70,7 @@ pub struct SetupContext(Arc<SetupContextSeed>);
 impl SetupContext {
     #[instrument(skip_all)]
     pub fn init(
-        webserver: &WebServer<UpgradableListener>,
+        webserver: &WebServer<WildcardListener>,
         config: ServerConfig,
     ) -> Result<Self, Error> {
         let (shutdown, _) = tokio::sync::broadcast::channel(1);
diff --git a/core/src/init.rs b/core/src/init.rs
index 39680015e..e9507ef49 100644
--- a/core/src/init.rs
+++ b/core/src/init.rs
@@ -20,7 +20,7 @@ use crate::db::model::public::ServerStatus;
 use crate::developer::OS_DEVELOPER_KEY_PATH;
 use crate::hostname::Hostname;
 use crate::middleware::auth::local::LocalAuthContext;
-use crate::net::gateway::UpgradableListener;
+use crate::net::gateway::WildcardListener;
 use crate::net::net_controller::{NetController, NetService};
 use crate::net::socks::DEFAULT_SOCKS_LISTEN;
 use crate::net::utils::find_wifi_iface;
@@ -144,7 +144,7 @@ pub async fn run_script<P: AsRef<Path>>(path: P, mut progress: PhaseProgressTrac
 
 #[instrument(skip_all)]
 pub async fn init(
-    webserver: &WebServerAcceptorSetter<UpgradableListener>,
+    webserver: &WebServerAcceptorSetter<WildcardListener>,
     cfg: &ServerConfig,
     InitPhases {
         preinit,
@@ -218,7 +218,7 @@ pub async fn init(
         )
         .await?,
     );
-    webserver.try_upgrade(|a| net_ctrl.net_iface.watcher.upgrade_listener(a))?;
+    webserver.send_modify(|wl| wl.set_ip_info(net_ctrl.net_iface.watcher.subscribe()));
     let os_net_service = net_ctrl.os_bindings().await?;
     start_net.complete();
 
diff --git a/core/src/net/forward.rs b/core/src/net/forward.rs
index 7cf5e7985..b9fe30a37 100644
--- a/core/src/net/forward.rs
+++ b/core/src/net/forward.rs
@@ -15,7 +15,6 @@ use tokio::sync::mpsc;
 use crate::GatewayId;
 use crate::context::{CliContext, RpcContext};
 use crate::db::model::public::NetworkInterfaceInfo;
-use crate::net::gateway::{DynInterfaceFilter, InterfaceFilter};
 use crate::prelude::*;
 use crate::util::Invoke;
 use crate::util::future::NonDetachingJoinHandle;
@@ -31,6 +30,33 @@ fn is_restricted(port: u16) -> bool {
     port <= 1024 || RESTRICTED_PORTS.contains(&port)
 }
 
+#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
+pub struct ForwardRequirements {
+    pub public_gateways: BTreeSet<GatewayId>,
+    pub private_ips: BTreeSet<IpAddr>,
+    pub secure: bool,
+}
+
+impl std::fmt::Display for ForwardRequirements {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(
+            f,
+            "ForwardRequirements {{ public: {:?}, private: {:?}, secure: {} }}",
+            self.public_gateways, self.private_ips, self.secure
+        )
+    }
+}
+
+/// Source-IP filter for private forwards: restricts traffic to a subnet
+/// while excluding gateway/router IPs that may masquerade internet traffic.
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub(crate) struct SourceFilter {
+    /// Network CIDR to allow (e.g. "192.168.1.0/24")
+    subnet: String,
+    /// Comma-separated gateway IPs to exclude (they may masquerade internet traffic)
+    excluded: String,
+}
+
 #[derive(Debug, Deserialize, Serialize)]
 pub struct AvailablePorts(BTreeMap<u16, bool>);
 impl AvailablePorts {
@@ -85,10 +111,10 @@ pub fn forward_api<C: Context>() -> ParentHandler<C> {
             }
 
             let mut table = Table::new();
-            table.add_row(row![bc => "FROM", "TO", "FILTER"]);
+            table.add_row(row![bc => "FROM", "TO", "REQS"]);
 
             for (external, target) in res.0 {
-                table.add_row(row![external, target.target, target.filter]);
+                table.add_row(row![external, target.target, target.reqs]);
             }
 
             table.print_tty(false)?;
@@ -103,6 +129,7 @@ struct ForwardMapping {
     source: SocketAddrV4,
     target: SocketAddrV4,
     target_prefix: u8,
+    src_filter: Option<SourceFilter>,
     rc: Weak<()>,
 }
 
@@ -117,9 +144,10 @@ impl PortForwardState {
         source: SocketAddrV4,
         target: SocketAddrV4,
         target_prefix: u8,
+        src_filter: Option<SourceFilter>,
     ) -> Result<Arc<()>, Error> {
         if let Some(existing) = self.mappings.get_mut(&source) {
-            if existing.target == target {
+            if existing.target == target && existing.src_filter == src_filter {
                 if let Some(existing_rc) = existing.rc.upgrade() {
                     return Ok(existing_rc);
                 } else {
@@ -128,21 +156,28 @@ impl PortForwardState {
                     return Ok(rc);
                 }
             } else {
-                // Different target, need to remove old and add new
+                // Different target or src_filter, need to remove old and add new
                 if let Some(mapping) = self.mappings.remove(&source) {
-                    unforward(mapping.source, mapping.target, mapping.target_prefix).await?;
+                    unforward(
+                        mapping.source,
+                        mapping.target,
+                        mapping.target_prefix,
+                        mapping.src_filter.as_ref(),
+                    )
+                    .await?;
                 }
             }
         }
 
         let rc = Arc::new(());
-        forward(source, target, target_prefix).await?;
+        forward(source, target, target_prefix, src_filter.as_ref()).await?;
         self.mappings.insert(
             source,
             ForwardMapping {
                 source,
                 target,
                 target_prefix,
+                src_filter,
                 rc: Arc::downgrade(&rc),
             },
         );
@@ -160,7 +195,13 @@ impl PortForwardState {
 
         for source in to_remove {
             if let Some(mapping) = self.mappings.remove(&source) {
-                unforward(mapping.source, mapping.target, mapping.target_prefix).await?;
+                unforward(
+                    mapping.source,
+                    mapping.target,
+                    mapping.target_prefix,
+                    mapping.src_filter.as_ref(),
+                )
+                .await?;
             }
         }
         Ok(())
@@ -181,9 +222,14 @@ impl Drop for PortForwardState {
             let mappings = std::mem::take(&mut self.mappings);
             tokio::spawn(async move {
                 for (_, mapping) in mappings {
-                    unforward(mapping.source, mapping.target, mapping.target_prefix)
-                        .await
-                        .log_err();
+                    unforward(
+                        mapping.source,
+                        mapping.target,
+                        mapping.target_prefix,
+                        mapping.src_filter.as_ref(),
+                    )
+                    .await
+                    .log_err();
                 }
             });
         }
@@ -195,6 +241,7 @@ enum PortForwardCommand {
         source: SocketAddrV4,
         target: SocketAddrV4,
         target_prefix: u8,
+        src_filter: Option<SourceFilter>,
         respond: oneshot::Sender<Result<Arc<()>, Error>>,
     },
     Gc {
@@ -281,9 +328,12 @@ impl PortForwardController {
                         source,
                         target,
                         target_prefix,
+                        src_filter,
                         respond,
                     } => {
-                        let result = state.add_forward(source, target, target_prefix).await;
+                        let result = state
+                            .add_forward(source, target, target_prefix, src_filter)
+                            .await;
                         respond.send(result).ok();
                     }
                     PortForwardCommand::Gc { respond } => {
@@ -308,6 +358,7 @@ impl PortForwardController {
         source: SocketAddrV4,
         target: SocketAddrV4,
         target_prefix: u8,
+        src_filter: Option<SourceFilter>,
     ) -> Result<Arc<()>, Error> {
         let (send, recv) = oneshot::channel();
         self.req
@@ -315,6 +366,7 @@ impl PortForwardController {
                 source,
                 target,
                 target_prefix,
+                src_filter,
                 respond: send,
             })
             .map_err(err_has_exited)?;
@@ -345,14 +397,14 @@ struct InterfaceForwardRequest {
     external: u16,
     target: SocketAddrV4,
     target_prefix: u8,
-    filter: DynInterfaceFilter,
+    reqs: ForwardRequirements,
     rc: Arc<()>,
 }
 
 #[derive(Clone)]
 struct InterfaceForwardEntry {
     external: u16,
-    filter: BTreeMap<DynInterfaceFilter, (SocketAddrV4, u8, Weak<()>)>,
+    targets: BTreeMap<ForwardRequirements, (SocketAddrV4, u8, Weak<()>)>,
     // Maps source SocketAddr -> strong reference for the forward created in PortForwardController
     forwards: BTreeMap<SocketAddrV4, Arc<()>>,
 }
@@ -370,7 +422,7 @@ impl InterfaceForwardEntry {
     fn new(external: u16) -> Self {
         Self {
             external,
-            filter: BTreeMap::new(),
+            targets: BTreeMap::new(),
             forwards: BTreeMap::new(),
         }
     }
@@ -382,28 +434,50 @@ impl InterfaceForwardEntry {
     ) -> Result<(), Error> {
         let mut keep = BTreeSet::<SocketAddrV4>::new();
 
-        for (iface, info) in ip_info.iter() {
-            if let Some((target, target_prefix)) = self
-                .filter
-                .iter()
-                .filter(|(_, (_, _, rc))| rc.strong_count() > 0)
-                .find(|(filter, _)| filter.filter(iface, info))
-                .map(|(_, (target, target_prefix, _))| (*target, *target_prefix))
-            {
-                if let Some(ip_info) = &info.ip_info {
-                    for addr in ip_info.subnets.iter().filter_map(|net| {
-                        if let IpAddr::V4(ip) = net.addr() {
-                            Some(SocketAddrV4::new(ip, self.external))
-                        } else {
-                            None
+        for (gw_id, info) in ip_info.iter() {
+            if let Some(ip_info) = &info.ip_info {
+                for subnet in ip_info.subnets.iter() {
+                    if let IpAddr::V4(ip) = subnet.addr() {
+                        let addr = SocketAddrV4::new(ip, self.external);
+                        if keep.contains(&addr) {
+                            continue;
                         }
-                    }) {
-                        keep.insert(addr);
-                        if !self.forwards.contains_key(&addr) {
-                            let rc = port_forward
-                                .add_forward(addr, target, target_prefix)
+
+                        for (reqs, (target, target_prefix, rc)) in self.targets.iter() {
+                            if rc.strong_count() == 0 {
+                                continue;
+                            }
+                            if !reqs.secure && !info.secure() {
+                                continue;
+                            }
+
+                            let src_filter =
+                                if reqs.public_gateways.contains(gw_id) {
+                                    None
+                                } else if reqs.private_ips.contains(&IpAddr::V4(ip)) {
+                                    let excluded = ip_info
+                                        .lan_ip
+                                        .iter()
+                                        .filter_map(|ip| match ip {
+                                            IpAddr::V4(v4) => Some(v4.to_string()),
+                                            _ => None,
+                                        })
+                                        .collect::<Vec<_>>()
+                                        .join(",");
+                                    Some(SourceFilter {
+                                        subnet: subnet.trunc().to_string(),
+                                        excluded,
+                                    })
+                                } else {
+                                    continue;
+                                };
+
+                            keep.insert(addr);
+                            let fwd_rc = port_forward
+                                .add_forward(addr, *target, *target_prefix, src_filter)
                                 .await?;
-                            self.forwards.insert(addr, rc);
+                            self.forwards.insert(addr, fwd_rc);
+                            break;
                         }
                     }
                 }
@@ -422,7 +496,7 @@ impl InterfaceForwardEntry {
             external,
             target,
             target_prefix,
-            filter,
+            reqs,
             mut rc,
         }: InterfaceForwardRequest,
         ip_info: &OrdMap<GatewayId, NetworkInterfaceInfo>,
@@ -436,8 +510,8 @@ impl InterfaceForwardEntry {
         }
 
         let entry = self
-            .filter
-            .entry(filter)
+            .targets
+            .entry(reqs)
             .or_insert_with(|| (target, target_prefix, Arc::downgrade(&rc)));
         if entry.0 != target {
             entry.0 = target;
@@ -460,7 +534,7 @@ impl InterfaceForwardEntry {
         ip_info: &OrdMap<GatewayId, NetworkInterfaceInfo>,
         port_forward: &PortForwardController,
     ) -> Result<(), Error> {
-        self.filter.retain(|_, (_, _, rc)| rc.strong_count() > 0);
+        self.targets.retain(|_, (_, _, rc)| rc.strong_count() > 0);
 
         self.update(ip_info, port_forward).await
     }
@@ -519,7 +593,7 @@ pub struct ForwardTable(pub BTreeMap<u16, ForwardTarget>);
 pub struct ForwardTarget {
     pub target: SocketAddrV4,
     pub target_prefix: u8,
-    pub filter: String,
+    pub reqs: String,
 }
 
 impl From<&InterfaceForwardState> for ForwardTable {
@@ -530,16 +604,16 @@ impl From<&InterfaceForwardState> for ForwardTable {
                 .iter()
                 .flat_map(|entry| {
                     entry
-                        .filter
+                        .targets
                         .iter()
                         .filter(|(_, (_, _, rc))| rc.strong_count() > 0)
-                        .map(|(filter, (target, target_prefix, _))| {
+                        .map(|(reqs, (target, target_prefix, _))| {
                             (
                                 entry.external,
                                 ForwardTarget {
                                     target: *target,
                                     target_prefix: *target_prefix,
-                                    filter: format!("{:#?}", filter),
+                                    reqs: format!("{reqs}"),
                                 },
                             )
                         })
@@ -558,16 +632,6 @@ enum InterfaceForwardCommand {
     DumpTable(oneshot::Sender<ForwardTable>),
 }
 
-#[test]
-fn test() {
-    use crate::net::gateway::SecureFilter;
-
-    assert_ne!(
-        false.into_dyn(),
-        SecureFilter { secure: false }.into_dyn().into_dyn()
-    );
-}
-
 pub struct InterfacePortForwardController {
     req: mpsc::UnboundedSender<InterfaceForwardCommand>,
     _thread: NonDetachingJoinHandle<()>,
@@ -617,7 +681,7 @@ impl InterfacePortForwardController {
     pub async fn add(
         &self,
         external: u16,
-        filter: DynInterfaceFilter,
+        reqs: ForwardRequirements,
         target: SocketAddrV4,
         target_prefix: u8,
     ) -> Result<Arc<()>, Error> {
@@ -629,7 +693,7 @@ impl InterfacePortForwardController {
                     external,
                     target,
                     target_prefix,
-                    filter,
+                    reqs,
                     rc,
                 },
                 send,
@@ -661,15 +725,21 @@ async fn forward(
     source: SocketAddrV4,
     target: SocketAddrV4,
     target_prefix: u8,
+    src_filter: Option<&SourceFilter>,
 ) -> Result<(), Error> {
-    Command::new("/usr/lib/startos/scripts/forward-port")
-        .env("sip", source.ip().to_string())
+    let mut cmd = Command::new("/usr/lib/startos/scripts/forward-port");
+    cmd.env("sip", source.ip().to_string())
         .env("dip", target.ip().to_string())
         .env("dprefix", target_prefix.to_string())
         .env("sport", source.port().to_string())
-        .env("dport", target.port().to_string())
-        .invoke(ErrorKind::Network)
-        .await?;
+        .env("dport", target.port().to_string());
+    if let Some(filter) = src_filter {
+        cmd.env("src_subnet", &filter.subnet);
+        if !filter.excluded.is_empty() {
+            cmd.env("excluded_src", &filter.excluded);
+        }
+    }
+    cmd.invoke(ErrorKind::Network).await?;
     Ok(())
 }
 
@@ -677,15 +747,21 @@ async fn unforward(
     source: SocketAddrV4,
     target: SocketAddrV4,
     target_prefix: u8,
+    src_filter: Option<&SourceFilter>,
 ) -> Result<(), Error> {
-    Command::new("/usr/lib/startos/scripts/forward-port")
-        .env("UNDO", "1")
+    let mut cmd = Command::new("/usr/lib/startos/scripts/forward-port");
+    cmd.env("UNDO", "1")
         .env("sip", source.ip().to_string())
         .env("dip", target.ip().to_string())
         .env("dprefix", target_prefix.to_string())
         .env("sport", source.port().to_string())
-        .env("dport", target.port().to_string())
-        .invoke(ErrorKind::Network)
-        .await?;
+        .env("dport", target.port().to_string());
+    if let Some(filter) = src_filter {
+        cmd.env("src_subnet", &filter.subnet);
+        if !filter.excluded.is_empty() {
+            cmd.env("excluded_src", &filter.excluded);
+        }
+    }
+    cmd.invoke(ErrorKind::Network).await?;
     Ok(())
 }
diff --git a/core/src/net/gateway.rs b/core/src/net/gateway.rs
index 688892f85..e9c2575ba 100644
--- a/core/src/net/gateway.rs
+++ b/core/src/net/gateway.rs
@@ -1,14 +1,11 @@
-use std::any::Any;
 use std::collections::{BTreeMap, BTreeSet, HashMap};
-use std::fmt;
 use std::future::Future;
-use std::net::{IpAddr, Ipv4Addr, SocketAddr, SocketAddrV6};
-use std::sync::{Arc, Weak};
-use std::task::{Poll, ready};
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr};
+use std::sync::Arc;
+use std::task::Poll;
 use std::time::Duration;
 
 use clap::Parser;
-use futures::future::Either;
 use futures::{FutureExt, Stream, StreamExt, TryStreamExt};
 use imbl::{OrdMap, OrdSet};
 use imbl_value::InternedString;
@@ -36,15 +33,14 @@ use crate::db::model::Database;
 use crate::db::model::public::{IpInfo, NetworkInterfaceInfo, NetworkInterfaceType};
 use crate::net::forward::START9_BRIDGE_IFACE;
 use crate::net::gateway::device::DeviceProxy;
-use crate::net::utils::ipv6_is_link_local;
-use crate::net::web_server::{Accept, AcceptStream, Acceptor, MetadataVisitor};
+use crate::net::web_server::{Accept, AcceptStream, MetadataVisitor, TcpMetadata};
 use crate::prelude::*;
 use crate::util::Invoke;
 use crate::util::collections::OrdMapIterMut;
 use crate::util::future::{NonDetachingJoinHandle, Until};
 use crate::util::io::open_file;
 use crate::util::serde::{HandlerExtSerde, display_serializable};
-use crate::util::sync::{SyncMutex, Watch};
+use crate::util::sync::Watch;
 
 pub fn gateway_api<C: Context>() -> ParentHandler<C> {
     ParentHandler::new()
@@ -838,7 +834,6 @@ pub struct NetworkInterfaceWatcher {
     activated: Watch<BTreeMap<GatewayId, bool>>,
     ip_info: Watch<OrdMap<GatewayId, NetworkInterfaceInfo>>,
     _watcher: NonDetachingJoinHandle<()>,
-    listeners: SyncMutex<BTreeMap<u16, Weak<()>>>,
 }
 impl NetworkInterfaceWatcher {
     pub fn new(
@@ -858,7 +853,6 @@ impl NetworkInterfaceWatcher {
                 watcher(ip_info, activated).await
             })
             .into(),
-            listeners: SyncMutex::new(BTreeMap::new()),
         }
     }
 
@@ -885,51 +879,6 @@ impl NetworkInterfaceWatcher {
     pub fn ip_info(&self) -> OrdMap<GatewayId, NetworkInterfaceInfo> {
         self.ip_info.read()
     }
-
-    pub fn bind<B: Bind>(&self, bind: B, port: u16) -> Result<NetworkInterfaceListener<B>, Error> {
-        let arc = Arc::new(());
-        self.listeners.mutate(|l| {
-            if l.get(&port).filter(|w| w.strong_count() > 0).is_some() {
-                return Err(Error::new(
-                    std::io::Error::from_raw_os_error(libc::EADDRINUSE),
-                    ErrorKind::Network,
-                ));
-            }
-            l.insert(port, Arc::downgrade(&arc));
-            Ok(())
-        })?;
-        let ip_info = self.ip_info.clone_unseen();
-        Ok(NetworkInterfaceListener {
-            _arc: arc,
-            ip_info,
-            listeners: ListenerMap::new(bind, port),
-        })
-    }
-
-    pub fn upgrade_listener<B: Bind>(
-        &self,
-        SelfContainedNetworkInterfaceListener {
-            mut listener,
-            ..
-        }: SelfContainedNetworkInterfaceListener<B>,
-    ) -> Result<NetworkInterfaceListener<B>, Error> {
-        let port = listener.listeners.port;
-        let arc = &listener._arc;
-        self.listeners.mutate(|l| {
-            if l.get(&port).filter(|w| w.strong_count() > 0).is_some() {
-                return Err(Error::new(
-                    std::io::Error::from_raw_os_error(libc::EADDRINUSE),
-                    ErrorKind::Network,
-                ));
-            }
-            l.insert(port, Arc::downgrade(arc));
-            Ok(())
-        })?;
-        let ip_info = self.ip_info.clone_unseen();
-        ip_info.mark_changed();
-        listener.change_ip_info_source(ip_info);
-        Ok(listener)
-    }
 }
 
 pub struct NetworkInterfaceController {
@@ -1237,235 +1186,6 @@ impl NetworkInterfaceController {
     }
 }
 
-pub trait InterfaceFilter: Any + Clone + std::fmt::Debug + Eq + Ord + Send + Sync {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool;
-    fn eq(&self, other: &dyn Any) -> bool {
-        Some(self) == other.downcast_ref::<Self>()
-    }
-    fn cmp(&self, other: &dyn Any) -> std::cmp::Ordering {
-        match (self as &dyn Any).type_id().cmp(&other.type_id()) {
-            std::cmp::Ordering::Equal => {
-                std::cmp::Ord::cmp(self, other.downcast_ref::<Self>().unwrap())
-            }
-            ord => ord,
-        }
-    }
-    fn as_any(&self) -> &dyn Any {
-        self
-    }
-    fn into_dyn(self) -> DynInterfaceFilter {
-        DynInterfaceFilter::new(self)
-    }
-}
-
-impl InterfaceFilter for bool {
-    fn filter(&self, _: &GatewayId, _: &NetworkInterfaceInfo) -> bool {
-        *self
-    }
-}
-
-#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord)]
-pub struct TypeFilter(pub NetworkInterfaceType);
-impl InterfaceFilter for TypeFilter {
-    fn filter(&self, _: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        info.ip_info.as_ref().and_then(|i| i.device_type) == Some(self.0)
-    }
-}
-
-#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord)]
-pub struct IdFilter(pub GatewayId);
-impl InterfaceFilter for IdFilter {
-    fn filter(&self, id: &GatewayId, _: &NetworkInterfaceInfo) -> bool {
-        id == &self.0
-    }
-}
-
-#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
-pub struct PublicFilter {
-    pub public: bool,
-}
-impl InterfaceFilter for PublicFilter {
-    fn filter(&self, _: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        self.public == info.public()
-    }
-}
-
-#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
-pub struct SecureFilter {
-    pub secure: bool,
-}
-impl InterfaceFilter for SecureFilter {
-    fn filter(&self, _: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        self.secure || info.secure()
-    }
-}
-
-#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
-pub struct AndFilter<A, B>(pub A, pub B);
-impl<A: InterfaceFilter, B: InterfaceFilter> InterfaceFilter for AndFilter<A, B> {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        self.0.filter(id, info) && self.1.filter(id, info)
-    }
-}
-
-#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
-pub struct OrFilter<A, B>(pub A, pub B);
-impl<A: InterfaceFilter, B: InterfaceFilter> InterfaceFilter for OrFilter<A, B> {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        self.0.filter(id, info) || self.1.filter(id, info)
-    }
-}
-
-#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
-pub struct AnyFilter(pub BTreeSet<DynInterfaceFilter>);
-impl InterfaceFilter for AnyFilter {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        self.0.iter().any(|f| InterfaceFilter::filter(f, id, info))
-    }
-}
-
-#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
-pub struct AllFilter(pub BTreeSet<DynInterfaceFilter>);
-impl InterfaceFilter for AllFilter {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        self.0.iter().all(|f| InterfaceFilter::filter(f, id, info))
-    }
-}
-
-pub trait DynInterfaceFilterT: std::fmt::Debug + Any + Send + Sync {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool;
-    fn eq(&self, other: &dyn Any) -> bool;
-    fn cmp(&self, other: &dyn Any) -> std::cmp::Ordering;
-    fn as_any(&self) -> &dyn Any;
-}
-impl<T: InterfaceFilter> DynInterfaceFilterT for T {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        InterfaceFilter::filter(self, id, info)
-    }
-    fn eq(&self, other: &dyn Any) -> bool {
-        InterfaceFilter::eq(self, other)
-    }
-    fn cmp(&self, other: &dyn Any) -> std::cmp::Ordering {
-        InterfaceFilter::cmp(self, other)
-    }
-    fn as_any(&self) -> &dyn Any {
-        InterfaceFilter::as_any(self)
-    }
-}
-
-#[test]
-fn test_interface_filter_eq() {
-    let dyn_t = true.into_dyn();
-    assert!(DynInterfaceFilterT::eq(
-        &dyn_t,
-        DynInterfaceFilterT::as_any(&true),
-    ))
-}
-
-#[derive(Clone, Debug)]
-pub struct DynInterfaceFilter(Arc<dyn DynInterfaceFilterT>);
-impl InterfaceFilter for DynInterfaceFilter {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        self.0.filter(id, info)
-    }
-    fn eq(&self, other: &dyn Any) -> bool {
-        self.0.eq(other)
-    }
-    fn cmp(&self, other: &dyn Any) -> std::cmp::Ordering {
-        self.0.cmp(other)
-    }
-    fn as_any(&self) -> &dyn Any {
-        self.0.as_any()
-    }
-    fn into_dyn(self) -> DynInterfaceFilter {
-        self
-    }
-}
-impl DynInterfaceFilter {
-    fn new<T: InterfaceFilter>(value: T) -> Self {
-        Self(Arc::new(value))
-    }
-}
-impl PartialEq for DynInterfaceFilter {
-    fn eq(&self, other: &Self) -> bool {
-        DynInterfaceFilterT::eq(&*self.0, DynInterfaceFilterT::as_any(&*other.0))
-    }
-}
-impl Eq for DynInterfaceFilter {}
-impl PartialOrd for DynInterfaceFilter {
-    fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
-        Some(self.0.cmp(other.0.as_any()))
-    }
-}
-impl Ord for DynInterfaceFilter {
-    fn cmp(&self, other: &Self) -> std::cmp::Ordering {
-        self.0.cmp(other.0.as_any())
-    }
-}
-
-struct ListenerMap<B: Bind> {
-    prev_filter: DynInterfaceFilter,
-    bind: B,
-    port: u16,
-    listeners: BTreeMap<SocketAddr, B::Accept>,
-}
-impl<B: Bind> ListenerMap<B> {
-    fn new(bind: B, port: u16) -> Self {
-        Self {
-            prev_filter: false.into_dyn(),
-            bind,
-            port,
-            listeners: BTreeMap::new(),
-        }
-    }
-
-    #[instrument(skip(self))]
-    fn update(
-        &mut self,
-        ip_info: &OrdMap<GatewayId, NetworkInterfaceInfo>,
-        filter: &impl InterfaceFilter,
-    ) -> Result<(), Error> {
-        let mut keep = BTreeSet::<SocketAddr>::new();
-        for (_, info) in ip_info
-            .iter()
-            .filter(|(id, info)| filter.filter(*id, *info))
-        {
-            if let Some(ip_info) = &info.ip_info {
-                for ipnet in &ip_info.subnets {
-                    let addr = match ipnet.addr() {
-                        IpAddr::V6(ip6) => SocketAddrV6::new(
-                            ip6,
-                            self.port,
-                            0,
-                            if ipv6_is_link_local(ip6) {
-                                ip_info.scope_id
-                            } else {
-                                0
-                            },
-                        )
-                        .into(),
-                        ip => SocketAddr::new(ip, self.port),
-                    };
-                    keep.insert(addr);
-                    if !self.listeners.contains_key(&addr) {
-                        self.listeners.insert(addr, self.bind.bind(addr)?);
-                    }
-                }
-            }
-        }
-        self.listeners.retain(|key, _| keep.contains(key));
-        self.prev_filter = filter.clone().into_dyn();
-        Ok(())
-    }
-    fn poll_accept(
-        &mut self,
-        cx: &mut std::task::Context<'_>,
-    ) -> Poll<Result<(SocketAddr, <B::Accept as Accept>::Metadata, AcceptStream), Error>> {
-        let (metadata, stream) = ready!(self.listeners.poll_accept(cx)?);
-        Poll::Ready(Ok((metadata.key, metadata.inner, stream)))
-    }
-}
-
 pub fn lookup_info_by_addr(
     ip_info: &OrdMap<GatewayId, NetworkInterfaceInfo>,
     addr: SocketAddr,
@@ -1477,28 +1197,6 @@ pub fn lookup_info_by_addr(
     })
 }
 
-pub trait Bind {
-    type Accept: Accept;
-    fn bind(&mut self, addr: SocketAddr) -> Result<Self::Accept, Error>;
-}
-
-#[derive(Clone, Copy, Default)]
-pub struct BindTcp;
-impl Bind for BindTcp {
-    type Accept = TcpListener;
-    fn bind(&mut self, addr: SocketAddr) -> Result<Self::Accept, Error> {
-        TcpListener::from_std(
-            mio::net::TcpListener::bind(addr)
-                .with_kind(ErrorKind::Network)?
-                .into(),
-        )
-        .with_kind(ErrorKind::Network)
-    }
-}
-
-pub trait FromGatewayInfo {
-    fn from_gateway_info(id: &GatewayId, info: &NetworkInterfaceInfo) -> Self;
-}
 #[derive(Clone, Debug)]
 pub struct GatewayInfo {
     pub id: GatewayId,
@@ -1509,202 +1207,88 @@ impl<V: MetadataVisitor> Visit<V> for GatewayInfo {
         visitor.visit(self)
     }
 }
-impl FromGatewayInfo for GatewayInfo {
-    fn from_gateway_info(id: &GatewayId, info: &NetworkInterfaceInfo) -> Self {
-        Self {
-            id: id.clone(),
-            info: info.clone(),
-        }
-    }
-}
 
-pub struct NetworkInterfaceListener<B: Bind = BindTcp> {
-    pub ip_info: Watch<OrdMap<GatewayId, NetworkInterfaceInfo>>,
-    listeners: ListenerMap<B>,
-    _arc: Arc<()>,
-}
-impl<B: Bind> NetworkInterfaceListener<B> {
-    pub(super) fn new(
-        mut ip_info: Watch<OrdMap<GatewayId, NetworkInterfaceInfo>>,
-        bind: B,
-        port: u16,
-    ) -> Self {
-        ip_info.mark_unseen();
-        Self {
-            ip_info,
-            listeners: ListenerMap::new(bind, port),
-            _arc: Arc::new(()),
-        }
-    }
-
-    pub fn port(&self) -> u16 {
-        self.listeners.port
-    }
-
-    #[cfg_attr(feature = "unstable", inline(never))]
-    pub fn poll_accept<M: FromGatewayInfo>(
-        &mut self,
-        cx: &mut std::task::Context<'_>,
-        filter: &impl InterfaceFilter,
-    ) -> Poll<Result<(M, <B::Accept as Accept>::Metadata, AcceptStream), Error>> {
-        while self.ip_info.poll_changed(cx).is_ready()
-            || !DynInterfaceFilterT::eq(&self.listeners.prev_filter, filter.as_any())
-        {
-            self.ip_info
-                .peek_and_mark_seen(|ip_info| self.listeners.update(ip_info, filter))?;
-        }
-        let (addr, inner, stream) = ready!(self.listeners.poll_accept(cx)?);
-        Poll::Ready(Ok((
-            self.ip_info
-                .peek(|ip_info| {
-                    lookup_info_by_addr(ip_info, addr)
-                        .map(|(id, info)| M::from_gateway_info(id, info))
-                })
-                .or_not_found(lazy_format!("gateway for {addr}"))?,
-            inner,
-            stream,
-        )))
-    }
-
-    pub fn change_ip_info_source(
-        &mut self,
-        mut ip_info: Watch<OrdMap<GatewayId, NetworkInterfaceInfo>>,
-    ) {
-        ip_info.mark_unseen();
-        self.ip_info = ip_info;
-    }
-
-    pub async fn accept<M: FromGatewayInfo>(
-        &mut self,
-        filter: &impl InterfaceFilter,
-    ) -> Result<(M, <B::Accept as Accept>::Metadata, AcceptStream), Error> {
-        futures::future::poll_fn(|cx| self.poll_accept(cx, filter)).await
-    }
-
-    pub fn check_filter(&self) -> impl FnOnce(SocketAddr, &DynInterfaceFilter) -> bool + 'static {
-        let ip_info = self.ip_info.clone();
-        move |addr, filter| {
-            ip_info.peek(|i| {
-                lookup_info_by_addr(i, addr).map_or(false, |(id, info)| {
-                    InterfaceFilter::filter(filter, id, info)
-                })
-            })
-        }
-    }
-}
-
-#[derive(VisitFields)]
-pub struct NetworkInterfaceListenerAcceptMetadata<B: Bind> {
-    pub inner: <B::Accept as Accept>::Metadata,
+/// Metadata for connections accepted by WildcardListener or VHostBindListener.
+#[derive(Clone, Debug, VisitFields)]
+pub struct NetworkInterfaceListenerAcceptMetadata {
+    pub inner: TcpMetadata,
     pub info: GatewayInfo,
 }
-impl<B: Bind> fmt::Debug for NetworkInterfaceListenerAcceptMetadata<B> {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.debug_struct("NetworkInterfaceListenerAcceptMetadata")
-            .field("inner", &self.inner)
-            .field("info", &self.info)
-            .finish()
-    }
-}
-impl<B: Bind> Clone for NetworkInterfaceListenerAcceptMetadata<B>
-where
-    <B::Accept as Accept>::Metadata: Clone,
-{
-    fn clone(&self) -> Self {
-        Self {
-            inner: self.inner.clone(),
-            info: self.info.clone(),
-        }
-    }
-}
-impl<B, V> Visit<V> for NetworkInterfaceListenerAcceptMetadata<B>
-where
-    B: Bind,
-    <B::Accept as Accept>::Metadata: Visit<V> + Clone + Send + Sync + 'static,
-    V: MetadataVisitor,
-{
+impl<V: MetadataVisitor> Visit<V> for NetworkInterfaceListenerAcceptMetadata {
     fn visit(&self, visitor: &mut V) -> V::Result {
         self.visit_fields(visitor).collect()
     }
 }
 
-impl<B: Bind> Accept for NetworkInterfaceListener<B> {
-    type Metadata = NetworkInterfaceListenerAcceptMetadata<B>;
+/// A simple TCP listener on 0.0.0.0:port that looks up GatewayInfo from the
+/// connection's local address on each accepted connection.
+pub struct WildcardListener {
+    listener: TcpListener,
+    ip_info: Watch<OrdMap<GatewayId, NetworkInterfaceInfo>>,
+    /// Handle to the self-contained watcher task started in `new()`.
+    /// Dropped (and thus aborted) when `set_ip_info` replaces the ip_info source.
+    _watcher: Option<NonDetachingJoinHandle<()>>,
+}
+impl WildcardListener {
+    pub fn new(port: u16) -> Result<Self, Error> {
+        let listener = TcpListener::from_std(
+            mio::net::TcpListener::bind(SocketAddr::new(IpAddr::V6(Ipv6Addr::UNSPECIFIED), port))
+                .with_kind(ErrorKind::Network)?
+                .into(),
+        )
+        .with_kind(ErrorKind::Network)?;
+        let ip_info = Watch::new(OrdMap::new());
+        let watcher_handle =
+            tokio::spawn(watcher(ip_info.clone(), Watch::new(BTreeMap::new()))).into();
+        Ok(Self {
+            listener,
+            ip_info,
+            _watcher: Some(watcher_handle),
+        })
+    }
+
+    /// Replace the ip_info source with the one from the NetworkInterfaceController.
+    /// Aborts the self-contained watcher task.
+    pub fn set_ip_info(&mut self, ip_info: Watch<OrdMap<GatewayId, NetworkInterfaceInfo>>) {
+        self.ip_info = ip_info;
+        self._watcher = None;
+    }
+}
+impl Accept for WildcardListener {
+    type Metadata = NetworkInterfaceListenerAcceptMetadata;
     fn poll_accept(
         &mut self,
         cx: &mut std::task::Context<'_>,
     ) -> Poll<Result<(Self::Metadata, AcceptStream), Error>> {
-        NetworkInterfaceListener::poll_accept(self, cx, &true).map(|res| {
-            res.map(|(info, inner, stream)| {
-                (
-                    NetworkInterfaceListenerAcceptMetadata { inner, info },
-                    stream,
-                )
-            })
-        })
-    }
-}
-
-pub struct SelfContainedNetworkInterfaceListener<B: Bind = BindTcp> {
-    _watch_thread: NonDetachingJoinHandle<()>,
-    listener: NetworkInterfaceListener<B>,
-}
-impl<B: Bind> SelfContainedNetworkInterfaceListener<B> {
-    pub fn bind(bind: B, port: u16) -> Self {
-        let ip_info = Watch::new(OrdMap::new());
-        let _watch_thread =
-            tokio::spawn(watcher(ip_info.clone(), Watch::new(BTreeMap::new()))).into();
-        Self {
-            _watch_thread,
-            listener: NetworkInterfaceListener::new(ip_info, bind, port),
+        if let Poll::Ready((stream, peer_addr)) = TcpListener::poll_accept(&self.listener, cx)? {
+            if let Err(e) = socket2::SockRef::from(&stream).set_keepalive(true) {
+                tracing::error!("Failed to set tcp keepalive: {e}");
+                tracing::debug!("{e:?}");
+            }
+            let local_addr = stream.local_addr()?;
+            let info = self
+                .ip_info
+                .peek(|ip_info| {
+                    lookup_info_by_addr(ip_info, local_addr).map(|(id, info)| GatewayInfo {
+                        id: id.clone(),
+                        info: info.clone(),
+                    })
+                })
+                .unwrap_or_else(|| GatewayInfo {
+                    id: InternedString::from_static("").into(),
+                    info: NetworkInterfaceInfo::default(),
+                });
+            return Poll::Ready(Ok((
+                NetworkInterfaceListenerAcceptMetadata {
+                    inner: TcpMetadata {
+                        local_addr,
+                        peer_addr,
+                    },
+                    info,
+                },
+                Box::pin(stream),
+            )));
         }
+        Poll::Pending
     }
 }
-impl<B: Bind> Accept for SelfContainedNetworkInterfaceListener<B> {
-    type Metadata = <NetworkInterfaceListener<B> as Accept>::Metadata;
-    fn poll_accept(
-        &mut self,
-        cx: &mut std::task::Context<'_>,
-    ) -> std::task::Poll<Result<(Self::Metadata, AcceptStream), Error>> {
-        Accept::poll_accept(&mut self.listener, cx)
-    }
-}
-
-pub type UpgradableListener<B = BindTcp> =
-    Option<Either<SelfContainedNetworkInterfaceListener<B>, NetworkInterfaceListener<B>>>;
-
-impl<B> Acceptor<UpgradableListener<B>>
-where
-    B: Bind + Send + Sync + 'static,
-    B::Accept: Send + Sync,
-{
-    pub fn bind_upgradable(listener: SelfContainedNetworkInterfaceListener<B>) -> Self {
-        Self::new(Some(Either::Left(listener)))
-    }
-}
-
-#[test]
-fn test_filter() {
-    let wg1 = "wg1".parse::<GatewayId>().unwrap();
-    assert!(!InterfaceFilter::filter(
-        &AndFilter(IdFilter(wg1.clone()), PublicFilter { public: false }).into_dyn(),
-        &wg1,
-        &NetworkInterfaceInfo {
-            name: None,
-            public: None,
-            secure: None,
-            ip_info: Some(Arc::new(IpInfo {
-                name: "".into(),
-                scope_id: 3,
-                device_type: Some(NetworkInterfaceType::Wireguard),
-                subnets: ["10.59.0.2/24".parse::<IpNet>().unwrap()]
-                    .into_iter()
-                    .collect(),
-                lan_ip: Default::default(),
-                wan_ip: None,
-                ntp_servers: Default::default(),
-                dns_servers: Default::default(),
-            })),
-        },
-    ));
-}
diff --git a/core/src/net/host/binding.rs b/core/src/net/host/binding.rs
index 3c78c4338..8db806399 100644
--- a/core/src/net/host/binding.rs
+++ b/core/src/net/host/binding.rs
@@ -8,17 +8,15 @@ use serde::{Deserialize, Serialize};
 use ts_rs::TS;
 
 use crate::context::{CliContext, RpcContext};
-use crate::db::model::public::NetworkInterfaceInfo;
 use crate::db::prelude::Map;
 use crate::net::forward::AvailablePorts;
-use crate::net::gateway::InterfaceFilter;
 use crate::net::host::HostApiKind;
 use crate::net::service_interface::HostnameInfo;
 use crate::net::vhost::AlpnInfo;
 use crate::prelude::*;
 use crate::util::FromStrParser;
 use crate::util::serde::{HandlerExtSerde, display_serializable};
-use crate::{GatewayId, HostId};
+use crate::HostId;
 
 #[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize, TS)]
 #[ts(export)]
@@ -51,9 +49,9 @@ impl FromStr for BindId {
 #[ts(export)]
 #[model = "Model<Self>"]
 pub struct DerivedAddressInfo {
-    /// User-controlled: private-gateway addresses the user has disabled
+    /// User-controlled: private addresses the user has disabled
     pub private_disabled: BTreeSet<HostnameInfo>,
-    /// User-controlled: public-gateway addresses the user has enabled
+    /// User-controlled: public addresses the user has enabled
     pub public_enabled: BTreeSet<HostnameInfo>,
     /// COMPUTED: NetServiceData::update — all possible addresses for this binding
     pub possible: BTreeSet<HostnameInfo>,
@@ -76,26 +74,6 @@ impl DerivedAddressInfo {
             .collect()
     }
 
-    /// Derive a gateway-level InterfaceFilter from the enabled addresses.
-    /// A gateway passes the filter if it has any enabled address for this binding.
-    pub fn gateway_filter(&self) -> AddressFilter {
-        let enabled_gateways: BTreeSet<GatewayId> = self
-            .enabled()
-            .into_iter()
-            .map(|h| h.gateway.id.clone())
-            .collect();
-        AddressFilter(enabled_gateways)
-    }
-}
-
-/// Gateway-level filter derived from DerivedAddressInfo.
-/// Passes if the gateway has at least one enabled address.
-#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
-pub struct AddressFilter(pub BTreeSet<GatewayId>);
-impl InterfaceFilter for AddressFilter {
-    fn filter(&self, id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        info.ip_info.is_some() && self.0.contains(id)
-    }
 }
 
 #[derive(Debug, Default, Deserialize, Serialize, HasModel, TS)]
@@ -145,12 +123,6 @@ pub struct NetInfo {
     pub assigned_port: Option<u16>,
     pub assigned_ssl_port: Option<u16>,
 }
-impl InterfaceFilter for NetInfo {
-    fn filter(&self, _id: &GatewayId, info: &NetworkInterfaceInfo) -> bool {
-        info.ip_info.is_some()
-    }
-}
-
 impl BindInfo {
     pub fn new(available_ports: &mut AvailablePorts, options: BindOptions) -> Result<Self, Error> {
         let mut assigned_port = None;
diff --git a/core/src/net/net_controller.rs b/core/src/net/net_controller.rs
index 56c30ed4e..37c63f333 100644
--- a/core/src/net/net_controller.rs
+++ b/core/src/net/net_controller.rs
@@ -16,11 +16,10 @@ use crate::db::model::public::NetworkInterfaceType;
 use crate::error::ErrorCollection;
 use crate::hostname::Hostname;
 use crate::net::dns::DnsController;
-use crate::net::forward::{InterfacePortForwardController, START9_BRIDGE_IFACE, add_iptables_rule};
-use crate::net::gateway::{
-    AndFilter, AnyFilter, DynInterfaceFilter, IdFilter, InterfaceFilter,
-    NetworkInterfaceController, OrFilter, PublicFilter, SecureFilter,
+use crate::net::forward::{
+    ForwardRequirements, InterfacePortForwardController, START9_BRIDGE_IFACE, add_iptables_rule,
 };
+use crate::net::gateway::NetworkInterfaceController;
 use crate::net::host::address::HostAddress;
 use crate::net::host::binding::{AddSslOptions, BindId, BindOptions};
 use crate::net::host::{Host, Hosts, host_for};
@@ -31,7 +30,7 @@ use crate::net::vhost::{AlpnInfo, DynVHostTarget, ProxyTarget, VHostController};
 use crate::prelude::*;
 use crate::service::effects::callbacks::ServiceCallbacks;
 use crate::util::serde::MaybeUtf8String;
-use crate::{HOST_IP, HostId, OptionExt, PackageId};
+use crate::{GatewayId, HOST_IP, HostId, OptionExt, PackageId};
 
 pub struct NetController {
     pub(crate) db: TypedPatchDb<Database>,
@@ -161,7 +160,7 @@ impl NetController {
 
 #[derive(Default, Debug)]
 struct HostBinds {
-    forwards: BTreeMap<u16, (SocketAddrV4, DynInterfaceFilter, Arc<()>)>,
+    forwards: BTreeMap<u16, (SocketAddrV4, ForwardRequirements, Arc<()>)>,
     vhosts: BTreeMap<(Option<InternedString>, u16), (ProxyTarget, Arc<()>)>,
     private_dns: BTreeMap<InternedString, Arc<()>>,
 }
@@ -257,213 +256,36 @@ impl NetServiceData {
         id: HostId,
         mut host: Host,
     ) -> Result<(), Error> {
-        let mut forwards: BTreeMap<u16, (SocketAddrV4, DynInterfaceFilter)> = BTreeMap::new();
+        let mut forwards: BTreeMap<u16, (SocketAddrV4, ForwardRequirements)> = BTreeMap::new();
         let mut vhosts: BTreeMap<(Option<InternedString>, u16), ProxyTarget> = BTreeMap::new();
         let mut private_dns: BTreeSet<InternedString> = BTreeSet::new();
         let binds = self.binds.entry(id.clone()).or_default();
 
         let peek = ctrl.db.peek().await;
-
-        // LAN
         let server_info = peek.as_public().as_server_info();
         let net_ifaces = ctrl.net_iface.watcher.ip_info();
         let hostname = server_info.as_hostname().de()?;
         let host_addresses: Vec<_> = host.addresses().collect();
-        for (port, bind) in host.bindings.iter_mut() {
+
+        // Collect private DNS entries (domains without public config)
+        for HostAddress {
+            address, public, ..
+        } in &host_addresses
+        {
+            if public.is_none() {
+                private_dns.insert(address.clone());
+            }
+        }
+
+        // ── Phase 1: Compute possible addresses ──
+        for (_port, bind) in host.bindings.iter_mut() {
             if !bind.enabled {
                 continue;
             }
             if bind.net.assigned_port.is_none() && bind.net.assigned_ssl_port.is_none() {
                 continue;
             }
-            let mut hostnames = BTreeSet::new();
-            let mut gw_filter = AnyFilter(
-                [PublicFilter { public: false }.into_dyn()]
-                    .into_iter()
-                    .chain(
-                        bind.addresses
-                            .public_enabled
-                            .iter()
-                            .map(|a| a.gateway.id.clone())
-                            .collect::<BTreeSet<_>>()
-                            .into_iter()
-                            .map(IdFilter)
-                            .map(InterfaceFilter::into_dyn),
-                    )
-                    .collect(),
-            );
-            if let Some(ssl) = &bind.options.add_ssl {
-                let external = bind
-                    .net
-                    .assigned_ssl_port
-                    .or_not_found("assigned ssl port")?;
-                let addr = (self.ip, *port).into();
-                let connect_ssl = if let Some(alpn) = ssl.alpn.clone() {
-                    Err(alpn)
-                } else {
-                    if bind.options.secure.as_ref().map_or(false, |s| s.ssl) {
-                        Ok(())
-                    } else {
-                        Err(AlpnInfo::Reflect)
-                    }
-                };
-                for hostname in ctrl.server_hostnames.iter().cloned() {
-                    vhosts.insert(
-                        (hostname, external),
-                        ProxyTarget {
-                            filter: gw_filter.clone().into_dyn(),
-                            acme: None,
-                            addr,
-                            add_x_forwarded_headers: ssl.add_x_forwarded_headers,
-                            connect_ssl: connect_ssl
-                                .clone()
-                                .map(|_| ctrl.tls_client_config.clone()),
-                        }, // TODO: allow public traffic?
-                    );
-                }
-                for HostAddress {
-                    address,
-                    public,
-                    private,
-                } in host_addresses.iter().cloned()
-                {
-                    if hostnames.insert(address.clone()) {
-                        let address = Some(address.clone());
-                        if ssl.preferred_external_port == 443 {
-                            if let Some(public) = &public {
-                                vhosts.insert(
-                                    (address.clone(), 5443),
-                                    ProxyTarget {
-                                        filter: AndFilter(
-                                            bind.net.clone(),
-                                            AndFilter(
-                                                IdFilter(public.gateway.clone()),
-                                                PublicFilter { public: false },
-                                            ),
-                                        )
-                                        .into_dyn(),
-                                        acme: public.acme.clone(),
-                                        addr,
-                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
-                                        connect_ssl: connect_ssl
-                                            .clone()
-                                            .map(|_| ctrl.tls_client_config.clone()),
-                                    },
-                                );
-                                vhosts.insert(
-                                    (address.clone(), 443),
-                                    ProxyTarget {
-                                        filter: AndFilter(
-                                            bind.net.clone(),
-                                            if private {
-                                                OrFilter(
-                                                    IdFilter(public.gateway.clone()),
-                                                    PublicFilter { public: false },
-                                                )
-                                                .into_dyn()
-                                            } else {
-                                                AndFilter(
-                                                    IdFilter(public.gateway.clone()),
-                                                    PublicFilter { public: true },
-                                                )
-                                                .into_dyn()
-                                            },
-                                        )
-                                        .into_dyn(),
-                                        acme: public.acme.clone(),
-                                        addr,
-                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
-                                        connect_ssl: connect_ssl
-                                            .clone()
-                                            .map(|_| ctrl.tls_client_config.clone()),
-                                    },
-                                );
-                            } else {
-                                vhosts.insert(
-                                    (address.clone(), 443),
-                                    ProxyTarget {
-                                        filter: AndFilter(
-                                            bind.net.clone(),
-                                            PublicFilter { public: false },
-                                        )
-                                        .into_dyn(),
-                                        acme: None,
-                                        addr,
-                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
-                                        connect_ssl: connect_ssl
-                                            .clone()
-                                            .map(|_| ctrl.tls_client_config.clone()),
-                                    },
-                                );
-                            }
-                        } else {
-                            if let Some(public) = public {
-                                vhosts.insert(
-                                    (address.clone(), external),
-                                    ProxyTarget {
-                                        filter: AndFilter(
-                                            bind.net.clone(),
-                                            if private {
-                                                OrFilter(
-                                                    IdFilter(public.gateway.clone()),
-                                                    PublicFilter { public: false },
-                                                )
-                                                .into_dyn()
-                                            } else {
-                                                IdFilter(public.gateway.clone()).into_dyn()
-                                            },
-                                        )
-                                        .into_dyn(),
-                                        acme: public.acme.clone(),
-                                        addr,
-                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
-                                        connect_ssl: connect_ssl
-                                            .clone()
-                                            .map(|_| ctrl.tls_client_config.clone()),
-                                    },
-                                );
-                            } else {
-                                vhosts.insert(
-                                    (address.clone(), external),
-                                    ProxyTarget {
-                                        filter: AndFilter(
-                                            bind.net.clone(),
-                                            PublicFilter { public: false },
-                                        )
-                                        .into_dyn(),
-                                        acme: None,
-                                        addr,
-                                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
-                                        connect_ssl: connect_ssl
-                                            .clone()
-                                            .map(|_| ctrl.tls_client_config.clone()),
-                                    },
-                                );
-                            }
-                        }
-                    }
-                }
-            }
-            if bind
-                .options
-                .secure
-                .map_or(true, |s| !(s.ssl && bind.options.add_ssl.is_some()))
-            {
-                let external = bind.net.assigned_port.or_not_found("assigned lan port")?;
-                forwards.insert(
-                    external,
-                    (
-                        SocketAddrV4::new(self.ip, *port),
-                        AndFilter(
-                            SecureFilter {
-                                secure: bind.options.secure.is_some(),
-                            },
-                            bind.net.clone(),
-                        )
-                        .into_dyn(),
-                    ),
-                );
-            }
+
             bind.addresses.possible.clear();
             for (gateway_id, info) in net_ifaces
                 .iter()
@@ -472,7 +294,7 @@ impl NetServiceData {
                         !matches!(i.device_type, Some(NetworkInterfaceType::Bridge))
                     })
                 })
-                .filter(|(id, info)| bind.net.filter(id, info))
+                .filter(|(_, info)| info.ip_info.is_some())
             {
                 let gateway = GatewayInfo {
                     id: gateway_id.clone(),
@@ -488,6 +310,7 @@ impl NetServiceData {
                         !(s.ssl && bind.options.add_ssl.is_some()) || info.secure()
                     })
                 });
+                // .local addresses (private only, non-public, non-wireguard gateways)
                 if !info.public()
                     && info.ip_info.as_ref().map_or(false, |i| {
                         i.device_type != Some(NetworkInterfaceType::Wireguard)
@@ -506,46 +329,39 @@ impl NetServiceData {
                         },
                     });
                 }
+                // Domain addresses
                 for HostAddress {
                     address,
                     public,
                     private,
                 } in host_addresses.iter().cloned()
                 {
-                    if public.is_none() {
-                        private_dns.insert(address.clone());
-                    }
                     let private = private && !info.public();
-                    let public = public.as_ref().map_or(false, |p| &p.gateway == gateway_id);
+                    let public =
+                        public.as_ref().map_or(false, |p| &p.gateway == gateway_id);
                     if public || private {
-                        if bind
+                        let (domain_port, domain_ssl_port) = if bind
                             .options
                             .add_ssl
                             .as_ref()
                             .map_or(false, |ssl| ssl.preferred_external_port == 443)
                         {
-                            bind.addresses.possible.insert(HostnameInfo {
-                                gateway: gateway.clone(),
-                                public,
-                                hostname: IpHostname::Domain {
-                                    value: address.clone(),
-                                    port: None,
-                                    ssl_port: Some(443),
-                                },
-                            });
+                            (None, Some(443))
                         } else {
-                            bind.addresses.possible.insert(HostnameInfo {
-                                gateway: gateway.clone(),
-                                public,
-                                hostname: IpHostname::Domain {
-                                    value: address.clone(),
-                                    port,
-                                    ssl_port: bind.net.assigned_ssl_port,
-                                },
-                            });
-                        }
+                            (port, bind.net.assigned_ssl_port)
+                        };
+                        bind.addresses.possible.insert(HostnameInfo {
+                            gateway: gateway.clone(),
+                            public,
+                            hostname: IpHostname::Domain {
+                                value: address.clone(),
+                                port: domain_port,
+                                ssl_port: domain_ssl_port,
+                            },
+                        });
                     }
                 }
+                // IP addresses
                 if let Some(ip_info) = &info.ip_info {
                     let public = info.public();
                     if let Some(wan_ip) = ip_info.wan_ip {
@@ -592,6 +408,137 @@ impl NetServiceData {
             }
         }
 
+        // ── Phase 2: Build controller entries from enabled addresses ──
+        for (port, bind) in host.bindings.iter() {
+            if !bind.enabled {
+                continue;
+            }
+            if bind.net.assigned_port.is_none() && bind.net.assigned_ssl_port.is_none() {
+                continue;
+            }
+
+            let enabled_addresses = bind.addresses.enabled();
+            let addr: SocketAddr = (self.ip, *port).into();
+
+            // SSL vhosts
+            if let Some(ssl) = &bind.options.add_ssl {
+                let connect_ssl = if let Some(alpn) = ssl.alpn.clone() {
+                    Err(alpn)
+                } else if bind.options.secure.as_ref().map_or(false, |s| s.ssl) {
+                    Ok(())
+                } else {
+                    Err(AlpnInfo::Reflect)
+                };
+
+                if let Some(assigned_ssl_port) = bind.net.assigned_ssl_port {
+                    // Collect private IPs from enabled private addresses' gateways
+                    let server_private_ips: BTreeSet<IpAddr> = enabled_addresses
+                        .iter()
+                        .filter(|a| !a.public)
+                        .filter_map(|a| {
+                            net_ifaces
+                                .get(&a.gateway.id)
+                                .and_then(|info| info.ip_info.as_ref())
+                        })
+                        .flat_map(|ip_info| ip_info.subnets.iter().map(|s| s.addr()))
+                        .collect();
+
+                    // Server hostname vhosts (on assigned_ssl_port) — private only
+                    if !server_private_ips.is_empty() {
+                        for hostname in ctrl.server_hostnames.iter().cloned() {
+                            vhosts.insert(
+                                (hostname, assigned_ssl_port),
+                                ProxyTarget {
+                                    public: BTreeSet::new(),
+                                    private: server_private_ips.clone(),
+                                    acme: None,
+                                    addr,
+                                    add_x_forwarded_headers: ssl.add_x_forwarded_headers,
+                                    connect_ssl: connect_ssl
+                                        .clone()
+                                        .map(|_| ctrl.tls_client_config.clone()),
+                                },
+                            );
+                        }
+                    }
+                }
+
+                // Domain vhosts: group by (domain, ssl_port), merge public/private sets
+                for addr_info in &enabled_addresses {
+                    if let IpHostname::Domain {
+                        value: domain,
+                        ssl_port: Some(domain_ssl_port),
+                        ..
+                    } = &addr_info.hostname
+                    {
+                        let key = (Some(domain.clone()), *domain_ssl_port);
+                        let target = vhosts.entry(key).or_insert_with(|| ProxyTarget {
+                            public: BTreeSet::new(),
+                            private: BTreeSet::new(),
+                            acme: host_addresses
+                                .iter()
+                                .find(|a| &a.address == domain)
+                                .and_then(|a| a.public.as_ref())
+                                .and_then(|p| p.acme.clone()),
+                            addr,
+                            add_x_forwarded_headers: ssl.add_x_forwarded_headers,
+                            connect_ssl: connect_ssl
+                                .clone()
+                                .map(|_| ctrl.tls_client_config.clone()),
+                        });
+                        if addr_info.public {
+                            target.public.insert(addr_info.gateway.id.clone());
+                        } else {
+                            // Add interface IPs for this gateway to private set
+                            if let Some(info) = net_ifaces.get(&addr_info.gateway.id) {
+                                if let Some(ip_info) = &info.ip_info {
+                                    for subnet in &ip_info.subnets {
+                                        target.private.insert(subnet.addr());
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+
+            // Non-SSL forwards
+            if bind
+                .options
+                .secure
+                .map_or(true, |s| !(s.ssl && bind.options.add_ssl.is_some()))
+            {
+                let external = bind.net.assigned_port.or_not_found("assigned lan port")?;
+                let fwd_public: BTreeSet<GatewayId> = enabled_addresses
+                    .iter()
+                    .filter(|a| a.public)
+                    .map(|a| a.gateway.id.clone())
+                    .collect();
+                let fwd_private: BTreeSet<IpAddr> = enabled_addresses
+                    .iter()
+                    .filter(|a| !a.public)
+                    .filter_map(|a| {
+                        net_ifaces
+                            .get(&a.gateway.id)
+                            .and_then(|i| i.ip_info.as_ref())
+                    })
+                    .flat_map(|ip| ip.subnets.iter().map(|s| s.addr()))
+                    .collect();
+                forwards.insert(
+                    external,
+                    (
+                        SocketAddrV4::new(self.ip, *port),
+                        ForwardRequirements {
+                            public_gateways: fwd_public,
+                            private_ips: fwd_private,
+                            secure: bind.options.secure.is_some(),
+                        },
+                    ),
+                );
+            }
+        }
+
+        // ── Phase 3: Reconcile ──
         let all = binds
             .forwards
             .keys()
@@ -600,8 +547,8 @@ impl NetServiceData {
             .collect::<BTreeSet<_>>();
         for external in all {
             let mut prev = binds.forwards.remove(&external);
-            if let Some((internal, filter)) = forwards.remove(&external) {
-                prev = prev.filter(|(i, f, _)| i == &internal && *f == filter);
+            if let Some((internal, reqs)) = forwards.remove(&external) {
+                prev = prev.filter(|(i, r, _)| i == &internal && *r == reqs);
                 binds.forwards.insert(
                     external,
                     if let Some(prev) = prev {
@@ -609,11 +556,11 @@ impl NetServiceData {
                     } else {
                         (
                             internal,
-                            filter.clone(),
+                            reqs.clone(),
                             ctrl.forward
                                 .add(
                                     external,
-                                    filter,
+                                    reqs,
                                     internal,
                                     net_ifaces
                                         .iter()
diff --git a/core/src/net/vhost.rs b/core/src/net/vhost.rs
index 4996ca937..9023576c3 100644
--- a/core/src/net/vhost.rs
+++ b/core/src/net/vhost.rs
@@ -1,19 +1,19 @@
 use std::any::Any;
 use std::collections::{BTreeMap, BTreeSet};
 use std::fmt;
-use std::net::{IpAddr, SocketAddr};
+use std::net::{IpAddr, SocketAddr, SocketAddrV6};
 use std::sync::{Arc, Weak};
 use std::task::{Poll, ready};
-use std::time::Duration;
 
 use async_acme::acme::ACME_TLS_ALPN_NAME;
 use color_eyre::eyre::eyre;
 use futures::FutureExt;
 use futures::future::BoxFuture;
+use imbl::OrdMap;
 use imbl_value::{InOMap, InternedString};
 use rpc_toolkit::{Context, HandlerArgs, HandlerExt, ParentHandler, from_fn};
 use serde::{Deserialize, Serialize};
-use tokio::net::TcpStream;
+use tokio::net::{TcpListener, TcpStream};
 use tokio_rustls::TlsConnector;
 use tokio_rustls::rustls::crypto::CryptoProvider;
 use tokio_rustls::rustls::pki_types::ServerName;
@@ -23,28 +23,28 @@ use tracing::instrument;
 use ts_rs::TS;
 use visit_rs::Visit;
 
-use crate::ResultExt;
 use crate::context::{CliContext, RpcContext};
 use crate::db::model::Database;
-use crate::db::model::public::AcmeSettings;
+use crate::db::model::public::{AcmeSettings, NetworkInterfaceInfo};
 use crate::db::{DbAccessByKey, DbAccessMut};
 use crate::net::acme::{
     AcmeCertStore, AcmeProvider, AcmeTlsAlpnCache, AcmeTlsHandler, GetAcmeProvider,
 };
 use crate::net::gateway::{
-    AnyFilter, BindTcp, DynInterfaceFilter, GatewayInfo, InterfaceFilter,
-    NetworkInterfaceController, NetworkInterfaceListener,
+    GatewayInfo, NetworkInterfaceController, NetworkInterfaceListenerAcceptMetadata,
 };
 use crate::net::ssl::{CertStore, RootCaTlsHandler};
 use crate::net::tls::{
     ChainedHandler, TlsHandlerWrapper, TlsListener, TlsMetadata, WrapTlsHandler,
 };
+use crate::net::utils::ipv6_is_link_local;
 use crate::net::web_server::{Accept, AcceptStream, ExtractVisitor, TcpMetadata, extract};
 use crate::prelude::*;
 use crate::util::collections::EqSet;
 use crate::util::future::{NonDetachingJoinHandle, WeakFuture};
 use crate::util::serde::{HandlerExtSerde, MaybeUtf8String, display_serializable};
 use crate::util::sync::{SyncMutex, Watch};
+use crate::{GatewayId, ResultExt};
 
 pub fn vhost_api<C: Context>() -> ParentHandler<C> {
     ParentHandler::new().subcommand(
@@ -93,7 +93,7 @@ pub struct VHostController {
     interfaces: Arc<NetworkInterfaceController>,
     crypto_provider: Arc<CryptoProvider>,
     acme_cache: AcmeTlsAlpnCache,
-    servers: SyncMutex<BTreeMap<u16, VHostServer<NetworkInterfaceListener>>>,
+    servers: SyncMutex<BTreeMap<u16, VHostServer<VHostBindListener>>>,
 }
 impl VHostController {
     pub fn new(
@@ -114,14 +114,22 @@ impl VHostController {
         &self,
         hostname: Option<InternedString>,
         external: u16,
-        target: DynVHostTarget<NetworkInterfaceListener>,
+        target: DynVHostTarget<VHostBindListener>,
     ) -> Result<Arc<()>, Error> {
         self.servers.mutate(|writable| {
             let server = if let Some(server) = writable.remove(&external) {
                 server
             } else {
+                let bind_reqs = Watch::new(VHostBindRequirements::default());
+                let listener = VHostBindListener {
+                    ip_info: self.interfaces.watcher.subscribe(),
+                    port: external,
+                    bind_reqs: bind_reqs.clone_unseen(),
+                    listeners: BTreeMap::new(),
+                };
                 VHostServer::new(
-                    self.interfaces.watcher.bind(BindTcp, external)?,
+                    listener,
+                    bind_reqs,
                     self.db.clone(),
                     self.crypto_provider.clone(),
                     self.acme_cache.clone(),
@@ -173,6 +181,143 @@ impl VHostController {
     }
 }
 
+/// Union of all ProxyTargets' bind requirements for a VHostServer.
+#[derive(Debug, Clone, Default, PartialEq, Eq)]
+pub struct VHostBindRequirements {
+    pub public_gateways: BTreeSet<GatewayId>,
+    pub private_ips: BTreeSet<IpAddr>,
+}
+
+fn compute_bind_reqs<A: Accept + 'static>(mapping: &Mapping<A>) -> VHostBindRequirements {
+    let mut reqs = VHostBindRequirements::default();
+    for (_, targets) in mapping {
+        for (target, rc) in targets {
+            if rc.strong_count() > 0 {
+                let (pub_gw, priv_ip) = target.0.bind_requirements();
+                reqs.public_gateways.extend(pub_gw);
+                reqs.private_ips.extend(priv_ip);
+            }
+        }
+    }
+    reqs
+}
+
+/// Listener that manages its own TCP listeners with IP-level precision.
+/// Binds ALL IPs of public gateways and ONLY matching private IPs.
+pub struct VHostBindListener {
+    ip_info: Watch<OrdMap<GatewayId, NetworkInterfaceInfo>>,
+    port: u16,
+    bind_reqs: Watch<VHostBindRequirements>,
+    listeners: BTreeMap<SocketAddr, (TcpListener, GatewayInfo)>,
+}
+
+fn update_vhost_listeners(
+    listeners: &mut BTreeMap<SocketAddr, (TcpListener, GatewayInfo)>,
+    port: u16,
+    ip_info: &OrdMap<GatewayId, NetworkInterfaceInfo>,
+    reqs: &VHostBindRequirements,
+) -> Result<(), Error> {
+    let mut keep = BTreeSet::<SocketAddr>::new();
+    for (gw_id, info) in ip_info {
+        if let Some(ip_info) = &info.ip_info {
+            for ipnet in &ip_info.subnets {
+                let ip = ipnet.addr();
+                let should_bind =
+                    reqs.public_gateways.contains(gw_id) || reqs.private_ips.contains(&ip);
+                if should_bind {
+                    let addr = match ip {
+                        IpAddr::V6(ip6) => SocketAddrV6::new(
+                            ip6,
+                            port,
+                            0,
+                            if ipv6_is_link_local(ip6) {
+                                ip_info.scope_id
+                            } else {
+                                0
+                            },
+                        )
+                        .into(),
+                        ip => SocketAddr::new(ip, port),
+                    };
+                    keep.insert(addr);
+                    if let Some((_, existing_info)) = listeners.get_mut(&addr) {
+                        *existing_info = GatewayInfo {
+                            id: gw_id.clone(),
+                            info: info.clone(),
+                        };
+                    } else {
+                        let tcp = TcpListener::from_std(
+                            mio::net::TcpListener::bind(addr)
+                                .with_kind(ErrorKind::Network)?
+                                .into(),
+                        )
+                        .with_kind(ErrorKind::Network)?;
+                        listeners.insert(
+                            addr,
+                            (
+                                tcp,
+                                GatewayInfo {
+                                    id: gw_id.clone(),
+                                    info: info.clone(),
+                                },
+                            ),
+                        );
+                    }
+                }
+            }
+        }
+    }
+    listeners.retain(|key, _| keep.contains(key));
+    Ok(())
+}
+
+impl Accept for VHostBindListener {
+    type Metadata = NetworkInterfaceListenerAcceptMetadata;
+    fn poll_accept(
+        &mut self,
+        cx: &mut std::task::Context<'_>,
+    ) -> Poll<Result<(Self::Metadata, AcceptStream), Error>> {
+        // Update listeners when ip_info or bind_reqs change
+        while self.ip_info.poll_changed(cx).is_ready()
+            || self.bind_reqs.poll_changed(cx).is_ready()
+        {
+            let reqs = self.bind_reqs.read_and_mark_seen();
+            let listeners = &mut self.listeners;
+            let port = self.port;
+            self.ip_info.peek_and_mark_seen(|ip_info| {
+                update_vhost_listeners(listeners, port, ip_info, &reqs)
+            })?;
+        }
+
+        // Poll each listener for incoming connections
+        for (&addr, (listener, gw_info)) in &self.listeners {
+            match listener.poll_accept(cx) {
+                Poll::Ready(Ok((stream, peer_addr))) => {
+                    if let Err(e) = socket2::SockRef::from(&stream).set_keepalive(true) {
+                        tracing::error!("Failed to set tcp keepalive: {e}");
+                        tracing::debug!("{e:?}");
+                    }
+                    return Poll::Ready(Ok((
+                        NetworkInterfaceListenerAcceptMetadata {
+                            inner: TcpMetadata {
+                                local_addr: addr,
+                                peer_addr,
+                            },
+                            info: gw_info.clone(),
+                        },
+                        Box::pin(stream),
+                    )));
+                }
+                Poll::Ready(Err(e)) => {
+                    tracing::trace!("VHostBindListener accept error on {addr}: {e}");
+                }
+                Poll::Pending => {}
+            }
+        }
+        Poll::Pending
+    }
+}
+
 pub trait VHostTarget<A: Accept>: std::fmt::Debug + Eq {
     type PreprocessRes: Send + 'static;
     #[allow(unused_variables)]
@@ -182,6 +327,10 @@ pub trait VHostTarget<A: Accept>: std::fmt::Debug + Eq {
     fn acme(&self) -> Option<&AcmeProvider> {
         None
     }
+    /// Returns (public_gateways, private_ips) this target needs the listener to bind on.
+    fn bind_requirements(&self) -> (BTreeSet<GatewayId>, BTreeSet<IpAddr>) {
+        (BTreeSet::new(), BTreeSet::new())
+    }
     fn preprocess<'a>(
         &'a self,
         prev: ServerConfig,
@@ -200,6 +349,7 @@ pub trait VHostTarget<A: Accept>: std::fmt::Debug + Eq {
 pub trait DynVHostTargetT<A: Accept>: std::fmt::Debug + Any {
     fn filter(&self, metadata: &<A as Accept>::Metadata) -> bool;
     fn acme(&self) -> Option<&AcmeProvider>;
+    fn bind_requirements(&self) -> (BTreeSet<GatewayId>, BTreeSet<IpAddr>);
     fn preprocess<'a>(
         &'a self,
         prev: ServerConfig,
@@ -224,6 +374,9 @@ impl<A: Accept, T: VHostTarget<A> + 'static> DynVHostTargetT<A> for T {
     fn acme(&self) -> Option<&AcmeProvider> {
         VHostTarget::acme(self)
     }
+    fn bind_requirements(&self) -> (BTreeSet<GatewayId>, BTreeSet<IpAddr>) {
+        VHostTarget::bind_requirements(self)
+    }
     fn preprocess<'a>(
         &'a self,
         prev: ServerConfig,
@@ -301,7 +454,8 @@ impl<A: Accept + 'static> Preprocessed<A> {
 
 #[derive(Clone)]
 pub struct ProxyTarget {
-    pub filter: DynInterfaceFilter,
+    pub public: BTreeSet<GatewayId>,
+    pub private: BTreeSet<IpAddr>,
     pub acme: Option<AcmeProvider>,
     pub addr: SocketAddr,
     pub add_x_forwarded_headers: bool,
@@ -309,7 +463,8 @@ pub struct ProxyTarget {
 }
 impl PartialEq for ProxyTarget {
     fn eq(&self, other: &Self) -> bool {
-        self.filter == other.filter
+        self.public == other.public
+            && self.private == other.private
             && self.acme == other.acme
             && self.addr == other.addr
             && self.connect_ssl.as_ref().map(Arc::as_ptr)
@@ -320,7 +475,8 @@ impl Eq for ProxyTarget {}
 impl fmt::Debug for ProxyTarget {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         f.debug_struct("ProxyTarget")
-            .field("filter", &self.filter)
+            .field("public", &self.public)
+            .field("private", &self.private)
             .field("acme", &self.acme)
             .field("addr", &self.addr)
             .field("add_x_forwarded_headers", &self.add_x_forwarded_headers)
@@ -340,16 +496,37 @@ where
 {
     type PreprocessRes = AcceptStream;
     fn filter(&self, metadata: &<A as Accept>::Metadata) -> bool {
-        let info = extract::<GatewayInfo, _>(metadata);
-        if info.is_none() {
-            tracing::warn!("No GatewayInfo on metadata");
+        let gw = extract::<GatewayInfo, _>(metadata);
+        let tcp = extract::<TcpMetadata, _>(metadata);
+        let (Some(gw), Some(tcp)) = (gw, tcp) else {
+            return false;
+        };
+        let Some(ip_info) = &gw.info.ip_info else {
+            return false;
+        };
+
+        let src = tcp.peer_addr.ip();
+        // Public if: source is a gateway/router IP (NAT'd internet),
+        // or source is outside all known subnets (direct internet)
+        let is_public = ip_info.lan_ip.contains(&src)
+            || !ip_info.subnets.iter().any(|s| s.contains(&src));
+
+        if is_public {
+            self.public.contains(&gw.id)
+        } else {
+            // Private: accept if connection arrived on an interface with a matching IP
+            ip_info
+                .subnets
+                .iter()
+                .any(|s| self.private.contains(&s.addr()))
         }
-        info.as_ref()
-            .map_or(true, |i| self.filter.filter(&i.id, &i.info))
     }
     fn acme(&self) -> Option<&AcmeProvider> {
         self.acme.as_ref()
     }
+    fn bind_requirements(&self) -> (BTreeSet<GatewayId>, BTreeSet<IpAddr>) {
+        (self.public.clone(), self.private.clone())
+    }
     async fn preprocess<'a>(
         &'a self,
         mut prev: ServerConfig,
@@ -634,28 +811,15 @@ where
 
 struct VHostServer<A: Accept + 'static> {
     mapping: Watch<Mapping<A>>,
+    bind_reqs: Watch<VHostBindRequirements>,
     _thread: NonDetachingJoinHandle<()>,
 }
 
-impl<'a> From<&'a BTreeMap<Option<InternedString>, BTreeMap<ProxyTarget, Weak<()>>>> for AnyFilter {
-    fn from(value: &'a BTreeMap<Option<InternedString>, BTreeMap<ProxyTarget, Weak<()>>>) -> Self {
-        Self(
-            value
-                .iter()
-                .flat_map(|(_, v)| {
-                    v.iter()
-                        .filter(|(_, r)| r.strong_count() > 0)
-                        .map(|(t, _)| t.filter.clone())
-                })
-                .collect(),
-        )
-    }
-}
-
 impl<A: Accept> VHostServer<A> {
     #[instrument(skip_all)]
     fn new<M: HasModel>(
         listener: A,
+        bind_reqs: Watch<VHostBindRequirements>,
         db: TypedPatchDb<M>,
         crypto_provider: Arc<CryptoProvider>,
         acme_cache: AcmeTlsAlpnCache,
@@ -679,6 +843,7 @@ impl<A: Accept> VHostServer<A> {
         let mapping = Watch::new(BTreeMap::new());
         Self {
             mapping: mapping.clone(),
+            bind_reqs,
             _thread: tokio::spawn(async move {
                 let mut listener = VHostListener(TlsListener::new(
                     listener,
@@ -729,6 +894,9 @@ impl<A: Accept> VHostServer<A> {
             targets.insert(target, Arc::downgrade(&rc));
             writable.insert(hostname, targets);
             res = Ok(rc);
+            if changed {
+                self.update_bind_reqs(writable);
+            }
             changed
         });
         if self.mapping.watcher_count() > 1 {
@@ -752,9 +920,23 @@ impl<A: Accept> VHostServer<A> {
             if !targets.is_empty() {
                 writable.insert(hostname, targets);
             }
+            if pre != post {
+                self.update_bind_reqs(writable);
+            }
             pre == post
         });
     }
+    fn update_bind_reqs(&self, mapping: &Mapping<A>) {
+        let new_reqs = compute_bind_reqs(mapping);
+        self.bind_reqs.send_if_modified(|reqs| {
+            if *reqs != new_reqs {
+                *reqs = new_reqs;
+                true
+            } else {
+                false
+            }
+        });
+    }
     fn is_empty(&self) -> bool {
         self.mapping.peek(|m| m.is_empty())
     }
diff --git a/core/src/net/web_server.rs b/core/src/net/web_server.rs
index 2ac5b035f..8ffe9deaa 100644
--- a/core/src/net/web_server.rs
+++ b/core/src/net/web_server.rs
@@ -366,28 +366,6 @@ where
 pub struct WebServerAcceptorSetter<A: Accept> {
     acceptor: Watch<A>,
 }
-impl<A, B> WebServerAcceptorSetter<Option<Either<A, B>>>
-where
-    A: Accept,
-    B: Accept<Metadata = A::Metadata>,
-{
-    pub fn try_upgrade<F: FnOnce(A) -> Result<B, Error>>(&self, f: F) -> Result<(), Error> {
-        let mut res = Ok(());
-        self.acceptor.send_modify(|a| {
-            *a = match a.take() {
-                Some(Either::Left(a)) => match f(a) {
-                    Ok(b) => Some(Either::Right(b)),
-                    Err(e) => {
-                        res = Err(e);
-                        None
-                    }
-                },
-                x => x,
-            }
-        });
-        res
-    }
-}
 impl<A: Accept> Deref for WebServerAcceptorSetter<A> {
     type Target = Watch<A>;
     fn deref(&self) -> &Self::Target {
diff --git a/core/src/tunnel/api.rs b/core/src/tunnel/api.rs
index b8f5fd693..47f9a33e3 100644
--- a/core/src/tunnel/api.rs
+++ b/core/src/tunnel/api.rs
@@ -459,7 +459,7 @@ pub async fn add_forward(
         })
         .map(|s| s.prefix_len())
         .unwrap_or(32);
-    let rc = ctx.forward.add_forward(source, target, prefix).await?;
+    let rc = ctx.forward.add_forward(source, target, prefix, None).await?;
     ctx.active_forwards.mutate(|m| {
         m.insert(source, rc);
     });
diff --git a/core/src/tunnel/context.rs b/core/src/tunnel/context.rs
index 5afac62ab..ac56eaa36 100644
--- a/core/src/tunnel/context.rs
+++ b/core/src/tunnel/context.rs
@@ -199,7 +199,7 @@ impl TunnelContext {
                 })
                 .map(|s| s.prefix_len())
                 .unwrap_or(32);
-            active_forwards.insert(from, forward.add_forward(from, to, prefix).await?);
+            active_forwards.insert(from, forward.add_forward(from, to, prefix, None).await?);
         }
 
         Ok(Self(Arc::new(TunnelContextSeed {
diff --git a/core/src/version/v0_4_0_alpha_20.rs b/core/src/version/v0_4_0_alpha_20.rs
index 3da7caf5c..625d72a51 100644
--- a/core/src/version/v0_4_0_alpha_20.rs
+++ b/core/src/version/v0_4_0_alpha_20.rs
@@ -89,6 +89,10 @@ impl VersionT for Version {
             }
         }
 
+        // Migrate availablePorts from IdPool format to BTreeMap<u16, bool>
+        // Rebuild from actual assigned ports in all bindings
+        migrate_available_ports(db);
+
         Ok(Value::Null)
     }
     fn down(self, _db: &mut Value) -> Result<(), Error> {
@@ -96,6 +100,62 @@ impl VersionT for Version {
     }
 }
 
+fn collect_ports_from_host(host: Option<&Value>, ports: &mut Value) {
+    let Some(bindings) = host
+        .and_then(|h| h.get("bindings"))
+        .and_then(|b| b.as_object())
+    else {
+        return;
+    };
+    for (_, binding) in bindings.iter() {
+        if let Some(net) = binding.get("net") {
+            if let Some(port) = net.get("assignedPort").and_then(|p| p.as_u64()) {
+                if let Some(obj) = ports.as_object_mut() {
+                    obj.insert(port.to_string().into(), Value::from(false));
+                }
+            }
+            if let Some(port) = net.get("assignedSslPort").and_then(|p| p.as_u64()) {
+                if let Some(obj) = ports.as_object_mut() {
+                    obj.insert(port.to_string().into(), Value::from(true));
+                }
+            }
+        }
+    }
+}
+
+fn migrate_available_ports(db: &mut Value) {
+    let mut new_ports: Value = serde_json::json!({}).into();
+
+    // Collect from server host
+    let server_host = db
+        .get("public")
+        .and_then(|p| p.get("serverInfo"))
+        .and_then(|s| s.get("network"))
+        .and_then(|n| n.get("host"))
+        .cloned();
+    collect_ports_from_host(server_host.as_ref(), &mut new_ports);
+
+    // Collect from all package hosts
+    if let Some(packages) = db
+        .get("public")
+        .and_then(|p| p.get("packageData"))
+        .and_then(|p| p.as_object())
+    {
+        for (_, package) in packages.iter() {
+            if let Some(hosts) = package.get("hosts").and_then(|h| h.as_object()) {
+                for (_, host) in hosts.iter() {
+                    collect_ports_from_host(Some(host), &mut new_ports);
+                }
+            }
+        }
+    }
+
+    // Replace private.availablePorts
+    if let Some(private) = db.get_mut("private").and_then(|p| p.as_object_mut()) {
+        private.insert("availablePorts".into(), new_ports);
+    }
+}
+
 fn migrate_host(host: Option<&mut Value>) {
     let Some(host) = host.and_then(|h| h.as_object_mut()) else {
         return;
diff --git a/sdk/package/lib/StartSdk.ts b/sdk/package/lib/StartSdk.ts
index 9d1dc0164..3855d594d 100644
--- a/sdk/package/lib/StartSdk.ts
+++ b/sdk/package/lib/StartSdk.ts
@@ -67,7 +67,7 @@ import {
 import { getOwnServiceInterfaces } from '../../base/lib/util/getServiceInterfaces'
 import { Volumes, createVolumes } from './util/Volume'
 
-export const OSVersion = testTypeVersion('0.4.0-alpha.19')
+export const OSVersion = testTypeVersion('0.4.0-alpha.20')
 
 // prettier-ignore
 type AnyNeverCond<T extends any[], Then, Else> = 
diff --git a/web/package-lock.json b/web/package-lock.json
index bb0aca4f2..8c72087c8 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "startos-ui",
-  "version": "0.4.0-alpha.19",
+  "version": "0.4.0-alpha.20",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "startos-ui",
-      "version": "0.4.0-alpha.19",
+      "version": "0.4.0-alpha.20",
       "license": "MIT",
       "dependencies": {
         "@angular/animations": "^20.3.0",
diff --git a/web/package.json b/web/package.json
index 49fc3a76d..6d4e17883 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
   "name": "startos-ui",
-  "version": "0.4.0-alpha.19",
+  "version": "0.4.0-alpha.20",
   "author": "Start9 Labs, Inc",
   "homepage": "https://start9.com/",
   "license": "MIT",

From 8ef4ecf5ac61c77ca645fbf93cd521fd64fa6b09 Mon Sep 17 00:00:00 2001
From: Matt Hill <MattDHill@users.noreply.github.com>
Date: Thu, 12 Feb 2026 08:27:09 -0700
Subject: [PATCH 11/17] outbound gateway support (#3120)

* Multiple (#3111)

* fix alerts i18n, fix status display, better, remove usb media, hide shutdown for install complete

* trigger chnage detection for localize pipe and round out implementing localize pipe for consistency even though not needed

* Fix PackageInfoShort to handle LocaleString on releaseNotes (#3112)

* Fix PackageInfoShort to handle LocaleString on releaseNotes

* fix: filter by target_version in get_matching_models and pass otherVersions from install

* chore: add exver documentation for ai agents

* frontend plus some be types

---------

Co-authored-by: Aiden McClelland <3732071+dr-bonez@users.noreply.github.com>
---
 agents/exver.md                               | 301 ++++++++++++++++++
 core/src/db/model/package.rs                  |   5 +-
 core/src/db/model/public.rs                   |  56 ++--
 core/src/install/mod.rs                       |   3 +-
 core/src/net/gateway.rs                       |   6 +-
 core/src/net/tunnel.rs                        |  30 +-
 core/src/registry/package/get.rs              |  88 +++--
 core/src/service/service_map.rs               |   1 +
 core/src/version/update_details/v0_4_0.md     |  14 +-
 .../src/pages/list/item/item.component.html   |   2 +-
 .../src/pages/list/item/item.module.ts        |   4 +-
 .../src/pages/show/about.component.ts         |   6 +-
 .../src/app/components/remove-media.dialog.ts | 121 +++++++
 .../setup-wizard/src/app/pages/drives.page.ts |  43 ++-
 .../src/app/pages/success.page.ts             |  40 ++-
 .../shared/src/i18n/dictionaries/de.ts        |  19 +-
 .../shared/src/i18n/dictionaries/en.ts        |  19 +-
 .../shared/src/i18n/dictionaries/es.ts        |  19 +-
 .../shared/src/i18n/dictionaries/fr.ts        |  21 +-
 .../shared/src/i18n/dictionaries/pl.ts        |  19 +-
 web/projects/shared/src/i18n/localize.pipe.ts |   3 +
 .../src/app/services/patch-db/data-model.ts   |   2 +-
 .../components/interface-item.component.ts    |   1 -
 .../services/routes/actions.component.ts      | 200 ++++++++----
 .../routes/gateways/gateways.component.ts     |  31 +-
 .../system/routes/gateways/item.component.ts  |  88 +++--
 .../system/routes/gateways/table.component.ts |  13 +-
 .../ui/src/app/services/api/api.fixures.ts    |   3 +
 .../ui/src/app/services/api/api.types.ts      |  16 +-
 .../app/services/api/embassy-api.service.ts   |   8 +
 .../services/api/embassy-live-api.service.ts  |  12 +
 .../services/api/embassy-mock-api.service.ts  |  45 ++-
 .../ui/src/app/services/api/mock-patch.ts     |  24 +-
 .../ui/src/app/services/controls.service.ts   |  10 +-
 .../ui/src/app/services/gateway.service.ts    |  68 ++--
 .../services/pkg-status-rendering.service.ts  |   2 +-
 .../app/services/standard-actions.service.ts  |   9 +-
 37 files changed, 1113 insertions(+), 239 deletions(-)
 create mode 100644 agents/exver.md
 create mode 100644 web/projects/setup-wizard/src/app/components/remove-media.dialog.ts

diff --git a/agents/exver.md b/agents/exver.md
new file mode 100644
index 000000000..b58be3258
--- /dev/null
+++ b/agents/exver.md
@@ -0,0 +1,301 @@
+# exver — Extended Versioning
+
+Extended semver supporting **downstream versioning** (wrapper updates independent of upstream) and **flavors** (package fork variants).
+
+Two implementations exist:
+- **Rust crate** (`exver`) — used in `core/`. Source: https://github.com/Start9Labs/exver-rs
+- **TypeScript** (`sdk/base/lib/exver/index.ts`) — used in `sdk/` and `web/`
+
+Both parse the same string format and agree on `satisfies` semantics.
+
+## Version Format
+
+An **ExtendedVersion** string looks like:
+
+```
+[#flavor:]upstream:downstream
+```
+
+- **upstream** — the original package version (semver-style: `1.2.3`, `1.2.3-beta.1`)
+- **downstream** — the StartOS wrapper version (incremented independently)
+- **flavor** — optional lowercase ASCII prefix for fork variants
+
+Examples:
+- `1.2.3:0` — upstream 1.2.3, first downstream release
+- `1.2.3:2` — upstream 1.2.3, third downstream release
+- `#bitcoin:21.0:1` — bitcoin flavor, upstream 21.0, downstream 1
+- `1.0.0-rc.1:0` — upstream with prerelease tag
+
+## Core Types
+
+### `Version`
+
+A semver-style version with arbitrary digit segments and optional prerelease.
+
+**Rust:**
+```rust
+use exver::Version;
+
+let v = Version::new([1, 2, 3], []);              // 1.2.3
+let v = Version::new([1, 0], ["beta".into()]);     // 1.0-beta
+let v: Version = "1.2.3".parse().unwrap();
+
+v.number()      // &[1, 2, 3]
+v.prerelease()  // &[]
+```
+
+**TypeScript:**
+```typescript
+const v = new Version([1, 2, 3], [])
+const v = Version.parse("1.2.3")
+
+v.number      // number[]
+v.prerelease  // (string | number)[]
+v.compare(other)        // 'greater' | 'equal' | 'less'
+v.compareForSort(other) // -1 | 0 | 1
+```
+
+Default: `0`
+
+### `ExtendedVersion`
+
+The primary version type. Wraps upstream + downstream `Version` plus an optional flavor.
+
+**Rust:**
+```rust
+use exver::ExtendedVersion;
+
+let ev = ExtendedVersion::new(
+    Version::new([1, 2, 3], []),
+    Version::default(),          // downstream = 0
+);
+let ev: ExtendedVersion = "1.2.3:0".parse().unwrap();
+
+ev.flavor()      // Option<&str>
+ev.upstream()    // &Version
+ev.downstream()  // &Version
+
+// Builder methods (consuming):
+ev.with_flavor("bitcoin")
+ev.without_flavor()
+ev.map_upstream(|v| ...)
+ev.map_downstream(|v| ...)
+```
+
+**TypeScript:**
+```typescript
+const ev = new ExtendedVersion(null, upstream, downstream)
+const ev = ExtendedVersion.parse("1.2.3:0")
+const ev = ExtendedVersion.parseEmver("1.2.3.4")  // emver compat
+
+ev.flavor      // string | null
+ev.upstream    // Version
+ev.downstream  // Version
+
+ev.compare(other)        // 'greater' | 'equal' | 'less' | null
+ev.equals(other)         // boolean
+ev.greaterThan(other)    // boolean
+ev.lessThan(other)       // boolean
+ev.incrementMajor()      // new ExtendedVersion
+ev.incrementMinor()      // new ExtendedVersion
+```
+
+**Ordering:** Versions with different flavors are **not comparable** (`PartialOrd`/`compare` returns `None`/`null`).
+
+Default: `0:0`
+
+### `VersionString` (Rust only, StartOS wrapper)
+
+Defined in `core/src/util/version.rs`. Caches the original string representation alongside the parsed `ExtendedVersion`. Used as the key type in registry version maps.
+
+```rust
+use crate::util::VersionString;
+
+let vs: VersionString = "1.2.3:0".parse().unwrap();
+let vs = VersionString::from(extended_version);
+
+// Deref to ExtendedVersion:
+vs.satisfies(&range);
+vs.upstream();
+
+// String access:
+vs.as_str();           // &str
+AsRef::<str>::as_ref(&vs);
+```
+
+`Ord` is implemented with a total ordering — versions with different flavors are ordered by flavor name (unflavored sorts last).
+
+### `VersionRange`
+
+A predicate over `ExtendedVersion`. Supports comparison operators, boolean logic, and flavor constraints.
+
+**Rust:**
+```rust
+use exver::VersionRange;
+
+// Constructors:
+VersionRange::any()                          // matches everything
+VersionRange::none()                         // matches nothing
+VersionRange::exactly(ev)                    // = ev
+VersionRange::anchor(GTE, ev)               // >= ev
+VersionRange::caret(ev)                      // ^ev (compatible changes)
+VersionRange::tilde(ev)                      // ~ev (patch-level changes)
+
+// Combinators (smart — eagerly simplify):
+VersionRange::and(a, b)                      // a && b
+VersionRange::or(a, b)                       // a || b
+VersionRange::not(a)                         // !a
+
+// Parsing:
+let r: VersionRange = ">=1.0.0:0".parse().unwrap();
+let r: VersionRange = "^1.2.3:0".parse().unwrap();
+let r: VersionRange = ">=1.0.0 <2.0.0".parse().unwrap();   // implicit AND
+let r: VersionRange = ">=1.0.0 || >=2.0.0".parse().unwrap();
+let r: VersionRange = "#bitcoin".parse().unwrap();          // flavor match
+let r: VersionRange = "*".parse().unwrap();                 // any
+
+// Monoid wrappers for folding:
+AnyRange  // fold with or, empty = None
+AllRange  // fold with and, empty = Any
+```
+
+**TypeScript:**
+```typescript
+// Constructors:
+VersionRange.any()
+VersionRange.none()
+VersionRange.anchor('=', ev)
+VersionRange.anchor('>=', ev)
+VersionRange.anchor('^', ev)                 // ^ and ~ are first-class operators
+VersionRange.anchor('~', ev)
+VersionRange.flavor(null)                    // match unflavored versions
+VersionRange.flavor("bitcoin")               // match #bitcoin versions
+
+// Combinators — static (smart, variadic):
+VersionRange.and(a, b, c, ...)
+VersionRange.or(a, b, c, ...)
+
+// Combinators — instance (not smart, just wrap):
+range.and(other)
+range.or(other)
+range.not()
+
+// Parsing:
+VersionRange.parse(">=1.0.0:0")
+VersionRange.parseEmver(">=1.2.3.4")        // emver compat
+
+// Analysis (TS only):
+range.normalize()                            // canonical form (see below)
+range.satisfiable()                          // boolean
+range.intersects(other)                      // boolean
+```
+
+**Checking satisfaction:**
+
+```rust
+// Rust:
+version.satisfies(&range)  // bool
+```
+```typescript
+// TypeScript:
+version.satisfies(range)   // boolean
+range.satisfiedBy(version) // boolean (convenience)
+```
+
+Also available on `Version` (wraps in `ExtendedVersion` with downstream=0).
+
+When no operator is specified in a range string, `^` (caret) is the default.
+
+## Operators
+
+| Syntax | Rust | TS | Meaning |
+|--------|------|----|---------|
+| `=`    | `EQ` | `'='` | Equal |
+| `!=`   | `NEQ` | `'!='` | Not equal |
+| `>`    | `GT` | `'>'` | Greater than |
+| `>=`   | `GTE` | `'>='` | Greater than or equal |
+| `<`    | `LT` | `'<'` | Less than |
+| `<=`   | `LTE` | `'<='` | Less than or equal |
+| `^`    | expanded to `And(GTE, LT)` | `'^'` | Compatible (first non-zero digit unchanged) |
+| `~`    | expanded to `And(GTE, LT)` | `'~'` | Patch-level (minor unchanged) |
+
+## Flavor Rules
+
+- Versions with **different flavors** never satisfy comparison operators (except `!=`, which returns true)
+- `VersionRange::Flavor(Some("bitcoin"))` matches only `#bitcoin:*` versions
+- `VersionRange::Flavor(None)` matches only unflavored versions
+- Flavor constraints compose with `and`/`or`/`not` like any other range
+
+## Reduction and Normalization
+
+### Rust: `reduce()` (shallow)
+
+`VersionRange::reduce(self) -> Self` re-applies smart constructor rules to one level of the AST. Useful for simplifying a node that was constructed directly (e.g. deserialized) rather than through the smart constructors.
+
+**Smart constructor rules applied by `and`, `or`, `not`, and `reduce`:**
+
+`and`:
+- `and(Any, b) → b`, `and(a, Any) → a`
+- `and(None, _) → None`, `and(_, None) → None`
+
+`or`:
+- `or(Any, _) → Any`, `or(_, Any) → Any`
+- `or(None, b) → b`, `or(a, None) → a`
+
+`not`:
+- `not(=v) → !=v`, `not(!=v) → =v`
+- `not(and(a, b)) → or(not(a), not(b))` (De Morgan)
+- `not(or(a, b)) → and(not(a), not(b))` (De Morgan)
+- `not(not(a)) → a`
+- `not(Any) → None`, `not(None) → Any`
+
+### TypeScript: `normalize()` (deep, canonical)
+
+`VersionRange.normalize(): VersionRange` in `sdk/base/lib/exver/index.ts` performs full normalization by converting the range AST into a canonical form. This is a deep operation that produces a semantically equivalent but simplified range.
+
+**How it works:**
+
+1. **`tables()`** — Converts the VersionRange AST into truth tables (`VersionRangeTable`). Each table is a number line split at version boundary points, with boolean values for each segment indicating whether versions in that segment satisfy the range. Separate tables are maintained per flavor (and for flavor negations).
+
+2. **`VersionRangeTable.zip(a, b, func)`** — Merges two tables by walking their boundary points in sorted order and applying a boolean function (`&&` or `||`) to combine segment values. Adjacent segments with the same boolean value are collapsed automatically.
+
+3. **`VersionRangeTable.and/or/not`** — Table-level boolean operations. `and` computes the cross-product of flavor tables (since `#a && #b` for different flavors is unsatisfiable). `not` inverts all segment values.
+
+4. **`VersionRangeTable.collapse()`** — Checks if a table is uniformly true or false across all flavors and segments. Returns `true`, `false`, or `null` (mixed).
+
+5. **`VersionRangeTable.minterms()`** — Converts truth tables back into a VersionRange AST in [sum-of-products](https://en.wikipedia.org/wiki/Canonical_normal_form#Minterms) canonical form. Each `true` segment becomes a product term (conjunction of boundary constraints), and all terms are joined with `or`. Adjacent boundary points collapse into `=` anchors.
+
+**Example:** `normalize` can simplify:
+- `>=1.0.0:0 && <=1.0.0:0` → `=1.0.0:0`
+- `>=2.0.0:0 || >=1.0.0:0` → `>=1.0.0:0`
+- `!(!>=1.0.0:0)` → `>=1.0.0:0`
+
+**Also exposes:**
+- `satisfiable(): boolean` — returns `true` if there exists any version satisfying the range (checks if `collapse(tables())` is not `false`)
+- `intersects(other): boolean` — returns `true` if `and(this, other)` is satisfiable
+
+## API Differences Between Rust and TypeScript
+
+| | Rust | TypeScript |
+|-|------|------------|
+| **`^` / `~`** | Expanded at construction to `And(GTE, LT)` | First-class operator on `Anchor` |
+| **`not()`** | Static, eagerly simplifies (De Morgan, double negation) | Instance method, just wraps |
+| **`and()`/`or()`** | Binary static | Both binary instance and variadic static |
+| **Normalization** | `reduce()` — shallow, one AST level | `normalize()` — deep canonical form via truth tables |
+| **Satisfiability** | Not available | `satisfiable()` and `intersects(other)` |
+| **ExtendedVersion helpers** | `with_flavor()`, `without_flavor()`, `map_upstream()`, `map_downstream()` | `incrementMajor()`, `incrementMinor()`, `greaterThan()`, `lessThan()`, `equals()`, etc. |
+| **Monoid wrappers** | `AnyRange` (fold with `or`) and `AllRange` (fold with `and`) | Not present — use variadic static methods |
+| **`VersionString`** | Wrapper caching parsed + string form | Not present |
+| **Emver compat** | `From<emver::Version>` for `ExtendedVersion` | `ExtendedVersion.parseEmver()`, `VersionRange.parseEmver()` |
+
+## Serde
+
+All types serialize/deserialize as strings (requires `serde` feature, enabled in StartOS):
+
+```json
+{
+  "version": "1.2.3:0",
+  "targetVersion": ">=1.0.0:0 <2.0.0:0",
+  "sourceVersion": "^0.3.0:0"
+}
+```
diff --git a/core/src/db/model/package.rs b/core/src/db/model/package.rs
index 70c33a360..63db0b8ac 100644
--- a/core/src/db/model/package.rs
+++ b/core/src/db/model/package.rs
@@ -18,7 +18,7 @@ use crate::s9pk::manifest::{LocaleString, Manifest};
 use crate::status::StatusInfo;
 use crate::util::DataUrl;
 use crate::util::serde::{Pem, is_partial_of};
-use crate::{ActionId, HealthCheckId, HostId, PackageId, ReplayId, ServiceInterfaceId};
+use crate::{ActionId, GatewayId, HealthCheckId, HostId, PackageId, ReplayId, ServiceInterfaceId};
 
 #[derive(Debug, Default, Deserialize, Serialize, TS)]
 #[ts(export)]
@@ -381,6 +381,9 @@ pub struct PackageDataEntry {
     pub hosts: Hosts,
     #[ts(type = "string[]")]
     pub store_exposed_dependents: Vec<JsonPointer>,
+    #[serde(default)]
+    #[ts(type = "string | null")]
+    pub outbound_gateway: Option<GatewayId>,
 }
 impl AsRef<PackageDataEntry> for PackageDataEntry {
     fn as_ref(&self) -> &PackageDataEntry {
diff --git a/core/src/db/model/public.rs b/core/src/db/model/public.rs
index cd2dc2169..0cdf868c9 100644
--- a/core/src/db/model/public.rs
+++ b/core/src/db/model/public.rs
@@ -116,6 +116,7 @@ impl Public {
                         acme
                     },
                     dns: Default::default(),
+                    default_outbound: None,
                 },
                 status_info: ServerStatus {
                     backup_progress: None,
@@ -219,6 +220,9 @@ pub struct NetworkInfo {
     pub acme: BTreeMap<AcmeProvider, AcmeSettings>,
     #[serde(default)]
     pub dns: DnsSettings,
+    #[serde(default)]
+    #[ts(type = "string | null")]
+    pub default_outbound: Option<GatewayId>,
 }
 
 #[derive(Debug, Default, Deserialize, Serialize, HasModel, TS)]
@@ -238,39 +242,42 @@ pub struct DnsSettings {
 #[ts(export)]
 pub struct NetworkInterfaceInfo {
     pub name: Option<InternedString>,
+    #[ts(skip)]
     pub public: Option<bool>,
     pub secure: Option<bool>,
     pub ip_info: Option<Arc<IpInfo>>,
+    #[serde(default, rename = "type")]
+    pub gateway_type: Option<GatewayType>,
 }
 impl NetworkInterfaceInfo {
     pub fn public(&self) -> bool {
         self.public.unwrap_or_else(|| {
             !self.ip_info.as_ref().map_or(true, |ip_info| {
-                let ip4s = ip_info
-                    .subnets
-                    .iter()
-                    .filter_map(|ipnet| {
-                        if let IpAddr::V4(ip4) = ipnet.addr() {
-                            Some(ip4)
-                        } else {
-                            None
-                        }
-                    })
-                    .collect::<BTreeSet<_>>();
-                if !ip4s.is_empty() {
-                    return ip4s
-                        .iter()
-                        .all(|ip4| ip4.is_loopback() || ip4.is_private() || ip4.is_link_local());
-                }
-                ip_info.subnets.iter().all(|ipnet| {
-                    if let IpAddr::V6(ip6) = ipnet.addr() {
-                        ipv6_is_local(ip6)
+            let ip4s = ip_info
+                .subnets
+                .iter()
+                .filter_map(|ipnet| {
+                    if let IpAddr::V4(ip4) = ipnet.addr() {
+                        Some(ip4)
                     } else {
-                        true
+                        None
                     }
                 })
+                .collect::<BTreeSet<_>>();
+            if !ip4s.is_empty() {
+                return ip4s
+                    .iter()
+                    .all(|ip4| ip4.is_loopback() || ip4.is_private() || ip4.is_link_local());
+            }
+            ip_info.subnets.iter().all(|ipnet| {
+                if let IpAddr::V6(ip6) = ipnet.addr() {
+                    ipv6_is_local(ip6)
+                } else {
+                    true
+                }
             })
         })
+        })
     }
 
     pub fn secure(&self) -> bool {
@@ -309,6 +316,15 @@ pub enum NetworkInterfaceType {
     Loopback,
 }
 
+#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, TS, clap::ValueEnum)]
+#[ts(export)]
+#[serde(rename_all = "kebab-case")]
+pub enum GatewayType {
+    #[default]
+    InboundOutbound,
+    OutboundOnly,
+}
+
 #[derive(Debug, Deserialize, Serialize, HasModel, TS)]
 #[serde(rename_all = "camelCase")]
 #[model = "Model<Self>"]
diff --git a/core/src/install/mod.rs b/core/src/install/mod.rs
index 5fe707463..9267be2d5 100644
--- a/core/src/install/mod.rs
+++ b/core/src/install/mod.rs
@@ -137,6 +137,7 @@ pub async fn install(
             json!({
                 "id": id,
                 "targetVersion": VersionRange::exactly(version.deref().clone()),
+                "otherVersions": "none",
             }),
             RegistryUrlParams {
                 registry: registry.clone(),
@@ -484,7 +485,7 @@ pub async fn cli_install(
             let mut packages: GetPackageResponse = from_value(
                 ctx.call_remote::<RegistryContext>(
                     "package.get",
-                    json!({ "id": &id, "targetVersion": version, "sourceVersion": source_version }),
+                    json!({ "id": &id, "targetVersion": version, "sourceVersion": source_version, "otherVersions": "none" }),
                 )
                 .await?,
             )?;
diff --git a/core/src/net/gateway.rs b/core/src/net/gateway.rs
index e9c2575ba..d8d0a6c6e 100644
--- a/core/src/net/gateway.rs
+++ b/core/src/net/gateway.rs
@@ -754,13 +754,14 @@ async fn watch_ip(
 
                                         write_to.send_if_modified(
                                             |m: &mut OrdMap<GatewayId, NetworkInterfaceInfo>| {
-                                                let (name, public, secure, prev_wan_ip) = m
+                                                let (name, public, secure, gateway_type, prev_wan_ip) = m
                                                     .get(&iface)
-                                                    .map_or((None, None, None, None), |i| {
+                                                    .map_or((None, None, None, None, None), |i| {
                                                         (
                                                             i.name.clone(),
                                                             i.public,
                                                             i.secure,
+                                                            i.gateway_type,
                                                             i.ip_info
                                                                 .as_ref()
                                                                 .and_then(|i| i.wan_ip),
@@ -775,6 +776,7 @@ async fn watch_ip(
                                                         public,
                                                         secure,
                                                         ip_info: Some(ip_info.clone()),
+                                                        gateway_type,
                                                     },
                                                 )
                                                 .filter(|old| &old.ip_info == &Some(ip_info))
diff --git a/core/src/net/tunnel.rs b/core/src/net/tunnel.rs
index 8635475e1..deb7ec6a3 100644
--- a/core/src/net/tunnel.rs
+++ b/core/src/net/tunnel.rs
@@ -8,7 +8,7 @@ use ts_rs::TS;
 
 use crate::GatewayId;
 use crate::context::{CliContext, RpcContext};
-use crate::db::model::public::{NetworkInterfaceInfo, NetworkInterfaceType};
+use crate::db::model::public::{GatewayType, NetworkInterfaceInfo, NetworkInterfaceType};
 use crate::net::host::all_hosts;
 use crate::prelude::*;
 use crate::util::Invoke;
@@ -32,14 +32,19 @@ pub fn tunnel_api<C: Context>() -> ParentHandler<C> {
 }
 
 #[derive(Debug, Clone, Deserialize, Serialize, Parser, TS)]
+#[serde(rename_all = "camelCase")]
 #[ts(export)]
 pub struct AddTunnelParams {
     #[arg(help = "help.arg.tunnel-name")]
     name: InternedString,
     #[arg(help = "help.arg.wireguard-config")]
     config: String,
-    #[arg(help = "help.arg.is-public")]
-    public: bool,
+    #[arg(help = "help.arg.gateway-type")]
+    #[serde(default, rename = "type")]
+    gateway_type: Option<GatewayType>,
+    #[arg(help = "help.arg.set-as-default-outbound")]
+    #[serde(default)]
+    set_as_default_outbound: bool,
 }
 
 fn sanitize_config(config: &str) -> String {
@@ -64,7 +69,8 @@ pub async fn add_tunnel(
     AddTunnelParams {
         name,
         config,
-        public,
+        gateway_type,
+        set_as_default_outbound,
     }: AddTunnelParams,
 ) -> Result<GatewayId, Error> {
     let ifaces = ctx.net_controller.net_iface.watcher.subscribe();
@@ -76,9 +82,10 @@ pub async fn add_tunnel(
                     iface.clone(),
                     NetworkInterfaceInfo {
                         name: Some(name),
-                        public: Some(public),
+                        public: None,
                         secure: None,
                         ip_info: None,
+                        gateway_type,
                     },
                 );
                 return true;
@@ -120,6 +127,19 @@ pub async fn add_tunnel(
 
     sub.recv().await;
 
+    if set_as_default_outbound {
+        ctx.db
+            .mutate(|db| {
+                db.as_public_mut()
+                    .as_server_info_mut()
+                    .as_network_mut()
+                    .as_default_outbound_mut()
+                    .ser(&Some(iface.clone()))
+            })
+            .await
+            .result?;
+    }
+
     Ok(iface)
 }
 
diff --git a/core/src/registry/package/get.rs b/core/src/registry/package/get.rs
index 7525ce54d..2d834bf87 100644
--- a/core/src/registry/package/get.rs
+++ b/core/src/registry/package/get.rs
@@ -15,6 +15,7 @@ use crate::progress::{FullProgressTracker, ProgressUnits};
 use crate::registry::context::RegistryContext;
 use crate::registry::device_info::DeviceInfo;
 use crate::registry::package::index::{PackageIndex, PackageVersionInfo};
+use crate::s9pk::manifest::LocaleString;
 use crate::s9pk::merkle_archive::source::ArchiveSource;
 use crate::s9pk::v2::SIG_CONTEXT;
 use crate::util::VersionString;
@@ -38,11 +39,11 @@ impl Default for PackageDetailLevel {
     }
 }
 
-#[derive(Debug, Deserialize, Serialize, TS)]
+#[derive(Clone, Debug, Deserialize, Serialize, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export)]
 pub struct PackageInfoShort {
-    pub release_notes: String,
+    pub release_notes: LocaleString,
 }
 
 #[derive(Debug, Deserialize, Serialize, TS, Parser, HasModel)]
@@ -89,17 +90,20 @@ impl GetPackageResponse {
 
             let lesser_versions: BTreeMap<_, _> = self
                 .other_versions
-                .as_ref()
+                .clone()
                 .into_iter()
                 .flatten()
-                .filter(|(v, _)| ***v < *version)
+                .filter(|(v, _)| **v < *version)
                 .collect();
 
             if !lesser_versions.is_empty() {
                 table.add_row(row![bc => "OLDER VERSIONS"]);
                 table.add_row(row![bc => "VERSION", "RELEASE NOTES"]);
                 for (version, info) in lesser_versions {
-                    table.add_row(row![AsRef::<str>::as_ref(version), &info.release_notes]);
+                    table.add_row(row![
+                        AsRef::<str>::as_ref(&version),
+                        &info.release_notes.localized()
+                    ]);
                 }
             }
 
@@ -147,6 +151,7 @@ fn get_matching_models(
         id,
         source_version,
         device_info,
+        target_version,
         ..
     }: &GetPackageParams,
 ) -> Result<Vec<(PackageId, ExtendedVersion, Model<PackageVersionInfo>)>, Error> {
@@ -165,26 +170,29 @@ fn get_matching_models(
             .as_entries()?
             .into_iter()
             .map(|(v, info)| {
+                let ev = ExtendedVersion::from(v);
                 Ok::<_, Error>(
-                    if source_version.as_ref().map_or(Ok(true), |source_version| {
-                        Ok::<_, Error>(
-                            source_version.satisfies(
-                                &info
-                                    .as_source_version()
-                                    .de()?
-                                    .unwrap_or(VersionRange::any()),
-                            ),
-                        )
-                    })? {
+                    if target_version.as_ref().map_or(true, |tv| ev.satisfies(tv))
+                        && source_version.as_ref().map_or(Ok(true), |source_version| {
+                            Ok::<_, Error>(
+                                source_version.satisfies(
+                                    &info
+                                        .as_source_version()
+                                        .de()?
+                                        .unwrap_or(VersionRange::any()),
+                                ),
+                            )
+                        })?
+                    {
                         let mut info = info.clone();
                         if let Some(device_info) = &device_info {
                             if info.for_device(device_info)? {
-                                Some((k.clone(), ExtendedVersion::from(v), info))
+                                Some((k.clone(), ev, info))
                             } else {
                                 None
                             }
                         } else {
-                            Some((k.clone(), ExtendedVersion::from(v), info))
+                            Some((k.clone(), ev, info))
                         }
                     } else {
                         None
@@ -207,12 +215,7 @@ pub async fn get_package(ctx: RegistryContext, params: GetPackageParams) -> Resu
     for (id, version, info) in get_matching_models(&peek.as_index().as_package(), &params)? {
         let package_best = best.entry(id.clone()).or_default();
         let package_other = other.entry(id.clone()).or_default();
-        if params
-            .target_version
-            .as_ref()
-            .map_or(true, |v| version.satisfies(v))
-            && package_best.keys().all(|k| !(**k > version))
-        {
+        if package_best.keys().all(|k| !(**k > version)) {
             for worse_version in package_best
                 .keys()
                 .filter(|k| ***k < version)
@@ -569,3 +572,42 @@ pub async fn cli_download(
 
     Ok(())
 }
+
+#[test]
+fn check_matching_info_short() {
+    use crate::registry::package::index::PackageMetadata;
+    use crate::s9pk::manifest::{Alerts, Description};
+    use crate::util::DataUrl;
+
+    let lang_map = |s: &str| {
+        LocaleString::LanguageMap([("en".into(), s.into())].into_iter().collect())
+    };
+
+    let info = PackageVersionInfo {
+        metadata: PackageMetadata {
+            title: "Test Package".into(),
+            icon: DataUrl::from_vec("image/png", vec![]),
+            description: Description {
+                short: lang_map("A short description"),
+                long: lang_map("A longer description of the test package"),
+            },
+            release_notes: lang_map("Initial release"),
+            git_hash: None,
+            license: "MIT".into(),
+            wrapper_repo: "https://github.com/example/wrapper".parse().unwrap(),
+            upstream_repo: "https://github.com/example/upstream".parse().unwrap(),
+            support_site: "https://example.com/support".parse().unwrap(),
+            marketing_site: "https://example.com".parse().unwrap(),
+            donation_url: None,
+            docs_url: None,
+            alerts: Alerts::default(),
+            dependency_metadata: BTreeMap::new(),
+            os_version: exver::Version::new([0, 3, 6], []),
+            sdk_version: None,
+            hardware_acceleration: false,
+        },
+        source_version: None,
+        s9pks: Vec::new(),
+    };
+    from_value::<PackageInfoShort>(to_value(&info).unwrap()).unwrap();
+}
diff --git a/core/src/service/service_map.rs b/core/src/service/service_map.rs
index fe8192d26..56292baba 100644
--- a/core/src/service/service_map.rs
+++ b/core/src/service/service_map.rs
@@ -259,6 +259,7 @@ impl ServiceMap {
                                         service_interfaces: Default::default(),
                                         hosts: Default::default(),
                                         store_exposed_dependents: Default::default(),
+                                        outbound_gateway: None,
                                     },
                                 )?;
                             };
diff --git a/core/src/version/update_details/v0_4_0.md b/core/src/version/update_details/v0_4_0.md
index e546704ee..e3881a5fd 100644
--- a/core/src/version/update_details/v0_4_0.md
+++ b/core/src/version/update_details/v0_4_0.md
@@ -10,13 +10,13 @@ A server is not a toy. It is a critical component of the computing paradigm, and
 
 Start9 is paving new ground with StartOS, trying to create what most developers and IT professionals thought impossible; namely, an OS and user experience that affords a normal person the same independent control over their data and communications as an experienced Linux sysadmin.
 
-The difficulty of our endeavor requires making mistakes; and our integrity and dedication to excellence require that we correct them. This means a willingness to discard bad ideas and broken parts, and if absolutely necessary, to tear it all down and start over. That is exactly what we did with StartOS v0.2.0 in 2020. It is what we did with StartOS v0.3.0 in 2022. And we are doing it now with StartOS v0.4.0 in 2025.
+The difficulty of our endeavor requires making mistakes; and our integrity and dedication to excellence require that we correct them. This means a willingness to discard bad ideas and broken parts, and if absolutely necessary, to tear it all down and start over. That is exactly what we did with StartOS v0.2.0 in 2020. It is what we did with StartOS v0.3.0 in 2022. And we are doing it now with StartOS v0.4.0 in 2026.
 
 v0.4.0 is a complete rewrite of StartOS, almost nothing survived. After nearly six years of building StartOS, we believe that we have finally arrived at the correct architecture and foundation that will allow us to deliver on the promise of sovereign computing.
 
 ## Changelog
 
-### Improved User interface
+### New User interface
 
 We re-wrote the StartOS UI to be more performant, more intuitive, and better looking on both mobile and desktop. Enjoy.
 
@@ -28,6 +28,10 @@ StartOS v0.4.0 supports multiple languages and also makes it easy to add more la
 
 Neither Docker nor Podman offer the reliability and flexibility needed for StartOS. Instead, v0.4.0 uses a nested container paradigm based on LXC for the outer container and Linux namespaces for sub containers. This architecture naturally supports multi container setups.
 
+### Hardware Acceleration
+
+Services can take advantage of (and require) the presence of certain hardware modules, such as Nvidia GPUs, for transcoding or inference purposes. For example, StartOS and Ollama can run natively on The Nvidia DGX Spark and take full advantage of the hardware/firmware stack to perform local inference against open source models.
+
 ### New S9PK archive format
 
 The S9PK archive format has been overhauled to allow for signature verification of partial downloads, and allow direct mounting of container images without unpacking the s9pk.
@@ -80,13 +84,13 @@ The new start-fs fuse module unifies file system expectations for various platfo
 
 StartOS now uses Extended Versioning (Exver), which consists of three parts: (1) a Semver-compliant upstream version, (2) a Semver-compliant wrapper version, and (3) an optional "flavor" prefix. Flavors can be thought of as alternative implementations of services, where a user would only want one or the other installed, and data can feasibly be migrating between the two. Another common characteristic of flavors is that they satisfy the same API requirement of dependents, though this is not strictly necessary. A valid Exver looks something like this: `#knots:29.0:1.0-beta.1`. This would translate to "the first beta release of StartOS wrapper version 1.0 of Bitcoin Knots version 29.0".
 
-### ACME
+### Let's Encrypt
 
-StartOS now supports using ACME protocol to automatically obtain SSL/TLS certificates from widely trusted certificate authorities, such as Let's Encrypt, for your public domains. This means people visiting your public websites and APIs will not need to download and trust your server's Root CA.
+StartOS now supports Let's Encrypt to automatically obtain SSL/TLS certificates for public domains. This means people visiting your public websites and APIs will not need to download and trust your server's Root CA.
 
 ### Gateways
 
-Gateways connect your server to the Internet. They process outbound traffic, and under certain conditions, they also permit inbound traffic. For example, your router is a gateway. It is now possible add gateways to StartOS, such as StartTunnel, in order to more granularly control how your installed services are exposed to the Internet.
+Gateways connect your server to the Internet, facilitating inbound and outbound traffic. Your router is a gateway. It is now possible to add Wireguard VPN gateways to your server to control how devices outside the LAN connect to your server and how your server connects out to the Internet.
 
 ### Static DNS Servers
 
diff --git a/web/projects/marketplace/src/pages/list/item/item.component.html b/web/projects/marketplace/src/pages/list/item/item.component.html
index 4b3d5fb26..33b9d45e3 100644
--- a/web/projects/marketplace/src/pages/list/item/item.component.html
+++ b/web/projects/marketplace/src/pages/list/item/item.component.html
@@ -12,7 +12,7 @@
       {{ pkg.title }}
     </span>
     <span class="detail-description">
-      {{ pkg.description.short }}
+      {{ pkg.description.short | localize }}
     </span>
   </div>
 </div>
diff --git a/web/projects/marketplace/src/pages/list/item/item.module.ts b/web/projects/marketplace/src/pages/list/item/item.module.ts
index e6989b562..682f24de5 100644
--- a/web/projects/marketplace/src/pages/list/item/item.module.ts
+++ b/web/projects/marketplace/src/pages/list/item/item.module.ts
@@ -1,12 +1,12 @@
 import { CommonModule } from '@angular/common'
 import { NgModule } from '@angular/core'
 import { RouterModule } from '@angular/router'
-import { SharedPipesModule, TickerComponent } from '@start9labs/shared'
+import { LocalizePipe, SharedPipesModule, TickerComponent } from '@start9labs/shared'
 import { ItemComponent } from './item.component'
 
 @NgModule({
   declarations: [ItemComponent],
   exports: [ItemComponent],
-  imports: [CommonModule, RouterModule, SharedPipesModule, TickerComponent],
+  imports: [CommonModule, RouterModule, SharedPipesModule, TickerComponent, LocalizePipe],
 })
 export class ItemModule {}
diff --git a/web/projects/marketplace/src/pages/show/about.component.ts b/web/projects/marketplace/src/pages/show/about.component.ts
index edbe5c5a5..a4f7a9135 100644
--- a/web/projects/marketplace/src/pages/show/about.component.ts
+++ b/web/projects/marketplace/src/pages/show/about.component.ts
@@ -6,7 +6,7 @@ import {
   output,
 } from '@angular/core'
 import { MarketplacePkgBase } from '../../types'
-import { CopyService, i18nPipe } from '@start9labs/shared'
+import { CopyService, i18nPipe, LocalizePipe } from '@start9labs/shared'
 import { DatePipe } from '@angular/common'
 import { MarketplaceItemComponent } from './item.component'
 
@@ -71,7 +71,7 @@ import { MarketplaceItemComponent } from './item.component'
     <div class="background-border box-shadow-lg shadow-color-light">
       <div class="box-container">
         <h2 class="additional-detail-title">{{ 'Description' | i18n }}</h2>
-        <p [innerHTML]="pkg().description.long"></p>
+        <p [innerHTML]="pkg().description.long | localize"></p>
       </div>
     </div>
   `,
@@ -129,7 +129,7 @@ import { MarketplaceItemComponent } from './item.component'
     }
   `,
   changeDetection: ChangeDetectionStrategy.OnPush,
-  imports: [MarketplaceItemComponent, DatePipe, i18nPipe],
+  imports: [MarketplaceItemComponent, DatePipe, i18nPipe, LocalizePipe],
 })
 export class MarketplaceAboutComponent {
   readonly copyService = inject(CopyService)
diff --git a/web/projects/setup-wizard/src/app/components/remove-media.dialog.ts b/web/projects/setup-wizard/src/app/components/remove-media.dialog.ts
new file mode 100644
index 000000000..0daef9e94
--- /dev/null
+++ b/web/projects/setup-wizard/src/app/components/remove-media.dialog.ts
@@ -0,0 +1,121 @@
+import { Component } from '@angular/core'
+import { i18nPipe } from '@start9labs/shared'
+import { TuiButton, TuiDialogContext } from '@taiga-ui/core'
+import { injectContext } from '@taiga-ui/polymorpheus'
+
+@Component({
+  standalone: true,
+  imports: [TuiButton, i18nPipe],
+  template: `
+    <div class="animation-container">
+      <div class="port">
+        <div class="port-inner"></div>
+      </div>
+      <div class="usb-stick">
+        <div class="usb-connector"></div>
+        <div class="usb-body"></div>
+      </div>
+    </div>
+    <p>
+      {{
+        'Remove USB stick or other installation media from your server' | i18n
+      }}
+    </p>
+    <footer>
+      <button tuiButton (click)="context.completeWith(true)">
+        {{ 'Done' | i18n }}
+      </button>
+    </footer>
+  `,
+  styles: `
+    :host {
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      text-align: center;
+    }
+
+    .animation-container {
+      position: relative;
+      width: 160px;
+      height: 69px;
+    }
+
+    .port {
+      position: absolute;
+      left: 20px;
+      top: 50%;
+      transform: translateY(-50%);
+      width: 28px;
+      height: 18px;
+      background: var(--tui-background-neutral-1);
+      border: 2px solid var(--tui-border-normal);
+      border-radius: 2px;
+    }
+
+    .port-inner {
+      position: absolute;
+      top: 3px;
+      left: 3px;
+      right: 3px;
+      bottom: 3px;
+      background: var(--tui-background-neutral-2);
+      border-radius: 1px;
+    }
+
+    .usb-stick {
+      position: absolute;
+      top: 50%;
+      transform: translateY(-50%);
+      display: flex;
+      align-items: center;
+      animation: slide-out 2s ease-in-out 0.5s infinite;
+      left: 32px;
+    }
+
+    .usb-connector {
+      width: 20px;
+      height: 12px;
+      background: var(--tui-text-secondary);
+      border-radius: 1px;
+    }
+
+    .usb-body {
+      width: 40px;
+      height: 20px;
+      background: var(--tui-status-info);
+      border-radius: 2px 4px 4px 2px;
+    }
+
+    @keyframes slide-out {
+      0% {
+        left: 32px;
+        opacity: 0;
+      }
+      5% {
+        left: 32px;
+        opacity: 1;
+      }
+      80% {
+        left: 130px;
+        opacity: 0;
+      }
+      100% {
+        left: 130px;
+        opacity: 0;
+      }
+    }
+
+    p {
+      margin: 0 0 2rem;
+    }
+
+    footer {
+      display: flex;
+      justify-content: center;
+    }
+  `,
+})
+export class RemoveMediaDialog {
+  protected readonly context = injectContext<TuiDialogContext<boolean>>()
+}
diff --git a/web/projects/setup-wizard/src/app/pages/drives.page.ts b/web/projects/setup-wizard/src/app/pages/drives.page.ts
index f3c7ded42..2790fc306 100644
--- a/web/projects/setup-wizard/src/app/pages/drives.page.ts
+++ b/web/projects/setup-wizard/src/app/pages/drives.page.ts
@@ -1,4 +1,9 @@
-import { ChangeDetectorRef, Component, inject } from '@angular/core'
+import {
+  ChangeDetectorRef,
+  Component,
+  HostListener,
+  inject,
+} from '@angular/core'
 import { Router } from '@angular/router'
 import { FormsModule } from '@angular/forms'
 import {
@@ -21,13 +26,14 @@ import {
 import { TuiDataListWrapper, TuiSelect, TuiTooltip } from '@taiga-ui/kit'
 import { TuiCardLarge, TuiHeader } from '@taiga-ui/layout'
 import { PolymorpheusComponent } from '@taiga-ui/polymorpheus'
-import { filter } from 'rxjs'
+import { filter, Subscription } from 'rxjs'
 import { ApiService } from '../services/api.service'
 import { StateService } from '../services/state.service'
 import { PreserveOverwriteDialog } from '../components/preserve-overwrite.dialog'
 
 @Component({
   template: `
+    @if (!shuttingDown) {
     <section tuiCardLarge="compact">
       <header tuiHeader>
         <h2 tuiTitle>{{ 'Select Drives' | i18n }}</h2>
@@ -132,6 +138,7 @@ import { PreserveOverwriteDialog } from '../components/preserve-overwrite.dialog
         }
       </footer>
     </section>
+    }
   `,
   styles: `
     .no-drives {
@@ -176,6 +183,14 @@ export default class DrivesPage {
 
   protected readonly mobile = inject(TUI_IS_MOBILE)
 
+  @HostListener('document:keydown', ['$event'])
+  onKeydown(event: KeyboardEvent) {
+    if (event.ctrlKey && event.shiftKey && event.key === 'X') {
+      event.preventDefault()
+      this.shutdownServer()
+    }
+  }
+
   readonly osDriveTooltip = this.i18n.transform(
     'The drive where the StartOS operating system will be installed.',
   )
@@ -185,6 +200,8 @@ export default class DrivesPage {
 
   drives: DiskInfo[] = []
   loading = true
+  shuttingDown = false
+  private dialogSub?: Subscription
   selectedOsDrive: DiskInfo | null = null
   selectedDataDrive: DiskInfo | null = null
   preserveData: boolean | null = null
@@ -339,22 +356,18 @@ export default class DrivesPage {
       loader.unsubscribe()
 
       // Show success dialog
-      this.dialogs
-        .openConfirm({
+      this.dialogSub = this.dialogs
+        .openAlert('StartOS has been installed successfully.', {
           label: 'Installation Complete!',
           size: 's',
-          data: {
-            content: 'StartOS has been installed successfully.',
-            yes: 'Continue to Setup',
-            no: 'Shutdown',
-          },
+          dismissible: false,
+          closeable: true,
+          data: { button: this.i18n.transform('Continue to Setup') },
         })
-        .subscribe(continueSetup => {
-          if (continueSetup) {
+        .subscribe({
+          complete: () => {
             this.navigateToNextStep(result.attach)
-          } else {
-            this.shutdownServer()
-          }
+          },
         })
     } catch (e: any) {
       loader.unsubscribe()
@@ -372,10 +385,12 @@ export default class DrivesPage {
   }
 
   private async shutdownServer() {
+    this.dialogSub?.unsubscribe()
     const loader = this.loader.open('Beginning shutdown').subscribe()
 
     try {
       await this.api.shutdown()
+      this.shuttingDown = true
     } catch (e: any) {
       this.errorService.handleError(e)
     } finally {
diff --git a/web/projects/setup-wizard/src/app/pages/success.page.ts b/web/projects/setup-wizard/src/app/pages/success.page.ts
index 8f84f788b..03dae0203 100644
--- a/web/projects/setup-wizard/src/app/pages/success.page.ts
+++ b/web/projects/setup-wizard/src/app/pages/success.page.ts
@@ -6,7 +6,12 @@ import {
   ViewChild,
   DOCUMENT,
 } from '@angular/core'
-import { DownloadHTMLService, ErrorService, i18nPipe } from '@start9labs/shared'
+import {
+  DialogService,
+  DownloadHTMLService,
+  ErrorService,
+  i18nPipe,
+} from '@start9labs/shared'
 import { TuiIcon, TuiLoader, TuiTitle } from '@taiga-ui/core'
 import { TuiAvatar } from '@taiga-ui/kit'
 import { TuiCardLarge, TuiCell, TuiHeader } from '@taiga-ui/layout'
@@ -14,7 +19,9 @@ import { ApiService } from '../services/api.service'
 import { StateService } from '../services/state.service'
 import { DocumentationComponent } from '../components/documentation.component'
 import { MatrixComponent } from '../components/matrix.component'
+import { RemoveMediaDialog } from '../components/remove-media.dialog'
 import { SetupCompleteRes } from '../types'
+import { PolymorpheusComponent } from '@taiga-ui/polymorpheus'
 
 @Component({
   template: `
@@ -29,12 +36,8 @@ import { SetupCompleteRes } from '../types'
           @if (!stateService.kiosk) {
             <span tuiSubtitle>
               {{
-                stateService.setupType === 'restore'
-                  ? ('You can unplug your backup drive' | i18n)
-                  : stateService.setupType === 'transfer'
-                    ? ('You can unplug your transfer drive' | i18n)
-                    : ('http://start.local was for setup only. It will no longer work.'
-                      | i18n)
+                'http://start.local was for setup only. It will no longer work.'
+                  | i18n
               }}
             </span>
           }
@@ -69,14 +72,15 @@ import { SetupCompleteRes } from '../types'
             tuiCell="l"
             [class.disabled]="!stateService.kiosk && !downloaded"
             [disabled]="(!stateService.kiosk && !downloaded) || usbRemoved"
-            (click)="usbRemoved = true"
+            (click)="removeMedia()"
           >
             <tui-avatar appearance="secondary" src="@tui.usb" />
             <div tuiTitle>
-              {{ 'USB Removed' | i18n }}
+              {{ 'Remove Installation Media' | i18n }}
               <div tuiSubtitle>
                 {{
-                  'Remove the USB installation media from your server' | i18n
+                  'Remove USB stick or other installation media from your server'
+                    | i18n
                 }}
               </div>
             </div>
@@ -184,6 +188,7 @@ export default class SuccessPage implements AfterViewInit {
   private readonly errorService = inject(ErrorService)
   private readonly api = inject(ApiService)
   private readonly downloadHtml = inject(DownloadHTMLService)
+  private readonly dialogs = inject(DialogService)
   private readonly i18n = inject(i18nPipe)
 
   readonly stateService = inject(StateService)
@@ -225,6 +230,21 @@ export default class SuccessPage implements AfterViewInit {
     })
   }
 
+  removeMedia() {
+    this.dialogs
+      .openComponent<boolean>(
+        new PolymorpheusComponent(RemoveMediaDialog),
+        {
+          size: 's',
+          dismissible: false,
+          closeable: false,
+        },
+      )
+      .subscribe(() => {
+        this.usbRemoved = true
+      })
+  }
+
   exitKiosk() {
     this.api.exit()
   }
diff --git a/web/projects/shared/src/i18n/dictionaries/de.ts b/web/projects/shared/src/i18n/dictionaries/de.ts
index e229d9f24..f5113fc61 100644
--- a/web/projects/shared/src/i18n/dictionaries/de.ts
+++ b/web/projects/shared/src/i18n/dictionaries/de.ts
@@ -100,6 +100,7 @@ export default {
   102: 'Verlassen',
   103: 'Sind Sie sicher?',
   104: 'Neues Netzwerk-Gateway',
+  107: 'Onion-Domains',
   108: 'Öffentlich',
   109: 'privat',
   111: 'Keine Onion-Domains',
@@ -639,13 +640,11 @@ export default {
   667: 'Einrichtung wird gestartet',
   670: 'Warten Sie 1–2 Minuten und aktualisieren Sie die Seite',
   672: 'Einrichtung abgeschlossen!',
-  673: 'Sie können Ihr Backup-Laufwerk entfernen',
-  674: 'Sie können Ihr Übertragungs-Laufwerk entfernen',
   675: 'http://start.local war nur für die Einrichtung gedacht. Es funktioniert nicht mehr.',
   676: 'Adressinformationen herunterladen',
   677: 'Enthält die permanente lokale Adresse Ihres Servers und die Root-CA',
-  678: 'USB entfernt',
-  679: 'Entfernen Sie das USB-Installationsmedium aus Ihrem Server',
+  678: 'Installationsmedium entfernen',
+  679: 'Entfernen Sie den USB-Stick oder andere Installationsmedien von Ihrem Server',
   680: 'Server neu starten',
   681: 'Warten, bis der Server wieder online ist',
   682: 'Server ist wieder online',
@@ -680,4 +679,16 @@ export default {
   714: 'Installation abgeschlossen!',
   715: 'StartOS wurde erfolgreich installiert.',
   716: 'Weiter zur Einrichtung',
+  717: '',
+  718: '',
+  719: '',
+  720: '',
+  721: '',
+  722: '',
+  723: '',
+  724: '',
+  725: '',
+  726: '',
+  727: '',
+  728: '',
 } satisfies i18n
diff --git a/web/projects/shared/src/i18n/dictionaries/en.ts b/web/projects/shared/src/i18n/dictionaries/en.ts
index b7e05c7b6..3c2cd04d1 100644
--- a/web/projects/shared/src/i18n/dictionaries/en.ts
+++ b/web/projects/shared/src/i18n/dictionaries/en.ts
@@ -99,6 +99,7 @@ export const ENGLISH: Record<string, number> = {
   'Leave': 102,
   'Are you sure?': 103,
   'New gateway': 104, // as in, a network gateway
+  'Tor Domains': 107,
   'public': 108,
   'private': 109,
   'No Tor domains': 111,
@@ -639,13 +640,11 @@ export const ENGLISH: Record<string, number> = {
   'Starting setup': 667,
   'Wait 1-2 minutes and refresh the page': 670,
   'Setup Complete!': 672,
-  'You can unplug your backup drive': 673,
-  'You can unplug your transfer drive': 674,
   'http://start.local was for setup only. It will no longer work.': 675,
   'Download Address Info': 676,
   "Contains your server's permanent local address and Root CA": 677,
-  'USB Removed': 678,
-  'Remove the USB installation media from your server': 679,
+  'Remove Installation Media': 678,
+  'Remove USB stick or other installation media from your server': 679,
   'Restart Server': 680,
   'Waiting for server to come back online': 681,
   'Server is back online': 682,
@@ -680,4 +679,16 @@ export const ENGLISH: Record<string, number> = {
   'Installation Complete!': 714,
   'StartOS has been installed successfully.': 715,
   'Continue to Setup': 716,
+  'Set Outbound Gateway': 717,
+  'Current': 718,
+  'System default)': 719,
+  'Outbound Gateway': 720,
+  'Select the gateway for outbound traffic': 721,
+  'The type of gateway': 722,
+  'Outbound Only': 723,
+  'Set as default outbound': 724,
+  'Route all outbound traffic through this gateway': 725,
+  'Wireguard Config File': 726,
+  'Inbound/Outbound': 727,
+  'StartTunnel (Inbound/Outbound)': 728,
 }
diff --git a/web/projects/shared/src/i18n/dictionaries/es.ts b/web/projects/shared/src/i18n/dictionaries/es.ts
index 3233d1496..df7d867cb 100644
--- a/web/projects/shared/src/i18n/dictionaries/es.ts
+++ b/web/projects/shared/src/i18n/dictionaries/es.ts
@@ -100,6 +100,7 @@ export default {
   102: 'Salir',
   103: '¿Estás seguro?',
   104: 'Nueva puerta de enlace de red',
+  107: 'dominios onion',
   108: 'público',
   109: 'privado',
   111: 'Sin dominios onion',
@@ -639,13 +640,11 @@ export default {
   667: 'Iniciando configuración',
   670: 'Espere 1–2 minutos y actualice la página',
   672: '¡Configuración completa!',
-  673: 'Puede desconectar su unidad de copia de seguridad',
-  674: 'Puede desconectar su unidad de transferencia',
   675: 'http://start.local era solo para la configuración. Ya no funcionará.',
   676: 'Descargar información de direcciones',
   677: 'Contiene la dirección local permanente de su servidor y la CA raíz',
-  678: 'USB retirado',
-  679: 'Retire el medio de instalación USB de su servidor',
+  678: 'Retirar medio de instalación',
+  679: 'Retire la memoria USB u otro medio de instalación de su servidor',
   680: 'Reiniciar servidor',
   681: 'Esperando a que el servidor vuelva a estar en línea',
   682: 'El servidor ha vuelto a estar en línea',
@@ -680,4 +679,16 @@ export default {
   714: '¡Instalación completada!',
   715: 'StartOS se ha instalado correctamente.',
   716: 'Continuar con la configuración',
+  717: '',
+  718: '',
+  719: '',
+  720: '',
+  721: '',
+  722: '',
+  723: '',
+  724: '',
+  725: '',
+  726: '',
+  727: '',
+  728: '',
 } satisfies i18n
diff --git a/web/projects/shared/src/i18n/dictionaries/fr.ts b/web/projects/shared/src/i18n/dictionaries/fr.ts
index fc86d901c..6d418644d 100644
--- a/web/projects/shared/src/i18n/dictionaries/fr.ts
+++ b/web/projects/shared/src/i18n/dictionaries/fr.ts
@@ -100,6 +100,7 @@ export default {
   102: 'Quitter',
   103: 'Êtes-vous sûr ?',
   104: 'Nouvelle passerelle réseau',
+  107: 'domaine onion',
   108: 'public',
   109: 'privé',
   111: 'Aucune domaine onion',
@@ -639,13 +640,11 @@ export default {
   667: 'Démarrage de la configuration',
   670: 'Attendez 1 à 2 minutes puis actualisez la page',
   672: 'Configuration terminée !',
-  673: 'Vous pouvez débrancher votre disque de sauvegarde',
-  674: 'Vous pouvez débrancher votre disque de transfert',
   675: 'http://start.local était réservé à la configuration. Il ne fonctionnera plus.',
   676: 'Télécharger les informations d’adresse',
-  677: 'Contient l’adresse locale permanente de votre serveur et la CA racine',
-  678: 'USB retiré',
-  679: 'Retirez le support d’installation USB de votre serveur',
+  677: 'Contient l\u2019adresse locale permanente de votre serveur et la CA racine',
+  678: 'Retirer le support d\u2019installation',
+  679: 'Retirez la clé USB ou tout autre support d\u2019installation de votre serveur',
   680: 'Redémarrer le serveur',
   681: 'En attente du retour en ligne du serveur',
   682: 'Le serveur est de nouveau en ligne',
@@ -680,4 +679,16 @@ export default {
   714: 'Installation terminée !',
   715: 'StartOS a été installé avec succès.',
   716: 'Continuer vers la configuration',
+  717: '',
+  718: '',
+  719: '',
+  720: '',
+  721: '',
+  722: '',
+  723: '',
+  724: '',
+  725: '',
+  726: '',
+  727: '',
+  728: '',
 } satisfies i18n
diff --git a/web/projects/shared/src/i18n/dictionaries/pl.ts b/web/projects/shared/src/i18n/dictionaries/pl.ts
index 3911af7bb..66d6ed757 100644
--- a/web/projects/shared/src/i18n/dictionaries/pl.ts
+++ b/web/projects/shared/src/i18n/dictionaries/pl.ts
@@ -100,6 +100,7 @@ export default {
   102: 'Opuść',
   103: 'Czy jesteś pewien?',
   104: 'Nowa brama sieciowa',
+  107: 'domeny onion',
   108: 'publiczny',
   109: 'prywatny',
   111: 'Brak domeny onion',
@@ -639,13 +640,11 @@ export default {
   667: 'Rozpoczynanie konfiguracji',
   670: 'Poczekaj 1–2 minuty i odśwież stronę',
   672: 'Konfiguracja zakończona!',
-  673: 'Możesz odłączyć dysk kopii zapasowej',
-  674: 'Możesz odłączyć dysk transferowy',
   675: 'http://start.local służył tylko do konfiguracji. Nie będzie już działać.',
   676: 'Pobierz informacje adresowe',
   677: 'Zawiera stały lokalny adres serwera oraz główny urząd certyfikacji (Root CA)',
-  678: 'USB usunięty',
-  679: 'Usuń instalacyjny nośnik USB z serwera',
+  678: 'Usuń nośnik instalacyjny',
+  679: 'Usuń pamięć USB lub inny nośnik instalacyjny z serwera',
   680: 'Uruchom ponownie serwer',
   681: 'Oczekiwanie na ponowne połączenie serwera',
   682: 'Serwer jest ponownie online',
@@ -680,4 +679,16 @@ export default {
   714: 'Instalacja zakończona!',
   715: 'StartOS został pomyślnie zainstalowany.',
   716: 'Przejdź do konfiguracji',
+  717: '',
+  718: '',
+  719: '',
+  720: '',
+  721: '',
+  722: '',
+  723: '',
+  724: '',
+  725: '',
+  726: '',
+  727: '',
+  728: '',
 } satisfies i18n
diff --git a/web/projects/shared/src/i18n/localize.pipe.ts b/web/projects/shared/src/i18n/localize.pipe.ts
index e9f439ec0..1ad76bb0b 100644
--- a/web/projects/shared/src/i18n/localize.pipe.ts
+++ b/web/projects/shared/src/i18n/localize.pipe.ts
@@ -1,5 +1,6 @@
 import { inject, Injectable, Pipe, PipeTransform } from '@angular/core'
 import { i18nService } from './i18n.service'
+import { I18N } from './i18n.providers'
 import { T } from '@start9labs/start-sdk'
 
 @Pipe({
@@ -9,8 +10,10 @@ import { T } from '@start9labs/start-sdk'
 @Injectable({ providedIn: 'root' })
 export class LocalizePipe implements PipeTransform {
   private readonly i18nService = inject(i18nService)
+  private readonly i18n = inject(I18N)
 
   transform(string: T.LocaleString): string {
+    this.i18n() // read signal to trigger change detection on language switch
     return this.i18nService.localize(string)
   }
 }
diff --git a/web/projects/start-tunnel/src/app/services/patch-db/data-model.ts b/web/projects/start-tunnel/src/app/services/patch-db/data-model.ts
index f84546717..73548d7a5 100644
--- a/web/projects/start-tunnel/src/app/services/patch-db/data-model.ts
+++ b/web/projects/start-tunnel/src/app/services/patch-db/data-model.ts
@@ -45,8 +45,8 @@ export const mockTunnelData: TunnelData = {
   gateways: {
     eth0: {
       name: null,
-      public: null,
       secure: null,
+      type: null,
       ipInfo: {
         name: 'Wired Connection 1',
         scopeId: 1,
diff --git a/web/projects/ui/src/app/routes/portal/routes/services/components/interface-item.component.ts b/web/projects/ui/src/app/routes/portal/routes/services/components/interface-item.component.ts
index 4e76f7e54..9a5a94387 100644
--- a/web/projects/ui/src/app/routes/portal/routes/services/components/interface-item.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/services/components/interface-item.component.ts
@@ -15,7 +15,6 @@ import { TuiBadge } from '@taiga-ui/kit'
   `,
   styles: `
     :host {
-      clip-path: inset(0 round 0.75rem);
       cursor: pointer;
 
       &:hover {
diff --git a/web/projects/ui/src/app/routes/portal/routes/services/routes/actions.component.ts b/web/projects/ui/src/app/routes/portal/routes/services/routes/actions.component.ts
index 321423718..f8b0fcf47 100644
--- a/web/projects/ui/src/app/routes/portal/routes/services/routes/actions.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/services/routes/actions.component.ts
@@ -6,12 +6,18 @@ import {
   inject,
 } from '@angular/core'
 import { toSignal } from '@angular/core/rxjs-interop'
-import { getPkgId, i18nPipe } from '@start9labs/shared'
-import { T } from '@start9labs/start-sdk'
+import {
+  ErrorService,
+  getPkgId,
+  i18nPipe,
+  LoadingService,
+} from '@start9labs/shared'
+import { ISB, T } from '@start9labs/start-sdk'
 import { TuiCell } from '@taiga-ui/layout'
 import { PatchDB } from 'patch-db-client'
-import { map } from 'rxjs'
+import { firstValueFrom, map } from 'rxjs'
 import { ActionService } from 'src/app/services/action.service'
+import { ApiService } from 'src/app/services/api/embassy-api.service'
 import { DataModel } from 'src/app/services/patch-db/data-model'
 import { StandardActionsService } from 'src/app/services/standard-actions.service'
 import { getManifest } from 'src/app/utils/get-package-data'
@@ -20,6 +26,9 @@ import {
   PrimaryStatus,
   renderPkgStatus,
 } from 'src/app/services/pkg-status-rendering.service'
+import { FormDialogService } from 'src/app/services/form-dialog.service'
+import { FormComponent } from 'src/app/routes/portal/components/form.component'
+import { configBuilderToSpec } from 'src/app/utils/configBuilderToSpec'
 
 const INACTIVE: PrimaryStatus[] = [
   'installing',
@@ -65,6 +74,12 @@ const ALLOWED_STATUSES: Record<T.AllowedStatuses, Set<string>> = {
 
       <section class="g-card">
         <header>StartOS</header>
+        <button
+          tuiCell
+          [action]="outboundGatewayAction()"
+          [inactive]="inactive"
+          (click)="openOutboundGatewayModal()"
+        ></button>
         <button
           tuiCell
           [action]="rebuild"
@@ -95,66 +110,78 @@ const ALLOWED_STATUSES: Record<T.AllowedStatuses, Set<string>> = {
 export default class ServiceActionsRoute {
   private readonly actions = inject(ActionService)
   private readonly i18n = inject(i18nPipe)
+  private readonly patch = inject<PatchDB<DataModel>>(PatchDB)
+  private readonly formDialog = inject(FormDialogService)
+  private readonly api = inject(ApiService)
+  private readonly loader = inject(LoadingService)
+  private readonly errorService = inject(ErrorService)
 
   ungrouped: 'General' | 'Other' = 'General'
 
   readonly service = inject(StandardActionsService)
   readonly package = toSignal(
-    inject<PatchDB<DataModel>>(PatchDB)
-      .watch$('packageData', getPkgId())
-      .pipe(
-        map(pkg => {
-          const specialGroup = Object.values(pkg.actions).some(a => !!a.group)
-            ? 'Other'
-            : 'General'
-          const status = renderPkgStatus(pkg).primary
-          return {
-            status,
-            icon: pkg.icon,
-            manifest: getManifest(pkg),
-            actions: Object.entries(pkg.actions)
-              .filter(([_, action]) => action.visibility !== 'hidden')
-              .map(([id, action]) => ({
-                ...action,
-                id,
-                group: action.group || specialGroup,
-                visibility: ALLOWED_STATUSES[action.allowedStatuses].has(
-                  status,
-                )
-                  ? action.visibility
-                  : ({
-                      disabled: `${this.i18n.transform('Action can only be executed when service is')} ${this.i18n.transform(action.allowedStatuses === 'only-running' ? 'Running' : 'Stopped')?.toLowerCase()}`,
-                    } as T.ActionVisibility),
-              }))
-              .sort((a, b) => {
-                if (a.group === specialGroup && b.group !== specialGroup)
-                  return 1
-                if (b.group === specialGroup && a.group !== specialGroup)
-                  return -1
+    this.patch.watch$('packageData', getPkgId()).pipe(
+      map(pkg => {
+        const specialGroup = Object.values(pkg.actions).some(a => !!a.group)
+          ? 'Other'
+          : 'General'
+        const status = renderPkgStatus(pkg).primary
+        return {
+          status,
+          icon: pkg.icon,
+          manifest: getManifest(pkg),
+          outboundGateway: pkg.outboundGateway,
+          actions: Object.entries(pkg.actions)
+            .filter(([_, action]) => action.visibility !== 'hidden')
+            .map(([id, action]) => ({
+              ...action,
+              id,
+              group: action.group || specialGroup,
+              visibility: ALLOWED_STATUSES[action.allowedStatuses].has(status)
+                ? action.visibility
+                : ({
+                    disabled: `${this.i18n.transform('Action can only be executed when service is')} ${this.i18n.transform(action.allowedStatuses === 'only-running' ? 'Running' : 'Stopped')?.toLowerCase()}`,
+                  } as T.ActionVisibility),
+            }))
+            .sort((a, b) => {
+              if (a.group === specialGroup && b.group !== specialGroup) return 1
+              if (b.group === specialGroup && a.group !== specialGroup)
+                return -1
 
-                const groupCompare = a.group.localeCompare(b.group) // sort groups lexicographically
-                if (groupCompare !== 0) return groupCompare
+              const groupCompare = a.group.localeCompare(b.group) // sort groups lexicographically
+              if (groupCompare !== 0) return groupCompare
 
-                return a.id.localeCompare(b.id) // sort actions within groups lexicographically
-              })
-              .reduce<
-                Record<
-                  string,
-                  Array<T.ActionMetadata & { id: string; group: string }>
-                >
-              >((acc, action) => {
-                const key = action.group
-                if (!acc[key]) {
-                  acc[key] = []
-                }
-                acc[key].push(action)
-                return acc
-              }, {}),
-          }
-        }),
-      ),
+              return a.id.localeCompare(b.id) // sort actions within groups lexicographically
+            })
+            .reduce<
+              Record<
+                string,
+                Array<T.ActionMetadata & { id: string; group: string }>
+              >
+            >((acc, action) => {
+              const key = action.group
+              if (!acc[key]) {
+                acc[key] = []
+              }
+              acc[key].push(action)
+              return acc
+            }, {}),
+        }
+      }),
+    ),
   )
 
+  readonly outboundGatewayAction = computed(() => {
+    const pkg = this.package()
+    const gateway = pkg?.outboundGateway
+    return {
+      name: this.i18n.transform('Set Outbound Gateway')!,
+      description: gateway
+        ? `${this.i18n.transform('Current')}: ${gateway}`
+        : `${this.i18n.transform('Current')}: ${this.i18n.transform('System')}`,
+    }
+  })
+
   readonly rebuild = {
     name: this.i18n.transform('Rebuild Service')!,
     description: this.i18n.transform(
@@ -181,6 +208,71 @@ export default class ServiceActionsRoute {
     })
   }
 
+  async openOutboundGatewayModal() {
+    const pkg = this.package()
+    if (!pkg) return
+
+    const gateways = await firstValueFrom(
+      this.patch.watch$('serverInfo', 'network', 'gateways'),
+    )
+
+    const SYSTEM_KEY = 'system'
+
+    const options: Record<string, string> = {
+      [SYSTEM_KEY]: this.i18n.transform('System default')!,
+    }
+
+    Object.entries(gateways)
+      .filter(
+        ([_, g]) =>
+          !!g.ipInfo &&
+          g.ipInfo.deviceType !== 'bridge' &&
+          g.ipInfo.deviceType !== 'loopback',
+      )
+      .forEach(([id, g]) => {
+        options[id] = g.name ?? g.ipInfo?.name ?? id
+      })
+
+    const spec = ISB.InputSpec.of({
+      gateway: ISB.Value.select({
+        name: this.i18n.transform('Outbound Gateway'),
+        description: this.i18n.transform(
+          'Select the gateway for outbound traffic',
+        ),
+        default: pkg.outboundGateway ?? SYSTEM_KEY,
+        values: options,
+      }),
+    })
+
+    this.formDialog.open(FormComponent, {
+      label: 'Set Outbound Gateway',
+      data: {
+        spec: await configBuilderToSpec(spec),
+        buttons: [
+          {
+            text: this.i18n.transform('Save'),
+            handler: async (input: typeof spec._TYPE) => {
+              const loader = this.loader.open('Saving').subscribe()
+
+              try {
+                await this.api.setServiceOutbound({
+                  packageId: pkg.manifest.id,
+                  gateway: input.gateway === SYSTEM_KEY ? null : input.gateway,
+                })
+                return true
+              } catch (e: any) {
+                this.errorService.handleError(e)
+                return false
+              } finally {
+                loader.unsubscribe()
+              }
+            },
+          },
+        ],
+      },
+    })
+  }
+
   protected readonly isInactive = computed(
     (pkg = this.package()) => !pkg || INACTIVE.includes(pkg.status),
   )
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/gateways.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/gateways.component.ts
index a511db863..027803fe3 100644
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/gateways.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/gateways.component.ts
@@ -15,6 +15,7 @@ import { GatewaysTableComponent } from './table.component'
 import { configBuilderToSpec } from 'src/app/utils/configBuilderToSpec'
 import { TitleDirective } from 'src/app/services/title.service'
 import { ISB } from '@start9labs/start-sdk'
+import { RR } from 'src/app/services/api/api.types'
 
 @Component({
   template: `
@@ -51,11 +52,6 @@ import { ISB } from '@start9labs/start-sdk'
       <gateways-table />
     </section>
   `,
-  styles: `
-    :host {
-      max-width: 64rem;
-    }
-  `,
   changeDetection: ChangeDetectionStrategy.OnPush,
   imports: [
     CommonModule,
@@ -85,8 +81,19 @@ export default class GatewaysComponent {
         default: null,
         placeholder: 'StartTunnel 1',
       }),
+      type: ISB.Value.select({
+        name: this.i18n.transform('Type'),
+        description: this.i18n.transform('The type of gateway'),
+        default: 'inbound-outbound',
+        values: {
+          'inbound-outbound': this.i18n.transform(
+            'StartTunnel (Inbound/Outbound)',
+          ),
+          'outbound-only': this.i18n.transform('Outbound Only'),
+        },
+      }),
       config: ISB.Value.union({
-        name: this.i18n.transform('StartTunnel Config File'),
+        name: this.i18n.transform('Wireguard Config File'),
         default: 'paste',
         variants: ISB.Variants.of({
           paste: {
@@ -113,10 +120,17 @@ export default class GatewaysComponent {
           },
         }),
       }),
+      setAsDefaultOutbound: ISB.Value.toggle({
+        name: this.i18n.transform('Set as default outbound'),
+        description: this.i18n.transform(
+          'Route all outbound traffic through this gateway',
+        ),
+        default: false,
+      }),
     })
 
     this.formDialog.open(FormComponent, {
-      label: 'Add StartTunnel Gateway',
+      label: 'Add Wireguard Gateway',
       data: {
         spec: await configBuilderToSpec(spec),
         buttons: [
@@ -132,7 +146,8 @@ export default class GatewaysComponent {
                     input.config.selection === 'paste'
                       ? input.config.value.file
                       : await (input.config.value.file as any as File).text(),
-                  public: false,
+                  type: input.type as RR.GatewayType,
+                  setAsDefaultOutbound: input.setAsDefaultOutbound,
                 })
                 return true
               } catch (e: any) {
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/item.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/item.component.ts
index 430c7e0df..14f63662d 100644
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/item.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/item.component.ts
@@ -15,6 +15,7 @@ import {
   TuiButton,
   TuiDataList,
   TuiDropdown,
+  TuiIcon,
   TuiOptGroup,
   TuiTextfield,
 } from '@taiga-ui/core'
@@ -24,32 +25,55 @@ import { ApiService } from 'src/app/services/api/embassy-api.service'
 import { FormDialogService } from 'src/app/services/form-dialog.service'
 import { configBuilderToSpec } from 'src/app/utils/configBuilderToSpec'
 import { GatewayPlus } from 'src/app/services/gateway.service'
+import { TuiBadge } from '@taiga-ui/kit'
 
 @Component({
   selector: 'tr[gateway]',
   template: `
     @if (gateway(); as gateway) {
-      <td class="name">
+      <td>
         {{ gateway.name }}
-      </td>
-      <td class="type">
-        @if (gateway.ipInfo.deviceType; as type) {
-          {{ type }} ({{
-            gateway.public ? ('public' | i18n) : ('private' | i18n)
-          }})
-        } @else {
-          -
+        @if (gateway.isDefaultOutbound) {
+          <span tuiBadge tuiStatus appearance="positive">Default outbound</span>
+        }
+      </td>
+      <td>
+        @switch (gateway.ipInfo.deviceType) {
+          @case ('ethernet') {
+            <tui-icon icon="@tui.cable" />
+            {{ 'Ethernet' | i18n }}
+          }
+          @case ('wireless') {
+            <tui-icon icon="@tui.wifi" />
+            {{ 'WiFi' | i18n }}
+          }
+          @case ('wireguard') {
+            <tui-icon icon="@tui.shield" />
+            {{ 'WireGuard' | i18n }}
+          }
+          @default {
+            {{ gateway.ipInfo.deviceType }}
+          }
+        }
+      </td>
+      <td>
+        @if (gateway.type === 'outbound-only') {
+          <tui-icon icon="@tui.arrow-up-right" />
+          {{ 'Outbound Only' | i18n }}
+        } @else {
+          <tui-icon icon="@tui.arrow-left-right" />
+          {{ 'Inbound/Outbound' | i18n }}
         }
       </td>
-      <td class="lan">{{ gateway.lanIpv4.join(', ') }}</td>
       <td
         class="wan"
         [style.color]="
-          gateway.ipInfo.wanIp ? 'var(--tui-text-warning)' : undefined
+          gateway.ipInfo.wanIp ? undefined : 'var(--tui-text-warning)'
         "
       >
         {{ gateway.ipInfo.wanIp || ('Error' | i18n) }}
       </td>
+      <td class="lan">{{ gateway.lanIpv4.join(', ') || '-' }}</td>
       <td>
         <button
           tuiIconButton
@@ -67,6 +91,18 @@ import { GatewayPlus } from 'src/app/services/gateway.service'
                 {{ 'Rename' | i18n }}
               </button>
             </tui-opt-group>
+            @if (!gateway.isDefaultOutbound) {
+              <tui-opt-group>
+                <button
+                  tuiOption
+                  new
+                  iconStart="@tui.arrow-up-right"
+                  (click)="setDefaultOutbound()"
+                >
+                  {{ 'Set as Default Outbound' | i18n }}
+                </button>
+              </tui-opt-group>
+            }
             @if (gateway.ipInfo.deviceType === 'wireguard') {
               <tui-opt-group>
                 <button
@@ -87,19 +123,11 @@ import { GatewayPlus } from 'src/app/services/gateway.service'
   `,
   styles: `
     td:last-child {
-      grid-area: 1 / 3 / 5;
+      grid-area: 1 / 3 / 7;
       align-self: center;
       text-align: right;
     }
 
-    .name {
-      width: 14rem;
-    }
-
-    .type {
-      width: 14rem;
-    }
-
     :host-context(tui-root._mobile) {
       grid-template-columns: min-content 1fr min-content;
 
@@ -107,11 +135,15 @@ import { GatewayPlus } from 'src/app/services/gateway.service'
         grid-column: span 2;
       }
 
-      .type {
+      .connection {
         grid-column: span 2;
         order: -1;
       }
 
+      .type {
+        grid-column: span 2;
+      }
+
       .lan,
       .wan {
         grid-column: span 2;
@@ -132,9 +164,11 @@ import { GatewayPlus } from 'src/app/services/gateway.service'
     TuiButton,
     TuiDropdown,
     TuiDataList,
+    TuiIcon,
     TuiOptGroup,
     TuiTextfield,
     i18nPipe,
+    TuiBadge,
   ],
 })
 export class GatewaysItemComponent {
@@ -166,6 +200,18 @@ export class GatewaysItemComponent {
       })
   }
 
+  async setDefaultOutbound() {
+    const loader = this.loader.open().subscribe()
+
+    try {
+      await this.api.setDefaultOutbound({ gateway: this.gateway().id })
+    } catch (e: any) {
+      this.errorService.handleError(e)
+    } finally {
+      loader.unsubscribe()
+    }
+  }
+
   async rename() {
     const { id, name } = this.gateway()
     const renameSpec = ISB.InputSpec.of({
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/table.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/table.component.ts
index 65f205455..595a4fde9 100644
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/table.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/table.component.ts
@@ -8,12 +8,21 @@ import { GatewayService } from 'src/app/services/gateway.service'
 @Component({
   selector: 'gateways-table',
   template: `
-    <table [appTable]="['Name', 'Type', $any('LAN IP'), $any('WAN IP'), null]">
+    <table
+      [appTable]="[
+        'Name',
+        'Connection',
+        'Type',
+        $any('WAN IP'),
+        $any('LAN IP'),
+        null,
+      ]"
+    >
       @for (gateway of gatewayService.gateways(); track $index) {
         <tr [gateway]="gateway"></tr>
       } @empty {
         <tr>
-          <td colspan="5">
+          <td colspan="7">
             <div [tuiSkeleton]="true">{{ 'Loading' | i18n }}</div>
           </td>
         </tr>
diff --git a/web/projects/ui/src/app/services/api/api.fixures.ts b/web/projects/ui/src/app/services/api/api.fixures.ts
index 06f482e99..7e092ef80 100644
--- a/web/projects/ui/src/app/services/api/api.fixures.ts
+++ b/web/projects/ui/src/app/services/api/api.fixures.ts
@@ -2253,6 +2253,7 @@ export namespace Mock {
       },
     },
     storeExposedDependents: [],
+    outboundGateway: null,
     registry: 'https://registry.start9.com/',
     developerKey: 'developer-key',
     tasks: {
@@ -2321,6 +2322,7 @@ export namespace Mock {
     },
     hosts: {},
     storeExposedDependents: [],
+    outboundGateway: null,
     registry: 'https://registry.start9.com/',
     developerKey: 'developer-key',
     tasks: {},
@@ -2427,6 +2429,7 @@ export namespace Mock {
     },
     hosts: {},
     storeExposedDependents: [],
+    outboundGateway: null,
     registry: 'https://registry.start9.com/',
     developerKey: 'developer-key',
     tasks: {
diff --git a/web/projects/ui/src/app/services/api/api.types.ts b/web/projects/ui/src/app/services/api/api.types.ts
index 73d42ee68..76a96488f 100644
--- a/web/projects/ui/src/app/services/api/api.types.ts
+++ b/web/projects/ui/src/app/services/api/api.types.ts
@@ -252,10 +252,13 @@ export namespace RR {
 
   // network
 
+  export type GatewayType = 'inbound-outbound' | 'outbound-only'
+
   export type AddTunnelReq = {
     name: string
     config: string // file contents
-    public: boolean
+    type: GatewayType
+    setAsDefaultOutbound?: boolean
   } // net.tunnel.add
   export type AddTunnelRes = {
     id: string
@@ -270,6 +273,17 @@ export namespace RR {
   export type RemoveTunnelReq = { id: string } // net.tunnel.remove
   export type RemoveTunnelRes = null
 
+  // Set default outbound gateway
+  export type SetDefaultOutboundReq = { gateway: string | null } // net.gateway.set-default-outbound
+  export type SetDefaultOutboundRes = null
+
+  // Set service outbound gateway
+  export type SetServiceOutboundReq = {
+    packageId: string
+    gateway: string | null
+  } // package.set-outbound-gateway
+  export type SetServiceOutboundRes = null
+
   export type InitAcmeReq = {
     provider: string
     contact: string[]
diff --git a/web/projects/ui/src/app/services/api/embassy-api.service.ts b/web/projects/ui/src/app/services/api/embassy-api.service.ts
index ee79644f8..7e84ffabe 100644
--- a/web/projects/ui/src/app/services/api/embassy-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-api.service.ts
@@ -175,6 +175,14 @@ export abstract class ApiService {
 
   abstract removeTunnel(params: RR.RemoveTunnelReq): Promise<RR.RemoveTunnelRes>
 
+  abstract setDefaultOutbound(
+    params: RR.SetDefaultOutboundReq,
+  ): Promise<RR.SetDefaultOutboundRes>
+
+  abstract setServiceOutbound(
+    params: RR.SetServiceOutboundReq,
+  ): Promise<RR.SetServiceOutboundRes>
+
   // ** domains **
 
   // wifi
diff --git a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
index ad7085c40..2b4d2a056 100644
--- a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
@@ -355,6 +355,18 @@ export class LiveApiService extends ApiService {
     return this.rpcRequest({ method: 'net.tunnel.remove', params })
   }
 
+  async setDefaultOutbound(
+    params: RR.SetDefaultOutboundReq,
+  ): Promise<RR.SetDefaultOutboundRes> {
+    return this.rpcRequest({ method: 'net.gateway.set-default-outbound', params })
+  }
+
+  async setServiceOutbound(
+    params: RR.SetServiceOutboundReq,
+  ): Promise<RR.SetServiceOutboundRes> {
+    return this.rpcRequest({ method: 'package.set-outbound-gateway', params })
+  }
+
   // wifi
 
   async enableWifi(params: RR.EnabledWifiReq): Promise<RR.EnabledWifiRes> {
diff --git a/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts b/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
index 3c3e7a1d7..f14e0ac20 100644
--- a/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-mock-api.service.ts
@@ -566,13 +566,12 @@ export class MockApiService extends ApiService {
 
     const id = `wg${this.proxyId++}`
 
-    const patch: AddOperation<T.NetworkInterfaceInfo>[] = [
+    const patch: AddOperation<any>[] = [
       {
         op: PatchOp.ADD,
         path: `/serverInfo/network/gateways/${id}`,
         value: {
           name: params.name,
-          public: params.public,
           secure: false,
           ipInfo: {
             name: id,
@@ -584,9 +583,19 @@ export class MockApiService extends ApiService {
             lanIp: ['192.168.1.10'],
             dnsServers: [],
           },
+          type: params.type,
         },
       },
     ]
+
+    if (params.setAsDefaultOutbound) {
+      ;(patch as any[]).push({
+        op: PatchOp.REPLACE,
+        path: '/serverInfo/network/defaultOutbound',
+        value: id,
+      })
+    }
+
     this.mockRevision(patch)
 
     return { id }
@@ -620,6 +629,38 @@ export class MockApiService extends ApiService {
     return null
   }
 
+  async setDefaultOutbound(
+    params: RR.SetDefaultOutboundReq,
+  ): Promise<RR.SetDefaultOutboundRes> {
+    await pauseFor(2000)
+    const patch = [
+      {
+        op: PatchOp.REPLACE,
+        path: '/serverInfo/network/defaultOutbound',
+        value: params.gateway,
+      },
+    ]
+    this.mockRevision(patch)
+
+    return null
+  }
+
+  async setServiceOutbound(
+    params: RR.SetServiceOutboundReq,
+  ): Promise<RR.SetServiceOutboundRes> {
+    await pauseFor(2000)
+    const patch = [
+      {
+        op: PatchOp.REPLACE,
+        path: `/packageData/${params.packageId}/outboundGateway`,
+        value: params.gateway,
+      },
+    ]
+    this.mockRevision(patch)
+
+    return null
+  }
+
   // wifi
 
   async enableWifi(params: RR.EnabledWifiReq): Promise<RR.EnabledWifiRes> {
diff --git a/web/projects/ui/src/app/services/api/mock-patch.ts b/web/projects/ui/src/app/services/api/mock-patch.ts
index c1d0c793a..d3484fefc 100644
--- a/web/projects/ui/src/app/services/api/mock-patch.ts
+++ b/web/projects/ui/src/app/services/api/mock-patch.ts
@@ -124,8 +124,8 @@ export const mockPatchData: DataModel = {
       gateways: {
         eth0: {
           name: null,
-          public: null,
           secure: null,
+          type: null,
           ipInfo: {
             name: 'Wired Connection 1',
             scopeId: 1,
@@ -139,8 +139,8 @@ export const mockPatchData: DataModel = {
         },
         wlan0: {
           name: null,
-          public: null,
           secure: null,
+          type: null,
           ipInfo: {
             name: 'Wireless Connection 1',
             scopeId: 2,
@@ -157,8 +157,8 @@ export const mockPatchData: DataModel = {
         },
         wireguard1: {
           name: 'StartTunnel',
-          public: null,
           secure: null,
+          type: 'inbound-outbound',
           ipInfo: {
             name: 'wireguard1',
             scopeId: 2,
@@ -173,7 +173,23 @@ export const mockPatchData: DataModel = {
             dnsServers: ['1.1.1.1'],
           },
         },
+        wireguard2: {
+          name: 'Mullvad VPN',
+          secure: null,
+          type: 'outbound-only',
+          ipInfo: {
+            name: 'wireguard2',
+            scopeId: 4,
+            deviceType: 'wireguard',
+            subnets: [],
+            wanIp: '198.51.100.77',
+            ntpServers: [],
+            lanIp: [],
+            dnsServers: ['10.64.0.1'],
+          },
+        },
       },
+      defaultOutbound: 'eth0',
       dns: {
         dhcpServers: ['1.1.1.1', '8.8.8.8'],
         staticServers: null,
@@ -320,6 +336,7 @@ export const mockPatchData: DataModel = {
       },
       hosts: {},
       storeExposedDependents: [],
+      outboundGateway: null,
       registry: 'https://registry.start9.com/',
       developerKey: 'developer-key',
       tasks: {
@@ -624,6 +641,7 @@ export const mockPatchData: DataModel = {
         },
       },
       storeExposedDependents: [],
+      outboundGateway: null,
       registry: 'https://registry.start9.com/',
       developerKey: 'developer-key',
       tasks: {
diff --git a/web/projects/ui/src/app/services/controls.service.ts b/web/projects/ui/src/app/services/controls.service.ts
index 391684377..1bd2bc1f8 100644
--- a/web/projects/ui/src/app/services/controls.service.ts
+++ b/web/projects/ui/src/app/services/controls.service.ts
@@ -4,6 +4,7 @@ import {
   ErrorService,
   i18nKey,
   i18nPipe,
+  i18nService,
   LoadingService,
 } from '@start9labs/shared'
 import { T } from '@start9labs/start-sdk'
@@ -24,6 +25,7 @@ export class ControlsService {
   private readonly api = inject(ApiService)
   private readonly patch = inject<PatchDB<DataModel>>(PatchDB)
   private readonly i18n = inject(i18nPipe)
+  private readonly i18nService = inject(i18nService)
 
   async start({ title, alerts, id }: T.Manifest, unmet: boolean) {
     const deps =
@@ -31,7 +33,7 @@ export class ControlsService {
 
     if (
       (unmet && !(await this.alert(deps))) ||
-      (alerts.start && !(await this.alert(alerts.start as i18nKey)))
+      (alerts.start && !(await this.alert(alerts.start)))
     ) {
       return
     }
@@ -49,7 +51,7 @@ export class ControlsService {
 
   async stop({ id, title, alerts }: T.Manifest) {
     const depMessage = `${this.i18n.transform('Services that depend on')} ${title} ${this.i18n.transform('will no longer work properly and may crash.')}`
-    let content = alerts.stop || ''
+    let content = alerts.stop ? this.i18nService.localize(alerts.stop) : ''
 
     if (hasCurrentDeps(id, await getAllPackages(this.patch))) {
       content = content ? `${content}.\n\n${depMessage}` : depMessage
@@ -113,14 +115,14 @@ export class ControlsService {
     })
   }
 
-  private alert(content: i18nKey): Promise<boolean> {
+  private alert(content: T.LocaleString): Promise<boolean> {
     return firstValueFrom(
       this.dialog
         .openConfirm({
           label: 'Warning',
           size: 's',
           data: {
-            content,
+            content: this.i18nService.localize(content),
             yes: 'Continue',
             no: 'Cancel',
           },
diff --git a/web/projects/ui/src/app/services/gateway.service.ts b/web/projects/ui/src/app/services/gateway.service.ts
index 3bb61ba07..ecbdc1420 100644
--- a/web/projects/ui/src/app/services/gateway.service.ts
+++ b/web/projects/ui/src/app/services/gateway.service.ts
@@ -1,7 +1,7 @@
 import { inject, Injectable } from '@angular/core'
 import { PatchDB } from 'patch-db-client'
 import { T, utils } from '@start9labs/start-sdk'
-import { map } from 'rxjs/operators'
+import { map } from 'rxjs'
 import { DataModel } from './patch-db/data-model'
 import { toSignal } from '@angular/core/rxjs-interop'
 
@@ -12,39 +12,47 @@ export type GatewayPlus = T.NetworkInterfaceInfo & {
   subnets: utils.IpNet[]
   lanIpv4: string[]
   wanIp?: utils.IpAddress
-  public: boolean
+  isDefaultOutbound: boolean
 }
 
 @Injectable()
 export class GatewayService {
+  private readonly patch = inject<PatchDB<DataModel>>(PatchDB)
+
+  private readonly network$ = this.patch.watch$('serverInfo', 'network')
+
+  readonly defaultOutbound = toSignal(
+    this.network$.pipe(map(n => n.defaultOutbound)),
+  )
+
   readonly gateways = toSignal(
-    inject<PatchDB<DataModel>>(PatchDB)
-      .watch$('serverInfo', 'network', 'gateways')
-      .pipe(
-        map(gateways =>
-          Object.entries(gateways)
-            .filter(([_, val]) => !!val?.ipInfo)
-            .filter(
-              ([_, val]) =>
-                val?.ipInfo?.deviceType !== 'bridge' &&
-                val?.ipInfo?.deviceType !== 'loopback',
-            )
-            .map(([id, val]) => {
-              const subnets =
-                val.ipInfo?.subnets.map(s => utils.IpNet.parse(s)) ?? []
-              const name = val.name ?? val.ipInfo!.name
-              return {
-                ...val,
-                id,
-                name,
-                subnets,
-                lanIpv4: subnets.filter(s => s.isIpv4()).map(s => s.address),
-                public: val.public ?? subnets.some(s => s.isPublic()),
-                wanIp:
-                  val.ipInfo?.wanIp && utils.IpAddress.parse(val.ipInfo?.wanIp),
-              } as GatewayPlus
-            }),
-        ),
-      ),
+    this.network$.pipe(
+      map(network => {
+        const gateways = network.gateways
+        const defaultOutbound = network.defaultOutbound
+        return Object.entries(gateways)
+          .filter(([_, val]) => !!val?.ipInfo)
+          .filter(
+            ([_, val]) =>
+              val?.ipInfo?.deviceType !== 'bridge' &&
+              val?.ipInfo?.deviceType !== 'loopback',
+          )
+          .map(([id, val]) => {
+            const subnets =
+              val.ipInfo?.subnets.map(s => utils.IpNet.parse(s)) ?? []
+            const name = val.name ?? val.ipInfo!.name
+            return {
+              ...val,
+              id,
+              name,
+              subnets,
+              lanIpv4: subnets.filter(s => s.isIpv4()).map(s => s.address),
+              wanIp:
+                val.ipInfo?.wanIp && utils.IpAddress.parse(val.ipInfo?.wanIp),
+              isDefaultOutbound: id === defaultOutbound,
+            } as GatewayPlus
+          })
+      }),
+    ),
   )
 }
diff --git a/web/projects/ui/src/app/services/pkg-status-rendering.service.ts b/web/projects/ui/src/app/services/pkg-status-rendering.service.ts
index daaacc705..b0902944c 100644
--- a/web/projects/ui/src/app/services/pkg-status-rendering.service.ts
+++ b/web/projects/ui/src/app/services/pkg-status-rendering.service.ts
@@ -31,7 +31,7 @@ export function getInstalledBaseStatus(statusInfo: T.StatusInfo): BaseStatus {
     (!statusInfo.started ||
       Object.values(statusInfo.health)
         .filter(h => !!h)
-        .some(h => h.result === 'starting'))
+        .some(h => h.result === 'starting' || h.result === 'waiting'))
   ) {
     return 'starting'
   }
diff --git a/web/projects/ui/src/app/services/standard-actions.service.ts b/web/projects/ui/src/app/services/standard-actions.service.ts
index 6b3386877..5cd002139 100644
--- a/web/projects/ui/src/app/services/standard-actions.service.ts
+++ b/web/projects/ui/src/app/services/standard-actions.service.ts
@@ -5,6 +5,7 @@ import {
   ErrorService,
   i18nKey,
   i18nPipe,
+  i18nService,
   LoadingService,
 } from '@start9labs/shared'
 import { T } from '@start9labs/start-sdk'
@@ -27,6 +28,7 @@ export class StandardActionsService {
   private readonly loader = inject(LoadingService)
   private readonly router = inject(Router)
   private readonly i18n = inject(i18nPipe)
+  private readonly i18nService = inject(i18nService)
 
   async rebuild(id: string) {
     const loader = this.loader.open('Rebuilding container').subscribe()
@@ -50,11 +52,12 @@ export class StandardActionsService {
   ): Promise<void> {
     let content = soft
       ? ''
-      : alerts.uninstall ||
-        `${this.i18n.transform('Uninstalling')} ${title} ${this.i18n.transform('will permanently delete its data.')}`
+      : alerts.uninstall
+        ? this.i18nService.localize(alerts.uninstall)
+        : `${this.i18n.transform('Uninstalling')} ${title} ${this.i18n.transform('will permanently delete its data.')}`
 
     if (hasCurrentDeps(id, await getAllPackages(this.patch))) {
-      content = `${content}${content ? ' ' : ''}${this.i18n.transform('Services that depend on')} ${title} ${this.i18n.transform('will no longer work properly and may crash.')}`
+      content = `${content ? `${content} ` : ''}${this.i18n.transform('Services that depend on')} ${title} ${this.i18n.transform('will no longer work properly and may crash.')}`
     }
 
     if (!content) {

From 638ed27599aa25f2245199e690ed1d9650ca33a6 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Thu, 12 Feb 2026 10:51:26 -0700
Subject: [PATCH 12/17] feat: replace SourceFilter with IpNet, add policy
 routing, remove MASQUERADE

---
 Makefile                       |   6 +-
 build/lib/scripts/forward-port |  19 +---
 core/src/net/forward.rs        |  52 +++------
 core/src/net/gateway.rs        | 190 ++++++++++++++++++++++++++++++---
 debian/dpkg-build.sh           |   2 +-
 5 files changed, 193 insertions(+), 76 deletions(-)

diff --git a/Makefile b/Makefile
index 7d3e5dbf9..6153a4f0d 100644
--- a/Makefile
+++ b/Makefile
@@ -236,9 +236,9 @@ update-startbox: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox
 update-deb: results/$(BASENAME).deb # better than update, but only available from debian
 	@if [ -z "$(REMOTE)" ]; then >&2 echo "Must specify REMOTE" && false; fi
 	$(call ssh,'sudo /usr/lib/startos/scripts/chroot-and-upgrade --create')
-	$(call mkdir,/media/startos/next/tmp/startos-deb)
-	$(call cp,results/$(BASENAME).deb,/media/startos/next/tmp/startos-deb/$(BASENAME).deb)
-	$(call ssh,'sudo /media/startos/next/usr/lib/startos/scripts/chroot-and-upgrade --no-sync "apt-get install -y --reinstall /tmp/startos-deb/$(BASENAME).deb"')
+	$(call mkdir,/media/startos/next/var/tmp/startos-deb)
+	$(call cp,results/$(BASENAME).deb,/media/startos/next/var/tmp/startos-deb/$(BASENAME).deb)
+	$(call ssh,'sudo /media/startos/next/usr/lib/startos/scripts/chroot-and-upgrade --no-sync "apt-get install -y --reinstall /var/tmp/startos-deb/$(BASENAME).deb"')
 
 update-squashfs: results/$(BASENAME).squashfs
 	@if [ -z "$(REMOTE)" ]; then >&2 echo "Must specify REMOTE" && false; fi
diff --git a/build/lib/scripts/forward-port b/build/lib/scripts/forward-port
index 31f42a39e..91f2db8d2 100755
--- a/build/lib/scripts/forward-port
+++ b/build/lib/scripts/forward-port
@@ -5,7 +5,7 @@ if [ -z "$sip" ] || [ -z "$dip" ] || [ -z "$dprefix" ] || [ -z "$sport" ] || [ -
     exit 1
 fi
 
-NAME="F$(echo "$sip:$sport -> $dip/$dprefix:$dport ${src_subnet:-any} ${excluded_src:-none}" | sha256sum | head -c 15)"
+NAME="F$(echo "$sip:$sport -> $dip/$dprefix:$dport ${src_subnet:-any}" | sha256sum | head -c 15)"
 
 for kind in INPUT FORWARD ACCEPT; do
     if ! iptables -C $kind -j "${NAME}_${kind}" 2> /dev/null; then
@@ -13,7 +13,7 @@ for kind in INPUT FORWARD ACCEPT; do
         iptables -A $kind -j "${NAME}_${kind}"
     fi
 done
-for kind in PREROUTING INPUT OUTPUT POSTROUTING; do
+for kind in PREROUTING OUTPUT; do
     if ! iptables -t nat -C $kind -j "${NAME}_${kind}" 2> /dev/null; then
         iptables -t nat -N "${NAME}_${kind}" 2> /dev/null
         iptables -t nat -A $kind -j "${NAME}_${kind}"
@@ -26,7 +26,7 @@ trap 'err=1' ERR
 for kind in INPUT FORWARD ACCEPT; do
     iptables -F "${NAME}_${kind}" 2> /dev/null
 done
-for kind in PREROUTING INPUT OUTPUT POSTROUTING; do
+for kind in PREROUTING OUTPUT; do
     iptables -t nat -F "${NAME}_${kind}" 2> /dev/null
 done
 if [ "$UNDO" = 1 ]; then
@@ -37,15 +37,7 @@ fi
 
 # DNAT: rewrite destination for incoming packets (external traffic)
 # When src_subnet is set, only forward traffic from that subnet (private forwards)
-# excluded_src: comma-separated gateway/router IPs to reject (they may masquerade internet traffic)
 if [ -n "$src_subnet" ]; then
-    if [ -n "$excluded_src" ]; then
-        IFS=',' read -ra EXCLUDED <<< "$excluded_src"
-        for excl in "${EXCLUDED[@]}"; do
-            iptables -t nat -A ${NAME}_PREROUTING -s "$excl" -d "$sip" -p tcp --dport "$sport" -j RETURN
-            iptables -t nat -A ${NAME}_PREROUTING -s "$excl" -d "$sip" -p udp --dport "$sport" -j RETURN
-        done
-    fi
     iptables -t nat -A ${NAME}_PREROUTING -s "$src_subnet" -d "$sip" -p tcp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
     iptables -t nat -A ${NAME}_PREROUTING -s "$src_subnet" -d "$sip" -p udp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
 else
@@ -57,11 +49,6 @@ fi
 iptables -t nat -A ${NAME}_OUTPUT -d "$sip" -p tcp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
 iptables -t nat -A ${NAME}_OUTPUT -d "$sip" -p udp --dport "$sport" -j DNAT --to-destination "$dip:$dport"
 
-# MASQUERADE: rewrite source for all forwarded traffic to the destination
-# This ensures responses are routed back through the host regardless of source IP
-iptables -t nat -A ${NAME}_POSTROUTING -d "$dip" -p tcp --dport "$dport" -j MASQUERADE
-iptables -t nat -A ${NAME}_POSTROUTING -d "$dip" -p udp --dport "$dport" -j MASQUERADE
-
 # Allow new connections to be forwarded to the destination
 iptables -A ${NAME}_FORWARD -d $dip -p tcp --dport $dport -m state --state NEW -j ACCEPT
 iptables -A ${NAME}_FORWARD -d $dip -p udp --dport $dport -m state --state NEW -j ACCEPT
diff --git a/core/src/net/forward.rs b/core/src/net/forward.rs
index b9fe30a37..aa5719536 100644
--- a/core/src/net/forward.rs
+++ b/core/src/net/forward.rs
@@ -3,6 +3,8 @@ use std::net::{IpAddr, SocketAddrV4};
 use std::sync::{Arc, Weak};
 use std::time::Duration;
 
+use ipnet::IpNet;
+
 use futures::channel::oneshot;
 use iddqd::{IdOrdItem, IdOrdMap};
 use rand::Rng;
@@ -47,16 +49,6 @@ impl std::fmt::Display for ForwardRequirements {
     }
 }
 
-/// Source-IP filter for private forwards: restricts traffic to a subnet
-/// while excluding gateway/router IPs that may masquerade internet traffic.
-#[derive(Clone, Debug, PartialEq, Eq)]
-pub(crate) struct SourceFilter {
-    /// Network CIDR to allow (e.g. "192.168.1.0/24")
-    subnet: String,
-    /// Comma-separated gateway IPs to exclude (they may masquerade internet traffic)
-    excluded: String,
-}
-
 #[derive(Debug, Deserialize, Serialize)]
 pub struct AvailablePorts(BTreeMap<u16, bool>);
 impl AvailablePorts {
@@ -129,7 +121,7 @@ struct ForwardMapping {
     source: SocketAddrV4,
     target: SocketAddrV4,
     target_prefix: u8,
-    src_filter: Option<SourceFilter>,
+    src_filter: Option<IpNet>,
     rc: Weak<()>,
 }
 
@@ -144,7 +136,7 @@ impl PortForwardState {
         source: SocketAddrV4,
         target: SocketAddrV4,
         target_prefix: u8,
-        src_filter: Option<SourceFilter>,
+        src_filter: Option<IpNet>,
     ) -> Result<Arc<()>, Error> {
         if let Some(existing) = self.mappings.get_mut(&source) {
             if existing.target == target && existing.src_filter == src_filter {
@@ -241,7 +233,7 @@ enum PortForwardCommand {
         source: SocketAddrV4,
         target: SocketAddrV4,
         target_prefix: u8,
-        src_filter: Option<SourceFilter>,
+        src_filter: Option<IpNet>,
         respond: oneshot::Sender<Result<Arc<()>, Error>>,
     },
     Gc {
@@ -358,7 +350,7 @@ impl PortForwardController {
         source: SocketAddrV4,
         target: SocketAddrV4,
         target_prefix: u8,
-        src_filter: Option<SourceFilter>,
+        src_filter: Option<IpNet>,
     ) -> Result<Arc<()>, Error> {
         let (send, recv) = oneshot::channel();
         self.req
@@ -455,19 +447,7 @@ impl InterfaceForwardEntry {
                                 if reqs.public_gateways.contains(gw_id) {
                                     None
                                 } else if reqs.private_ips.contains(&IpAddr::V4(ip)) {
-                                    let excluded = ip_info
-                                        .lan_ip
-                                        .iter()
-                                        .filter_map(|ip| match ip {
-                                            IpAddr::V4(v4) => Some(v4.to_string()),
-                                            _ => None,
-                                        })
-                                        .collect::<Vec<_>>()
-                                        .join(",");
-                                    Some(SourceFilter {
-                                        subnet: subnet.trunc().to_string(),
-                                        excluded,
-                                    })
+                                    Some(subnet.trunc())
                                 } else {
                                     continue;
                                 };
@@ -725,7 +705,7 @@ async fn forward(
     source: SocketAddrV4,
     target: SocketAddrV4,
     target_prefix: u8,
-    src_filter: Option<&SourceFilter>,
+    src_filter: Option<&IpNet>,
 ) -> Result<(), Error> {
     let mut cmd = Command::new("/usr/lib/startos/scripts/forward-port");
     cmd.env("sip", source.ip().to_string())
@@ -733,11 +713,8 @@ async fn forward(
         .env("dprefix", target_prefix.to_string())
         .env("sport", source.port().to_string())
         .env("dport", target.port().to_string());
-    if let Some(filter) = src_filter {
-        cmd.env("src_subnet", &filter.subnet);
-        if !filter.excluded.is_empty() {
-            cmd.env("excluded_src", &filter.excluded);
-        }
+    if let Some(subnet) = src_filter {
+        cmd.env("src_subnet", subnet.to_string());
     }
     cmd.invoke(ErrorKind::Network).await?;
     Ok(())
@@ -747,7 +724,7 @@ async fn unforward(
     source: SocketAddrV4,
     target: SocketAddrV4,
     target_prefix: u8,
-    src_filter: Option<&SourceFilter>,
+    src_filter: Option<&IpNet>,
 ) -> Result<(), Error> {
     let mut cmd = Command::new("/usr/lib/startos/scripts/forward-port");
     cmd.env("UNDO", "1")
@@ -756,11 +733,8 @@ async fn unforward(
         .env("dprefix", target_prefix.to_string())
         .env("sport", source.port().to_string())
         .env("dport", target.port().to_string());
-    if let Some(filter) = src_filter {
-        cmd.env("src_subnet", &filter.subnet);
-        if !filter.excluded.is_empty() {
-            cmd.env("excluded_src", &filter.excluded);
-        }
+    if let Some(subnet) = src_filter {
+        cmd.env("src_subnet", subnet.to_string());
     }
     cmd.invoke(ErrorKind::Network).await?;
     Ok(())
diff --git a/core/src/net/gateway.rs b/core/src/net/gateway.rs
index e9c2575ba..7bc4cf920 100644
--- a/core/src/net/gateway.rs
+++ b/core/src/net/gateway.rs
@@ -657,6 +657,62 @@ async fn watch_ip(
                                 None
                             };
 
+                            // Policy routing: track per-interface table for cleanup on scope exit
+                            let policy_table_id = if !matches!(
+                                device_type,
+                                Some(
+                                    NetworkInterfaceType::Bridge
+                                        | NetworkInterfaceType::Loopback
+                                )
+                            ) {
+                                if_nametoindex(iface.as_str())
+                                    .map(|idx| 1000 + idx)
+                                    .log_err()
+                            } else {
+                                None
+                            };
+                            struct PolicyRoutingCleanup {
+                                table_id: u32,
+                                iface: String,
+                            }
+                            impl Drop for PolicyRoutingCleanup {
+                                fn drop(&mut self) {
+                                    let table_str = self.table_id.to_string();
+                                    let iface = std::mem::take(&mut self.iface);
+                                    tokio::spawn(async move {
+                                        Command::new("ip")
+                                            .arg("rule").arg("del")
+                                            .arg("fwmark").arg(&table_str)
+                                            .arg("lookup").arg(&table_str)
+                                            .invoke(ErrorKind::Network)
+                                            .await
+                                            .log_err();
+                                        Command::new("ip")
+                                            .arg("route").arg("flush")
+                                            .arg("table").arg(&table_str)
+                                            .invoke(ErrorKind::Network)
+                                            .await
+                                            .log_err();
+                                        Command::new("iptables")
+                                            .arg("-t").arg("mangle")
+                                            .arg("-D").arg("PREROUTING")
+                                            .arg("-i").arg(&iface)
+                                            .arg("-m").arg("conntrack")
+                                            .arg("--ctstate").arg("NEW")
+                                            .arg("-j").arg("CONNMARK")
+                                            .arg("--set-mark").arg(&table_str)
+                                            .invoke(ErrorKind::Network)
+                                            .await
+                                            .log_err();
+                                    });
+                                }
+                            }
+                            let _policy_guard: Option<PolicyRoutingCleanup> =
+                                policy_table_id.map(|t| PolicyRoutingCleanup {
+                                    table_id: t,
+                                    iface: iface.as_str().to_owned(),
+                                });
+
                             loop {
                                 until
                                     .run(async {
@@ -666,7 +722,7 @@ async fn watch_ip(
                                             .into_iter()
                                             .chain(ip6_proxy.address_data().await?)
                                             .collect_vec();
-                                        let lan_ip = [
+                                        let lan_ip: OrdSet<IpAddr> = [
                                             Some(ip4_proxy.gateway().await?)
                                                 .filter(|g| !g.is_empty())
                                                 .and_then(|g| g.parse::<IpAddr>().log_err()),
@@ -703,22 +759,122 @@ async fn watch_ip(
                                             .into_iter()
                                             .map(IpNet::try_from)
                                             .try_collect()?;
-                                        // let tables = ip4_proxy.route_data().await?.into_iter().filter_map(|d|d.table).collect::<Vec<_>>();
-                                        // if !tables.is_empty() {
-                                        //     let rules = String::from_utf8(Command::new("ip").arg("rule").arg("list").invoke(ErrorKind::Network).await?)?;
-                                        //     for table in tables {
-                                        //         for subnet in subnets.iter().filter(|s| s.addr().is_ipv4()) {
-                                        //             let subnet_string = subnet.trunc().to_string();
-                                        //             let rule = ["from", &subnet_string, "lookup", &table.to_string()];
-                                        //             if !rules.contains(&rule.join(" ")) {
-                                        //                 if rules.contains(&rule[..2].join(" ")) {
-                                        //                     Command::new("ip").arg("rule").arg("del").args(&rule[..2]).invoke(ErrorKind::Network).await?;
-                                        //                 }
-                                        //                 Command::new("ip").arg("rule").arg("add").args(rule).invoke(ErrorKind::Network).await?;
-                                        //             }
-                                        //         }
-                                        //     }
-                                        // }
+                                        // Policy routing: ensure replies exit the same interface
+                                        // they arrived on, eliminating the need for MASQUERADE.
+                                        if let Some(guard) = &_policy_guard {
+                                            let table_id = guard.table_id;
+                                            let table_str = table_id.to_string();
+
+                                            let ipv4_gateway: Option<Ipv4Addr> =
+                                                lan_ip.iter().find_map(|ip| match ip {
+                                                    IpAddr::V4(v4) => Some(v4),
+                                                    _ => None,
+                                                }).copied();
+                                            let ipv4_subnets: Vec<IpNet> = subnets
+                                                .iter()
+                                                .filter(|s| s.addr().is_ipv4())
+                                                .cloned()
+                                                .collect();
+
+                                            // Flush and rebuild per-interface routing table
+                                            Command::new("ip")
+                                                .arg("route").arg("flush")
+                                                .arg("table").arg(&table_str)
+                                                .invoke(ErrorKind::Network)
+                                                .await
+                                                .log_err();
+                                            for subnet in &ipv4_subnets {
+                                                let subnet_str = subnet.trunc().to_string();
+                                                Command::new("ip")
+                                                    .arg("route").arg("add").arg(&subnet_str)
+                                                    .arg("dev").arg(iface.as_str())
+                                                    .arg("table").arg(&table_str)
+                                                    .invoke(ErrorKind::Network)
+                                                    .await
+                                                    .log_err();
+                                            }
+                                            {
+                                                let mut cmd = Command::new("ip");
+                                                cmd.arg("route").arg("add").arg("default");
+                                                if let Some(gw) = ipv4_gateway {
+                                                    cmd.arg("via").arg(gw.to_string());
+                                                }
+                                                cmd.arg("dev").arg(iface.as_str())
+                                                    .arg("table").arg(&table_str);
+                                                if ipv4_gateway.is_none() {
+                                                    cmd.arg("scope").arg("link");
+                                                }
+                                                cmd.invoke(ErrorKind::Network)
+                                                    .await
+                                                    .log_err();
+                                            }
+
+                                            // Ensure global CONNMARK restore rule in mangle PREROUTING
+                                            // (restores fwmark from conntrack mark on reply packets)
+                                            if !Command::new("iptables")
+                                                .arg("-t").arg("mangle")
+                                                .arg("-C").arg("PREROUTING")
+                                                .arg("-j").arg("CONNMARK")
+                                                .arg("--restore-mark")
+                                                .status().await
+                                                .map_or(false, |s| s.success())
+                                            {
+                                                Command::new("iptables")
+                                                    .arg("-t").arg("mangle")
+                                                    .arg("-I").arg("PREROUTING").arg("1")
+                                                    .arg("-j").arg("CONNMARK")
+                                                    .arg("--restore-mark")
+                                                    .invoke(ErrorKind::Network)
+                                                    .await
+                                                    .log_err();
+                                            }
+
+                                            // Mark NEW connections arriving on this interface
+                                            // with its routing table ID via conntrack mark
+                                            if !Command::new("iptables")
+                                                .arg("-t").arg("mangle")
+                                                .arg("-C").arg("PREROUTING")
+                                                .arg("-i").arg(iface.as_str())
+                                                .arg("-m").arg("conntrack")
+                                                .arg("--ctstate").arg("NEW")
+                                                .arg("-j").arg("CONNMARK")
+                                                .arg("--set-mark").arg(&table_str)
+                                                .status().await
+                                                .map_or(false, |s| s.success())
+                                            {
+                                                Command::new("iptables")
+                                                    .arg("-t").arg("mangle")
+                                                    .arg("-A").arg("PREROUTING")
+                                                    .arg("-i").arg(iface.as_str())
+                                                    .arg("-m").arg("conntrack")
+                                                    .arg("--ctstate").arg("NEW")
+                                                    .arg("-j").arg("CONNMARK")
+                                                    .arg("--set-mark").arg(&table_str)
+                                                    .invoke(ErrorKind::Network)
+                                                    .await
+                                                    .log_err();
+                                            }
+
+                                            // Ensure fwmark-based ip rule for this interface's table
+                                            let rules_output = String::from_utf8(
+                                                Command::new("ip")
+                                                    .arg("rule").arg("list")
+                                                    .invoke(ErrorKind::Network)
+                                                    .await?,
+                                            )?;
+                                            if !rules_output.lines().any(|l| {
+                                                l.contains("fwmark")
+                                                    && l.contains(&format!("lookup {table_id}"))
+                                            }) {
+                                                Command::new("ip")
+                                                    .arg("rule").arg("add")
+                                                    .arg("fwmark").arg(&table_str)
+                                                    .arg("lookup").arg(&table_str)
+                                                    .invoke(ErrorKind::Network)
+                                                    .await
+                                                    .log_err();
+                                            }
+                                        }
                                         let wan_ip = if !subnets.is_empty()
                                             && !matches!(
                                                 device_type,
diff --git a/debian/dpkg-build.sh b/debian/dpkg-build.sh
index c8d1351d6..35ecef807 100755
--- a/debian/dpkg-build.sh
+++ b/debian/dpkg-build.sh
@@ -23,7 +23,7 @@ if [ "${PROJECT}" = "startos" ]; then
 else
     INSTALL_TARGET="install-${PROJECT#start-}"
 fi
-make "${INSTALL_TARGET}" DESTDIR=dpkg-workdir/$BASENAME
+make "${INSTALL_TARGET}" DESTDIR=dpkg-workdir/$BASENAME REMOTE=
 
 if [ -f dpkg-workdir/$BASENAME/usr/lib/$PROJECT/depends ]; then
     if [ -n "$DEPENDS" ]; then

From 339e5f799a27600459a8f6007cded423524069db Mon Sep 17 00:00:00 2001
From: Matt Hill <mattnine@protonmail.com>
Date: Thu, 12 Feb 2026 11:32:29 -0700
Subject: [PATCH 13/17] build ts types and fix i18n

---
 agents/TODO.md                                | 33 +++++++++++++++++++
 core/build/build-ts.sh                        |  4 +--
 sdk/base/lib/osBindings/AddTunnelParams.ts    |  8 ++++-
 sdk/base/lib/osBindings/DerivedAddressInfo.ts |  4 +--
 sdk/base/lib/osBindings/GatewayType.ts        |  3 ++
 sdk/base/lib/osBindings/NetworkInfo.ts        |  1 +
 .../lib/osBindings/NetworkInterfaceInfo.ts    |  3 +-
 sdk/base/lib/osBindings/PackageDataEntry.ts   |  1 +
 sdk/base/lib/osBindings/PackageInfoShort.ts   |  3 +-
 sdk/base/lib/osBindings/index.ts              |  1 +
 .../shared/src/i18n/dictionaries/de.ts        |  1 +
 .../shared/src/i18n/dictionaries/en.ts        |  7 ++--
 .../shared/src/i18n/dictionaries/es.ts        |  1 +
 .../shared/src/i18n/dictionaries/fr.ts        |  1 +
 .../shared/src/i18n/dictionaries/pl.ts        |  1 +
 .../routes/gateways/gateways.component.ts     |  2 +-
 .../system/routes/gateways/item.component.ts  |  4 +--
 17 files changed, 65 insertions(+), 13 deletions(-)
 create mode 100644 sdk/base/lib/osBindings/GatewayType.ts

diff --git a/agents/TODO.md b/agents/TODO.md
index cabae12fb..2c3f67315 100644
--- a/agents/TODO.md
+++ b/agents/TODO.md
@@ -217,6 +217,39 @@ Pending tasks for AI agents. Remove items when completed.
   | `sdk/base/lib/interfaces/Host.ts` | SDK `MultiHost.bindPort()` — no changes needed |
   | `core/src/db/model/public.rs` | Public DB model — port forward mapping |
 
+- [ ] Extract TS-exported types into a lightweight sub-crate for fast binding generation
+
+  **Problem**: `make ts-bindings` compiles the entire `start-os` crate (with all dependencies: tokio,
+  axum, openssl, etc.) just to run test functions that serialize type definitions to `.ts` files.
+  Even in debug mode, this takes minutes. The generated output is pure type info — no runtime code
+  is needed.
+
+  **Goal**: Generate TS bindings in seconds by isolating exported types in a small crate with minimal
+  dependencies.
+
+  **Approach**: Create a `core/bindings-types/` sub-crate containing (or re-exporting) all 168
+  `#[ts(export)]` types. This crate depends only on `serde`, `ts-rs`, `exver`, and other type-only
+  crates — not on tokio, axum, openssl, etc. Then `build-ts.sh` runs `cargo test -p bindings-types`
+  instead of `cargo test -p start-os`.
+
+  **Challenge**: The exported types are scattered across `core/src/` and reference each other and
+  other crate types. Extracting them requires either moving the type definitions into the sub-crate
+  (and importing them back into `start-os`) or restructuring to share a common types crate.
+
+- [ ] Use auto-generated RPC types in the frontend instead of manual duplicates
+
+  **Problem**: The web frontend manually defines ~755 lines of API request/response types in
+  `web/projects/ui/src/app/services/api/api.types.ts` that can drift from the actual Rust types.
+
+  **Current state**: The Rust backend already has `#[ts(export)]` on RPC param types (e.g.
+  `AddTunnelParams`, `SetWifiEnabledParams`, `LoginParams`), and they are generated into
+  `core/bindings/`. However, commit `71b83245b` ("Chore/unexport api ts #2585", April 2024)
+  deliberately stopped building them into the SDK and had the frontend maintain its own types.
+
+  **Goal**: Reverse that decision — pipe the generated RPC types through the SDK into the frontend
+  so `api.types.ts` can import them instead of duplicating them. This eliminates drift between
+  backend and frontend API contracts.
+
 - [ ] Auto-configure port forwards via UPnP/NAT-PMP/PCP - @dr-bonez
 
   **Blocked by**: "Support preferred external ports besides 443" (must be implemented and tested
diff --git a/core/build/build-ts.sh b/core/build/build-ts.sh
index ad808310a..9f659af24 100755
--- a/core/build/build-ts.sh
+++ b/core/build/build-ts.sh
@@ -7,7 +7,7 @@ source ./builder-alias.sh
 set -ea
 shopt -s expand_aliases
 
-PROFILE=${PROFILE:-release}
+PROFILE=${PROFILE:-debug}
 if [ "${PROFILE}" = "release" ]; then
 	BUILD_FLAGS="--release"
 else
@@ -38,7 +38,7 @@ if [[ "${ENVIRONMENT}" =~ (^|-)console($|-) ]]; then
 fi
 echo "FEATURES=\"$FEATURES\""
 echo "RUSTFLAGS=\"$RUSTFLAGS\""
-rust-zig-builder cargo test --manifest-path=./core/Cargo.toml $BUILD_FLAGS --features test,$FEATURES --locked 'export_bindings_'
+rust-zig-builder cargo test --manifest-path=./core/Cargo.toml --lib $BUILD_FLAGS --features test,$FEATURES --locked 'export_bindings_'
 if [ "$(ls -nd "core/bindings" | awk '{ print $3 }')" != "$UID" ]; then
   rust-zig-builder sh -c "chown -R $UID:$UID core/target && chown -R $UID:$UID core/bindings && chown -R $UID:$UID  /usr/local/cargo"
 fi
\ No newline at end of file
diff --git a/sdk/base/lib/osBindings/AddTunnelParams.ts b/sdk/base/lib/osBindings/AddTunnelParams.ts
index 018b22bb5..639a4e36a 100644
--- a/sdk/base/lib/osBindings/AddTunnelParams.ts
+++ b/sdk/base/lib/osBindings/AddTunnelParams.ts
@@ -1,3 +1,9 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { GatewayType } from './GatewayType'
 
-export type AddTunnelParams = { name: string; config: string; public: boolean }
+export type AddTunnelParams = {
+  name: string
+  config: string
+  type: GatewayType | null
+  setAsDefaultOutbound: boolean
+}
diff --git a/sdk/base/lib/osBindings/DerivedAddressInfo.ts b/sdk/base/lib/osBindings/DerivedAddressInfo.ts
index 2c83191fd..19926d44a 100644
--- a/sdk/base/lib/osBindings/DerivedAddressInfo.ts
+++ b/sdk/base/lib/osBindings/DerivedAddressInfo.ts
@@ -3,11 +3,11 @@ import type { HostnameInfo } from './HostnameInfo'
 
 export type DerivedAddressInfo = {
   /**
-   * User-controlled: private-gateway addresses the user has disabled
+   * User-controlled: private addresses the user has disabled
    */
   privateDisabled: Array<HostnameInfo>
   /**
-   * User-controlled: public-gateway addresses the user has enabled
+   * User-controlled: public addresses the user has enabled
    */
   publicEnabled: Array<HostnameInfo>
   /**
diff --git a/sdk/base/lib/osBindings/GatewayType.ts b/sdk/base/lib/osBindings/GatewayType.ts
new file mode 100644
index 000000000..aa7a2d6ed
--- /dev/null
+++ b/sdk/base/lib/osBindings/GatewayType.ts
@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type GatewayType = 'inbound-outbound' | 'outbound-only'
diff --git a/sdk/base/lib/osBindings/NetworkInfo.ts b/sdk/base/lib/osBindings/NetworkInfo.ts
index 5debd58d1..3acfb3851 100644
--- a/sdk/base/lib/osBindings/NetworkInfo.ts
+++ b/sdk/base/lib/osBindings/NetworkInfo.ts
@@ -13,4 +13,5 @@ export type NetworkInfo = {
   gateways: { [key: GatewayId]: NetworkInterfaceInfo }
   acme: { [key: AcmeProvider]: AcmeSettings }
   dns: DnsSettings
+  defaultOutbound: string | null
 }
diff --git a/sdk/base/lib/osBindings/NetworkInterfaceInfo.ts b/sdk/base/lib/osBindings/NetworkInterfaceInfo.ts
index dd3be99d9..a57f3c1e9 100644
--- a/sdk/base/lib/osBindings/NetworkInterfaceInfo.ts
+++ b/sdk/base/lib/osBindings/NetworkInterfaceInfo.ts
@@ -1,9 +1,10 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { GatewayType } from './GatewayType'
 import type { IpInfo } from './IpInfo'
 
 export type NetworkInterfaceInfo = {
   name: string | null
-  public: boolean | null
   secure: boolean | null
   ipInfo: IpInfo | null
+  type: GatewayType | null
 }
diff --git a/sdk/base/lib/osBindings/PackageDataEntry.ts b/sdk/base/lib/osBindings/PackageDataEntry.ts
index 05188c792..a0ea2fff7 100644
--- a/sdk/base/lib/osBindings/PackageDataEntry.ts
+++ b/sdk/base/lib/osBindings/PackageDataEntry.ts
@@ -25,4 +25,5 @@ export type PackageDataEntry = {
   serviceInterfaces: { [key: ServiceInterfaceId]: ServiceInterface }
   hosts: Hosts
   storeExposedDependents: string[]
+  outboundGateway: string | null
 }
diff --git a/sdk/base/lib/osBindings/PackageInfoShort.ts b/sdk/base/lib/osBindings/PackageInfoShort.ts
index 22c7fbea4..0bf858781 100644
--- a/sdk/base/lib/osBindings/PackageInfoShort.ts
+++ b/sdk/base/lib/osBindings/PackageInfoShort.ts
@@ -1,3 +1,4 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { LocaleString } from './LocaleString'
 
-export type PackageInfoShort = { releaseNotes: string }
+export type PackageInfoShort = { releaseNotes: LocaleString }
diff --git a/sdk/base/lib/osBindings/index.ts b/sdk/base/lib/osBindings/index.ts
index 18cca9c9a..5dc4d2865 100644
--- a/sdk/base/lib/osBindings/index.ts
+++ b/sdk/base/lib/osBindings/index.ts
@@ -85,6 +85,7 @@ export { FullIndex } from './FullIndex'
 export { FullProgress } from './FullProgress'
 export { GatewayId } from './GatewayId'
 export { GatewayInfo } from './GatewayInfo'
+export { GatewayType } from './GatewayType'
 export { GetActionInputParams } from './GetActionInputParams'
 export { GetContainerIpParams } from './GetContainerIpParams'
 export { GetHostInfoParams } from './GetHostInfoParams'
diff --git a/web/projects/shared/src/i18n/dictionaries/de.ts b/web/projects/shared/src/i18n/dictionaries/de.ts
index 8f5c3d0ee..c9bd6f38c 100644
--- a/web/projects/shared/src/i18n/dictionaries/de.ts
+++ b/web/projects/shared/src/i18n/dictionaries/de.ts
@@ -691,4 +691,5 @@ export default {
   726: '',
   727: '',
   728: '',
+  729: '',
 } satisfies i18n
diff --git a/web/projects/shared/src/i18n/dictionaries/en.ts b/web/projects/shared/src/i18n/dictionaries/en.ts
index 2878444ae..a121cfea8 100644
--- a/web/projects/shared/src/i18n/dictionaries/en.ts
+++ b/web/projects/shared/src/i18n/dictionaries/en.ts
@@ -563,7 +563,7 @@ export const ENGLISH: Record<string, number> = {
   'Requires setting a static IP address for': 591, // this is a partial sentence. An IP address will be added after "for" to complete the sentence.
   'Ideal for VPN access via': 592, // this is a partial sentence. A connection medium will be added after "via" to complete the sentence.
   'in your gateway': 593, // this is a partial sentence. It is preceded by an instruction: e.g. "do something" in your gateway. Gateway refers to a router or VPN server.
-  "your router's Wireguard server": 594, // this is a partial sentence. It is preceded by "ideal for access via"
+  "your router's WireGuard server": 594, // this is a partial sentence. It is preceded by "ideal for access via"
   'Requires port forwarding in gateway': 595,
   'Requires a DNS record for': 596, // this is a partial sentence. A domain name will be added after "for" to complete the sentence.
   'that resolves to': 597, // this is a partial sentence. It is preceded by "requires a DNS record for [domain] "
@@ -681,14 +681,15 @@ export const ENGLISH: Record<string, number> = {
   'Continue to Setup': 716,
   'Set Outbound Gateway': 717,
   'Current': 718,
-  'System default)': 719,
+  'System default': 719,
   'Outbound Gateway': 720,
   'Select the gateway for outbound traffic': 721,
   'The type of gateway': 722,
   'Outbound Only': 723,
   'Set as default outbound': 724,
   'Route all outbound traffic through this gateway': 725,
-  'Wireguard Config File': 726,
+  'WireGuard Config File': 726,
   'Inbound/Outbound': 727,
   'StartTunnel (Inbound/Outbound)': 728,
+  'Ethernet': 729
 }
diff --git a/web/projects/shared/src/i18n/dictionaries/es.ts b/web/projects/shared/src/i18n/dictionaries/es.ts
index c143992f0..a2e6b42ab 100644
--- a/web/projects/shared/src/i18n/dictionaries/es.ts
+++ b/web/projects/shared/src/i18n/dictionaries/es.ts
@@ -691,4 +691,5 @@ export default {
   726: '',
   727: '',
   728: '',
+  729: '',
 } satisfies i18n
diff --git a/web/projects/shared/src/i18n/dictionaries/fr.ts b/web/projects/shared/src/i18n/dictionaries/fr.ts
index 85a052194..ffb25d7f4 100644
--- a/web/projects/shared/src/i18n/dictionaries/fr.ts
+++ b/web/projects/shared/src/i18n/dictionaries/fr.ts
@@ -691,4 +691,5 @@ export default {
   726: '',
   727: '',
   728: '',
+  729: '',
 } satisfies i18n
diff --git a/web/projects/shared/src/i18n/dictionaries/pl.ts b/web/projects/shared/src/i18n/dictionaries/pl.ts
index bd8fd59df..09562f285 100644
--- a/web/projects/shared/src/i18n/dictionaries/pl.ts
+++ b/web/projects/shared/src/i18n/dictionaries/pl.ts
@@ -691,4 +691,5 @@ export default {
   726: '',
   727: '',
   728: '',
+  729: '',
 } satisfies i18n
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/gateways.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/gateways.component.ts
index 027803fe3..983d9a4a0 100644
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/gateways.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/gateways.component.ts
@@ -93,7 +93,7 @@ export default class GatewaysComponent {
         },
       }),
       config: ISB.Value.union({
-        name: this.i18n.transform('Wireguard Config File'),
+        name: this.i18n.transform('WireGuard Config File'),
         default: 'paste',
         variants: ISB.Variants.of({
           paste: {
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/item.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/item.component.ts
index 14f63662d..7ace53401 100644
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/item.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/system/routes/gateways/item.component.ts
@@ -49,7 +49,7 @@ import { TuiBadge } from '@taiga-ui/kit'
           }
           @case ('wireguard') {
             <tui-icon icon="@tui.shield" />
-            {{ 'WireGuard' | i18n }}
+            WireGuard'
           }
           @default {
             {{ gateway.ipInfo.deviceType }}
@@ -99,7 +99,7 @@ import { TuiBadge } from '@taiga-ui/kit'
                   iconStart="@tui.arrow-up-right"
                   (click)="setDefaultOutbound()"
                 >
-                  {{ 'Set as Default Outbound' | i18n }}
+                  {{ 'Set as default outbound' | i18n }}
                 </button>
               </tui-opt-group>
             }

From 4decf9335c5ce40f5ba44b642f3f87ca27f28ac9 Mon Sep 17 00:00:00 2001
From: Matt Hill <mattnine@protonmail.com>
Date: Thu, 12 Feb 2026 13:07:19 -0700
Subject: [PATCH 14/17] fix license display in marketplace

---
 .../ui/src/app/services/api/embassy-live-api.service.ts         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
index 2b4d2a056..2640e02d1 100644
--- a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
+++ b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts
@@ -49,7 +49,7 @@ export class LiveApiService extends ApiService {
     urls: string[],
     params: Record<string, string | number>,
   ): Promise<string> {
-    for (let url in urls) {
+    for (const url of urls) {
       try {
         const res = await this.httpRequest<string>({
           method: 'GET',

From db7f3341ac97cf0a3338fda0eb62114c038496d6 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Thu, 12 Feb 2026 14:51:33 -0700
Subject: [PATCH 15/17] wip refactor

---
 core/Cargo.lock                               | 663 +++++++++++-------
 core/build/build-ts.sh                        |   2 +-
 core/src/db/model/public.rs                   |  54 +-
 core/src/middleware/auth/signature.rs         |   2 +-
 core/src/net/dns.rs                           |   2 +-
 core/src/net/gateway.rs                       |  96 +--
 core/src/net/host/address.rs                  |  30 +-
 core/src/net/host/binding.rs                  |  60 +-
 core/src/net/host/mod.rs                      | 181 ++++-
 core/src/net/net_controller.rs                | 326 +++++----
 core/src/net/service_interface.rs             | 106 +--
 core/src/net/tunnel.rs                        |  16 +-
 core/src/service/effects/net/ssl.rs           |   8 +-
 core/src/version/v0_4_0_alpha_20.rs           |  19 +-
 sdk/base/lib/osBindings/DerivedAddressInfo.ts |   4 +-
 sdk/base/lib/util/getServiceInterface.ts      |  14 +-
 .../interfaces/interface.service.ts           |   6 +-
 .../services/routes/interface.component.ts    |   9 +-
 .../routes/startos-ui/startos-ui.component.ts |   9 +-
 .../ui/src/app/services/api/api.fixures.ts    |  12 +-
 .../ui/src/app/services/api/mock-patch.ts     |  16 +-
 21 files changed, 967 insertions(+), 668 deletions(-)

diff --git a/core/Cargo.lock b/core/Cargo.lock
index 0e96d08e4..739b886cf 100644
--- a/core/Cargo.lock
+++ b/core/Cargo.lock
@@ -153,24 +153,24 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.100"
+version = "1.0.101"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
+checksum = "5f0e0fee31ef5ed1ba1316088939cea399010ed7731dba877ed44aeb407a75ea"
 
 [[package]]
 name = "ar_archive_writer"
-version = "0.2.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0c269894b6fe5e9d7ada0cf69b5bf847ff35bc25fc271f08e1d080fce80339a"
+checksum = "7eb93bbb63b9c227414f6eb3a0adfddca591a8ce1e9b60661bb08969b87e340b"
 dependencies = [
- "object 0.32.2",
+ "object",
 ]
 
 [[package]]
 name = "arc-swap"
-version = "1.8.0"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51d03449bb8ca2cc2ef70869af31463d1ae5ccc8fa3e334b307203fbf815207e"
+checksum = "9ded5f9a03ac8f24d1b8a25101ee812cd32cdc8c50a4c50237de2c4915850e73"
 dependencies = [
  "rustversion",
 ]
@@ -232,7 +232,7 @@ checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
  "synstructure",
 ]
 
@@ -244,7 +244,7 @@ checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -306,9 +306,9 @@ dependencies = [
 
 [[package]]
 name = "async-compression"
-version = "0.4.37"
+version = "0.4.39"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d10e4f991a553474232bc0a31799f6d24b034a84c0971d80d2e2f78b2e576e40"
+checksum = "68650b7df54f0293fd061972a0fb05aaf4fc0879d3b3d21a638a182c5c543b9f"
 dependencies = [
  "compression-codecs",
  "compression-core",
@@ -385,7 +385,7 @@ checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -425,7 +425,7 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -442,7 +442,7 @@ checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -468,9 +468,9 @@ checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
 
 [[package]]
 name = "aws-lc-rs"
-version = "1.15.3"
+version = "1.15.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e84ce723ab67259cfeb9877c6a639ee9eb7a27b28123abd71db7f0d5d0cc9d86"
+checksum = "7b7b6141e96a8c160799cc2d5adecd5cbbe5054cb8c7c4af53da0f83bb7ad256"
 dependencies = [
  "aws-lc-sys",
  "zeroize",
@@ -478,9 +478,9 @@ dependencies = [
 
 [[package]]
 name = "aws-lc-sys"
-version = "0.36.0"
+version = "0.37.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43a442ece363113bd4bd4c8b18977a7798dd4d3c3383f34fb61936960e8f4ad8"
+checksum = "b092fe214090261288111db7a2b2c2118e5a7f30dc2569f1732c4069a6840549"
 dependencies = [
  "cc",
  "cmake",
@@ -553,7 +553,7 @@ dependencies = [
  "cfg-if",
  "libc",
  "miniz_oxide",
- "object 0.37.3",
+ "object",
  "rustc-demangle",
  "windows-link",
 ]
@@ -829,9 +829,9 @@ checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510"
 
 [[package]]
 name = "bytemuck"
-version = "1.24.0"
+version = "1.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fbdf580320f38b612e485521afda1ee26d10cc9884efaaa750d383e13e3c5f4"
+checksum = "c8efb64bd706a16a1bdde310ae86b351e4d21550d98d056f22f8a7f7a2183fec"
 
 [[package]]
 name = "byteorder"
@@ -847,15 +847,15 @@ checksum = "8f1fe948ff07f4bd06c30984e69f5b4899c516a3ef74f34df92a2df2ab535495"
 
 [[package]]
 name = "bytes"
-version = "1.11.0"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 
 [[package]]
 name = "cc"
-version = "1.2.53"
+version = "1.2.55"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "755d2fce177175ffca841e9a06afdb2c4ab0f593d53b4dee48147dfaade85932"
+checksum = "47b26a0954ae34af09b50f0de26458fa95369a0d478d8236d3f93082b219bd29"
 dependencies = [
  "find-msvc-tools",
  "jobserver",
@@ -959,9 +959,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.54"
+version = "4.5.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6e6ff9dcd79cff5cd969a17a545d79e84ab086e444102a591e288a8aa3ce394"
+checksum = "63be97961acde393029492ce0be7a1af7e323e6bae9511ebfac33751be5e6806"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -969,9 +969,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.54"
+version = "4.5.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa42cf4d2b7a41bc8f663a7cab4031ebafa1bf3875705bfaf8466dc60ab52c00"
+checksum = "7f13174bda5dfd69d7e947827e5af4b0f2f94a4a3ee92912fba07a66150f21e2"
 dependencies = [
  "anstream",
  "anstyle",
@@ -982,21 +982,21 @@ dependencies = [
 
 [[package]]
 name = "clap_derive"
-version = "4.5.49"
+version = "4.5.55"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a0b5487afeab2deb2ff4e03a807ad1a03ac532ff5a2cee5d86884440c7f7671"
+checksum = "a92793da1a46a5f2a02a6f4c46c6496b28c43638adea8306fcb0caa1634f24e5"
 dependencies = [
  "heck 0.5.0",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
 name = "clap_lex"
-version = "0.7.7"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3e64b0cc0439b12df2fa678eae89a1c56a529fd067a9115f7827f1fffd22b32"
+checksum = "3a822ea5bc7590f9d40f1ba12c0dc3c2760f3482c6984db1573ad11031420831"
 
 [[package]]
 name = "clipboard-win"
@@ -1412,9 +1412,9 @@ dependencies = [
 
 [[package]]
 name = "crypto-common"
-version = "0.1.7"
+version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
 dependencies = [
  "generic-array",
  "typenum",
@@ -1496,7 +1496,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -1539,14 +1539,14 @@ checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
 name = "deranged"
-version = "0.5.5"
+version = "0.5.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ececcb659e7ba858fb4f10388c250a7252eb0a27373f1a72b8748afdd248e587"
+checksum = "cc3dc5ad92c2e2d1c193bbbbdf2ea477cb81331de4f3103f267ca18368b988c4"
 dependencies = [
  "powerfmt",
 ]
@@ -1570,7 +1570,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "rustc_version",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -1629,7 +1629,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -1655,7 +1655,7 @@ checksum = "6e39034cee21a2f5bbb66ba0e3689819c4bb5d00382a282006e802a7ffa6c41d"
 dependencies = [
  "cfg-if",
  "libc",
- "socket2 0.6.1",
+ "socket2 0.6.2",
  "windows-sys 0.60.2",
 ]
 
@@ -1815,9 +1815,9 @@ dependencies = [
 
 [[package]]
 name = "ena"
-version = "0.14.3"
+version = "0.14.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d248bdd43ce613d87415282f69b9bb99d947d290b10962dd6c56233312c2ad5"
+checksum = "eabffdaee24bd1bf95c5ef7cec31260444317e72ea56c4c91750e8b7ee58d5f1"
 dependencies = [
  "log",
 ]
@@ -1852,7 +1852,7 @@ dependencies = [
  "heck 0.5.0",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -1873,7 +1873,7 @@ checksum = "67c78a4d8fdf9953a5c9d458f9efe940fd97a0cab0941c075a813ac594733827"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -2002,21 +2002,20 @@ dependencies = [
 
 [[package]]
 name = "filetime"
-version = "0.2.26"
+version = "0.2.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc0505cd1b6fa6580283f6bdf70a73fcf4aba1184038c90902b92b3dd0df63ed"
+checksum = "f98844151eee8917efc50bd9e8318cb963ae8b297431495d3f758616ea5c57db"
 dependencies = [
  "cfg-if",
  "libc",
  "libredox",
- "windows-sys 0.60.2",
 ]
 
 [[package]]
 name = "find-msvc-tools"
-version = "0.1.8"
+version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8591b0bcc8a98a64310a2fae1bb3e9b8564dd10e381e6e28010fde8e8e8568db"
+checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
 
 [[package]]
 name = "fixedbitset"
@@ -2026,9 +2025,9 @@ checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80"
 
 [[package]]
 name = "flate2"
-version = "1.1.8"
+version = "1.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b375d6465b98090a5f25b1c7703f3859783755aa9a80433b36e0379a3ec2f369"
+checksum = "843fba2746e448b37e26a819579957415c8cef339bf08564fe8b7ddbd959573c"
 dependencies = [
  "crc32fast",
  "miniz_oxide",
@@ -2193,7 +2192,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -2248,9 +2247,9 @@ dependencies = [
 
 [[package]]
 name = "generic-array"
-version = "0.14.7"
+version = "0.14.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2"
 dependencies = [
  "typenum",
  "version_check",
@@ -2324,6 +2323,19 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "getrandom"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "139ef39800118c7683f2fd3c98c1b23c09ae076556b435f8e9064ae108aaeeec"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "r-efi",
+ "wasip2",
+ "wasip3",
+]
+
 [[package]]
 name = "gimli"
 version = "0.32.3"
@@ -2345,8 +2357,8 @@ dependencies = [
  "aho-corasick",
  "bstr",
  "log",
- "regex-automata 0.4.13",
- "regex-syntax 0.8.8",
+ "regex-automata 0.4.14",
+ "regex-syntax 0.8.9",
 ]
 
 [[package]]
@@ -2539,7 +2551,7 @@ dependencies = [
  "rand 0.9.2",
  "ring",
  "serde",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tinyvec",
  "tokio",
  "tracing",
@@ -2563,7 +2575,7 @@ dependencies = [
  "resolv-conf",
  "serde",
  "smallvec",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tokio",
  "tracing",
 ]
@@ -2585,7 +2597,7 @@ dependencies = [
  "ipnet",
  "prefix-trie",
  "serde",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "time",
  "tokio",
  "tokio-util",
@@ -2724,7 +2736,7 @@ dependencies = [
  "tokio",
  "tokio-rustls 0.26.4",
  "tower-service",
- "webpki-roots 1.0.5",
+ "webpki-roots 1.0.6",
 ]
 
 [[package]]
@@ -2758,14 +2770,13 @@ dependencies = [
 
 [[package]]
 name = "hyper-util"
-version = "0.1.19"
+version = "0.1.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "727805d60e7938b76b826a6ef209eb70eaa1812794f9424d4a4e2d740662df5f"
+checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0"
 dependencies = [
  "base64 0.22.1",
  "bytes",
  "futures-channel",
- "futures-core",
  "futures-util",
  "http",
  "http-body",
@@ -2774,7 +2785,7 @@ dependencies = [
  "libc",
  "percent-encoding",
  "pin-project-lite",
- "socket2 0.6.1",
+ "socket2 0.6.2",
  "system-configuration",
  "tokio",
  "tower-service",
@@ -2784,9 +2795,9 @@ dependencies = [
 
 [[package]]
 name = "iana-time-zone"
-version = "0.1.64"
+version = "0.1.65"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33e57f83510bb73707521ebaffa789ec8caf86f9657cad665b092b581d40e9fb"
+checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470"
 dependencies = [
  "android_system_properties",
  "core-foundation-sys",
@@ -2887,6 +2898,12 @@ dependencies = [
  "zerovec",
 ]
 
+[[package]]
+name = "id-arena"
+version = "2.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954"
+
 [[package]]
 name = "id-pool"
 version = "0.2.2"
@@ -2940,7 +2957,7 @@ dependencies = [
  "globset",
  "log",
  "memchr",
- "regex-automata 0.4.13",
+ "regex-automata 0.4.14",
  "same-file",
  "walkdir",
  "winapi-util",
@@ -2984,9 +3001,9 @@ dependencies = [
 
 [[package]]
 name = "imbl-value"
-version = "0.4.3"
+version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ef2a5f88a75295785a3b4a752db1d45a3b83b9f3a4b13dc70a5aaa6c16d859b3"
+checksum = "2722c61df925c481ef6e78c66c451c8ff8514430ec9bacfa02613d8c126205dd"
 dependencies = [
  "imbl",
  "serde",
@@ -2997,8 +3014,8 @@ dependencies = [
 
 [[package]]
 name = "imbl-value"
-version = "0.4.3"
-source = "git+https://github.com/Start9Labs/imbl-value.git#27f9bb38cd87290ce4732a2ef3034ea1c7340560"
+version = "0.4.4"
+source = "git+https://github.com/Start9Labs/imbl-value.git#ffb4901d55c7771489599b21314c08663328c8c2"
 dependencies = [
  "imbl",
  "serde",
@@ -3315,7 +3332,7 @@ dependencies = [
  "regex",
  "serde",
  "serde_json",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "time",
 ]
 
@@ -3333,7 +3350,7 @@ dependencies = [
 name = "json-patch"
 version = "0.2.7-alpha.0"
 dependencies = [
- "imbl-value 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "imbl-value 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "json-ptr",
  "serde",
 ]
@@ -3343,9 +3360,9 @@ name = "json-ptr"
 version = "0.1.0"
 dependencies = [
  "imbl",
- "imbl-value 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "imbl-value 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
 ]
 
 [[package]]
@@ -3353,7 +3370,7 @@ name = "jsonpath_lib"
 version = "0.3.0"
 source = "git+https://github.com/Start9Labs/jsonpath.git#1cacbd64afa2e1941a21fef06bad14317ba92f30"
 dependencies = [
- "imbl-value 0.4.3 (git+https://github.com/Start9Labs/imbl-value.git)",
+ "imbl-value 0.4.4 (git+https://github.com/Start9Labs/imbl-value.git)",
  "log",
  "serde",
  "serde_json",
@@ -3388,7 +3405,7 @@ dependencies = [
  "petgraph",
  "pico-args",
  "regex",
- "regex-syntax 0.8.8",
+ "regex-syntax 0.8.9",
  "string_cache",
  "term",
  "tiny-keccak",
@@ -3402,7 +3419,7 @@ version = "0.20.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "507460a910eb7b32ee961886ff48539633b788a36b65692b95f225b844c82553"
 dependencies = [
- "regex-automata 0.4.13",
+ "regex-automata 0.4.14",
 ]
 
 [[package]]
@@ -3436,6 +3453,12 @@ dependencies = [
  "spin",
 ]
 
+[[package]]
+name = "leb128fmt"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2"
+
 [[package]]
 name = "lettre"
 version = "0.11.19"
@@ -3459,7 +3482,7 @@ dependencies = [
  "quoted_printable",
  "rustls 0.23.36",
  "rustls-platform-verifier",
- "socket2 0.6.1",
+ "socket2 0.6.2",
  "tokio",
  "tokio-rustls 0.26.4",
  "url",
@@ -3480,9 +3503,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.180"
+version = "0.2.181"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc"
+checksum = "459427e2af2b9c839b132acb702a1c654d95e10f8c326bfc2ad11310e458b1c5"
 
 [[package]]
 name = "libloading"
@@ -3496,9 +3519,9 @@ dependencies = [
 
 [[package]]
 name = "libm"
-version = "0.2.15"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de"
+checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981"
 
 [[package]]
 name = "libmimalloc-sys"
@@ -3518,7 +3541,7 @@ checksum = "3d0b95e02c851351f877147b7deea7b1afb1df71b63aa5f8270716e0c5720616"
 dependencies = [
  "bitflags 2.10.0",
  "libc",
- "redox_syscall 0.7.0",
+ "redox_syscall 0.7.1",
 ]
 
 [[package]]
@@ -3616,7 +3639,7 @@ dependencies = [
  "bitvec 1.0.1",
  "serde",
  "serde-big-array",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
 ]
 
 [[package]]
@@ -3631,9 +3654,9 @@ dependencies = [
 
 [[package]]
 name = "memchr"
-version = "2.7.6"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273"
+checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
 [[package]]
 name = "memmap2"
@@ -3698,7 +3721,7 @@ checksum = "db5b29714e950dbb20d5e6f74f9dcec4edbcc1067bb7f8ed198c097b8c1a818b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -3746,9 +3769,9 @@ dependencies = [
 
 [[package]]
 name = "moka"
-version = "0.12.12"
+version = "0.12.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3dec6bd31b08944e08b58fd99373893a6c17054d6f3ea5006cc894f4f4eee2a"
+checksum = "b4ac832c50ced444ef6be0767a008b02c106a909ba79d1d830501e94b96f6b7e"
 dependencies = [
  "crossbeam-channel",
  "crossbeam-epoch",
@@ -3773,9 +3796,9 @@ dependencies = [
 
 [[package]]
 name = "native-tls"
-version = "0.2.14"
+version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87de3442987e9dbec73158d5c715e7ad9072fda936bb03d19d7fa10e00520f0e"
+checksum = "6cdede44f9a69cab2899a2049e2c3bd49bf911a157f6a3353d4a91c61abbce44"
 dependencies = [
  "libc",
  "log",
@@ -3956,9 +3979,9 @@ dependencies = [
 
 [[package]]
 name = "num-conv"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"
 
 [[package]]
 name = "num-integer"
@@ -4030,7 +4053,7 @@ dependencies = [
  "proc-macro-crate",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -4068,15 +4091,6 @@ dependencies = [
  "objc",
 ]
 
-[[package]]
-name = "object"
-version = "0.32.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441"
-dependencies = [
- "memchr",
-]
-
 [[package]]
 name = "object"
 version = "0.37.3"
@@ -4175,7 +4189,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -4186,15 +4200,15 @@ checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e"
 
 [[package]]
 name = "openssl-probe"
-version = "0.2.0"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f50d9b3dabb09ecd771ad0aa242ca6894994c130308ca3d7684634df8037391"
+checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe"
 
 [[package]]
 name = "openssl-src"
-version = "300.5.4+3.5.4"
+version = "300.5.5+3.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a507b3792995dae9b0df8a1c1e3771e8418b7c2d9f0baeba32e6fe8b06c7cb72"
+checksum = "3f1787d533e03597a7934fd0a765f0d28e94ecc5fb7789f8053b1e699a56f709"
 dependencies = [
  "cc",
 ]
@@ -4334,7 +4348,7 @@ dependencies = [
  "fd-lock-rs",
  "futures",
  "imbl",
- "imbl-value 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "imbl-value 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "json-patch",
  "json-ptr",
  "lazy_static",
@@ -4342,7 +4356,7 @@ dependencies = [
  "patch-db-macro",
  "serde",
  "serde_cbor 0.11.1",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tokio",
  "tracing",
  "tracing-error",
@@ -4404,9 +4418,9 @@ checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220"
 
 [[package]]
 name = "pest"
-version = "2.8.5"
+version = "2.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2c9eb05c21a464ea704b53158d358a31e6425db2f63a1a7312268b05fe2b75f7"
+checksum = "e0848c601009d37dfa3430c4666e147e49cdcf1b92ecd3e63657d8a5f19da662"
 dependencies = [
  "memchr",
  "ucd-trie",
@@ -4414,9 +4428,9 @@ dependencies = [
 
 [[package]]
 name = "pest_derive"
-version = "2.8.5"
+version = "2.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68f9dbced329c441fa79d80472764b1a2c7e57123553b8519b36663a2fb234ed"
+checksum = "11f486f1ea21e6c10ed15d5a7c77165d0ee443402f0780849d1768e7d9d6fe77"
 dependencies = [
  "pest",
  "pest_generator",
@@ -4424,22 +4438,22 @@ dependencies = [
 
 [[package]]
 name = "pest_generator"
-version = "2.8.5"
+version = "2.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3bb96d5051a78f44f43c8f712d8e810adb0ebf923fc9ed2655a7f66f63ba8ee5"
+checksum = "8040c4647b13b210a963c1ed407c1ff4fdfa01c31d6d2a098218702e6664f94f"
 dependencies = [
  "pest",
  "pest_meta",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
 name = "pest_meta"
-version = "2.8.5"
+version = "2.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "602113b5b5e8621770cfd490cfd90b9f84ab29bd2b0e49ad83eb6d186cef2365"
+checksum = "89815c69d36021a140146f26659a81d6c2afa33d216d736dd4be5381a7362220"
 dependencies = [
  "pest",
  "sha2 0.10.9",
@@ -4485,7 +4499,7 @@ dependencies = [
  "phf_shared",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -4520,7 +4534,7 @@ checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -4602,9 +4616,9 @@ dependencies = [
 
 [[package]]
 name = "portable-atomic"
-version = "1.13.0"
+version = "1.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f89776e4d69bb58bc6993e99ffa1d11f228b839984854c7daeb5d37f87cbe950"
+checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49"
 
 [[package]]
 name = "portable-pty"
@@ -4677,6 +4691,16 @@ dependencies = [
  "yansi",
 ]
 
+[[package]]
+name = "prettyplease"
+version = "0.2.37"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
+dependencies = [
+ "proc-macro2",
+ "syn 2.0.115",
+]
+
 [[package]]
 name = "prettytable-rs"
 version = "0.10.0"
@@ -4711,9 +4735,9 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.105"
+version = "1.0.106"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "535d180e0ecab6268a3e718bb9fd44db66bbbc256257165fc699dadf70d16fe7"
+checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934"
 dependencies = [
  "unicode-ident",
 ]
@@ -4744,9 +4768,9 @@ dependencies = [
 
 [[package]]
 name = "proptest"
-version = "1.9.0"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bee689443a2bd0a16ab0348b52ee43e3b2d1b1f931c8aa5c9f8de4c86fbe8c40"
+checksum = "37566cb3fdacef14c0737f9546df7cfeadbfbc9fef10991038bf5015d0c80532"
 dependencies = [
  "bit-set 0.8.0",
  "bit-vec 0.8.0",
@@ -4755,7 +4779,7 @@ dependencies = [
  "rand 0.9.2",
  "rand_chacha 0.9.0",
  "rand_xorshift",
- "regex-syntax 0.8.8",
+ "regex-syntax 0.8.9",
  "rusty-fork",
  "tempfile",
  "unarray",
@@ -4769,7 +4793,7 @@ checksum = "fb6dc647500e84a25a85b100e76c85b8ace114c209432dc174f20aac11d4ed6c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -4792,7 +4816,7 @@ dependencies = [
  "itertools 0.14.0",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -4812,9 +4836,9 @@ checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac"
 
 [[package]]
 name = "psm"
-version = "0.1.28"
+version = "0.1.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d11f2fedc3b7dafdc2851bc52f277377c5473d378859be234bc7ebb593144d01"
+checksum = "3852766467df634d74f0b2d7819bf8dc483a0eb2e3b0f50f756f9cfe8b0d18d8"
 dependencies = [
  "ar_archive_writer",
  "cc",
@@ -4885,8 +4909,8 @@ dependencies = [
  "quinn-udp",
  "rustc-hash",
  "rustls 0.23.36",
- "socket2 0.6.1",
- "thiserror 2.0.17",
+ "socket2 0.6.2",
+ "thiserror 2.0.18",
  "tokio",
  "tracing",
  "web-time",
@@ -4907,7 +4931,7 @@ dependencies = [
  "rustls 0.23.36",
  "rustls-pki-types",
  "slab",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tinyvec",
  "tracing",
  "web-time",
@@ -4922,16 +4946,16 @@ dependencies = [
  "cfg_aliases 0.2.1",
  "libc",
  "once_cell",
- "socket2 0.6.1",
+ "socket2 0.6.2",
  "tracing",
  "windows-sys 0.60.2",
 ]
 
 [[package]]
 name = "quote"
-version = "1.0.43"
+version = "1.0.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc74d9a594b72ae6656596548f56f667211f8a97b3d4c3d467150794690dc40a"
+checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4"
 dependencies = [
  "proc-macro2",
 ]
@@ -4986,7 +5010,7 @@ dependencies = [
  "strum_macros",
  "syntect",
  "textwrap",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tokio",
  "tracing",
  "tracing-appender",
@@ -5169,9 +5193,9 @@ dependencies = [
 
 [[package]]
 name = "redox_syscall"
-version = "0.7.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49f3fe0889e69e2ae9e41f4d6c4c0181701d00e4697b356fb1f74173a5e0ee27"
+checksum = "35985aa610addc02e24fc232012c86fd11f14111180f902b67e2d5331f8ebf2b"
 dependencies = [
  "bitflags 2.10.0",
 ]
@@ -5189,14 +5213,14 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.12.2"
+version = "1.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "843bc0191f75f3e22651ae5f1e72939ab2f72a4bc30fa80a066bd66edefc24d4"
+checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276"
 dependencies = [
  "aho-corasick",
  "memchr",
- "regex-automata 0.4.13",
- "regex-syntax 0.8.8",
+ "regex-automata 0.4.14",
+ "regex-syntax 0.8.9",
 ]
 
 [[package]]
@@ -5210,13 +5234,13 @@ dependencies = [
 
 [[package]]
 name = "regex-automata"
-version = "0.4.13"
+version = "0.4.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5276caf25ac86c8d810222b3dbb938e512c55c6831a10f3e6ed1c93b84041f1c"
+checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f"
 dependencies = [
  "aho-corasick",
  "memchr",
- "regex-syntax 0.8.8",
+ "regex-syntax 0.8.9",
 ]
 
 [[package]]
@@ -5227,9 +5251,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
 
 [[package]]
 name = "regex-syntax"
-version = "0.8.8"
+version = "0.8.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a2d987857b319362043e95f5353c0535c1f58eec5336fdfcf626430af7def58"
+checksum = "a96887878f22d7bad8a3b6dc5b7440e0ada9a245242924394987b21cf2210a4c"
 
 [[package]]
 name = "reqwest"
@@ -5277,7 +5301,7 @@ dependencies = [
  "wasm-bindgen-futures",
  "wasm-streams",
  "web-sys",
- "webpki-roots 1.0.5",
+ "webpki-roots 1.0.6",
 ]
 
 [[package]]
@@ -5345,7 +5369,7 @@ dependencies = [
  "futures",
  "http",
  "http-body-util",
- "imbl-value 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "imbl-value 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "itertools 0.14.0",
  "lazy_format",
  "lazy_static",
@@ -5355,7 +5379,7 @@ dependencies = [
  "serde",
  "serde_cbor 0.11.2",
  "serde_json",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tokio",
  "tokio-stream",
  "url",
@@ -5433,7 +5457,7 @@ dependencies = [
  "serde",
  "serde_json",
  "serde_yaml",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -5551,7 +5575,7 @@ version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "612460d5f7bea540c490b2b6395d8e34a953e52b491accd6c86c8164c5932a63"
 dependencies = [
- "openssl-probe 0.2.0",
+ "openssl-probe 0.2.1",
  "rustls-pki-types",
  "schannel",
  "security-framework 3.5.1",
@@ -5646,9 +5670,9 @@ dependencies = [
 
 [[package]]
 name = "ryu"
-version = "1.0.22"
+version = "1.0.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a50f4cf475b65d88e057964e0e9bb1f0aa9bbb2036dc65c64596b42932536984"
+checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f"
 
 [[package]]
 name = "same-file"
@@ -5794,7 +5818,7 @@ checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -5841,7 +5865,7 @@ checksum = "175ee3e80ae9982737ca543e96133087cbd9a485eecc3bc4de9c1a37b47ea59c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -6052,15 +6076,15 @@ checksum = "c11532d9d241904f095185f35dcdaf930b1427a94d5b01d7002d74ba19b44cc4"
 
 [[package]]
 name = "siphasher"
-version = "1.0.1"
+version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56199f7ddabf13fe5074ce809e7d3f42b42ae711800501b5b16ea82ad029c39d"
+checksum = "b2aa850e253778c88a04c3d7323b043aeda9d3e30d5971937c1855769763678e"
 
 [[package]]
 name = "slab"
-version = "0.4.11"
+version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a2ae44ef20feb57a68b23d846850f861394c2e02dc425a50098ae8c90267589"
+checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5"
 
 [[package]]
 name = "sled"
@@ -6143,9 +6167,9 @@ dependencies = [
 
 [[package]]
 name = "socket2"
-version = "0.6.1"
+version = "0.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17129e116933cf371d018bb80ae557e889637989d8638274fb25622827b03881"
+checksum = "86f4aa3ad99f2088c990dfa82d367e19cb29268ed67c574d10d0a4bfe71f07e0"
 dependencies = [
  "libc",
  "windows-sys 0.60.2",
@@ -6160,7 +6184,7 @@ dependencies = [
  "async-trait",
  "bytes",
  "percent-encoding",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tokio",
 ]
 
@@ -6219,7 +6243,7 @@ dependencies = [
  "serde_json",
  "sha2 0.10.9",
  "smallvec",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tokio",
  "tokio-stream",
  "tracing",
@@ -6237,7 +6261,7 @@ dependencies = [
  "quote",
  "sqlx-core",
  "sqlx-macros-core",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -6258,7 +6282,7 @@ dependencies = [
  "sha2 0.10.9",
  "sqlx-core",
  "sqlx-postgres",
- "syn 2.0.114",
+ "syn 2.0.115",
  "tokio",
  "url",
 ]
@@ -6295,7 +6319,7 @@ dependencies = [
  "smallvec",
  "sqlx-core",
  "stringprep",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tracing",
  "whoami",
 ]
@@ -6323,7 +6347,7 @@ dependencies = [
  "quote",
  "regex-syntax 0.6.29",
  "strsim",
- "syn 2.0.114",
+ "syn 2.0.115",
  "unicode-width 0.1.14",
 ]
 
@@ -6377,9 +6401,9 @@ checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596"
 
 [[package]]
 name = "stacker"
-version = "0.1.22"
+version = "0.1.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1f8b29fb42aafcea4edeeb6b2f2d7ecd0d969c48b4cf0d2e64aafc471dd6e59"
+checksum = "08d74a23609d509411d10e2176dc2a4346e3b4aea2e7b1869f19fdedbc71c013"
 dependencies = [
  "cc",
  "cfg-if",
@@ -6437,7 +6461,7 @@ dependencies = [
  "id-pool",
  "iddqd",
  "imbl",
- "imbl-value 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "imbl-value 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "include_dir",
  "indexmap 2.13.0",
  "indicatif",
@@ -6495,7 +6519,7 @@ dependencies = [
  "sha-crypt",
  "sha2 0.10.9",
  "signal-hook",
- "socket2 0.6.1",
+ "socket2 0.6.2",
  "socks5-impl",
  "sqlx",
  "sscanf",
@@ -6503,14 +6527,14 @@ dependencies = [
  "tar",
  "termion",
  "textwrap",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "tokio",
  "tokio-rustls 0.26.4",
  "tokio-stream",
  "tokio-tar",
  "tokio-tungstenite 0.26.2",
  "tokio-util",
- "toml 0.9.11+spec-1.1.0",
+ "toml 0.9.12+spec-1.1.0",
  "tower-service",
  "tracing",
  "tracing-error",
@@ -6593,7 +6617,7 @@ dependencies = [
  "heck 0.5.0",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -6636,9 +6660,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.114"
+version = "2.0.115"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4d107df263a3013ef9b1879b0df87d706ff80f65a86ea879bd9c31f9b307c2a"
+checksum = "6e614ed320ac28113fa64972c4262d5dbc89deacdfd00c34a3e4cea073243c12"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -6662,7 +6686,7 @@ checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -6677,20 +6701,20 @@ dependencies = [
  "once_cell",
  "onig",
  "plist",
- "regex-syntax 0.8.8",
+ "regex-syntax 0.8.9",
  "serde",
  "serde_derive",
  "serde_json",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "walkdir",
  "yaml-rust",
 ]
 
 [[package]]
 name = "system-configuration"
-version = "0.6.1"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b"
+checksum = "a13f3d0daba03132c0aa9767f98351b3488edc2c100cda2d2ec2b04f3d8d3c8b"
 dependencies = [
  "bitflags 2.10.0",
  "core-foundation 0.9.4",
@@ -6732,12 +6756,12 @@ dependencies = [
 
 [[package]]
 name = "tempfile"
-version = "3.24.0"
+version = "3.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "655da9c7eb6305c55742045d5a8d2037996d61d8de95806335c7c86ce0f82e9c"
+checksum = "0136791f7c95b1f6dd99f9cc786b91bb81c3800b639b3478e561ddb7be95e5f1"
 dependencies = [
  "fastrand",
- "getrandom 0.3.4",
+ "getrandom 0.4.1",
  "once_cell",
  "rustix 1.1.3",
  "windows-sys 0.61.2",
@@ -6805,11 +6829,11 @@ dependencies = [
 
 [[package]]
 name = "thiserror"
-version = "2.0.17"
+version = "2.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f63587ca0f12b72a0600bcba1d40081f830876000bb46dd2337a3051618f4fc8"
+checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4"
 dependencies = [
- "thiserror-impl 2.0.17",
+ "thiserror-impl 2.0.18",
 ]
 
 [[package]]
@@ -6820,18 +6844,18 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "2.0.17"
+version = "2.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3ff15c8ecd7de3849db632e14d18d2571fa09dfc5ed93479bc4485c7a517c913"
+checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -6845,9 +6869,9 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.45"
+version = "0.3.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f9e442fc33d7fdb45aa9bfeb312c095964abdf596f7567261062b2a7107aaabd"
+checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
 dependencies = [
  "deranged",
  "itoa",
@@ -6860,15 +6884,15 @@ dependencies = [
 
 [[package]]
 name = "time-core"
-version = "0.1.7"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b36ee98fd31ec7426d599183e8fe26932a8dc1fb76ddb6214d05493377d34ca"
+checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
 
 [[package]]
 name = "time-macros"
-version = "0.2.25"
+version = "0.2.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "71e552d1249bf61ac2a52db88179fd0673def1e1ad8243a00d9ec9ed71fee3dd"
+checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
 dependencies = [
  "num-conv",
  "time-core",
@@ -6920,7 +6944,7 @@ dependencies = [
  "parking_lot 0.12.5",
  "pin-project-lite",
  "signal-hook-registry",
- "socket2 0.6.1",
+ "socket2 0.6.2",
  "tokio-macros",
  "tracing",
  "windows-sys 0.61.2",
@@ -6934,7 +6958,7 @@ checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -7056,9 +7080,9 @@ dependencies = [
 
 [[package]]
 name = "toml"
-version = "0.9.11+spec-1.1.0"
+version = "0.9.12+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3afc9a848309fe1aaffaed6e1546a7a14de1f935dc9d89d32afd9a44bab7c46"
+checksum = "cf92845e79fc2e2def6a5d828f0801e29a2f8acc037becc5ab08595c7d5e9863"
 dependencies = [
  "indexmap 2.13.0",
  "serde_core",
@@ -7115,9 +7139,9 @@ dependencies = [
 
 [[package]]
 name = "toml_parser"
-version = "1.0.6+spec-1.1.0"
+version = "1.0.8+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3198b4b0a8e11f09dd03e133c0280504d0801269e9afa46362ffde1cbeebf44"
+checksum = "0742ff5ff03ea7e67c8ae6c93cac239e0d9784833362da3f9a9c1da8dfefcbdc"
 dependencies = [
  "winnow",
 ]
@@ -7136,9 +7160,9 @@ checksum = "ab16f14aed21ee8bfd8ec22513f7287cd4a91aa92e44edfe2c17ddd004e92607"
 
 [[package]]
 name = "tonic"
-version = "0.14.2"
+version = "0.14.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb7613188ce9f7df5bfe185db26c5814347d110db17920415cf2fbcad85e7203"
+checksum = "a286e33f82f8a1ee2df63f4fa35c0becf4a85a0cb03091a15fd7bf0b402dc94a"
 dependencies = [
  "async-trait",
  "axum",
@@ -7153,7 +7177,7 @@ dependencies = [
  "hyper-util",
  "percent-encoding",
  "pin-project",
- "socket2 0.6.1",
+ "socket2 0.6.2",
  "sync_wrapper",
  "tokio",
  "tokio-stream",
@@ -7165,9 +7189,9 @@ dependencies = [
 
 [[package]]
 name = "tonic-prost"
-version = "0.14.2"
+version = "0.14.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "66bd50ad6ce1252d87ef024b3d64fe4c3cf54a86fb9ef4c631fdd0ded7aeaa67"
+checksum = "d6c55a2d6a14174563de34409c9f92ff981d006f56da9c6ecd40d9d4a31500b0"
 dependencies = [
  "bytes",
  "prost",
@@ -7242,7 +7266,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "786d480bce6247ab75f005b14ae1624ad978d3029d9113f0a22fa1ac773faeaf"
 dependencies = [
  "crossbeam-channel",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "time",
  "tracing-subscriber",
 ]
@@ -7255,7 +7279,7 @@ checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -7353,7 +7377,7 @@ checksum = "c88cc88fd23b5a04528f3a8436024f20010a16ec18eb23c164b1242f65860130"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
  "termcolor",
 ]
 
@@ -7371,7 +7395,7 @@ dependencies = [
  "native-tls",
  "rand 0.9.2",
  "sha1",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "url",
  "utf-8",
 ]
@@ -7389,7 +7413,7 @@ dependencies = [
  "log",
  "rand 0.9.2",
  "sha1",
- "thiserror 2.0.17",
+ "thiserror 2.0.18",
  "utf-8",
 ]
 
@@ -7410,7 +7434,7 @@ checksum = "076a02dc54dd46795c2e9c8282ed40bcfb1e22747e955de9389a1de28190fb26"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -7456,9 +7480,9 @@ checksum = "5c1cb5db39152898a79168971543b1cb5020dff7fe43c8dc468b0885f5e29df5"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.22"
+version = "1.0.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5"
+checksum = "537dd038a89878be9b64dd4bd1b260315c1bb94f4d784956b81e27a088d9a09e"
 
 [[package]]
 name = "unicode-linebreak"
@@ -7562,9 +7586,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
 
 [[package]]
 name = "uuid"
-version = "1.19.0"
+version = "1.20.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2e054861b4bd027cd373e18e8d8d8e6548085000e41290d95ce0c373a654b4a"
+checksum = "ee48d38b119b0cd71fe4141b30f5ba9c7c5d9f4e7a3a8b4a674e4b6ef789976f"
 dependencies = [
  "getrandom 0.3.4",
  "js-sys",
@@ -7616,7 +7640,7 @@ checksum = "2a3bfb04fd13da4fc8df24709b7a0949667f43c63691d9fecddf1d3be8af5099"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -7677,6 +7701,15 @@ dependencies = [
  "wit-bindgen",
 ]
 
+[[package]]
+name = "wasip3"
+version = "0.4.0+wasi-0.3.0-rc-2026-01-06"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5"
+dependencies = [
+ "wit-bindgen",
+]
+
 [[package]]
 name = "wasite"
 version = "0.1.0"
@@ -7729,7 +7762,7 @@ dependencies = [
  "bumpalo",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
  "wasm-bindgen-shared",
 ]
 
@@ -7742,6 +7775,28 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "wasm-encoder"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319"
+dependencies = [
+ "leb128fmt",
+ "wasmparser",
+]
+
+[[package]]
+name = "wasm-metadata"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909"
+dependencies = [
+ "anyhow",
+ "indexmap 2.13.0",
+ "wasm-encoder",
+ "wasmparser",
+]
+
 [[package]]
 name = "wasm-streams"
 version = "0.4.2"
@@ -7755,6 +7810,18 @@ dependencies = [
  "web-sys",
 ]
 
+[[package]]
+name = "wasmparser"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe"
+dependencies = [
+ "bitflags 2.10.0",
+ "hashbrown 0.15.5",
+ "indexmap 2.13.0",
+ "semver",
+]
+
 [[package]]
 name = "wayland-client"
 version = "0.29.5"
@@ -7850,9 +7917,9 @@ dependencies = [
 
 [[package]]
 name = "webpki-root-certs"
-version = "1.0.5"
+version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36a29fc0408b113f68cf32637857ab740edfafdf460c326cd2afaa2d84cc05dc"
+checksum = "804f18a4ac2676ffb4e8b5b5fa9ae38af06df08162314f96a68d2a363e21a8ca"
 dependencies = [
  "rustls-pki-types",
 ]
@@ -7863,14 +7930,14 @@ version = "0.26.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "521bc38abb08001b01866da9f51eb7c5d647a19260e00054a8c7fd5f9e57f7a9"
 dependencies = [
- "webpki-roots 1.0.5",
+ "webpki-roots 1.0.6",
 ]
 
 [[package]]
 name = "webpki-roots"
-version = "1.0.5"
+version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12bed680863276c63889429bfd6cab3b99943659923822de1c8a39c49e4d722c"
+checksum = "22cfaf3c063993ff62e73cb4311efde4db1efb31ab78a3e5c457939ad5cc0bed"
 dependencies = [
  "rustls-pki-types",
 ]
@@ -7964,7 +8031,7 @@ checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -7975,7 +8042,7 @@ checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -8343,6 +8410,88 @@ name = "wit-bindgen"
 version = "0.51.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5"
+dependencies = [
+ "wit-bindgen-rust-macro",
+]
+
+[[package]]
+name = "wit-bindgen-core"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc"
+dependencies = [
+ "anyhow",
+ "heck 0.5.0",
+ "wit-parser",
+]
+
+[[package]]
+name = "wit-bindgen-rust"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21"
+dependencies = [
+ "anyhow",
+ "heck 0.5.0",
+ "indexmap 2.13.0",
+ "prettyplease",
+ "syn 2.0.115",
+ "wasm-metadata",
+ "wit-bindgen-core",
+ "wit-component",
+]
+
+[[package]]
+name = "wit-bindgen-rust-macro"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a"
+dependencies = [
+ "anyhow",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.115",
+ "wit-bindgen-core",
+ "wit-bindgen-rust",
+]
+
+[[package]]
+name = "wit-component"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2"
+dependencies = [
+ "anyhow",
+ "bitflags 2.10.0",
+ "indexmap 2.13.0",
+ "log",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "wasm-encoder",
+ "wasm-metadata",
+ "wasmparser",
+ "wit-parser",
+]
+
+[[package]]
+name = "wit-parser"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736"
+dependencies = [
+ "anyhow",
+ "id-arena",
+ "indexmap 2.13.0",
+ "log",
+ "semver",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "unicode-xid",
+ "wasmparser",
+]
 
 [[package]]
 name = "writeable"
@@ -8531,15 +8680,15 @@ checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
  "synstructure",
 ]
 
 [[package]]
 name = "zbus"
-version = "5.13.1"
+version = "5.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17f79257df967b6779afa536788657777a0001f5b42524fcaf5038d4344df40b"
+checksum = "1bfeff997a0aaa3eb20c4652baf788d2dfa6d2839a0ead0b3ff69ce2f9c4bdd1"
 dependencies = [
  "async-broadcast",
  "async-executor",
@@ -8572,14 +8721,14 @@ dependencies = [
 
 [[package]]
 name = "zbus_macros"
-version = "5.13.1"
+version = "5.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aad23e2d2f91cae771c7af7a630a49e755f1eb74f8a46e9f6d5f7a146edf5a37"
+checksum = "0bbd5a90dbe8feee5b13def448427ae314ccd26a49cac47905cafefb9ff846f1"
 dependencies = [
  "proc-macro-crate",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
  "zbus_names",
  "zvariant",
  "zvariant_utils",
@@ -8598,22 +8747,22 @@ dependencies = [
 
 [[package]]
 name = "zerocopy"
-version = "0.8.33"
+version = "0.8.39"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "668f5168d10b9ee831de31933dc111a459c97ec93225beb307aed970d1372dfd"
+checksum = "db6d35d663eadb6c932438e763b262fe1a70987f9ae936e60158176d710cae4a"
 dependencies = [
  "zerocopy-derive",
 ]
 
 [[package]]
 name = "zerocopy-derive"
-version = "0.8.33"
+version = "0.8.39"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2c7962b26b0a8685668b671ee4b54d007a67d4eaf05fda79ac0ecf41e32270f1"
+checksum = "4122cd3169e94605190e77839c9a40d40ed048d305bfdc146e7df40ab0f3e517"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -8633,7 +8782,7 @@ checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
  "synstructure",
 ]
 
@@ -8654,7 +8803,7 @@ checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
@@ -8687,14 +8836,14 @@ checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
 ]
 
 [[package]]
 name = "zmij"
-version = "1.0.14"
+version = "1.0.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bd8f3f50b848df28f887acb68e41201b5aea6bc8a8dacc00fb40635ff9a72fea"
+checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa"
 
 [[package]]
 name = "zstd"
@@ -8726,9 +8875,9 @@ dependencies = [
 
 [[package]]
 name = "zvariant"
-version = "5.9.1"
+version = "5.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "326aaed414f04fe839777b4c443d4e94c74e7b3621093bd9c5e649ac8aa96543"
+checksum = "68b64ef4f40c7951337ddc7023dd03528a57a3ce3408ee9da5e948bd29b232c4"
 dependencies = [
  "endi",
  "enumflags2",
@@ -8740,14 +8889,14 @@ dependencies = [
 
 [[package]]
 name = "zvariant_derive"
-version = "5.9.1"
+version = "5.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba44e1f8f4da9e6e2d25d2a60b116ef8b9d0be174a7685e55bb12a99866279a7"
+checksum = "484d5d975eb7afb52cc6b929c13d3719a20ad650fea4120e6310de3fc55e415c"
 dependencies = [
  "proc-macro-crate",
  "proc-macro2",
  "quote",
- "syn 2.0.114",
+ "syn 2.0.115",
  "zvariant_utils",
 ]
 
@@ -8760,6 +8909,6 @@ dependencies = [
  "proc-macro2",
  "quote",
  "serde",
- "syn 2.0.114",
+ "syn 2.0.115",
  "winnow",
 ]
diff --git a/core/build/build-ts.sh b/core/build/build-ts.sh
index 9f659af24..9bed2f19f 100755
--- a/core/build/build-ts.sh
+++ b/core/build/build-ts.sh
@@ -11,7 +11,7 @@ PROFILE=${PROFILE:-debug}
 if [ "${PROFILE}" = "release" ]; then
 	BUILD_FLAGS="--release"
 else
-  if [ "$PROFILE" != "debug"]; then
+  if [ "$PROFILE" != "debug" ]; then
     >&2 echo "Unknown profile $PROFILE: falling back to debug..."
     PROFILE=debug
   fi
diff --git a/core/src/db/model/public.rs b/core/src/db/model/public.rs
index 0cdf868c9..831f5d4a8 100644
--- a/core/src/db/model/public.rs
+++ b/core/src/db/model/public.rs
@@ -20,8 +20,9 @@ use crate::db::model::Database;
 use crate::db::model::package::AllPackageData;
 use crate::net::acme::AcmeProvider;
 use crate::net::host::Host;
-use crate::net::host::binding::{AddSslOptions, BindInfo, BindOptions, Bindings, DerivedAddressInfo, NetInfo};
-use crate::net::utils::ipv6_is_local;
+use crate::net::host::binding::{
+    AddSslOptions, BindInfo, BindOptions, Bindings, DerivedAddressInfo, NetInfo,
+};
 use crate::net::vhost::AlpnInfo;
 use crate::prelude::*;
 use crate::progress::FullProgress;
@@ -91,7 +92,7 @@ impl Public {
                             .collect(),
                         ),
                         public_domains: BTreeMap::new(),
-                        private_domains: BTreeSet::new(),
+                        private_domains: BTreeMap::new(),
                     },
                     wifi: WifiInfo {
                         enabled: true,
@@ -242,44 +243,12 @@ pub struct DnsSettings {
 #[ts(export)]
 pub struct NetworkInterfaceInfo {
     pub name: Option<InternedString>,
-    #[ts(skip)]
-    pub public: Option<bool>,
     pub secure: Option<bool>,
     pub ip_info: Option<Arc<IpInfo>>,
     #[serde(default, rename = "type")]
     pub gateway_type: Option<GatewayType>,
 }
 impl NetworkInterfaceInfo {
-    pub fn public(&self) -> bool {
-        self.public.unwrap_or_else(|| {
-            !self.ip_info.as_ref().map_or(true, |ip_info| {
-            let ip4s = ip_info
-                .subnets
-                .iter()
-                .filter_map(|ipnet| {
-                    if let IpAddr::V4(ip4) = ipnet.addr() {
-                        Some(ip4)
-                    } else {
-                        None
-                    }
-                })
-                .collect::<BTreeSet<_>>();
-            if !ip4s.is_empty() {
-                return ip4s
-                    .iter()
-                    .all(|ip4| ip4.is_loopback() || ip4.is_private() || ip4.is_link_local());
-            }
-            ip_info.subnets.iter().all(|ipnet| {
-                if let IpAddr::V6(ip6) = ipnet.addr() {
-                    ipv6_is_local(ip6)
-                } else {
-                    true
-                }
-            })
-        })
-        })
-    }
-
     pub fn secure(&self) -> bool {
         self.secure.unwrap_or(false)
     }
@@ -316,7 +285,20 @@ pub enum NetworkInterfaceType {
     Loopback,
 }
 
-#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, TS, clap::ValueEnum)]
+#[derive(
+    Clone,
+    Copy,
+    Debug,
+    Default,
+    PartialEq,
+    Eq,
+    PartialOrd,
+    Ord,
+    Deserialize,
+    Serialize,
+    TS,
+    clap::ValueEnum,
+)]
 #[ts(export)]
 #[serde(rename_all = "kebab-case")]
 pub enum GatewayType {
diff --git a/core/src/middleware/auth/signature.rs b/core/src/middleware/auth/signature.rs
index 22af16182..1536ea4a1 100644
--- a/core/src/middleware/auth/signature.rs
+++ b/core/src/middleware/auth/signature.rs
@@ -71,7 +71,7 @@ impl SignatureAuthContext for RpcContext {
                         .as_network()
                         .as_host()
                         .as_private_domains()
-                        .de()
+                        .keys()
                         .map(|k| k.into_iter())
                         .transpose(),
                 )
diff --git a/core/src/net/dns.rs b/core/src/net/dns.rs
index 84c5cb3a4..cb435624d 100644
--- a/core/src/net/dns.rs
+++ b/core/src/net/dns.rs
@@ -10,7 +10,7 @@ use color_eyre::eyre::eyre;
 use futures::{FutureExt, StreamExt, TryStreamExt};
 use hickory_server::authority::{AuthorityObject, Catalog, MessageResponseBuilder};
 use hickory_server::proto::op::{Header, ResponseCode};
-use hickory_server::proto::rr::{LowerName, Name, Record, RecordType};
+use hickory_server::proto::rr::{Name, Record, RecordType};
 use hickory_server::resolver::config::{ResolverConfig, ResolverOpts};
 use hickory_server::server::{Request, RequestHandler, ResponseHandler, ResponseInfo};
 use hickory_server::store::forwarder::{ForwardAuthority, ForwardConfig};
diff --git a/core/src/net/gateway.rs b/core/src/net/gateway.rs
index c9c91c188..e10f2cb73 100644
--- a/core/src/net/gateway.rs
+++ b/core/src/net/gateway.rs
@@ -56,7 +56,7 @@ pub fn gateway_api<C: Context>() -> ParentHandler<C> {
                     }
 
                     let mut table = Table::new();
-                    table.add_row(row![bc => "INTERFACE", "TYPE", "PUBLIC", "ADDRESSES", "WAN IP"]);
+                    table.add_row(row![bc => "INTERFACE", "TYPE", "ADDRESSES", "WAN IP"]);
                     for (iface, info) in res {
                         table.add_row(row![
                             iface,
@@ -64,7 +64,6 @@ pub fn gateway_api<C: Context>() -> ParentHandler<C> {
                                 .as_ref()
                                 .and_then(|ip_info| ip_info.device_type)
                                 .map_or_else(|| "UNKNOWN".to_owned(), |ty| format!("{ty:?}")),
-                            info.public(),
                             info.ip_info.as_ref().map_or_else(
                                 || "<DISCONNECTED>".to_owned(),
                                 |ip_info| ip_info
@@ -94,22 +93,6 @@ pub fn gateway_api<C: Context>() -> ParentHandler<C> {
                 .with_about("about.show-gateways-startos-can-listen-on")
                 .with_call_remote::<CliContext>(),
         )
-        .subcommand(
-            "set-public",
-            from_fn_async(set_public)
-                .with_metadata("sync_db", Value::Bool(true))
-                .no_display()
-                .with_about("about.indicate-gateway-inbound-access-from-wan")
-                .with_call_remote::<CliContext>(),
-        )
-        .subcommand(
-            "unset-public",
-            from_fn_async(unset_public)
-                .with_metadata("sync_db", Value::Bool(true))
-                .no_display()
-                .with_about("about.allow-gateway-infer-inbound-access-from-wan")
-                .with_call_remote::<CliContext>(),
-        )
         .subcommand(
             "forget",
             from_fn_async(forget_iface)
@@ -134,40 +117,6 @@ async fn list_interfaces(
     Ok(ctx.net_controller.net_iface.watcher.ip_info())
 }
 
-#[derive(Debug, Clone, Deserialize, Serialize, Parser, TS)]
-struct NetworkInterfaceSetPublicParams {
-    #[arg(help = "help.arg.gateway-id")]
-    gateway: GatewayId,
-    #[arg(help = "help.arg.is-public")]
-    public: Option<bool>,
-}
-
-async fn set_public(
-    ctx: RpcContext,
-    NetworkInterfaceSetPublicParams { gateway, public }: NetworkInterfaceSetPublicParams,
-) -> Result<(), Error> {
-    ctx.net_controller
-        .net_iface
-        .set_public(&gateway, Some(public.unwrap_or(true)))
-        .await
-}
-
-#[derive(Debug, Clone, Deserialize, Serialize, Parser, TS)]
-struct UnsetPublicParams {
-    #[arg(help = "help.arg.gateway-id")]
-    gateway: GatewayId,
-}
-
-async fn unset_public(
-    ctx: RpcContext,
-    UnsetPublicParams { gateway }: UnsetPublicParams,
-) -> Result<(), Error> {
-    ctx.net_controller
-        .net_iface
-        .set_public(&gateway, None)
-        .await
-}
-
 #[derive(Debug, Clone, Deserialize, Serialize, Parser, TS)]
 struct ForgetGatewayParams {
     #[arg(help = "help.arg.gateway-id")]
@@ -910,12 +859,11 @@ async fn watch_ip(
 
                                         write_to.send_if_modified(
                                             |m: &mut OrdMap<GatewayId, NetworkInterfaceInfo>| {
-                                                let (name, public, secure, gateway_type, prev_wan_ip) = m
+                                                let (name, secure, gateway_type, prev_wan_ip) = m
                                                     .get(&iface)
-                                                    .map_or((None, None, None, None, None), |i| {
+                                                    .map_or((None, None, None, None), |i| {
                                                         (
                                                             i.name.clone(),
-                                                            i.public,
                                                             i.secure,
                                                             i.gateway_type,
                                                             i.ip_info
@@ -929,7 +877,6 @@ async fn watch_ip(
                                                     iface.clone(),
                                                     NetworkInterfaceInfo {
                                                         name,
-                                                        public,
                                                         secure,
                                                         ip_info: Some(ip_info.clone()),
                                                         gateway_type,
@@ -1192,43 +1139,6 @@ impl NetworkInterfaceController {
         }
     }
 
-    pub async fn set_public(
-        &self,
-        interface: &GatewayId,
-        public: Option<bool>,
-    ) -> Result<(), Error> {
-        let mut sub = self
-            .db
-            .subscribe(
-                "/public/serverInfo/network/gateways"
-                    .parse::<JsonPointer<_, _>>()
-                    .with_kind(ErrorKind::Database)?,
-            )
-            .await;
-        let mut err = None;
-        let changed = self.watcher.ip_info.send_if_modified(|ip_info| {
-            let prev = std::mem::replace(
-                &mut match ip_info.get_mut(interface).or_not_found(interface) {
-                    Ok(a) => a,
-                    Err(e) => {
-                        err = Some(e);
-                        return false;
-                    }
-                }
-                .public,
-                public,
-            );
-            prev != public
-        });
-        if let Some(e) = err {
-            return Err(e);
-        }
-        if changed {
-            sub.recv().await;
-        }
-        Ok(())
-    }
-
     pub async fn forget(&self, interface: &GatewayId) -> Result<(), Error> {
         let mut sub = self
             .db
diff --git a/core/src/net/host/address.rs b/core/src/net/host/address.rs
index 33c32073b..e7f5d8518 100644
--- a/core/src/net/host/address.rs
+++ b/core/src/net/host/address.rs
@@ -20,7 +20,7 @@ use crate::util::serde::{HandlerExtSerde, display_serializable};
 pub struct HostAddress {
     pub address: InternedString,
     pub public: Option<PublicDomainConfig>,
-    pub private: bool,
+    pub private: Option<BTreeSet<GatewayId>>,
 }
 
 #[derive(Debug, Clone, Deserialize, Serialize, TS)]
@@ -53,7 +53,7 @@ fn handle_duplicates(db: &mut DatabaseModel) -> Result<(), Error> {
         for domain in &public {
             check_domain(&mut domains, domain.clone())?;
         }
-        for domain in host.as_private_domains().de()? {
+        for domain in host.as_private_domains().keys()? {
             if !public.contains(&domain) {
                 check_domain(&mut domains, domain)?;
             }
@@ -63,13 +63,13 @@ fn handle_duplicates(db: &mut DatabaseModel) -> Result<(), Error> {
         host.as_public_domains_mut()
             .mutate(|d| Ok(d.retain(|d, _| !domains.contains(d))))?;
         host.as_private_domains_mut()
-            .mutate(|d| Ok(d.retain(|d| !domains.contains(d))))?;
+            .mutate(|d| Ok(d.retain(|d, _| !domains.contains(d))))?;
 
         let public = host.as_public_domains().keys()?;
         for domain in &public {
             check_domain(&mut domains, domain.clone())?;
         }
-        for domain in host.as_private_domains().de()? {
+        for domain in host.as_private_domains().keys()? {
             if !public.contains(&domain) {
                 check_domain(&mut domains, domain)?;
             }
@@ -146,21 +146,7 @@ pub fn address_api<C: Context, Kind: HostApiKind>()
                     }
 
                     let mut table = Table::new();
-                    table.add_row(row![bc => "ADDRESS", "PUBLIC", "ACME PROVIDER"]);
-                    for entry in &res {
-                        if let Some(PublicDomainConfig { gateway, acme }) = &entry.public {
-                            table.add_row(row![
-                                entry.address,
-                                &format!(
-                                    "{} ({gateway})",
-                                    if entry.private { "YES" } else { "ONLY" }
-                                ),
-                                acme.as_ref().map(|a| a.0.as_str()).unwrap_or("NONE")
-                            ]);
-                        } else {
-                            table.add_row(row![entry.address, &format!("NO"), "N/A"]);
-                        }
-                    }
+                    todo!("find a good way to represent this");
 
                     table.print_tty(false)?;
 
@@ -248,18 +234,20 @@ pub async fn remove_public_domain<Kind: HostApiKind>(
 pub struct AddPrivateDomainParams {
     #[arg(help = "help.arg.fqdn")]
     pub fqdn: InternedString,
+    pub gateway: GatewayId,
 }
 
 pub async fn add_private_domain<Kind: HostApiKind>(
     ctx: RpcContext,
-    AddPrivateDomainParams { fqdn }: AddPrivateDomainParams,
+    AddPrivateDomainParams { fqdn, gateway }: AddPrivateDomainParams,
     inheritance: Kind::Inheritance,
 ) -> Result<(), Error> {
     ctx.db
         .mutate(|db| {
             Kind::host_for(&inheritance, db)?
                 .as_private_domains_mut()
-                .mutate(|d| Ok(d.insert(fqdn)))?;
+                .upsert(&fqdn, || Ok(BTreeSet::new()))?
+                .mutate(|d| Ok(d.insert(gateway)))?;
             handle_duplicates(db)
         })
         .await
diff --git a/core/src/net/host/binding.rs b/core/src/net/host/binding.rs
index 8db806399..bd9bfe766 100644
--- a/core/src/net/host/binding.rs
+++ b/core/src/net/host/binding.rs
@@ -1,4 +1,5 @@
 use std::collections::{BTreeMap, BTreeSet};
+use std::net::SocketAddr;
 use std::str::FromStr;
 
 use clap::Parser;
@@ -7,6 +8,7 @@ use rpc_toolkit::{Context, Empty, HandlerArgs, HandlerExt, ParentHandler, from_f
 use serde::{Deserialize, Serialize};
 use ts_rs::TS;
 
+use crate::HostId;
 use crate::context::{CliContext, RpcContext};
 use crate::db::prelude::Map;
 use crate::net::forward::AvailablePorts;
@@ -16,7 +18,6 @@ use crate::net::vhost::AlpnInfo;
 use crate::prelude::*;
 use crate::util::FromStrParser;
 use crate::util::serde::{HandlerExtSerde, display_serializable};
-use crate::HostId;
 
 #[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize, TS)]
 #[ts(export)]
@@ -49,31 +50,36 @@ impl FromStr for BindId {
 #[ts(export)]
 #[model = "Model<Self>"]
 pub struct DerivedAddressInfo {
-    /// User-controlled: private addresses the user has disabled
-    pub private_disabled: BTreeSet<HostnameInfo>,
-    /// User-controlled: public addresses the user has enabled
-    pub public_enabled: BTreeSet<HostnameInfo>,
+    /// User override: enable these addresses (only for public IP & port)
+    pub enabled: BTreeSet<SocketAddr>,
+    /// User override: disable these addresses (only for domains and private IP & port)
+    pub disabled: BTreeSet<(InternedString, u16)>,
     /// COMPUTED: NetServiceData::update — all possible addresses for this binding
-    pub possible: BTreeSet<HostnameInfo>,
+    pub available: BTreeSet<HostnameInfo>,
 }
 
 impl DerivedAddressInfo {
-    /// Returns addresses that are currently enabled.
-    /// Private addresses are enabled by default (disabled if in private_disabled).
-    /// Public addresses are disabled by default (enabled if in public_enabled).
+    /// Returns addresses that are currently enabled after applying overrides.
+    /// Default: public IPs are disabled, everything else is enabled.
+    /// Explicit `enabled`/`disabled` overrides take precedence.
     pub fn enabled(&self) -> BTreeSet<&HostnameInfo> {
-        self.possible
+        self.available
             .iter()
             .filter(|h| {
-                if h.public {
-                    self.public_enabled.contains(h)
+                if h.public && h.metadata.is_ip() {
+                    // Public IPs: disabled by default, explicitly enabled via SocketAddr
+                    h.to_socket_addr().map_or(
+                        true, // should never happen, but would rather see them if it does
+                        |sa| self.enabled.contains(&sa),
+                    )
                 } else {
-                    !self.private_disabled.contains(h)
+                    !self
+                        .disabled
+                        .contains(&(h.host.clone(), h.port.unwrap_or_default())) // disablable addresses will always have a port
                 }
             })
             .collect()
     }
-
 }
 
 #[derive(Debug, Default, Deserialize, Serialize, HasModel, TS)]
@@ -199,9 +205,9 @@ impl BindInfo {
             options,
             net: lan,
             addresses: DerivedAddressInfo {
-                private_disabled: addresses.private_disabled,
-                public_enabled: addresses.public_enabled,
-                possible: BTreeSet::new(),
+                enabled: addresses.enabled,
+                disabled: addresses.disabled,
+                available: BTreeSet::new(),
             },
         })
     }
@@ -328,17 +334,27 @@ pub async fn set_address_enabled<Kind: HostApiKind>(
                 .as_bindings_mut()
                 .mutate(|b| {
                     let bind = b.get_mut(&internal_port).or_not_found(internal_port)?;
-                    if address.public {
+                    if address.public && address.metadata.is_ip() {
+                        // Public IPs: toggle via SocketAddr in `enabled` set
+                        let sa = address.to_socket_addr().ok_or_else(|| {
+                            Error::new(
+                                eyre!("cannot convert address to socket addr"),
+                                ErrorKind::InvalidRequest,
+                            )
+                        })?;
                         if enabled {
-                            bind.addresses.public_enabled.insert(address.clone());
+                            bind.addresses.enabled.insert(sa);
                         } else {
-                            bind.addresses.public_enabled.remove(&address);
+                            bind.addresses.enabled.remove(&sa);
                         }
                     } else {
+                        // Domains and private IPs: toggle via (host, port) in `disabled` set
+                        let port = address.port.unwrap_or(if address.ssl { 443 } else { 80 });
+                        let key = (address.host.clone(), port);
                         if enabled {
-                            bind.addresses.private_disabled.remove(&address);
+                            bind.addresses.disabled.remove(&key);
                         } else {
-                            bind.addresses.private_disabled.insert(address.clone());
+                            bind.addresses.disabled.insert(key);
                         }
                     }
                     Ok(())
diff --git a/core/src/net/host/mod.rs b/core/src/net/host/mod.rs
index ef06313dd..b6b8fb45d 100644
--- a/core/src/net/host/mod.rs
+++ b/core/src/net/host/mod.rs
@@ -3,19 +3,23 @@ use std::future::Future;
 use std::panic::RefUnwindSafe;
 
 use clap::Parser;
+use imbl::OrdMap;
 use imbl_value::InternedString;
 use itertools::Itertools;
+use patch_db::DestructureMut;
 use rpc_toolkit::{Context, Empty, HandlerExt, OrEmpty, ParentHandler, from_fn_async};
 use serde::{Deserialize, Serialize};
 use ts_rs::TS;
 
 use crate::context::RpcContext;
 use crate::db::model::DatabaseModel;
+use crate::db::model::public::NetworkInterfaceInfo;
 use crate::net::forward::AvailablePorts;
 use crate::net::host::address::{HostAddress, PublicDomainConfig, address_api};
 use crate::net::host::binding::{BindInfo, BindOptions, Bindings, binding};
+use crate::net::service_interface::{HostnameInfo, HostnameMetadata};
 use crate::prelude::*;
-use crate::{HostId, PackageId};
+use crate::{GatewayId, HostId, PackageId};
 
 pub mod address;
 pub mod binding;
@@ -27,7 +31,7 @@ pub mod binding;
 pub struct Host {
     pub bindings: Bindings,
     pub public_domains: BTreeMap<InternedString, PublicDomainConfig>,
-    pub private_domains: BTreeSet<InternedString>,
+    pub private_domains: BTreeMap<InternedString, BTreeSet<GatewayId>>,
 }
 
 impl AsRef<Host> for Host {
@@ -45,20 +49,183 @@ impl Host {
             .map(|(address, config)| HostAddress {
                 address: address.clone(),
                 public: Some(config.clone()),
-                private: self.private_domains.contains(address),
+                private: self.private_domains.get(address).cloned(),
             })
             .chain(
                 self.private_domains
                     .iter()
-                    .filter(|a| !self.public_domains.contains_key(*a))
-                    .map(|address| HostAddress {
-                        address: address.clone(),
+                    .filter(|(domain, _)| !self.public_domains.contains_key(*domain))
+                    .map(|(domain, gateways)| HostAddress {
+                        address: domain.clone(),
                         public: None,
-                        private: true,
+                        private: Some(gateways.clone()),
                     }),
             )
     }
 }
+impl Model<Host> {
+    pub fn update_addresses(
+        &mut self,
+        gateways: &OrdMap<GatewayId, NetworkInterfaceInfo>,
+        available_ports: &AvailablePorts,
+    ) -> Result<(), Error> {
+        let this = self.destructure_mut();
+        for (_, bind) in this.bindings.as_entries_mut()? {
+            let net = bind.as_net().de()?;
+            let opt = bind.as_options().de()?;
+            let mut available = BTreeSet::new();
+            for (gid, g) in gateways {
+                let Some(ip_info) = &g.ip_info else {
+                    continue;
+                };
+                let gateway_secure = g.secure();
+                for subnet in &ip_info.subnets {
+                    let host = InternedString::from_display(&subnet.addr());
+                    let metadata = if subnet.addr().is_ipv4() {
+                        HostnameMetadata::Ipv4 {
+                            gateway: gid.clone(),
+                        }
+                    } else {
+                        HostnameMetadata::Ipv6 {
+                            gateway: gid.clone(),
+                            scope_id: ip_info.scope_id,
+                        }
+                    };
+                    if let Some(port) = net.assigned_port.filter(|_| {
+                        opt.secure
+                            .map_or(gateway_secure, |s| !(s.ssl && opt.add_ssl.is_some()))
+                    }) {
+                        available.insert(HostnameInfo {
+                            ssl: opt.secure.map_or(false, |s| s.ssl),
+                            public: false,
+                            host: host.clone(),
+                            port: Some(port),
+                            metadata: metadata.clone(),
+                        });
+                    }
+                    if let Some(port) = net.assigned_ssl_port {
+                        available.insert(HostnameInfo {
+                            ssl: true,
+                            public: false,
+                            host: host.clone(),
+                            port: Some(port),
+                            metadata,
+                        });
+                    }
+                }
+                if let Some(wan_ip) = &ip_info.wan_ip {
+                    let host = InternedString::from_display(&wan_ip);
+                    let metadata = HostnameMetadata::Ipv4 {
+                        gateway: gid.clone(),
+                    };
+                    if let Some(port) = net.assigned_port.filter(|_| {
+                        opt.secure.map_or(
+                            false, // the public internet is never secure
+                            |s| !(s.ssl && opt.add_ssl.is_some()),
+                        )
+                    }) {
+                        available.insert(HostnameInfo {
+                            ssl: opt.secure.map_or(false, |s| s.ssl),
+                            public: true,
+                            host: host.clone(),
+                            port: Some(port),
+                            metadata: metadata.clone(),
+                        });
+                    }
+                    if let Some(port) = net.assigned_ssl_port {
+                        available.insert(HostnameInfo {
+                            ssl: true,
+                            public: true,
+                            host: host.clone(),
+                            port: Some(port),
+                            metadata,
+                        });
+                    }
+                }
+            }
+            for (domain, info) in this.public_domains.de()? {
+                let metadata = HostnameMetadata::PublicDomain {
+                    gateway: info.gateway.clone(),
+                };
+                if let Some(port) = net.assigned_port.filter(|_| {
+                    opt.secure.map_or(
+                        false, // the public internet is never secure
+                        |s| !(s.ssl && opt.add_ssl.is_some()),
+                    )
+                }) {
+                    available.insert(HostnameInfo {
+                        ssl: opt.secure.map_or(false, |s| s.ssl),
+                        public: true,
+                        host: domain.clone(),
+                        port: Some(port),
+                        metadata: metadata.clone(),
+                    });
+                }
+                if let Some(mut port) = net.assigned_ssl_port {
+                    if let Some(preferred) = opt
+                        .add_ssl
+                        .as_ref()
+                        .map(|s| s.preferred_external_port)
+                        .filter(|p| available_ports.is_ssl(*p))
+                    {
+                        port = preferred;
+                    }
+                    available.insert(HostnameInfo {
+                        ssl: true,
+                        public: true,
+                        host: domain.clone(),
+                        port: Some(port),
+                        metadata,
+                    });
+                }
+            }
+            for (domain, domain_gateways) in this.private_domains.de()? {
+                if let Some(port) = net.assigned_port.filter(|_| {
+                    opt.secure
+                        .map_or(true, |s| !(s.ssl && opt.add_ssl.is_some()))
+                }) {
+                    let gateways = if opt.secure.is_some() {
+                        domain_gateways.clone()
+                    } else {
+                        domain_gateways
+                            .iter()
+                            .cloned()
+                            .filter(|g| gateways.get(g).map_or(false, |g| g.secure()))
+                            .collect()
+                    };
+                    available.insert(HostnameInfo {
+                        ssl: opt.secure.map_or(false, |s| s.ssl),
+                        public: true,
+                        host: domain.clone(),
+                        port: Some(port),
+                        metadata: HostnameMetadata::PrivateDomain { gateways },
+                    });
+                }
+                if let Some(mut port) = net.assigned_ssl_port {
+                    if let Some(preferred) = opt
+                        .add_ssl
+                        .as_ref()
+                        .map(|s| s.preferred_external_port)
+                        .filter(|p| available_ports.is_ssl(*p))
+                    {
+                        port = preferred;
+                    }
+                    available.insert(HostnameInfo {
+                        ssl: true,
+                        public: true,
+                        host: domain.clone(),
+                        port: Some(port),
+                        metadata: HostnameMetadata::PrivateDomain {
+                            gateways: domain_gateways,
+                        },
+                    });
+                }
+            }
+            bind.as_addresses_mut().as_available_mut().ser(&available)?;
+        }
+        Ok(())
+    }
+}
 
 #[derive(Debug, Default, Deserialize, Serialize, HasModel, TS)]
 #[model = "Model<Self>"]
diff --git a/core/src/net/net_controller.rs b/core/src/net/net_controller.rs
index 37c63f333..5c8e27682 100644
--- a/core/src/net/net_controller.rs
+++ b/core/src/net/net_controller.rs
@@ -23,7 +23,7 @@ use crate::net::gateway::NetworkInterfaceController;
 use crate::net::host::address::HostAddress;
 use crate::net::host::binding::{AddSslOptions, BindId, BindOptions};
 use crate::net::host::{Host, Hosts, host_for};
-use crate::net::service_interface::{GatewayInfo, HostnameInfo, IpHostname};
+use crate::net::service_interface::{HostnameInfo, HostnameMetadata};
 use crate::net::socks::SocksController;
 use crate::net::utils::ipv6_is_local;
 use crate::net::vhost::{AlpnInfo, DynVHostTarget, ProxyTarget, VHostController};
@@ -261,10 +261,7 @@ impl NetServiceData {
         let mut private_dns: BTreeSet<InternedString> = BTreeSet::new();
         let binds = self.binds.entry(id.clone()).or_default();
 
-        let peek = ctrl.db.peek().await;
-        let server_info = peek.as_public().as_server_info();
         let net_ifaces = ctrl.net_iface.watcher.ip_info();
-        let hostname = server_info.as_hostname().de()?;
         let host_addresses: Vec<_> = host.addresses().collect();
 
         // Collect private DNS entries (domains without public config)
@@ -277,7 +274,7 @@ impl NetServiceData {
             }
         }
 
-        // ── Phase 1: Compute possible addresses ──
+        // ── Phase 1: Compute available addresses ──
         for (_port, bind) in host.bindings.iter_mut() {
             if !bind.enabled {
                 continue;
@@ -286,7 +283,83 @@ impl NetServiceData {
                 continue;
             }
 
-            bind.addresses.possible.clear();
+            bind.addresses.available.clear();
+
+            // Domain port: non-SSL port for domains (secure-filtered, gateway-independent)
+            let domain_base_port = bind.net.assigned_port.filter(|_| {
+                bind.options
+                    .secure
+                    .map_or(false, |s| !s.ssl || bind.options.add_ssl.is_none())
+            });
+            let (domain_port, domain_ssl_port) = if bind
+                .options
+                .add_ssl
+                .as_ref()
+                .map_or(false, |ssl| ssl.preferred_external_port == 443)
+            {
+                (None, Some(443))
+            } else {
+                (domain_base_port, bind.net.assigned_ssl_port)
+            };
+
+            // Domain addresses
+            for HostAddress {
+                address, public, ..
+            } in host_addresses.iter().cloned()
+            {
+                // Public domain entry
+                if let Some(pub_config) = &public {
+                    let metadata = HostnameMetadata::PublicDomain {
+                        gateway: pub_config.gateway.clone(),
+                    };
+                    if let Some(p) = domain_port {
+                        bind.addresses.available.insert(HostnameInfo {
+                            ssl: false,
+                            public: true,
+                            host: address.clone(),
+                            port: Some(p),
+                            metadata: metadata.clone(),
+                        });
+                    }
+                    if let Some(sp) = domain_ssl_port {
+                        bind.addresses.available.insert(HostnameInfo {
+                            ssl: true,
+                            public: true,
+                            host: address.clone(),
+                            port: Some(sp),
+                            metadata,
+                        });
+                    }
+                }
+                // Private domain entry
+                if let Some(gateways) = host.private_domains.get(&address) {
+                    if !gateways.is_empty() {
+                        let metadata = HostnameMetadata::PrivateDomain {
+                            gateways: gateways.clone(),
+                        };
+                        if let Some(p) = domain_port {
+                            bind.addresses.available.insert(HostnameInfo {
+                                ssl: false,
+                                public: false,
+                                host: address.clone(),
+                                port: Some(p),
+                                metadata: metadata.clone(),
+                            });
+                        }
+                        if let Some(sp) = domain_ssl_port {
+                            bind.addresses.available.insert(HostnameInfo {
+                                ssl: true,
+                                public: false,
+                                host: address.clone(),
+                                port: Some(sp),
+                                metadata,
+                            });
+                        }
+                    }
+                }
+            }
+
+            // IP addresses (per-gateway)
             for (gateway_id, info) in net_ifaces
                 .iter()
                 .filter(|(_, info)| {
@@ -296,111 +369,97 @@ impl NetServiceData {
                 })
                 .filter(|(_, info)| info.ip_info.is_some())
             {
-                let gateway = GatewayInfo {
-                    id: gateway_id.clone(),
-                    name: info
-                        .name
-                        .clone()
-                        .or_else(|| info.ip_info.as_ref().map(|i| i.name.clone()))
-                        .unwrap_or_else(|| gateway_id.clone().into()),
-                    public: info.public(),
-                };
                 let port = bind.net.assigned_port.filter(|_| {
                     bind.options.secure.map_or(false, |s| {
                         !(s.ssl && bind.options.add_ssl.is_some()) || info.secure()
                     })
                 });
-                // .local addresses (private only, non-public, non-wireguard gateways)
-                if !info.public()
-                    && info.ip_info.as_ref().map_or(false, |i| {
-                        i.device_type != Some(NetworkInterfaceType::Wireguard)
-                    })
-                {
-                    bind.addresses.possible.insert(HostnameInfo {
-                        gateway: gateway.clone(),
-                        public: false,
-                        hostname: IpHostname::Local {
-                            value: InternedString::from_display(&{
-                                let hostname = &hostname;
-                                lazy_format!("{hostname}.local")
-                            }),
-                            port,
-                            ssl_port: bind.net.assigned_ssl_port,
-                        },
-                    });
-                }
-                // Domain addresses
-                for HostAddress {
-                    address,
-                    public,
-                    private,
-                } in host_addresses.iter().cloned()
-                {
-                    let private = private && !info.public();
-                    let public =
-                        public.as_ref().map_or(false, |p| &p.gateway == gateway_id);
-                    if public || private {
-                        let (domain_port, domain_ssl_port) = if bind
-                            .options
-                            .add_ssl
-                            .as_ref()
-                            .map_or(false, |ssl| ssl.preferred_external_port == 443)
-                        {
-                            (None, Some(443))
-                        } else {
-                            (port, bind.net.assigned_ssl_port)
-                        };
-                        bind.addresses.possible.insert(HostnameInfo {
-                            gateway: gateway.clone(),
-                            public,
-                            hostname: IpHostname::Domain {
-                                value: address.clone(),
-                                port: domain_port,
-                                ssl_port: domain_ssl_port,
-                            },
-                        });
-                    }
-                }
-                // IP addresses
+
                 if let Some(ip_info) = &info.ip_info {
                     let public = info.public();
+                    // WAN IP (public)
                     if let Some(wan_ip) = ip_info.wan_ip {
-                        bind.addresses.possible.insert(HostnameInfo {
-                            gateway: gateway.clone(),
-                            public: true,
-                            hostname: IpHostname::Ipv4 {
-                                value: wan_ip,
-                                port,
-                                ssl_port: bind.net.assigned_ssl_port,
-                            },
-                        });
+                        let host_str = InternedString::from_display(&wan_ip);
+                        if let Some(p) = port {
+                            bind.addresses.available.insert(HostnameInfo {
+                                ssl: false,
+                                public: true,
+                                host: host_str.clone(),
+                                port: Some(p),
+                                metadata: HostnameMetadata::Ipv4 {
+                                    gateway: gateway_id.clone(),
+                                },
+                            });
+                        }
+                        if let Some(sp) = bind.net.assigned_ssl_port {
+                            bind.addresses.available.insert(HostnameInfo {
+                                ssl: true,
+                                public: true,
+                                host: host_str,
+                                port: Some(sp),
+                                metadata: HostnameMetadata::Ipv4 {
+                                    gateway: gateway_id.clone(),
+                                },
+                            });
+                        }
                     }
+                    // Subnet IPs
                     for ipnet in &ip_info.subnets {
                         match ipnet {
                             IpNet::V4(net) => {
                                 if !public {
-                                    bind.addresses.possible.insert(HostnameInfo {
-                                        gateway: gateway.clone(),
-                                        public,
-                                        hostname: IpHostname::Ipv4 {
-                                            value: net.addr(),
-                                            port,
-                                            ssl_port: bind.net.assigned_ssl_port,
-                                        },
-                                    });
+                                    let host_str = InternedString::from_display(&net.addr());
+                                    if let Some(p) = port {
+                                        bind.addresses.available.insert(HostnameInfo {
+                                            ssl: false,
+                                            public: false,
+                                            host: host_str.clone(),
+                                            port: Some(p),
+                                            metadata: HostnameMetadata::Ipv4 {
+                                                gateway: gateway_id.clone(),
+                                            },
+                                        });
+                                    }
+                                    if let Some(sp) = bind.net.assigned_ssl_port {
+                                        bind.addresses.available.insert(HostnameInfo {
+                                            ssl: true,
+                                            public: false,
+                                            host: host_str,
+                                            port: Some(sp),
+                                            metadata: HostnameMetadata::Ipv4 {
+                                                gateway: gateway_id.clone(),
+                                            },
+                                        });
+                                    }
                                 }
                             }
                             IpNet::V6(net) => {
-                                bind.addresses.possible.insert(HostnameInfo {
-                                    gateway: gateway.clone(),
-                                    public: public && !ipv6_is_local(net.addr()),
-                                    hostname: IpHostname::Ipv6 {
-                                        value: net.addr(),
-                                        scope_id: ip_info.scope_id,
-                                        port,
-                                        ssl_port: bind.net.assigned_ssl_port,
-                                    },
-                                });
+                                let is_public = public && !ipv6_is_local(net.addr());
+                                let host_str = InternedString::from_display(&net.addr());
+                                if let Some(p) = port {
+                                    bind.addresses.available.insert(HostnameInfo {
+                                        ssl: false,
+                                        public: is_public,
+                                        host: host_str.clone(),
+                                        port: Some(p),
+                                        metadata: HostnameMetadata::Ipv6 {
+                                            gateway: gateway_id.clone(),
+                                            scope_id: ip_info.scope_id,
+                                        },
+                                    });
+                                }
+                                if let Some(sp) = bind.net.assigned_ssl_port {
+                                    bind.addresses.available.insert(HostnameInfo {
+                                        ssl: true,
+                                        public: is_public,
+                                        host: host_str,
+                                        port: Some(sp),
+                                        metadata: HostnameMetadata::Ipv6 {
+                                            gateway: gateway_id.clone(),
+                                            scope_id: ip_info.scope_id,
+                                        },
+                                    });
+                                }
                             }
                         }
                     }
@@ -435,11 +494,8 @@ impl NetServiceData {
                     let server_private_ips: BTreeSet<IpAddr> = enabled_addresses
                         .iter()
                         .filter(|a| !a.public)
-                        .filter_map(|a| {
-                            net_ifaces
-                                .get(&a.gateway.id)
-                                .and_then(|info| info.ip_info.as_ref())
-                        })
+                        .flat_map(|a| a.metadata.gateways())
+                        .filter_map(|gw| net_ifaces.get(gw).and_then(|info| info.ip_info.as_ref()))
                         .flat_map(|ip_info| ip_info.subnets.iter().map(|s| s.addr()))
                         .collect();
 
@@ -465,32 +521,36 @@ impl NetServiceData {
 
                 // Domain vhosts: group by (domain, ssl_port), merge public/private sets
                 for addr_info in &enabled_addresses {
-                    if let IpHostname::Domain {
-                        value: domain,
-                        ssl_port: Some(domain_ssl_port),
-                        ..
-                    } = &addr_info.hostname
-                    {
-                        let key = (Some(domain.clone()), *domain_ssl_port);
-                        let target = vhosts.entry(key).or_insert_with(|| ProxyTarget {
-                            public: BTreeSet::new(),
-                            private: BTreeSet::new(),
-                            acme: host_addresses
-                                .iter()
-                                .find(|a| &a.address == domain)
-                                .and_then(|a| a.public.as_ref())
-                                .and_then(|p| p.acme.clone()),
-                            addr,
-                            add_x_forwarded_headers: ssl.add_x_forwarded_headers,
-                            connect_ssl: connect_ssl
-                                .clone()
-                                .map(|_| ctrl.tls_client_config.clone()),
-                        });
-                        if addr_info.public {
-                            target.public.insert(addr_info.gateway.id.clone());
-                        } else {
-                            // Add interface IPs for this gateway to private set
-                            if let Some(info) = net_ifaces.get(&addr_info.gateway.id) {
+                    if !addr_info.ssl {
+                        continue;
+                    }
+                    match &addr_info.metadata {
+                        HostnameMetadata::PublicDomain { .. }
+                        | HostnameMetadata::PrivateDomain { .. } => {}
+                        _ => continue,
+                    }
+                    let domain = &addr_info.host;
+                    let domain_ssl_port = addr_info.port.unwrap_or(443);
+                    let key = (Some(domain.clone()), domain_ssl_port);
+                    let target = vhosts.entry(key).or_insert_with(|| ProxyTarget {
+                        public: BTreeSet::new(),
+                        private: BTreeSet::new(),
+                        acme: host_addresses
+                            .iter()
+                            .find(|a| a.address == *domain)
+                            .and_then(|a| a.public.as_ref())
+                            .and_then(|p| p.acme.clone()),
+                        addr,
+                        add_x_forwarded_headers: ssl.add_x_forwarded_headers,
+                        connect_ssl: connect_ssl.clone().map(|_| ctrl.tls_client_config.clone()),
+                    });
+                    if addr_info.public {
+                        for gw in addr_info.metadata.gateways() {
+                            target.public.insert(gw.clone());
+                        }
+                    } else {
+                        for gw in addr_info.metadata.gateways() {
+                            if let Some(info) = net_ifaces.get(gw) {
                                 if let Some(ip_info) = &info.ip_info {
                                     for subnet in &ip_info.subnets {
                                         target.private.insert(subnet.addr());
@@ -512,16 +572,14 @@ impl NetServiceData {
                 let fwd_public: BTreeSet<GatewayId> = enabled_addresses
                     .iter()
                     .filter(|a| a.public)
-                    .map(|a| a.gateway.id.clone())
+                    .flat_map(|a| a.metadata.gateways())
+                    .cloned()
                     .collect();
                 let fwd_private: BTreeSet<IpAddr> = enabled_addresses
                     .iter()
                     .filter(|a| !a.public)
-                    .filter_map(|a| {
-                        net_ifaces
-                            .get(&a.gateway.id)
-                            .and_then(|i| i.ip_info.as_ref())
-                    })
+                    .flat_map(|a| a.metadata.gateways())
+                    .filter_map(|gw| net_ifaces.get(gw).and_then(|i| i.ip_info.as_ref()))
                     .flat_map(|ip| ip.subnets.iter().map(|s| s.addr()))
                     .collect();
                 forwards.insert(
@@ -634,8 +692,8 @@ impl NetServiceData {
                 for (port, bind) in host.bindings.0 {
                     if let Some(b) = bindings.as_idx_mut(&port) {
                         b.as_addresses_mut()
-                            .as_possible_mut()
-                            .ser(&bind.addresses.possible)?;
+                            .as_available_mut()
+                            .ser(&bind.addresses.available)?;
                     }
                 }
                 Ok(())
diff --git a/core/src/net/service_interface.rs b/core/src/net/service_interface.rs
index 1eae3ebca..6a1fb9009 100644
--- a/core/src/net/service_interface.rs
+++ b/core/src/net/service_interface.rs
@@ -1,22 +1,74 @@
-use std::net::{Ipv4Addr, Ipv6Addr};
+use std::collections::BTreeSet;
+use std::net::SocketAddr;
 
-use imbl_value::InternedString;
+use imbl_value::{InOMap, InternedString};
 use serde::{Deserialize, Serialize};
 use ts_rs::TS;
 
-use crate::{GatewayId, HostId, ServiceInterfaceId};
+use crate::prelude::*;
+use crate::{GatewayId, HostId, PackageId, ServiceInterfaceId};
 
 #[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, TS)]
 #[ts(export)]
 #[serde(rename_all = "camelCase")]
 pub struct HostnameInfo {
-    pub gateway: GatewayInfo,
+    pub ssl: bool,
     pub public: bool,
-    pub hostname: IpHostname,
+    pub host: InternedString,
+    pub port: Option<u16>,
+    pub metadata: HostnameMetadata,
 }
+
+#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, TS)]
+#[ts(export)]
+#[serde(rename_all = "kebab-case")]
+#[serde(rename_all_fields = "camelCase")]
+#[serde(tag = "kind")]
+pub enum HostnameMetadata {
+    Ipv4 {
+        gateway: GatewayId,
+    },
+    Ipv6 {
+        gateway: GatewayId,
+        scope_id: u32,
+    },
+    PrivateDomain {
+        gateways: BTreeSet<GatewayId>,
+    },
+    PublicDomain {
+        gateway: GatewayId,
+    },
+    Plugin {
+        package: PackageId,
+        #[serde(flatten)]
+        extra: InOMap<InternedString, Value>,
+    },
+}
+
 impl HostnameInfo {
+    pub fn to_socket_addr(&self) -> Option<SocketAddr> {
+        let ip = self.host.parse().ok()?;
+        Some(SocketAddr::new(ip, self.port?))
+    }
+
     pub fn to_san_hostname(&self) -> InternedString {
-        self.hostname.to_san_hostname()
+        self.host.clone()
+    }
+}
+
+impl HostnameMetadata {
+    pub fn is_ip(&self) -> bool {
+        matches!(self, Self::Ipv4 { .. } | Self::Ipv6 { .. })
+    }
+
+    pub fn gateways(&self) -> Box<dyn Iterator<Item = &GatewayId> + '_> {
+        match self {
+            Self::Ipv4 { gateway }
+            | Self::Ipv6 { gateway, .. }
+            | Self::PublicDomain { gateway } => Box::new(std::iter::once(gateway)),
+            Self::PrivateDomain { gateways } => Box::new(gateways.iter()),
+            Self::Plugin { .. } => Box::new(std::iter::empty()),
+        }
     }
 }
 
@@ -29,48 +81,6 @@ pub struct GatewayInfo {
     pub public: bool,
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, TS)]
-#[ts(export)]
-#[serde(rename_all = "camelCase")]
-#[serde(rename_all_fields = "camelCase")]
-#[serde(tag = "kind")]
-pub enum IpHostname {
-    Ipv4 {
-        value: Ipv4Addr,
-        port: Option<u16>,
-        ssl_port: Option<u16>,
-    },
-    Ipv6 {
-        value: Ipv6Addr,
-        #[serde(default)]
-        scope_id: u32,
-        port: Option<u16>,
-        ssl_port: Option<u16>,
-    },
-    Local {
-        #[ts(type = "string")]
-        value: InternedString,
-        port: Option<u16>,
-        ssl_port: Option<u16>,
-    },
-    Domain {
-        #[ts(type = "string")]
-        value: InternedString,
-        port: Option<u16>,
-        ssl_port: Option<u16>,
-    },
-}
-impl IpHostname {
-    pub fn to_san_hostname(&self) -> InternedString {
-        match self {
-            Self::Ipv4 { value, .. } => InternedString::from_display(value),
-            Self::Ipv6 { value, .. } => InternedString::from_display(value),
-            Self::Local { value, .. } => value.clone(),
-            Self::Domain { value, .. } => value.clone(),
-        }
-    }
-}
-
 #[derive(Clone, Debug, Deserialize, Serialize, TS)]
 #[ts(export)]
 #[serde(rename_all = "camelCase")]
diff --git a/core/src/net/tunnel.rs b/core/src/net/tunnel.rs
index deb7ec6a3..3c782a10e 100644
--- a/core/src/net/tunnel.rs
+++ b/core/src/net/tunnel.rs
@@ -82,7 +82,6 @@ pub async fn add_tunnel(
                     iface.clone(),
                     NetworkInterfaceInfo {
                         name: Some(name),
-                        public: None,
                         secure: None,
                         ip_info: None,
                         gateway_type,
@@ -193,15 +192,12 @@ pub async fn remove_tunnel(
         .mutate(|db| {
             for host in all_hosts(db) {
                 let host = host?;
-                host.as_bindings_mut().mutate(|b| {
-                    Ok(b.values_mut().for_each(|v| {
-                        v.addresses
-                            .private_disabled
-                            .retain(|h| h.gateway.id != id);
-                        v.addresses
-                            .public_enabled
-                            .retain(|h| h.gateway.id != id);
-                    }))
+                host.as_private_domains_mut().mutate(|d| {
+                    for gateways in d.values_mut() {
+                        gateways.remove(&id);
+                    }
+                    d.retain(|_, gateways| !gateways.is_empty());
+                    Ok(())
                 })?;
             }
 
diff --git a/core/src/service/effects/net/ssl.rs b/core/src/service/effects/net/ssl.rs
index 7de40aed6..f19f4faf2 100644
--- a/core/src/service/effects/net/ssl.rs
+++ b/core/src/service/effects/net/ssl.rs
@@ -58,12 +58,12 @@ pub async fn get_ssl_certificate(
                     Ok(m.as_public_domains()
                         .keys()?
                         .into_iter()
-                        .chain(m.as_private_domains().de()?)
+                        .chain(m.as_private_domains().keys()?)
                         .chain(
                             m.as_bindings()
                                 .de()?
                                 .values()
-                                .flat_map(|b| b.addresses.possible.iter().cloned())
+                                .flat_map(|b| b.addresses.available.iter().cloned())
                                 .map(|h| h.to_san_hostname()),
                         )
                         .collect::<Vec<InternedString>>())
@@ -182,12 +182,12 @@ pub async fn get_ssl_key(
                     Ok(m.as_public_domains()
                         .keys()?
                         .into_iter()
-                        .chain(m.as_private_domains().de()?)
+                        .chain(m.as_private_domains().keys()?)
                         .chain(
                             m.as_bindings()
                                 .de()?
                                 .values()
-                                .flat_map(|b| b.addresses.possible.iter().cloned())
+                                .flat_map(|b| b.addresses.available.iter().cloned())
                                 .map(|h| h.to_san_hostname()),
                         )
                         .collect::<Vec<InternedString>>())
diff --git a/core/src/version/v0_4_0_alpha_20.rs b/core/src/version/v0_4_0_alpha_20.rs
index 625d72a51..273114ae3 100644
--- a/core/src/version/v0_4_0_alpha_20.rs
+++ b/core/src/version/v0_4_0_alpha_20.rs
@@ -164,6 +164,19 @@ fn migrate_host(host: Option<&mut Value>) {
     // Remove hostnameInfo from host
     host.remove("hostnameInfo");
 
+    // Migrate privateDomains from array to object (BTreeSet -> BTreeMap<_, BTreeSet<GatewayId>>)
+    if let Some(private_domains) = host.get("privateDomains").and_then(|v| v.as_array()).cloned() {
+        let mut new_pd: Value = serde_json::json!({}).into();
+        for domain in private_domains {
+            if let Some(d) = domain.as_str() {
+                if let Some(obj) = new_pd.as_object_mut() {
+                    obj.insert(d.into(), serde_json::json!([]).into());
+                }
+            }
+        }
+        host.insert("privateDomains".into(), new_pd);
+    }
+
     // For each binding: add "addresses" field, remove gateway-level fields from "net"
     if let Some(bindings) = host.get_mut("bindings").and_then(|b| b.as_object_mut()) {
         for (_, binding) in bindings.iter_mut() {
@@ -173,9 +186,9 @@ fn migrate_host(host: Option<&mut Value>) {
                     binding_obj.insert(
                         "addresses".into(),
                         serde_json::json!({
-                            "privateDisabled": [],
-                            "publicEnabled": [],
-                            "possible": []
+                            "enabled": [],
+                            "disabled": [],
+                            "available": []
                         })
                         .into(),
                     );
diff --git a/sdk/base/lib/osBindings/DerivedAddressInfo.ts b/sdk/base/lib/osBindings/DerivedAddressInfo.ts
index 19926d44a..464d17e25 100644
--- a/sdk/base/lib/osBindings/DerivedAddressInfo.ts
+++ b/sdk/base/lib/osBindings/DerivedAddressInfo.ts
@@ -5,11 +5,11 @@ export type DerivedAddressInfo = {
   /**
    * User-controlled: private addresses the user has disabled
    */
-  privateDisabled: Array<HostnameInfo>
+  enabled: Array<HostnameInfo>
   /**
    * User-controlled: public addresses the user has enabled
    */
-  publicEnabled: Array<HostnameInfo>
+  disabled: Array<HostnameInfo>
   /**
    * COMPUTED: NetServiceData::update — all possible addresses for this binding
    */
diff --git a/sdk/base/lib/util/getServiceInterface.ts b/sdk/base/lib/util/getServiceInterface.ts
index bc22e70c6..6cbf72215 100644
--- a/sdk/base/lib/util/getServiceInterface.ts
+++ b/sdk/base/lib/util/getServiceInterface.ts
@@ -226,12 +226,16 @@ function filterRec(
   return hostnames
 }
 
+function isDefaultEnabled(h: HostnameInfo): boolean {
+  return !(h.public && (h.hostname.kind === 'ipv4' || h.hostname.kind === 'ipv6'))
+}
+
 function enabledAddresses(addr: DerivedAddressInfo): HostnameInfo[] {
-  return addr.possible.filter((h) =>
-    h.public
-      ? addr.publicEnabled.some((e) => deepEqual(e, h))
-      : !addr.privateDisabled.some((d) => deepEqual(d, h)),
-  )
+  return addr.possible.filter((h) => {
+    if (addr.enabled.some((e) => deepEqual(e, h))) return true
+    if (addr.disabled.some((d) => deepEqual(d, h))) return false
+    return isDefaultEnabled(h)
+  })
 }
 
 export const filledAddress = (
diff --git a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
index 6e05c02d9..f75d045ee 100644
--- a/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
+++ b/web/projects/ui/src/app/routes/portal/components/interfaces/interface.service.ts
@@ -257,9 +257,9 @@ export class InterfaceService {
     if (!binding) return []
     const addr = binding.addresses
     const enabled = addr.possible.filter(h =>
-      h.public
-        ? addr.publicEnabled.some(e => utils.deepEqual(e, h))
-        : !addr.privateDisabled.some(d => utils.deepEqual(d, h)),
+      addr.enabled.some(e => utils.deepEqual(e, h)) ||
+      (!addr.disabled.some(d => utils.deepEqual(d, h)) &&
+        !(h.public && (h.hostname.kind === 'ipv4' || h.hostname.kind === 'ipv6'))),
     )
     return enabled.filter(
       h =>
diff --git a/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts b/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts
index 03ec3d3ee..1daf86b01 100644
--- a/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/services/routes/interface.component.ts
@@ -134,9 +134,12 @@ export default class ServiceInterfaceRoute {
       gateways:
         gateways.map(g => ({
           enabled:
-            (g.public
-              ? binding?.addresses.publicEnabled.some(a => a.gateway.id === g.id)
-              : !binding?.addresses.privateDisabled.some(a => a.gateway.id === g.id)) ?? false,
+            (binding?.addresses.enabled.some(a => a.gateway.id === g.id) ||
+              (!binding?.addresses.disabled.some(a => a.gateway.id === g.id) &&
+                binding?.addresses.possible.some(a =>
+                  a.gateway.id === g.id &&
+                  !(a.public && (a.hostname.kind === 'ipv4' || a.hostname.kind === 'ipv6'))
+                ))) ?? false,
           ...g,
         })) || [],
       publicDomains: getPublicDomains(host.publicDomains, gateways),
diff --git a/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts b/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts
index 6d2246f98..11934da5b 100644
--- a/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts
+++ b/web/projects/ui/src/app/routes/portal/routes/system/routes/startos-ui/startos-ui.component.ts
@@ -95,9 +95,12 @@ export default class StartOsUiComponent {
       ),
       gateways: gateways.map(g => ({
         enabled:
-          (g.public
-            ? binding?.addresses.publicEnabled.some(a => a.gateway.id === g.id)
-            : !binding?.addresses.privateDisabled.some(a => a.gateway.id === g.id)) ?? false,
+          (binding?.addresses.enabled.some(a => a.gateway.id === g.id) ||
+            (!binding?.addresses.disabled.some(a => a.gateway.id === g.id) &&
+              binding?.addresses.possible.some(a =>
+                a.gateway.id === g.id &&
+                !(a.public && (a.hostname.kind === 'ipv4' || a.hostname.kind === 'ipv6'))
+              ))) ?? false,
         ...g,
       })),
       publicDomains: getPublicDomains(network.host.publicDomains, gateways),
diff --git a/web/projects/ui/src/app/services/api/api.fixures.ts b/web/projects/ui/src/app/services/api/api.fixures.ts
index 7e092ef80..8461c98f8 100644
--- a/web/projects/ui/src/app/services/api/api.fixures.ts
+++ b/web/projects/ui/src/app/services/api/api.fixures.ts
@@ -2128,8 +2128,8 @@ export namespace Mock {
               assignedSslPort: 443,
             },
             addresses: {
-              privateDisabled: [],
-              publicEnabled: [],
+              enabled: [],
+              disabled: [],
               possible: [
                 {
                   gateway: { id: 'eth0', name: 'Ethernet', public: false },
@@ -2214,8 +2214,8 @@ export namespace Mock {
               assignedSslPort: null,
             },
             addresses: {
-              privateDisabled: [],
-              publicEnabled: [],
+              enabled: [],
+              disabled: [],
               possible: [],
             },
             options: {
@@ -2237,8 +2237,8 @@ export namespace Mock {
               assignedSslPort: null,
             },
             addresses: {
-              privateDisabled: [],
-              publicEnabled: [],
+              enabled: [],
+              disabled: [],
               possible: [],
             },
             options: {
diff --git a/web/projects/ui/src/app/services/api/mock-patch.ts b/web/projects/ui/src/app/services/api/mock-patch.ts
index d3484fefc..4f225a7fb 100644
--- a/web/projects/ui/src/app/services/api/mock-patch.ts
+++ b/web/projects/ui/src/app/services/api/mock-patch.ts
@@ -40,8 +40,8 @@ export const mockPatchData: DataModel = {
               assignedSslPort: 443,
             },
             addresses: {
-              privateDisabled: [],
-              publicEnabled: [],
+              enabled: [],
+              disabled: [],
               possible: [
                 {
                   gateway: { id: 'eth0', name: 'Ethernet', public: false },
@@ -516,8 +516,8 @@ export const mockPatchData: DataModel = {
                 assignedSslPort: 443,
               },
               addresses: {
-                privateDisabled: [],
-                publicEnabled: [],
+                enabled: [],
+                disabled: [],
                 possible: [
                   {
                     gateway: { id: 'eth0', name: 'Ethernet', public: false },
@@ -602,8 +602,8 @@ export const mockPatchData: DataModel = {
                 assignedSslPort: null,
               },
               addresses: {
-                privateDisabled: [],
-                publicEnabled: [],
+                enabled: [],
+                disabled: [],
                 possible: [],
               },
               options: {
@@ -625,8 +625,8 @@ export const mockPatchData: DataModel = {
                 assignedSslPort: null,
               },
               addresses: {
-                privateDisabled: [],
-                publicEnabled: [],
+                enabled: [],
+                disabled: [],
                 possible: [],
               },
               options: {

From 376546561863e4281cd6098ce0a7ded0c2823612 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Fri, 13 Feb 2026 14:23:48 -0700
Subject: [PATCH 16/17] chore: update ts bindings for preferred port design

---
 sdk/base/lib/osBindings/DerivedAddressInfo.ts | 10 ++++----
 sdk/base/lib/osBindings/Host.ts               |  3 ++-
 sdk/base/lib/osBindings/HostnameInfo.ts       |  9 ++++----
 sdk/base/lib/osBindings/HostnameMetadata.ts   | 10 ++++++++
 sdk/base/lib/osBindings/IpHostname.ts         | 23 -------------------
 sdk/base/lib/osBindings/index.ts              |  2 +-
 6 files changed, 23 insertions(+), 34 deletions(-)
 create mode 100644 sdk/base/lib/osBindings/HostnameMetadata.ts
 delete mode 100644 sdk/base/lib/osBindings/IpHostname.ts

diff --git a/sdk/base/lib/osBindings/DerivedAddressInfo.ts b/sdk/base/lib/osBindings/DerivedAddressInfo.ts
index 464d17e25..79fb49bda 100644
--- a/sdk/base/lib/osBindings/DerivedAddressInfo.ts
+++ b/sdk/base/lib/osBindings/DerivedAddressInfo.ts
@@ -3,15 +3,15 @@ import type { HostnameInfo } from './HostnameInfo'
 
 export type DerivedAddressInfo = {
   /**
-   * User-controlled: private addresses the user has disabled
+   * User override: enable these addresses (only for public IP & port)
    */
-  enabled: Array<HostnameInfo>
+  enabled: Array<string>
   /**
-   * User-controlled: public addresses the user has enabled
+   * User override: disable these addresses (only for domains and private IP & port)
    */
-  disabled: Array<HostnameInfo>
+  disabled: Array<[string, number]>
   /**
    * COMPUTED: NetServiceData::update — all possible addresses for this binding
    */
-  possible: Array<HostnameInfo>
+  available: Array<HostnameInfo>
 }
diff --git a/sdk/base/lib/osBindings/Host.ts b/sdk/base/lib/osBindings/Host.ts
index cecc24475..3a655acb2 100644
--- a/sdk/base/lib/osBindings/Host.ts
+++ b/sdk/base/lib/osBindings/Host.ts
@@ -1,9 +1,10 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { Bindings } from './Bindings'
+import type { GatewayId } from './GatewayId'
 import type { PublicDomainConfig } from './PublicDomainConfig'
 
 export type Host = {
   bindings: Bindings
   publicDomains: { [key: string]: PublicDomainConfig }
-  privateDomains: Array<string>
+  privateDomains: { [key: string]: Array<GatewayId> }
 }
diff --git a/sdk/base/lib/osBindings/HostnameInfo.ts b/sdk/base/lib/osBindings/HostnameInfo.ts
index 4d80dd43f..f38a0e908 100644
--- a/sdk/base/lib/osBindings/HostnameInfo.ts
+++ b/sdk/base/lib/osBindings/HostnameInfo.ts
@@ -1,9 +1,10 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { GatewayInfo } from './GatewayInfo'
-import type { IpHostname } from './IpHostname'
+import type { HostnameMetadata } from './HostnameMetadata'
 
 export type HostnameInfo = {
-  gateway: GatewayInfo
+  ssl: boolean
   public: boolean
-  hostname: IpHostname
+  host: string
+  port: number | null
+  metadata: HostnameMetadata
 }
diff --git a/sdk/base/lib/osBindings/HostnameMetadata.ts b/sdk/base/lib/osBindings/HostnameMetadata.ts
new file mode 100644
index 000000000..fd2ff3a14
--- /dev/null
+++ b/sdk/base/lib/osBindings/HostnameMetadata.ts
@@ -0,0 +1,10 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { GatewayId } from './GatewayId'
+import type { PackageId } from './PackageId'
+
+export type HostnameMetadata =
+  | { kind: 'ipv4'; gateway: GatewayId }
+  | { kind: 'ipv6'; gateway: GatewayId; scopeId: number }
+  | { kind: 'private-domain'; gateways: Array<GatewayId> }
+  | { kind: 'public-domain'; gateway: GatewayId }
+  | ({ kind: 'plugin'; package: PackageId } & { [key in string]?: unknown })
diff --git a/sdk/base/lib/osBindings/IpHostname.ts b/sdk/base/lib/osBindings/IpHostname.ts
deleted file mode 100644
index 6f6be463f..000000000
--- a/sdk/base/lib/osBindings/IpHostname.ts
+++ /dev/null
@@ -1,23 +0,0 @@
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type IpHostname =
-  | { kind: 'ipv4'; value: string; port: number | null; sslPort: number | null }
-  | {
-      kind: 'ipv6'
-      value: string
-      scopeId: number
-      port: number | null
-      sslPort: number | null
-    }
-  | {
-      kind: 'local'
-      value: string
-      port: number | null
-      sslPort: number | null
-    }
-  | {
-      kind: 'domain'
-      value: string
-      port: number | null
-      sslPort: number | null
-    }
diff --git a/sdk/base/lib/osBindings/index.ts b/sdk/base/lib/osBindings/index.ts
index 5dc4d2865..013118267 100644
--- a/sdk/base/lib/osBindings/index.ts
+++ b/sdk/base/lib/osBindings/index.ts
@@ -109,6 +109,7 @@ export { HardwareRequirements } from './HardwareRequirements'
 export { HealthCheckId } from './HealthCheckId'
 export { HostId } from './HostId'
 export { HostnameInfo } from './HostnameInfo'
+export { HostnameMetadata } from './HostnameMetadata'
 export { Hosts } from './Hosts'
 export { Host } from './Host'
 export { IdMap } from './IdMap'
@@ -122,7 +123,6 @@ export { InstalledVersionParams } from './InstalledVersionParams'
 export { InstallingInfo } from './InstallingInfo'
 export { InstallingState } from './InstallingState'
 export { InstallParams } from './InstallParams'
-export { IpHostname } from './IpHostname'
 export { IpInfo } from './IpInfo'
 export { KeyboardOptions } from './KeyboardOptions'
 export { ListPackageSignersParams } from './ListPackageSignersParams'

From 49d4da03ca560d2f12b6a86331d209be1853eb91 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Fri, 13 Feb 2026 16:21:57 -0700
Subject: [PATCH 17/17] feat: refactor NetService to watch DB and reconcile
 network state

- NetService sync task now uses PatchDB DbWatch instead of being called
  directly after DB mutations
- Read gateways from DB instead of network interface context when
  updating host addresses
- gateway sync updates all host addresses in the DB
- Add Watch<u64> channel for callers to wait on sync completion
- Fix ts-rs codegen bug with #[ts(skip)] on flattened Plugin field
- Update SDK getServiceInterface.ts for new HostnameInfo shape
- Remove unnecessary HTTPS redirect in static_server.rs
- Fix tunnel/api.rs to filter for WAN IPv4 address
---
 core/src/net/gateway.rs                     |    8 +-
 core/src/net/host/address.rs                |   20 +-
 core/src/net/net_controller.rs              |  521 +-
 core/src/net/service_interface.rs           |    1 +
 core/src/net/static_server.rs               |   31 +-
 core/src/net/tunnel.rs                      |    6 +
 core/src/service/effects/callbacks.rs       |   61 +-
 core/src/service/effects/net/host.rs        |    1 +
 core/src/tunnel/api.rs                      |    7 +-
 sdk/base/lib/osBindings/HostnameMetadata.ts |    2 +-
 sdk/base/lib/util/getServiceInterface.ts    |  115 +-
 web/package-lock.json                       | 8483 ++++++++++++-------
 12 files changed, 5767 insertions(+), 3489 deletions(-)

diff --git a/core/src/net/gateway.rs b/core/src/net/gateway.rs
index e10f2cb73..49534908a 100644
--- a/core/src/net/gateway.rs
+++ b/core/src/net/gateway.rs
@@ -32,6 +32,7 @@ use crate::context::{CliContext, RpcContext};
 use crate::db::model::Database;
 use crate::db::model::public::{IpInfo, NetworkInterfaceInfo, NetworkInterfaceType};
 use crate::net::forward::START9_BRIDGE_IFACE;
+use crate::net::host::all_hosts;
 use crate::net::gateway::device::DeviceProxy;
 use crate::net::web_server::{Accept, AcceptStream, MetadataVisitor, TcpMetadata};
 use crate::prelude::*;
@@ -1003,7 +1004,12 @@ impl NetworkInterfaceController {
                 .as_server_info_mut()
                 .as_network_mut()
                 .as_gateways_mut()
-                .ser(info)
+                .ser(info)?;
+            let ports = db.as_private().as_available_ports().de()?;
+            for host in all_hosts(db) {
+                host?.update_addresses(info, &ports)?;
+            }
+            Ok(())
         })
         .await
         .result?;
diff --git a/core/src/net/host/address.rs b/core/src/net/host/address.rs
index e7f5d8518..2c3754707 100644
--- a/core/src/net/host/address.rs
+++ b/core/src/net/host/address.rs
@@ -193,7 +193,10 @@ pub async fn add_public_domain<Kind: HostApiKind>(
             Kind::host_for(&inheritance, db)?
                 .as_public_domains_mut()
                 .insert(&fqdn, &PublicDomainConfig { acme, gateway })?;
-            handle_duplicates(db)
+            handle_duplicates(db)?;
+            let gateways = db.as_public().as_server_info().as_network().as_gateways().de()?;
+            let ports = db.as_private().as_available_ports().de()?;
+            Kind::host_for(&inheritance, db)?.update_addresses(&gateways, &ports)
         })
         .await
         .result?;
@@ -221,7 +224,10 @@ pub async fn remove_public_domain<Kind: HostApiKind>(
         .mutate(|db| {
             Kind::host_for(&inheritance, db)?
                 .as_public_domains_mut()
-                .remove(&fqdn)
+                .remove(&fqdn)?;
+            let gateways = db.as_public().as_server_info().as_network().as_gateways().de()?;
+            let ports = db.as_private().as_available_ports().de()?;
+            Kind::host_for(&inheritance, db)?.update_addresses(&gateways, &ports)
         })
         .await
         .result?;
@@ -248,7 +254,10 @@ pub async fn add_private_domain<Kind: HostApiKind>(
                 .as_private_domains_mut()
                 .upsert(&fqdn, || Ok(BTreeSet::new()))?
                 .mutate(|d| Ok(d.insert(gateway)))?;
-            handle_duplicates(db)
+            handle_duplicates(db)?;
+            let gateways = db.as_public().as_server_info().as_network().as_gateways().de()?;
+            let ports = db.as_private().as_available_ports().de()?;
+            Kind::host_for(&inheritance, db)?.update_addresses(&gateways, &ports)
         })
         .await
         .result?;
@@ -266,7 +275,10 @@ pub async fn remove_private_domain<Kind: HostApiKind>(
         .mutate(|db| {
             Kind::host_for(&inheritance, db)?
                 .as_private_domains_mut()
-                .mutate(|d| Ok(d.remove(&domain)))
+                .mutate(|d| Ok(d.remove(&domain)))?;
+            let gateways = db.as_public().as_server_info().as_network().as_gateways().de()?;
+            let ports = db.as_private().as_available_ports().de()?;
+            Kind::host_for(&inheritance, db)?.update_addresses(&gateways, &ports)
         })
         .await
         .result?;
diff --git a/core/src/net/net_controller.rs b/core/src/net/net_controller.rs
index 5c8e27682..1b6d87b9f 100644
--- a/core/src/net/net_controller.rs
+++ b/core/src/net/net_controller.rs
@@ -3,17 +3,15 @@ use std::net::{IpAddr, Ipv4Addr, SocketAddr, SocketAddrV4};
 use std::sync::{Arc, Weak};
 
 use color_eyre::eyre::eyre;
-use imbl::vector;
 use imbl_value::InternedString;
-use ipnet::IpNet;
 use tokio::sync::Mutex;
 use tokio::task::JoinHandle;
 use tokio_rustls::rustls::ClientConfig as TlsClientConfig;
 use tracing::instrument;
 
+use patch_db::json_ptr::JsonPointer;
+
 use crate::db::model::Database;
-use crate::db::model::public::NetworkInterfaceType;
-use crate::error::ErrorCollection;
 use crate::hostname::Hostname;
 use crate::net::dns::DnsController;
 use crate::net::forward::{
@@ -23,13 +21,13 @@ use crate::net::gateway::NetworkInterfaceController;
 use crate::net::host::address::HostAddress;
 use crate::net::host::binding::{AddSslOptions, BindId, BindOptions};
 use crate::net::host::{Host, Hosts, host_for};
-use crate::net::service_interface::{HostnameInfo, HostnameMetadata};
+use crate::net::service_interface::HostnameMetadata;
 use crate::net::socks::SocksController;
-use crate::net::utils::ipv6_is_local;
 use crate::net::vhost::{AlpnInfo, DynVHostTarget, ProxyTarget, VHostController};
 use crate::prelude::*;
 use crate::service::effects::callbacks::ServiceCallbacks;
 use crate::util::serde::MaybeUtf8String;
+use crate::util::sync::Watch;
 use crate::{GatewayId, HOST_IP, HostId, OptionExt, PackageId};
 
 pub struct NetController {
@@ -182,79 +180,11 @@ impl NetServiceData {
         })
     }
 
-    async fn clear_bindings(
-        &mut self,
-        ctrl: &NetController,
-        except: BTreeSet<BindId>,
-    ) -> Result<(), Error> {
-        if let Some(pkg_id) = &self.id {
-            let hosts = ctrl
-                .db
-                .mutate(|db| {
-                    let mut res = Hosts::default();
-                    for (host_id, host) in db
-                        .as_public_mut()
-                        .as_package_data_mut()
-                        .as_idx_mut(pkg_id)
-                        .or_not_found(pkg_id)?
-                        .as_hosts_mut()
-                        .as_entries_mut()?
-                    {
-                        host.as_bindings_mut().mutate(|b| {
-                            for (internal_port, info) in b.iter_mut() {
-                                if !except.contains(&BindId {
-                                    id: host_id.clone(),
-                                    internal_port: *internal_port,
-                                }) {
-                                    info.disable();
-                                }
-                            }
-                            Ok(())
-                        })?;
-                        res.0.insert(host_id, host.de()?);
-                    }
-                    Ok(res)
-                })
-                .await
-                .result?;
-            let mut errors = ErrorCollection::new();
-            for (id, host) in hosts.0 {
-                errors.handle(self.update(ctrl, id, host).await);
-            }
-            errors.into_result()
-        } else {
-            let host = ctrl
-                .db
-                .mutate(|db| {
-                    let host = db
-                        .as_public_mut()
-                        .as_server_info_mut()
-                        .as_network_mut()
-                        .as_host_mut();
-                    host.as_bindings_mut().mutate(|b| {
-                        for (internal_port, info) in b.iter_mut() {
-                            if !except.contains(&BindId {
-                                id: HostId::default(),
-                                internal_port: *internal_port,
-                            }) {
-                                info.disable();
-                            }
-                        }
-                        Ok(())
-                    })?;
-                    host.de()
-                })
-                .await
-                .result?;
-            self.update(ctrl, HostId::default(), host).await
-        }
-    }
-
     async fn update(
         &mut self,
         ctrl: &NetController,
         id: HostId,
-        mut host: Host,
+        host: Host,
     ) -> Result<(), Error> {
         let mut forwards: BTreeMap<u16, (SocketAddrV4, ForwardRequirements)> = BTreeMap::new();
         let mut vhosts: BTreeMap<(Option<InternedString>, u16), ProxyTarget> = BTreeMap::new();
@@ -274,200 +204,7 @@ impl NetServiceData {
             }
         }
 
-        // ── Phase 1: Compute available addresses ──
-        for (_port, bind) in host.bindings.iter_mut() {
-            if !bind.enabled {
-                continue;
-            }
-            if bind.net.assigned_port.is_none() && bind.net.assigned_ssl_port.is_none() {
-                continue;
-            }
-
-            bind.addresses.available.clear();
-
-            // Domain port: non-SSL port for domains (secure-filtered, gateway-independent)
-            let domain_base_port = bind.net.assigned_port.filter(|_| {
-                bind.options
-                    .secure
-                    .map_or(false, |s| !s.ssl || bind.options.add_ssl.is_none())
-            });
-            let (domain_port, domain_ssl_port) = if bind
-                .options
-                .add_ssl
-                .as_ref()
-                .map_or(false, |ssl| ssl.preferred_external_port == 443)
-            {
-                (None, Some(443))
-            } else {
-                (domain_base_port, bind.net.assigned_ssl_port)
-            };
-
-            // Domain addresses
-            for HostAddress {
-                address, public, ..
-            } in host_addresses.iter().cloned()
-            {
-                // Public domain entry
-                if let Some(pub_config) = &public {
-                    let metadata = HostnameMetadata::PublicDomain {
-                        gateway: pub_config.gateway.clone(),
-                    };
-                    if let Some(p) = domain_port {
-                        bind.addresses.available.insert(HostnameInfo {
-                            ssl: false,
-                            public: true,
-                            host: address.clone(),
-                            port: Some(p),
-                            metadata: metadata.clone(),
-                        });
-                    }
-                    if let Some(sp) = domain_ssl_port {
-                        bind.addresses.available.insert(HostnameInfo {
-                            ssl: true,
-                            public: true,
-                            host: address.clone(),
-                            port: Some(sp),
-                            metadata,
-                        });
-                    }
-                }
-                // Private domain entry
-                if let Some(gateways) = host.private_domains.get(&address) {
-                    if !gateways.is_empty() {
-                        let metadata = HostnameMetadata::PrivateDomain {
-                            gateways: gateways.clone(),
-                        };
-                        if let Some(p) = domain_port {
-                            bind.addresses.available.insert(HostnameInfo {
-                                ssl: false,
-                                public: false,
-                                host: address.clone(),
-                                port: Some(p),
-                                metadata: metadata.clone(),
-                            });
-                        }
-                        if let Some(sp) = domain_ssl_port {
-                            bind.addresses.available.insert(HostnameInfo {
-                                ssl: true,
-                                public: false,
-                                host: address.clone(),
-                                port: Some(sp),
-                                metadata,
-                            });
-                        }
-                    }
-                }
-            }
-
-            // IP addresses (per-gateway)
-            for (gateway_id, info) in net_ifaces
-                .iter()
-                .filter(|(_, info)| {
-                    info.ip_info.as_ref().map_or(false, |i| {
-                        !matches!(i.device_type, Some(NetworkInterfaceType::Bridge))
-                    })
-                })
-                .filter(|(_, info)| info.ip_info.is_some())
-            {
-                let port = bind.net.assigned_port.filter(|_| {
-                    bind.options.secure.map_or(false, |s| {
-                        !(s.ssl && bind.options.add_ssl.is_some()) || info.secure()
-                    })
-                });
-
-                if let Some(ip_info) = &info.ip_info {
-                    let public = info.public();
-                    // WAN IP (public)
-                    if let Some(wan_ip) = ip_info.wan_ip {
-                        let host_str = InternedString::from_display(&wan_ip);
-                        if let Some(p) = port {
-                            bind.addresses.available.insert(HostnameInfo {
-                                ssl: false,
-                                public: true,
-                                host: host_str.clone(),
-                                port: Some(p),
-                                metadata: HostnameMetadata::Ipv4 {
-                                    gateway: gateway_id.clone(),
-                                },
-                            });
-                        }
-                        if let Some(sp) = bind.net.assigned_ssl_port {
-                            bind.addresses.available.insert(HostnameInfo {
-                                ssl: true,
-                                public: true,
-                                host: host_str,
-                                port: Some(sp),
-                                metadata: HostnameMetadata::Ipv4 {
-                                    gateway: gateway_id.clone(),
-                                },
-                            });
-                        }
-                    }
-                    // Subnet IPs
-                    for ipnet in &ip_info.subnets {
-                        match ipnet {
-                            IpNet::V4(net) => {
-                                if !public {
-                                    let host_str = InternedString::from_display(&net.addr());
-                                    if let Some(p) = port {
-                                        bind.addresses.available.insert(HostnameInfo {
-                                            ssl: false,
-                                            public: false,
-                                            host: host_str.clone(),
-                                            port: Some(p),
-                                            metadata: HostnameMetadata::Ipv4 {
-                                                gateway: gateway_id.clone(),
-                                            },
-                                        });
-                                    }
-                                    if let Some(sp) = bind.net.assigned_ssl_port {
-                                        bind.addresses.available.insert(HostnameInfo {
-                                            ssl: true,
-                                            public: false,
-                                            host: host_str,
-                                            port: Some(sp),
-                                            metadata: HostnameMetadata::Ipv4 {
-                                                gateway: gateway_id.clone(),
-                                            },
-                                        });
-                                    }
-                                }
-                            }
-                            IpNet::V6(net) => {
-                                let is_public = public && !ipv6_is_local(net.addr());
-                                let host_str = InternedString::from_display(&net.addr());
-                                if let Some(p) = port {
-                                    bind.addresses.available.insert(HostnameInfo {
-                                        ssl: false,
-                                        public: is_public,
-                                        host: host_str.clone(),
-                                        port: Some(p),
-                                        metadata: HostnameMetadata::Ipv6 {
-                                            gateway: gateway_id.clone(),
-                                            scope_id: ip_info.scope_id,
-                                        },
-                                    });
-                                }
-                                if let Some(sp) = bind.net.assigned_ssl_port {
-                                    bind.addresses.available.insert(HostnameInfo {
-                                        ssl: true,
-                                        public: is_public,
-                                        host: host_str,
-                                        port: Some(sp),
-                                        metadata: HostnameMetadata::Ipv6 {
-                                            gateway: gateway_id.clone(),
-                                            scope_id: ip_info.scope_id,
-                                        },
-                                    });
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-        }
-
-        // ── Phase 2: Build controller entries from enabled addresses ──
+        // ── Build controller entries from enabled addresses ──
         for (port, bind) in host.bindings.iter() {
             if !bind.enabled {
                 continue;
@@ -685,74 +422,16 @@ impl NetServiceData {
         }
         ctrl.dns.gc_private_domains(&rm)?;
 
-        let res = ctrl
-            .db
-            .mutate(|db| {
-                let bindings = host_for(db, self.id.as_ref(), &id)?.as_bindings_mut();
-                for (port, bind) in host.bindings.0 {
-                    if let Some(b) = bindings.as_idx_mut(&port) {
-                        b.as_addresses_mut()
-                            .as_available_mut()
-                            .ser(&bind.addresses.available)?;
-                    }
-                }
-                Ok(())
-            })
-            .await;
-        res.result?;
-        if let Some(pkg_id) = self.id.as_ref() {
-            if res.revision.is_some() {
-                if let Some(cbs) = ctrl.callbacks.get_host_info(&(pkg_id.clone(), id)) {
-                    cbs.call(vector![]).await?;
-                }
-            }
-        }
         Ok(())
     }
 
-    async fn update_all(&mut self) -> Result<(), Error> {
-        let ctrl = self.net_controller()?;
-        if let Some(id) = self.id.clone() {
-            for (host_id, host) in ctrl
-                .db
-                .peek()
-                .await
-                .as_public()
-                .as_package_data()
-                .as_idx(&id)
-                .or_not_found(&id)?
-                .as_hosts()
-                .as_entries()?
-            {
-                tracing::info!("Updating host {host_id} for {id}");
-                self.update(&*ctrl, host_id.clone(), host.de()?).await?;
-                tracing::info!("Updated host {host_id} for {id}");
-            }
-        } else {
-            tracing::info!("Updating host for Main UI");
-            self.update(
-                &*ctrl,
-                HostId::default(),
-                ctrl.db
-                    .peek()
-                    .await
-                    .as_public()
-                    .as_server_info()
-                    .as_network()
-                    .as_host()
-                    .de()?,
-            )
-            .await?;
-            tracing::info!("Updated host for Main UI");
-        }
-        Ok(())
-    }
 }
 
 pub struct NetService {
     shutdown: bool,
     data: Arc<Mutex<NetServiceData>>,
     sync_task: JoinHandle<()>,
+    synced: Watch<u64>,
 }
 impl NetService {
     fn dummy() -> Self {
@@ -766,26 +445,79 @@ impl NetService {
                 binds: BTreeMap::new(),
             })),
             sync_task: tokio::spawn(futures::future::ready(())),
+            synced: Watch::new(0u64),
         }
     }
 
     fn new(data: NetServiceData) -> Result<Self, Error> {
-        let mut ip_info = data.net_controller()?.net_iface.watcher.subscribe();
+        let ctrl = data.net_controller()?;
+        let pkg_id = data.id.clone();
+        let db = ctrl.db.clone();
+        drop(ctrl);
+
+        let synced = Watch::new(0u64);
+        let synced_writer = synced.clone();
+
         let data = Arc::new(Mutex::new(data));
         let thread_data = data.clone();
+
         let sync_task = tokio::spawn(async move {
-            loop {
-                if let Err(e) = thread_data.lock().await.update_all().await {
-                    tracing::error!("Failed to update network info: {e}");
-                    tracing::debug!("{e:?}");
+            if let Some(ref id) = pkg_id {
+                let ptr: JsonPointer = format!("/public/packageData/{}/hosts", id)
+                    .parse()
+                    .unwrap();
+                let mut watch = db.watch(ptr).await.typed::<Hosts>();
+                loop {
+                    if let Err(e) = watch.changed().await {
+                        tracing::error!("DB watch disconnected for {id}: {e}");
+                        break;
+                    }
+                    if let Err(e) = async {
+                        let hosts = watch.peek()?.de()?;
+                        let mut data = thread_data.lock().await;
+                        let ctrl = data.net_controller()?;
+                        for (host_id, host) in hosts.0 {
+                            data.update(&*ctrl, host_id, host).await?;
+                        }
+                        Ok::<_, Error>(())
+                    }
+                    .await
+                    {
+                        tracing::error!("Failed to update network info for {id}: {e}");
+                        tracing::debug!("{e:?}");
+                    }
+                    synced_writer.send_modify(|v| *v += 1);
+                }
+            } else {
+                let ptr: JsonPointer = "/public/serverInfo/network/host".parse().unwrap();
+                let mut watch = db.watch(ptr).await.typed::<Host>();
+                loop {
+                    if let Err(e) = watch.changed().await {
+                        tracing::error!("DB watch disconnected for Main UI: {e}");
+                        break;
+                    }
+                    if let Err(e) = async {
+                        let host = watch.peek()?.de()?;
+                        let mut data = thread_data.lock().await;
+                        let ctrl = data.net_controller()?;
+                        data.update(&*ctrl, HostId::default(), host).await?;
+                        Ok::<_, Error>(())
+                    }
+                    .await
+                    {
+                        tracing::error!("Failed to update network info for Main UI: {e}");
+                        tracing::debug!("{e:?}");
+                    }
+                    synced_writer.send_modify(|v| *v += 1);
                 }
-                ip_info.changed().await;
             }
         });
+
         Ok(Self {
             shutdown: false,
             data,
             sync_task,
+            synced,
         })
     }
 
@@ -795,60 +527,113 @@ impl NetService {
         internal_port: u16,
         options: BindOptions,
     ) -> Result<(), Error> {
-        let mut data = self.data.lock().await;
-        let pkg_id = &data.id;
-        let ctrl = data.net_controller()?;
-        let host = ctrl
-            .db
+        let (ctrl, pkg_id) = {
+            let data = self.data.lock().await;
+            (data.net_controller()?, data.id.clone())
+        };
+        ctrl.db
             .mutate(|db| {
+                let gateways = db
+                    .as_public()
+                    .as_server_info()
+                    .as_network()
+                    .as_gateways()
+                    .de()?;
                 let mut ports = db.as_private().as_available_ports().de()?;
                 let host = host_for(db, pkg_id.as_ref(), &id)?;
                 host.add_binding(&mut ports, internal_port, options)?;
-                let host = host.de()?;
+                host.update_addresses(&gateways, &ports)?;
                 db.as_private_mut().as_available_ports_mut().ser(&ports)?;
-                Ok(host)
+                Ok(())
             })
             .await
-            .result?;
-        data.update(&*ctrl, id, host).await
+            .result
     }
 
     pub async fn clear_bindings(&self, except: BTreeSet<BindId>) -> Result<(), Error> {
-        let mut data = self.data.lock().await;
-        let ctrl = data.net_controller()?;
-        data.clear_bindings(&*ctrl, except).await
+        let (ctrl, pkg_id) = {
+            let data = self.data.lock().await;
+            (data.net_controller()?, data.id.clone())
+        };
+        ctrl.db
+            .mutate(|db| {
+                let gateways = db
+                    .as_public()
+                    .as_server_info()
+                    .as_network()
+                    .as_gateways()
+                    .de()?;
+                let ports = db.as_private().as_available_ports().de()?;
+                if let Some(ref pkg_id) = pkg_id {
+                    for (host_id, host) in db
+                        .as_public_mut()
+                        .as_package_data_mut()
+                        .as_idx_mut(pkg_id)
+                        .or_not_found(pkg_id)?
+                        .as_hosts_mut()
+                        .as_entries_mut()?
+                    {
+                        host.as_bindings_mut().mutate(|b| {
+                            for (internal_port, info) in b.iter_mut() {
+                                if !except.contains(&BindId {
+                                    id: host_id.clone(),
+                                    internal_port: *internal_port,
+                                }) {
+                                    info.disable();
+                                }
+                            }
+                            Ok(())
+                        })?;
+                        host.update_addresses(&gateways, &ports)?;
+                    }
+                } else {
+                    let host = db
+                        .as_public_mut()
+                        .as_server_info_mut()
+                        .as_network_mut()
+                        .as_host_mut();
+                    host.as_bindings_mut().mutate(|b| {
+                        for (internal_port, info) in b.iter_mut() {
+                            if !except.contains(&BindId {
+                                id: HostId::default(),
+                                internal_port: *internal_port,
+                            }) {
+                                info.disable();
+                            }
+                        }
+                        Ok(())
+                    })?;
+                    host.update_addresses(&gateways, &ports)?;
+                }
+                Ok(())
+            })
+            .await
+            .result
     }
 
-    pub async fn update(&self, id: HostId, host: Host) -> Result<(), Error> {
-        let mut data = self.data.lock().await;
-        let ctrl = data.net_controller()?;
-        data.update(&*ctrl, id, host).await
-    }
-
-    pub async fn sync_host(&self, id: HostId) -> Result<(), Error> {
-        let mut data = self.data.lock().await;
-        let ctrl = data.net_controller()?;
-        let host = host_for(&mut ctrl.db.peek().await, data.id.as_ref(), &id)?.de()?;
-        data.update(&*ctrl, id, host).await
+    pub async fn sync_host(&self, _id: HostId) -> Result<(), Error> {
+        let current = self.synced.peek(|v| *v);
+        let mut w = self.synced.clone();
+        w.wait_for(|v| *v > current).await;
+        Ok(())
     }
 
     pub async fn remove_all(mut self) -> Result<(), Error> {
-        self.sync_task.abort();
-        let mut data = self.data.lock().await;
-        if let Some(ctrl) = Weak::upgrade(&data.controller) {
-            self.shutdown = true;
-            data.clear_bindings(&*ctrl, Default::default()).await?;
-
-            drop(ctrl);
-            Ok(())
-        } else {
+        if Weak::upgrade(&self.data.lock().await.controller).is_none() {
             self.shutdown = true;
             tracing::warn!("NetService dropped after NetController is shutdown");
-            Err(Error::new(
+            return Err(Error::new(
                 eyre!("NetController is shutdown"),
                 crate::ErrorKind::Network,
-            ))
+            ));
         }
+        let current = self.synced.peek(|v| *v);
+        self.clear_bindings(Default::default()).await?;
+        let mut w = self.synced.clone();
+        w.wait_for(|v| *v > current).await;
+        self.sync_task.abort();
+        self.shutdown = true;
+        Ok(())
     }
 
     pub async fn get_ip(&self) -> Ipv4Addr {
diff --git a/core/src/net/service_interface.rs b/core/src/net/service_interface.rs
index 6a1fb9009..73a201326 100644
--- a/core/src/net/service_interface.rs
+++ b/core/src/net/service_interface.rs
@@ -41,6 +41,7 @@ pub enum HostnameMetadata {
     Plugin {
         package: PackageId,
         #[serde(flatten)]
+        #[ts(skip)]
         extra: InOMap<InternedString, Value>,
     },
 }
diff --git a/core/src/net/static_server.rs b/core/src/net/static_server.rs
index 08af326b6..1ec528828 100644
--- a/core/src/net/static_server.rs
+++ b/core/src/net/static_server.rs
@@ -9,14 +9,14 @@ use async_compression::tokio::bufread::GzipEncoder;
 use axum::Router;
 use axum::body::Body;
 use axum::extract::{self as x, Request};
-use axum::response::{IntoResponse, Redirect, Response};
+use axum::response::{IntoResponse, Response};
 use axum::routing::{any, get};
 use base64::display::Base64Display;
 use digest::Digest;
 use futures::future::ready;
 use http::header::{
     ACCEPT_ENCODING, ACCEPT_RANGES, CACHE_CONTROL, CONNECTION, CONTENT_ENCODING, CONTENT_LENGTH,
-    CONTENT_RANGE, CONTENT_TYPE, ETAG, HOST, RANGE,
+    CONTENT_RANGE, CONTENT_TYPE, ETAG, RANGE,
 };
 use http::request::Parts as RequestParts;
 use http::{HeaderValue, Method, StatusCode};
@@ -36,8 +36,6 @@ use crate::middleware::auth::Auth;
 use crate::middleware::auth::session::ValidSessionToken;
 use crate::middleware::cors::Cors;
 use crate::middleware::db::SyncDb;
-use crate::net::gateway::GatewayInfo;
-use crate::net::tls::TlsHandshakeInfo;
 use crate::prelude::*;
 use crate::rpc_continuations::{Guid, RpcContinuations};
 use crate::s9pk::S9pk;
@@ -89,30 +87,6 @@ impl UiContext for RpcContext {
             .middleware(SyncDb::new())
     }
     fn extend_router(self, router: Router) -> Router {
-        async fn https_redirect_if_public_http(
-            req: Request,
-            next: axum::middleware::Next,
-        ) -> Response {
-            if req
-                .extensions()
-                .get::<GatewayInfo>()
-                .map_or(false, |p| p.info.public())
-                && req.extensions().get::<TlsHandshakeInfo>().is_none()
-            {
-                Redirect::temporary(&format!(
-                    "https://{}{}",
-                    req.headers()
-                        .get(HOST)
-                        .and_then(|s| s.to_str().ok())
-                        .unwrap_or("localhost"),
-                    req.uri()
-                ))
-                .into_response()
-            } else {
-                next.run(req).await
-            }
-        }
-
         router
             .route("/proxy/{url}", {
                 let ctx = self.clone();
@@ -136,7 +110,6 @@ impl UiContext for RpcContext {
                     }
                 }),
             )
-            .layer(axum::middleware::from_fn(https_redirect_if_public_http))
     }
 }
 
diff --git a/core/src/net/tunnel.rs b/core/src/net/tunnel.rs
index 3c782a10e..61b977f3c 100644
--- a/core/src/net/tunnel.rs
+++ b/core/src/net/tunnel.rs
@@ -175,10 +175,13 @@ pub async fn remove_tunnel(
 
     ctx.db
         .mutate(|db| {
+            let gateways = db.as_public().as_server_info().as_network().as_gateways().de()?;
+            let ports = db.as_private().as_available_ports().de()?;
             for host in all_hosts(db) {
                 let host = host?;
                 host.as_public_domains_mut()
                     .mutate(|p| Ok(p.retain(|_, v| v.gateway != id)))?;
+                host.update_addresses(&gateways, &ports)?;
             }
 
             Ok(())
@@ -190,6 +193,8 @@ pub async fn remove_tunnel(
 
     ctx.db
         .mutate(|db| {
+            let gateways = db.as_public().as_server_info().as_network().as_gateways().de()?;
+            let ports = db.as_private().as_available_ports().de()?;
             for host in all_hosts(db) {
                 let host = host?;
                 host.as_private_domains_mut().mutate(|d| {
@@ -199,6 +204,7 @@ pub async fn remove_tunnel(
                     d.retain(|_, gateways| !gateways.is_empty());
                     Ok(())
                 })?;
+                host.update_addresses(&gateways, &ports)?;
             }
 
             Ok(())
diff --git a/core/src/service/effects/callbacks.rs b/core/src/service/effects/callbacks.rs
index c86773095..58d6cd8ff 100644
--- a/core/src/service/effects/callbacks.rs
+++ b/core/src/service/effects/callbacks.rs
@@ -11,6 +11,9 @@ use serde::{Deserialize, Serialize};
 use tracing::warn;
 use ts_rs::TS;
 
+use patch_db::json_ptr::JsonPointer;
+
+use crate::db::model::Database;
 use crate::net::ssl::FullchainCertData;
 use crate::prelude::*;
 use crate::service::effects::context::EffectContext;
@@ -29,7 +32,7 @@ struct ServiceCallbackMap {
     get_service_interface: BTreeMap<(PackageId, ServiceInterfaceId), Vec<CallbackHandler>>,
     list_service_interfaces: BTreeMap<PackageId, Vec<CallbackHandler>>,
     get_system_smtp: Vec<CallbackHandler>,
-    get_host_info: BTreeMap<(PackageId, HostId), Vec<CallbackHandler>>,
+    get_host_info: BTreeMap<(PackageId, HostId), (NonDetachingJoinHandle<()>, Vec<CallbackHandler>)>,
     get_ssl_certificate: EqMap<
         (BTreeSet<InternedString>, FullchainCertData, Algorithm),
         (NonDetachingJoinHandle<()>, Vec<CallbackHandler>),
@@ -57,7 +60,7 @@ impl ServiceCallbacks {
             });
             this.get_system_smtp
                 .retain(|h| h.handle.is_active() && h.seed.strong_count() > 0);
-            this.get_host_info.retain(|_, v| {
+            this.get_host_info.retain(|_, (_, v)| {
                 v.retain(|h| h.handle.is_active() && h.seed.strong_count() > 0);
                 !v.is_empty()
             });
@@ -141,29 +144,57 @@ impl ServiceCallbacks {
     }
 
     pub(super) fn add_get_host_info(
-        &self,
+        self: &Arc<Self>,
+        db: &TypedPatchDb<Database>,
         package_id: PackageId,
         host_id: HostId,
         handler: CallbackHandler,
     ) {
         self.mutate(|this| {
             this.get_host_info
-                .entry((package_id, host_id))
-                .or_default()
+                .entry((package_id.clone(), host_id.clone()))
+                .or_insert_with(|| {
+                    let ptr: JsonPointer = format!(
+                        "/public/packageData/{}/hosts/{}",
+                        package_id, host_id
+                    )
+                    .parse()
+                    .expect("valid json pointer");
+                    let db = db.clone();
+                    let callbacks = Arc::clone(self);
+                    let key = (package_id, host_id);
+                    (
+                        tokio::spawn(async move {
+                            let mut sub = db.subscribe(ptr).await;
+                            while sub.recv().await.is_some() {
+                                if let Some(cbs) = callbacks.mutate(|this| {
+                                    this.get_host_info
+                                        .remove(&key)
+                                        .map(|(_, handlers)| CallbackHandlers(handlers))
+                                        .filter(|cb| !cb.0.is_empty())
+                                }) {
+                                    if let Err(e) = cbs.call(vector![]).await {
+                                        tracing::error!(
+                                            "Error in host info callback: {e}"
+                                        );
+                                        tracing::debug!("{e:?}");
+                                    }
+                                }
+                                // entry was removed when we consumed handlers,
+                                // so stop watching — a new subscription will be
+                                // created if the service re-registers
+                                break;
+                            }
+                        })
+                        .into(),
+                        Vec::new(),
+                    )
+                })
+                .1
                 .push(handler);
         })
     }
 
-    #[must_use]
-    pub fn get_host_info(&self, id: &(PackageId, HostId)) -> Option<CallbackHandlers> {
-        self.mutate(|this| {
-            Some(CallbackHandlers(
-                this.get_host_info.remove(id).unwrap_or_default(),
-            ))
-            .filter(|cb| !cb.0.is_empty())
-        })
-    }
-
     pub(super) fn add_get_ssl_certificate(
         &self,
         ctx: EffectContext,
diff --git a/core/src/service/effects/net/host.rs b/core/src/service/effects/net/host.rs
index ebd1b80c8..a20fcf189 100644
--- a/core/src/service/effects/net/host.rs
+++ b/core/src/service/effects/net/host.rs
@@ -29,6 +29,7 @@ pub async fn get_host_info(
     if let Some(callback) = callback {
         let callback = callback.register(&context.seed.persistent_container);
         context.seed.ctx.callbacks.add_get_host_info(
+            &context.seed.ctx.db,
             package_id.clone(),
             host_id.clone(),
             CallbackHandler::new(&context, callback),
diff --git a/core/src/tunnel/api.rs b/core/src/tunnel/api.rs
index 47f9a33e3..ded5fdaa7 100644
--- a/core/src/tunnel/api.rs
+++ b/core/src/tunnel/api.rs
@@ -414,14 +414,11 @@ pub async fn show_config(
                 i.iter().find_map(|(_, info)| {
                     info.ip_info
                         .as_ref()
-                        .filter(|_| info.public())
-                        .iter()
-                        .find_map(|info| info.subnets.iter().next())
-                        .copied()
+                        .and_then(|ip_info| ip_info.wan_ip)
+                        .map(IpAddr::from)
                 })
             })
             .or_not_found("a public IP address")?
-            .addr()
     };
     Ok(client
         .client_config(
diff --git a/sdk/base/lib/osBindings/HostnameMetadata.ts b/sdk/base/lib/osBindings/HostnameMetadata.ts
index fd2ff3a14..67e2d687b 100644
--- a/sdk/base/lib/osBindings/HostnameMetadata.ts
+++ b/sdk/base/lib/osBindings/HostnameMetadata.ts
@@ -7,4 +7,4 @@ export type HostnameMetadata =
   | { kind: 'ipv6'; gateway: GatewayId; scopeId: number }
   | { kind: 'private-domain'; gateways: Array<GatewayId> }
   | { kind: 'public-domain'; gateway: GatewayId }
-  | ({ kind: 'plugin'; package: PackageId } & { [key in string]?: unknown })
+  | { kind: 'plugin'; package: PackageId }
diff --git a/sdk/base/lib/util/getServiceInterface.ts b/sdk/base/lib/util/getServiceInterface.ts
index 6cbf72215..cb86c96c0 100644
--- a/sdk/base/lib/util/getServiceInterface.ts
+++ b/sdk/base/lib/util/getServiceInterface.ts
@@ -49,19 +49,20 @@ type VisibilityFilter<V extends 'public' | 'private'> = V extends 'public'
     : never
 type KindFilter<K extends FilterKinds> = K extends 'mdns'
   ?
-      | (HostnameInfo & { hostname: { kind: 'local' } })
+      | (HostnameInfo & { metadata: { kind: 'private-domain' } })
       | KindFilter<Exclude<K, 'mdns'>>
   : K extends 'domain'
     ?
-        | (HostnameInfo & { hostname: { kind: 'domain' } })
+        | (HostnameInfo & { metadata: { kind: 'private-domain' } })
+        | (HostnameInfo & { metadata: { kind: 'public-domain' } })
         | KindFilter<Exclude<K, 'domain'>>
     : K extends 'ipv4'
       ?
-          | (HostnameInfo & { hostname: { kind: 'ipv4' } })
+          | (HostnameInfo & { metadata: { kind: 'ipv4' } })
           | KindFilter<Exclude<K, 'ipv4'>>
       : K extends 'ipv6'
         ?
-            | (HostnameInfo & { hostname: { kind: 'ipv6' } })
+            | (HostnameInfo & { metadata: { kind: 'ipv6' } })
             | KindFilter<Exclude<K, 'ipv6'>>
         : K extends 'ip'
           ? KindFilter<Exclude<K, 'ip'> | 'ipv4' | 'ipv6'>
@@ -108,10 +109,7 @@ type FormatReturnTy<
 export type Filled<F extends Filter = {}> = {
   hostnames: HostnameInfo[]
 
-  toUrls: (h: HostnameInfo) => {
-    url: UrlString | null
-    sslUrl: UrlString | null
-  }
+  toUrl: (h: HostnameInfo) => UrlString
 
   format: <Format extends Formats = 'urlstring'>(
     format?: Format,
@@ -152,37 +150,29 @@ const unique = <A>(values: A[]) => Array.from(new Set(values))
 export const addressHostToUrl = (
   { scheme, sslScheme, username, suffix }: AddressInfo,
   hostname: HostnameInfo,
-): { url: UrlString | null; sslUrl: UrlString | null } => {
-  const res = []
-  const fmt = (scheme: string | null, host: HostnameInfo, port: number) => {
+): UrlString => {
+  const effectiveScheme = hostname.ssl ? sslScheme : scheme
+  let host: string
+  if (hostname.metadata.kind === 'ipv6') {
+    host = IPV6_LINK_LOCAL.contains(hostname.host)
+      ? `[${hostname.host}%${hostname.metadata.scopeId}]`
+      : `[${hostname.host}]`
+  } else {
+    host = hostname.host
+  }
+  let portStr = ''
+  if (hostname.port !== null) {
     const excludePort =
-      scheme &&
-      scheme in knownProtocols &&
-      port === knownProtocols[scheme as keyof typeof knownProtocols].defaultPort
-    let hostname
-    if (host.hostname.kind === 'domain') {
-      hostname = host.hostname.value
-    } else if (host.hostname.kind === 'ipv6') {
-      hostname = IPV6_LINK_LOCAL.contains(host.hostname.value)
-        ? `[${host.hostname.value}%${host.hostname.scopeId}]`
-        : `[${host.hostname.value}]`
-    } else {
-      hostname = host.hostname.value
-    }
-    return `${scheme ? `${scheme}://` : ''}${
-      username ? `${username}@` : ''
-    }${hostname}${excludePort ? '' : `:${port}`}${suffix}`
+      effectiveScheme &&
+      effectiveScheme in knownProtocols &&
+      hostname.port ===
+        knownProtocols[effectiveScheme as keyof typeof knownProtocols]
+          .defaultPort
+    if (!excludePort) portStr = `:${hostname.port}`
   }
-  let url = null
-  if (hostname.hostname.port !== null) {
-    url = fmt(scheme, hostname, hostname.hostname.port)
-  }
-  let sslUrl = null
-  if (hostname.hostname.sslPort !== null) {
-    sslUrl = fmt(sslScheme, hostname, hostname.hostname.sslPort)
-  }
-
-  return { url, sslUrl }
+  return `${effectiveScheme ? `${effectiveScheme}://` : ''}${
+    username ? `${username}@` : ''
+  }${host}${portStr}${suffix}`
 }
 
 function filterRec(
@@ -209,15 +199,19 @@ function filterRec(
     hostnames = hostnames.filter(
       (h) =>
         invert !==
-        ((kind.has('mdns') && h.hostname.kind === 'local') ||
-          (kind.has('domain') && h.hostname.kind === 'domain') ||
-          (kind.has('ipv4') && h.hostname.kind === 'ipv4') ||
-          (kind.has('ipv6') && h.hostname.kind === 'ipv6') ||
+        ((kind.has('mdns') &&
+          h.metadata.kind === 'private-domain' &&
+          h.host.endsWith('.local')) ||
+          (kind.has('domain') &&
+            (h.metadata.kind === 'private-domain' ||
+              h.metadata.kind === 'public-domain')) ||
+          (kind.has('ipv4') && h.metadata.kind === 'ipv4') ||
+          (kind.has('ipv6') && h.metadata.kind === 'ipv6') ||
           (kind.has('localhost') &&
-            ['localhost', '127.0.0.1', '::1'].includes(h.hostname.value)) ||
+            ['localhost', '127.0.0.1', '::1'].includes(h.host)) ||
           (kind.has('link-local') &&
-            h.hostname.kind === 'ipv6' &&
-            IPV6_LINK_LOCAL.contains(IpAddress.parse(h.hostname.value)))),
+            h.metadata.kind === 'ipv6' &&
+            IPV6_LINK_LOCAL.contains(IpAddress.parse(h.host)))),
     )
   }
 
@@ -226,15 +220,26 @@ function filterRec(
   return hostnames
 }
 
-function isDefaultEnabled(h: HostnameInfo): boolean {
-  return !(h.public && (h.hostname.kind === 'ipv4' || h.hostname.kind === 'ipv6'))
+function isPublicIp(h: HostnameInfo): boolean {
+  return h.public && (h.metadata.kind === 'ipv4' || h.metadata.kind === 'ipv6')
 }
 
 function enabledAddresses(addr: DerivedAddressInfo): HostnameInfo[] {
-  return addr.possible.filter((h) => {
-    if (addr.enabled.some((e) => deepEqual(e, h))) return true
-    if (addr.disabled.some((d) => deepEqual(d, h))) return false
-    return isDefaultEnabled(h)
+  return addr.available.filter((h) => {
+    if (isPublicIp(h)) {
+      // Public IPs: disabled by default, explicitly enabled via SocketAddr string
+      if (h.port === null) return true
+      const sa =
+        h.metadata.kind === 'ipv6'
+          ? `[${h.host}]:${h.port}`
+          : `${h.host}:${h.port}`
+      return addr.enabled.includes(sa)
+    } else {
+      // Everything else: enabled by default, explicitly disabled via [host, port] tuple
+      return !addr.disabled.some(
+        ([host, port]) => host === h.host && port === (h.port ?? 0),
+      )
+    }
   })
 }
 
@@ -242,11 +247,7 @@ export const filledAddress = (
   host: Host,
   addressInfo: AddressInfo,
 ): FilledAddressInfo => {
-  const toUrls = addressHostToUrl.bind(null, addressInfo)
-  const toUrlArray = (h: HostnameInfo) => {
-    const u = toUrls(h)
-    return [u.url, u.sslUrl].filter((u) => u !== null)
-  }
+  const toUrl = addressHostToUrl.bind(null, addressInfo)
   const binding = host.bindings[addressInfo.internalPort]
   const hostnames = binding ? enabledAddresses(binding.addresses) : []
 
@@ -266,11 +267,11 @@ export const filledAddress = (
     return {
       ...addressInfo,
       hostnames,
-      toUrls,
+      toUrl,
       format: <Format extends Formats = 'urlstring'>(format?: Format) => {
         let res: FormatReturnTy<{}, Format>[] = hostnames as any
         if (format === 'hostname-info') return res
-        const urls = hostnames.flatMap(toUrlArray)
+        const urls = hostnames.map(toUrl)
         if (format === 'url') res = urls.map((u) => new URL(u)) as any
         else res = urls as any
         return res
diff --git a/web/package-lock.json b/web/package-lock.json
index 8c72087c8..3a9bfa253 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -116,6 +116,1587 @@
         "rxjs": ">=7.0.0"
       }
     },
+    "../patch-db/client/node_modules/@babel/code-frame": {
+      "version": "7.27.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-validator-identifier": "^7.27.1",
+        "js-tokens": "^4.0.0",
+        "picocolors": "^1.1.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../patch-db/client/node_modules/@babel/helper-validator-identifier": {
+      "version": "7.27.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../patch-db/client/node_modules/@cspotcode/source-map-support": {
+      "version": "0.8.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "0.3.9"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "../patch-db/client/node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.2",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "../patch-db/client/node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.5.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
+    "../patch-db/client/node_modules/@tsconfig/node10": {
+      "version": "1.0.11",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/@tsconfig/node12": {
+      "version": "1.0.11",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/@tsconfig/node14": {
+      "version": "1.0.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/@tsconfig/node16": {
+      "version": "1.0.4",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/@types/node": {
+      "version": "22.15.19",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "undici-types": "~6.21.0"
+      }
+    },
+    "../patch-db/client/node_modules/@types/parse-json": {
+      "version": "4.0.2",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/@types/uuid": {
+      "version": "8.3.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/acorn": {
+      "version": "8.14.1",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "../patch-db/client/node_modules/acorn-walk": {
+      "version": "8.3.4",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "acorn": "^8.11.0"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "../patch-db/client/node_modules/ansi-escapes": {
+      "version": "5.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "type-fest": "^1.0.2"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/ansi-regex": {
+      "version": "6.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/arg": {
+      "version": "4.1.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/argparse": {
+      "version": "1.0.10",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "../patch-db/client/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/brace-expansion": {
+      "version": "1.1.11",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "../patch-db/client/node_modules/braces": {
+      "version": "3.0.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fill-range": "^7.1.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/builtin-modules": {
+      "version": "1.1.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../patch-db/client/node_modules/callsites": {
+      "version": "3.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../patch-db/client/node_modules/chalk": {
+      "version": "4.1.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/ci-info": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/cli-cursor": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "restore-cursor": "^4.0.0"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/cli-truncate": {
+      "version": "3.1.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "slice-ansi": "^5.0.0",
+        "string-width": "^5.0.0"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/color-convert": {
+      "version": "2.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "../patch-db/client/node_modules/color-name": {
+      "version": "1.1.4",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/colorette": {
+      "version": "2.0.20",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/commander": {
+      "version": "11.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "../patch-db/client/node_modules/compare-versions": {
+      "version": "3.6.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/concat-map": {
+      "version": "0.0.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/cosmiconfig": {
+      "version": "7.1.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/parse-json": "^4.0.0",
+        "import-fresh": "^3.2.1",
+        "parse-json": "^5.0.0",
+        "path-type": "^4.0.0",
+        "yaml": "^1.10.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../patch-db/client/node_modules/create-require": {
+      "version": "1.1.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/cross-spawn": {
+      "version": "7.0.6",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "../patch-db/client/node_modules/debug": {
+      "version": "4.3.4",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "2.1.2"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "../patch-db/client/node_modules/diff": {
+      "version": "4.0.2",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.3.1"
+      }
+    },
+    "../patch-db/client/node_modules/eastasianwidth": {
+      "version": "0.2.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/emoji-regex": {
+      "version": "9.2.2",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/error-ex": {
+      "version": "1.3.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-arrayish": "^0.2.1"
+      }
+    },
+    "../patch-db/client/node_modules/escape-string-regexp": {
+      "version": "1.0.5",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "../patch-db/client/node_modules/esprima": {
+      "version": "4.0.1",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../patch-db/client/node_modules/eventemitter3": {
+      "version": "5.0.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/execa": {
+      "version": "7.2.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cross-spawn": "^7.0.3",
+        "get-stream": "^6.0.1",
+        "human-signals": "^4.3.0",
+        "is-stream": "^3.0.0",
+        "merge-stream": "^2.0.0",
+        "npm-run-path": "^5.1.0",
+        "onetime": "^6.0.0",
+        "signal-exit": "^3.0.7",
+        "strip-final-newline": "^3.0.0"
+      },
+      "engines": {
+        "node": "^14.18.0 || ^16.14.0 || >=18.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/execa?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/fill-range": {
+      "version": "7.1.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/find-up": {
+      "version": "5.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "locate-path": "^6.0.0",
+        "path-exists": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/find-versions": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver-regex": "^3.1.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/fs.realpath": {
+      "version": "1.0.0",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../patch-db/client/node_modules/function-bind": {
+      "version": "1.1.2",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "../patch-db/client/node_modules/get-stream": {
+      "version": "6.0.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/glob": {
+      "version": "7.2.3",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.1.1",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "../patch-db/client/node_modules/has-flag": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/hasown": {
+      "version": "2.0.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "../patch-db/client/node_modules/human-signals": {
+      "version": "4.3.1",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=14.18.0"
+      }
+    },
+    "../patch-db/client/node_modules/husky": {
+      "version": "4.3.8",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "dependencies": {
+        "chalk": "^4.0.0",
+        "ci-info": "^2.0.0",
+        "compare-versions": "^3.6.0",
+        "cosmiconfig": "^7.0.0",
+        "find-versions": "^4.0.0",
+        "opencollective-postinstall": "^2.0.2",
+        "pkg-dir": "^5.0.0",
+        "please-upgrade-node": "^3.2.0",
+        "slash": "^3.0.0",
+        "which-pm-runs": "^1.0.0"
+      },
+      "bin": {
+        "husky-run": "bin/run.js",
+        "husky-upgrade": "lib/upgrader/bin.js"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/husky"
+      }
+    },
+    "../patch-db/client/node_modules/import-fresh": {
+      "version": "3.3.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "parent-module": "^1.0.0",
+        "resolve-from": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/inflight": {
+      "version": "1.0.6",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "../patch-db/client/node_modules/inherits": {
+      "version": "2.0.4",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../patch-db/client/node_modules/is-arrayish": {
+      "version": "0.2.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/is-core-module": {
+      "version": "2.16.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "../patch-db/client/node_modules/is-fullwidth-code-point": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/is-number": {
+      "version": "7.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "../patch-db/client/node_modules/is-stream": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/isexe": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../patch-db/client/node_modules/js-tokens": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/js-yaml": {
+      "version": "3.14.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "../patch-db/client/node_modules/json-parse-even-better-errors": {
+      "version": "2.3.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/lilconfig": {
+      "version": "2.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../patch-db/client/node_modules/lines-and-columns": {
+      "version": "1.2.4",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/lint-staged": {
+      "version": "13.3.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chalk": "5.3.0",
+        "commander": "11.0.0",
+        "debug": "4.3.4",
+        "execa": "7.2.0",
+        "lilconfig": "2.1.0",
+        "listr2": "6.6.1",
+        "micromatch": "4.0.5",
+        "pidtree": "0.6.0",
+        "string-argv": "0.3.2",
+        "yaml": "2.3.1"
+      },
+      "bin": {
+        "lint-staged": "bin/lint-staged.js"
+      },
+      "engines": {
+        "node": "^16.14.0 || >=18.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/lint-staged"
+      }
+    },
+    "../patch-db/client/node_modules/lint-staged/node_modules/chalk": {
+      "version": "5.3.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^12.17.0 || ^14.13 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/lint-staged/node_modules/yaml": {
+      "version": "2.3.1",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "../patch-db/client/node_modules/listr2": {
+      "version": "6.6.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cli-truncate": "^3.1.0",
+        "colorette": "^2.0.20",
+        "eventemitter3": "^5.0.1",
+        "log-update": "^5.0.1",
+        "rfdc": "^1.3.0",
+        "wrap-ansi": "^8.1.0"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      },
+      "peerDependencies": {
+        "enquirer": ">= 2.3.0 < 3"
+      },
+      "peerDependenciesMeta": {
+        "enquirer": {
+          "optional": true
+        }
+      }
+    },
+    "../patch-db/client/node_modules/locate-path": {
+      "version": "6.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-locate": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/log-update": {
+      "version": "5.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-escapes": "^5.0.0",
+        "cli-cursor": "^4.0.0",
+        "slice-ansi": "^5.0.0",
+        "strip-ansi": "^7.0.1",
+        "wrap-ansi": "^8.0.1"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/make-error": {
+      "version": "1.3.6",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../patch-db/client/node_modules/merge-stream": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/micromatch": {
+      "version": "4.0.5",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "braces": "^3.0.2",
+        "picomatch": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=8.6"
+      }
+    },
+    "../patch-db/client/node_modules/mimic-fn": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/minimatch": {
+      "version": "3.1.2",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "../patch-db/client/node_modules/minimist": {
+      "version": "1.2.8",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "../patch-db/client/node_modules/mkdirp": {
+      "version": "0.5.6",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "minimist": "^1.2.6"
+      },
+      "bin": {
+        "mkdirp": "bin/cmd.js"
+      }
+    },
+    "../patch-db/client/node_modules/ms": {
+      "version": "2.1.2",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/npm-run-path": {
+      "version": "5.3.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "path-key": "^4.0.0"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/npm-run-path/node_modules/path-key": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/once": {
+      "version": "1.4.0",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "wrappy": "1"
+      }
+    },
+    "../patch-db/client/node_modules/onetime": {
+      "version": "6.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mimic-fn": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/opencollective-postinstall": {
+      "version": "2.0.3",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "opencollective-postinstall": "index.js"
+      }
+    },
+    "../patch-db/client/node_modules/p-limit": {
+      "version": "3.1.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "yocto-queue": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/p-locate": {
+      "version": "5.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-limit": "^3.0.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/parent-module": {
+      "version": "1.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "callsites": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../patch-db/client/node_modules/parse-json": {
+      "version": "5.2.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.0.0",
+        "error-ex": "^1.3.1",
+        "json-parse-even-better-errors": "^2.3.0",
+        "lines-and-columns": "^1.1.6"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/path-exists": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/path-is-absolute": {
+      "version": "1.0.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../patch-db/client/node_modules/path-key": {
+      "version": "3.1.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/path-parse": {
+      "version": "1.0.7",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/path-type": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/picocolors": {
+      "version": "1.1.1",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../patch-db/client/node_modules/picomatch": {
+      "version": "2.3.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "../patch-db/client/node_modules/pidtree": {
+      "version": "0.6.0",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "pidtree": "bin/pidtree.js"
+      },
+      "engines": {
+        "node": ">=0.10"
+      }
+    },
+    "../patch-db/client/node_modules/pkg-dir": {
+      "version": "5.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "find-up": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../patch-db/client/node_modules/please-upgrade-node": {
+      "version": "3.2.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver-compare": "^1.0.0"
+      }
+    },
+    "../patch-db/client/node_modules/prettier": {
+      "version": "3.5.3",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "prettier": "bin/prettier.cjs"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/prettier/prettier?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/resolve": {
+      "version": "1.22.10",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-core-module": "^2.16.0",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      },
+      "bin": {
+        "resolve": "bin/resolve"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "../patch-db/client/node_modules/resolve-from": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../patch-db/client/node_modules/restore-cursor": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "onetime": "^5.1.0",
+        "signal-exit": "^3.0.2"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/restore-cursor/node_modules/mimic-fn": {
+      "version": "2.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../patch-db/client/node_modules/restore-cursor/node_modules/onetime": {
+      "version": "5.1.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mimic-fn": "^2.1.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/rfdc": {
+      "version": "1.4.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/rxjs": {
+      "version": "7.8.2",
+      "license": "Apache-2.0",
+      "peer": true,
+      "dependencies": {
+        "tslib": "^2.1.0"
+      }
+    },
+    "../patch-db/client/node_modules/semver": {
+      "version": "5.7.2",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver"
+      }
+    },
+    "../patch-db/client/node_modules/semver-compare": {
+      "version": "1.0.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/semver-regex": {
+      "version": "3.1.4",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/shebang-command": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "shebang-regex": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/shebang-regex": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/signal-exit": {
+      "version": "3.0.7",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../patch-db/client/node_modules/slash": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/slice-ansi": {
+      "version": "5.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^6.0.0",
+        "is-fullwidth-code-point": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/slice-ansi?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/slice-ansi/node_modules/ansi-styles": {
+      "version": "6.2.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/sorted-btree": {
+      "version": "1.5.0",
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/sprintf-js": {
+      "version": "1.0.3",
+      "dev": true,
+      "license": "BSD-3-Clause"
+    },
+    "../patch-db/client/node_modules/string-argv": {
+      "version": "0.3.2",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.6.19"
+      }
+    },
+    "../patch-db/client/node_modules/string-width": {
+      "version": "5.1.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "eastasianwidth": "^0.2.0",
+        "emoji-regex": "^9.2.2",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/strip-ansi": {
+      "version": "7.1.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/strip-final-newline": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/supports-color": {
+      "version": "7.2.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../patch-db/client/node_modules/supports-preserve-symlinks-flag": {
+      "version": "1.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "../patch-db/client/node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
+    "../patch-db/client/node_modules/ts-node": {
+      "version": "10.9.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@cspotcode/source-map-support": "^0.8.0",
+        "@tsconfig/node10": "^1.0.7",
+        "@tsconfig/node12": "^1.0.7",
+        "@tsconfig/node14": "^1.0.0",
+        "@tsconfig/node16": "^1.0.2",
+        "acorn": "^8.4.1",
+        "acorn-walk": "^8.1.1",
+        "arg": "^4.1.0",
+        "create-require": "^1.1.0",
+        "diff": "^4.0.1",
+        "make-error": "^1.1.1",
+        "v8-compile-cache-lib": "^3.0.1",
+        "yn": "3.1.1"
+      },
+      "bin": {
+        "ts-node": "dist/bin.js",
+        "ts-node-cwd": "dist/bin-cwd.js",
+        "ts-node-esm": "dist/bin-esm.js",
+        "ts-node-script": "dist/bin-script.js",
+        "ts-node-transpile-only": "dist/bin-transpile.js",
+        "ts-script": "dist/bin-script-deprecated.js"
+      },
+      "peerDependencies": {
+        "@swc/core": ">=1.2.50",
+        "@swc/wasm": ">=1.2.50",
+        "@types/node": "*",
+        "typescript": ">=2.7"
+      },
+      "peerDependenciesMeta": {
+        "@swc/core": {
+          "optional": true
+        },
+        "@swc/wasm": {
+          "optional": true
+        }
+      }
+    },
+    "../patch-db/client/node_modules/tslib": {
+      "version": "2.8.1",
+      "license": "0BSD"
+    },
+    "../patch-db/client/node_modules/tslint": {
+      "version": "6.1.3",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@babel/code-frame": "^7.0.0",
+        "builtin-modules": "^1.1.1",
+        "chalk": "^2.3.0",
+        "commander": "^2.12.1",
+        "diff": "^4.0.1",
+        "glob": "^7.1.1",
+        "js-yaml": "^3.13.1",
+        "minimatch": "^3.0.4",
+        "mkdirp": "^0.5.3",
+        "resolve": "^1.3.2",
+        "semver": "^5.3.0",
+        "tslib": "^1.13.0",
+        "tsutils": "^2.29.0"
+      },
+      "bin": {
+        "tslint": "bin/tslint"
+      },
+      "engines": {
+        "node": ">=4.8.0"
+      },
+      "peerDependencies": {
+        "typescript": ">=2.3.0-dev || >=2.4.0-dev || >=2.5.0-dev || >=2.6.0-dev || >=2.7.0-dev || >=2.8.0-dev || >=2.9.0-dev || >=3.0.0-dev || >= 3.1.0-dev || >= 3.2.0-dev || >= 4.0.0-dev"
+      }
+    },
+    "../patch-db/client/node_modules/tslint/node_modules/ansi-styles": {
+      "version": "3.2.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^1.9.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../patch-db/client/node_modules/tslint/node_modules/chalk": {
+      "version": "2.4.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../patch-db/client/node_modules/tslint/node_modules/color-convert": {
+      "version": "1.9.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "1.1.3"
+      }
+    },
+    "../patch-db/client/node_modules/tslint/node_modules/color-name": {
+      "version": "1.1.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/tslint/node_modules/commander": {
+      "version": "2.20.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/tslint/node_modules/has-flag": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../patch-db/client/node_modules/tslint/node_modules/supports-color": {
+      "version": "5.5.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../patch-db/client/node_modules/tslint/node_modules/tslib": {
+      "version": "1.14.1",
+      "dev": true,
+      "license": "0BSD"
+    },
+    "../patch-db/client/node_modules/tsutils": {
+      "version": "2.29.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tslib": "^1.8.1"
+      },
+      "peerDependencies": {
+        "typescript": ">=2.1.0 || >=2.1.0-dev || >=2.2.0-dev || >=2.3.0-dev || >=2.4.0-dev || >=2.5.0-dev || >=2.6.0-dev || >=2.7.0-dev || >=2.8.0-dev || >=2.9.0-dev || >= 3.0.0-dev || >= 3.1.0-dev"
+      }
+    },
+    "../patch-db/client/node_modules/tsutils/node_modules/tslib": {
+      "version": "1.14.1",
+      "dev": true,
+      "license": "0BSD"
+    },
+    "../patch-db/client/node_modules/type-fest": {
+      "version": "1.4.0",
+      "dev": true,
+      "license": "(MIT OR CC0-1.0)",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../patch-db/client/node_modules/typescript": {
+      "version": "5.8.3",
+      "dev": true,
+      "license": "Apache-2.0",
+      "peer": true,
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "../patch-db/client/node_modules/undici-types": {
+      "version": "6.21.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/uuid": {
+      "version": "8.3.2",
+      "license": "MIT",
+      "bin": {
+        "uuid": "dist/bin/uuid"
+      }
+    },
+    "../patch-db/client/node_modules/v8-compile-cache-lib": {
+      "version": "3.0.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../patch-db/client/node_modules/which": {
+      "version": "2.0.2",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "isexe": "^2.0.0"
+      },
+      "bin": {
+        "node-which": "bin/node-which"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "../patch-db/client/node_modules/which-pm-runs": {
+      "version": "1.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../patch-db/client/node_modules/wrap-ansi": {
+      "version": "8.1.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^6.1.0",
+        "string-width": "^5.0.1",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/wrap-ansi/node_modules/ansi-styles": {
+      "version": "6.2.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "../patch-db/client/node_modules/wrappy": {
+      "version": "1.0.2",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../patch-db/client/node_modules/yaml": {
+      "version": "1.10.2",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "../patch-db/client/node_modules/yn": {
+      "version": "3.1.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../patch-db/client/node_modules/yocto-queue": {
+      "version": "0.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "../sdk/baseDist": {
       "name": "@start9labs/start-sdk-base",
       "license": "MIT",
@@ -142,10 +1723,3900 @@
         "typescript": "^5.7.3"
       }
     },
+    "../sdk/baseDist/node_modules/@ampproject/remapping": {
+      "version": "2.3.0",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@jridgewell/gen-mapping": "^0.3.5",
+        "@jridgewell/trace-mapping": "^0.3.24"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/code-frame": {
+      "version": "7.26.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-validator-identifier": "^7.25.9",
+        "js-tokens": "^4.0.0",
+        "picocolors": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/compat-data": {
+      "version": "7.26.2",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/core": {
+      "version": "7.26.0",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "@ampproject/remapping": "^2.2.0",
+        "@babel/code-frame": "^7.26.0",
+        "@babel/generator": "^7.26.0",
+        "@babel/helper-compilation-targets": "^7.25.9",
+        "@babel/helper-module-transforms": "^7.26.0",
+        "@babel/helpers": "^7.26.0",
+        "@babel/parser": "^7.26.0",
+        "@babel/template": "^7.25.9",
+        "@babel/traverse": "^7.25.9",
+        "@babel/types": "^7.26.0",
+        "convert-source-map": "^2.0.0",
+        "debug": "^4.1.0",
+        "gensync": "^1.0.0-beta.2",
+        "json5": "^2.2.3",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/babel"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/generator": {
+      "version": "7.26.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.26.2",
+        "@babel/types": "^7.26.0",
+        "@jridgewell/gen-mapping": "^0.3.5",
+        "@jridgewell/trace-mapping": "^0.3.25",
+        "jsesc": "^3.0.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/helper-compilation-targets": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/compat-data": "^7.25.9",
+        "@babel/helper-validator-option": "^7.25.9",
+        "browserslist": "^4.24.0",
+        "lru-cache": "^5.1.1",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/helper-module-imports": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/traverse": "^7.25.9",
+        "@babel/types": "^7.25.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/helper-module-transforms": {
+      "version": "7.26.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-module-imports": "^7.25.9",
+        "@babel/helper-validator-identifier": "^7.25.9",
+        "@babel/traverse": "^7.25.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/helper-plugin-utils": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/helper-string-parser": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/helper-validator-identifier": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/helper-validator-option": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/helpers": {
+      "version": "7.26.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/template": "^7.25.9",
+        "@babel/types": "^7.26.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/parser": {
+      "version": "7.26.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.26.0"
+      },
+      "bin": {
+        "parser": "bin/babel-parser.js"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-async-generators": {
+      "version": "7.8.4",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-bigint": {
+      "version": "7.8.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-class-properties": {
+      "version": "7.12.13",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.12.13"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-class-static-block": {
+      "version": "7.14.5",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-import-attributes": {
+      "version": "7.26.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.25.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-import-meta": {
+      "version": "7.10.4",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.10.4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-json-strings": {
+      "version": "7.8.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-jsx": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.25.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-logical-assignment-operators": {
+      "version": "7.10.4",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.10.4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-nullish-coalescing-operator": {
+      "version": "7.8.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-numeric-separator": {
+      "version": "7.10.4",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.10.4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-object-rest-spread": {
+      "version": "7.8.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-optional-catch-binding": {
+      "version": "7.8.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-optional-chaining": {
+      "version": "7.8.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-private-property-in-object": {
+      "version": "7.14.5",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-top-level-await": {
+      "version": "7.14.5",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/plugin-syntax-typescript": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.25.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/template": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.25.9",
+        "@babel/parser": "^7.25.9",
+        "@babel/types": "^7.25.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/traverse": {
+      "version": "7.25.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.25.9",
+        "@babel/generator": "^7.25.9",
+        "@babel/parser": "^7.25.9",
+        "@babel/template": "^7.25.9",
+        "@babel/types": "^7.25.9",
+        "debug": "^4.3.1",
+        "globals": "^11.1.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@babel/types": {
+      "version": "7.26.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-string-parser": "^7.25.9",
+        "@babel/helper-validator-identifier": "^7.25.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@bcoe/v8-coverage": {
+      "version": "0.2.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@cspotcode/source-map-support": {
+      "version": "0.8.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "0.3.9"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "../sdk/baseDist/node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
+    "../sdk/baseDist/node_modules/@esbuild/linux-x64": {
+      "version": "0.23.1",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "../sdk/baseDist/node_modules/@iarna/toml": {
+      "version": "3.0.0",
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/@istanbuljs/load-nyc-config": {
+      "version": "1.1.0",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "camelcase": "^5.3.1",
+        "find-up": "^4.1.0",
+        "get-package-type": "^0.1.0",
+        "js-yaml": "^3.13.1",
+        "resolve-from": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/@istanbuljs/schema": {
+      "version": "0.1.3",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/console": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "jest-message-util": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/core": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/console": "^29.7.0",
+        "@jest/reporters": "^29.7.0",
+        "@jest/test-result": "^29.7.0",
+        "@jest/transform": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "ansi-escapes": "^4.2.1",
+        "chalk": "^4.0.0",
+        "ci-info": "^3.2.0",
+        "exit": "^0.1.2",
+        "graceful-fs": "^4.2.9",
+        "jest-changed-files": "^29.7.0",
+        "jest-config": "^29.7.0",
+        "jest-haste-map": "^29.7.0",
+        "jest-message-util": "^29.7.0",
+        "jest-regex-util": "^29.6.3",
+        "jest-resolve": "^29.7.0",
+        "jest-resolve-dependencies": "^29.7.0",
+        "jest-runner": "^29.7.0",
+        "jest-runtime": "^29.7.0",
+        "jest-snapshot": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "jest-validate": "^29.7.0",
+        "jest-watcher": "^29.7.0",
+        "micromatch": "^4.0.4",
+        "pretty-format": "^29.7.0",
+        "slash": "^3.0.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      },
+      "peerDependencies": {
+        "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0"
+      },
+      "peerDependenciesMeta": {
+        "node-notifier": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/environment": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/fake-timers": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "jest-mock": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/expect": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "expect": "^29.7.0",
+        "jest-snapshot": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/expect-utils": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "jest-get-type": "^29.6.3"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/fake-timers": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/types": "^29.6.3",
+        "@sinonjs/fake-timers": "^10.0.2",
+        "@types/node": "*",
+        "jest-message-util": "^29.7.0",
+        "jest-mock": "^29.7.0",
+        "jest-util": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/globals": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/environment": "^29.7.0",
+        "@jest/expect": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "jest-mock": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/reporters": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@bcoe/v8-coverage": "^0.2.3",
+        "@jest/console": "^29.7.0",
+        "@jest/test-result": "^29.7.0",
+        "@jest/transform": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "@jridgewell/trace-mapping": "^0.3.18",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "collect-v8-coverage": "^1.0.0",
+        "exit": "^0.1.2",
+        "glob": "^7.1.3",
+        "graceful-fs": "^4.2.9",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-instrument": "^6.0.0",
+        "istanbul-lib-report": "^3.0.0",
+        "istanbul-lib-source-maps": "^4.0.0",
+        "istanbul-reports": "^3.1.3",
+        "jest-message-util": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "jest-worker": "^29.7.0",
+        "slash": "^3.0.0",
+        "string-length": "^4.0.1",
+        "strip-ansi": "^6.0.0",
+        "v8-to-istanbul": "^9.0.1"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      },
+      "peerDependencies": {
+        "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0"
+      },
+      "peerDependenciesMeta": {
+        "node-notifier": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/schemas": {
+      "version": "29.6.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@sinclair/typebox": "^0.27.8"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/source-map": {
+      "version": "29.6.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "^0.3.18",
+        "callsites": "^3.0.0",
+        "graceful-fs": "^4.2.9"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/test-result": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/console": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "@types/istanbul-lib-coverage": "^2.0.0",
+        "collect-v8-coverage": "^1.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/test-sequencer": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/test-result": "^29.7.0",
+        "graceful-fs": "^4.2.9",
+        "jest-haste-map": "^29.7.0",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/transform": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/core": "^7.11.6",
+        "@jest/types": "^29.6.3",
+        "@jridgewell/trace-mapping": "^0.3.18",
+        "babel-plugin-istanbul": "^6.1.1",
+        "chalk": "^4.0.0",
+        "convert-source-map": "^2.0.0",
+        "fast-json-stable-stringify": "^2.1.0",
+        "graceful-fs": "^4.2.9",
+        "jest-haste-map": "^29.7.0",
+        "jest-regex-util": "^29.6.3",
+        "jest-util": "^29.7.0",
+        "micromatch": "^4.0.4",
+        "pirates": "^4.0.4",
+        "slash": "^3.0.0",
+        "write-file-atomic": "^4.0.2"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jest/types": {
+      "version": "29.6.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/schemas": "^29.6.3",
+        "@types/istanbul-lib-coverage": "^2.0.0",
+        "@types/istanbul-reports": "^3.0.0",
+        "@types/node": "*",
+        "@types/yargs": "^17.0.8",
+        "chalk": "^4.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jridgewell/gen-mapping": {
+      "version": "0.3.5",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/set-array": "^1.2.1",
+        "@jridgewell/sourcemap-codec": "^1.4.10",
+        "@jridgewell/trace-mapping": "^0.3.24"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.2",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jridgewell/set-array": {
+      "version": "1.2.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.5.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.25",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.1.0",
+        "@jridgewell/sourcemap-codec": "^1.4.14"
+      }
+    },
+    "../sdk/baseDist/node_modules/@noble/curves": {
+      "version": "1.8.2",
+      "license": "MIT",
+      "dependencies": {
+        "@noble/hashes": "1.7.2"
+      },
+      "engines": {
+        "node": "^14.21.3 || >=16"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "../sdk/baseDist/node_modules/@noble/hashes": {
+      "version": "1.7.2",
+      "license": "MIT",
+      "engines": {
+        "node": "^14.21.3 || >=16"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "../sdk/baseDist/node_modules/@nodelib/fs.scandir": {
+      "version": "2.1.5",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nodelib/fs.stat": "2.0.5",
+        "run-parallel": "^1.1.9"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "../sdk/baseDist/node_modules/@nodelib/fs.stat": {
+      "version": "2.0.5",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "../sdk/baseDist/node_modules/@nodelib/fs.walk": {
+      "version": "1.2.8",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nodelib/fs.scandir": "2.1.5",
+        "fastq": "^1.6.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "../sdk/baseDist/node_modules/@sinclair/typebox": {
+      "version": "0.27.8",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@sinonjs/commons": {
+      "version": "3.0.1",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "type-detect": "4.0.8"
+      }
+    },
+    "../sdk/baseDist/node_modules/@sinonjs/fake-timers": {
+      "version": "10.3.0",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@sinonjs/commons": "^3.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@ts-morph/common": {
+      "version": "0.19.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fast-glob": "^3.2.12",
+        "minimatch": "^7.4.3",
+        "mkdirp": "^2.1.6",
+        "path-browserify": "^1.0.1"
+      }
+    },
+    "../sdk/baseDist/node_modules/@ts-morph/common/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@ts-morph/common/node_modules/minimatch": {
+      "version": "7.4.6",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "../sdk/baseDist/node_modules/@tsconfig/node10": {
+      "version": "1.0.11",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@tsconfig/node12": {
+      "version": "1.0.11",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@tsconfig/node14": {
+      "version": "1.0.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@tsconfig/node16": {
+      "version": "1.0.4",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@types/babel__core": {
+      "version": "7.20.5",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.20.7",
+        "@babel/types": "^7.20.7",
+        "@types/babel__generator": "*",
+        "@types/babel__template": "*",
+        "@types/babel__traverse": "*"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/babel__generator": {
+      "version": "7.6.8",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/babel__template": {
+      "version": "7.4.4",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.1.0",
+        "@babel/types": "^7.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/babel__traverse": {
+      "version": "7.20.6",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.20.7"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/graceful-fs": {
+      "version": "4.1.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/istanbul-lib-coverage": {
+      "version": "2.0.6",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@types/istanbul-lib-report": {
+      "version": "3.0.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/istanbul-lib-coverage": "*"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/istanbul-reports": {
+      "version": "3.0.4",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/istanbul-lib-report": "*"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/jest": {
+      "version": "29.5.14",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "expect": "^29.0.0",
+        "pretty-format": "^29.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/lodash": {
+      "version": "4.17.13",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@types/lodash.merge": {
+      "version": "4.6.9",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/lodash": "*"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/node": {
+      "version": "22.10.0",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "undici-types": "~6.20.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/stack-utils": {
+      "version": "2.0.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/@types/yargs": {
+      "version": "17.0.33",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/yargs-parser": "*"
+      }
+    },
+    "../sdk/baseDist/node_modules/@types/yargs-parser": {
+      "version": "21.0.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/acorn": {
+      "version": "8.14.0",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/acorn-walk": {
+      "version": "8.3.4",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "acorn": "^8.11.0"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/ansi-escapes": {
+      "version": "4.3.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "type-fest": "^0.21.3"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/anymatch": {
+      "version": "3.1.3",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "../sdk/baseDist/node_modules/arg": {
+      "version": "4.1.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/argparse": {
+      "version": "1.0.10",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "../sdk/baseDist/node_modules/async": {
+      "version": "3.2.6",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/babel-jest": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/transform": "^29.7.0",
+        "@types/babel__core": "^7.1.14",
+        "babel-plugin-istanbul": "^6.1.1",
+        "babel-preset-jest": "^29.6.3",
+        "chalk": "^4.0.0",
+        "graceful-fs": "^4.2.9",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.8.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/babel-plugin-istanbul": {
+      "version": "6.1.1",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.0.0",
+        "@istanbuljs/load-nyc-config": "^1.0.0",
+        "@istanbuljs/schema": "^0.1.2",
+        "istanbul-lib-instrument": "^5.0.4",
+        "test-exclude": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument": {
+      "version": "5.2.1",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@babel/core": "^7.12.3",
+        "@babel/parser": "^7.14.7",
+        "@istanbuljs/schema": "^0.1.2",
+        "istanbul-lib-coverage": "^3.2.0",
+        "semver": "^6.3.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/babel-plugin-jest-hoist": {
+      "version": "29.6.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/template": "^7.3.3",
+        "@babel/types": "^7.3.3",
+        "@types/babel__core": "^7.1.14",
+        "@types/babel__traverse": "^7.0.6"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/babel-preset-current-node-syntax": {
+      "version": "1.1.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/plugin-syntax-async-generators": "^7.8.4",
+        "@babel/plugin-syntax-bigint": "^7.8.3",
+        "@babel/plugin-syntax-class-properties": "^7.12.13",
+        "@babel/plugin-syntax-class-static-block": "^7.14.5",
+        "@babel/plugin-syntax-import-attributes": "^7.24.7",
+        "@babel/plugin-syntax-import-meta": "^7.10.4",
+        "@babel/plugin-syntax-json-strings": "^7.8.3",
+        "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4",
+        "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3",
+        "@babel/plugin-syntax-numeric-separator": "^7.10.4",
+        "@babel/plugin-syntax-object-rest-spread": "^7.8.3",
+        "@babel/plugin-syntax-optional-catch-binding": "^7.8.3",
+        "@babel/plugin-syntax-optional-chaining": "^7.8.3",
+        "@babel/plugin-syntax-private-property-in-object": "^7.14.5",
+        "@babel/plugin-syntax-top-level-await": "^7.14.5"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/babel-preset-jest": {
+      "version": "29.6.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "babel-plugin-jest-hoist": "^29.6.3",
+        "babel-preset-current-node-syntax": "^1.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/brace-expansion": {
+      "version": "1.1.11",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "../sdk/baseDist/node_modules/braces": {
+      "version": "3.0.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fill-range": "^7.1.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/browserslist": {
+      "version": "4.24.2",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/browserslist"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "caniuse-lite": "^1.0.30001669",
+        "electron-to-chromium": "^1.5.41",
+        "node-releases": "^2.0.18",
+        "update-browserslist-db": "^1.1.1"
+      },
+      "bin": {
+        "browserslist": "cli.js"
+      },
+      "engines": {
+        "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7"
+      }
+    },
+    "../sdk/baseDist/node_modules/bs-logger": {
+      "version": "0.2.6",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fast-json-stable-stringify": "2.x"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "../sdk/baseDist/node_modules/bser": {
+      "version": "2.1.1",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "node-int64": "^0.4.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/buffer-from": {
+      "version": "1.1.2",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/callsites": {
+      "version": "3.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/camelcase": {
+      "version": "5.3.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/caniuse-lite": {
+      "version": "1.0.30001684",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/caniuse-lite"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "CC-BY-4.0"
+    },
+    "../sdk/baseDist/node_modules/chalk": {
+      "version": "4.1.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/char-regex": {
+      "version": "1.0.2",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/ci-info": {
+      "version": "3.9.0",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/sibiraj-s"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/cjs-module-lexer": {
+      "version": "1.4.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/cliui": {
+      "version": "8.0.1",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.1",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "../sdk/baseDist/node_modules/co": {
+      "version": "4.6.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "iojs": ">= 1.0.0",
+        "node": ">= 0.12.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/code-block-writer": {
+      "version": "12.0.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/collect-v8-coverage": {
+      "version": "1.0.2",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/color-convert": {
+      "version": "2.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/color-name": {
+      "version": "1.1.4",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/commander": {
+      "version": "10.0.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "../sdk/baseDist/node_modules/concat-map": {
+      "version": "0.0.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/convert-source-map": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/create-jest": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/types": "^29.6.3",
+        "chalk": "^4.0.0",
+        "exit": "^0.1.2",
+        "graceful-fs": "^4.2.9",
+        "jest-config": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "prompts": "^2.0.1"
+      },
+      "bin": {
+        "create-jest": "bin/create-jest.js"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/create-require": {
+      "version": "1.1.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/cross-spawn": {
+      "version": "7.0.6",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "../sdk/baseDist/node_modules/debug": {
+      "version": "4.3.7",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/dedent": {
+      "version": "1.5.3",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "babel-plugin-macros": "^3.1.0"
+      },
+      "peerDependenciesMeta": {
+        "babel-plugin-macros": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/deep-equality-data-structures": {
+      "version": "1.5.1",
+      "license": "MIT",
+      "dependencies": {
+        "object-hash": "^3.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/deepmerge": {
+      "version": "4.3.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/detect-newline": {
+      "version": "3.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/diff": {
+      "version": "4.0.2",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.3.1"
+      }
+    },
+    "../sdk/baseDist/node_modules/diff-sequences": {
+      "version": "29.6.3",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/ejs": {
+      "version": "3.1.10",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "jake": "^10.8.5"
+      },
+      "bin": {
+        "ejs": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/electron-to-chromium": {
+      "version": "1.5.65",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/emittery": {
+      "version": "0.13.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/emittery?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/error-ex": {
+      "version": "1.3.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-arrayish": "^0.2.1"
+      }
+    },
+    "../sdk/baseDist/node_modules/esbuild": {
+      "version": "0.23.1",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.23.1",
+        "@esbuild/android-arm": "0.23.1",
+        "@esbuild/android-arm64": "0.23.1",
+        "@esbuild/android-x64": "0.23.1",
+        "@esbuild/darwin-arm64": "0.23.1",
+        "@esbuild/darwin-x64": "0.23.1",
+        "@esbuild/freebsd-arm64": "0.23.1",
+        "@esbuild/freebsd-x64": "0.23.1",
+        "@esbuild/linux-arm": "0.23.1",
+        "@esbuild/linux-arm64": "0.23.1",
+        "@esbuild/linux-ia32": "0.23.1",
+        "@esbuild/linux-loong64": "0.23.1",
+        "@esbuild/linux-mips64el": "0.23.1",
+        "@esbuild/linux-ppc64": "0.23.1",
+        "@esbuild/linux-riscv64": "0.23.1",
+        "@esbuild/linux-s390x": "0.23.1",
+        "@esbuild/linux-x64": "0.23.1",
+        "@esbuild/netbsd-x64": "0.23.1",
+        "@esbuild/openbsd-arm64": "0.23.1",
+        "@esbuild/openbsd-x64": "0.23.1",
+        "@esbuild/sunos-x64": "0.23.1",
+        "@esbuild/win32-arm64": "0.23.1",
+        "@esbuild/win32-ia32": "0.23.1",
+        "@esbuild/win32-x64": "0.23.1"
+      }
+    },
+    "../sdk/baseDist/node_modules/escalade": {
+      "version": "3.2.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/escape-string-regexp": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/esprima": {
+      "version": "4.0.1",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../sdk/baseDist/node_modules/execa": {
+      "version": "5.1.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cross-spawn": "^7.0.3",
+        "get-stream": "^6.0.0",
+        "human-signals": "^2.1.0",
+        "is-stream": "^2.0.0",
+        "merge-stream": "^2.0.0",
+        "npm-run-path": "^4.0.1",
+        "onetime": "^5.1.2",
+        "signal-exit": "^3.0.3",
+        "strip-final-newline": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/execa?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/exit": {
+      "version": "0.1.2",
+      "dev": true,
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/expect": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/expect-utils": "^29.7.0",
+        "jest-get-type": "^29.6.3",
+        "jest-matcher-utils": "^29.7.0",
+        "jest-message-util": "^29.7.0",
+        "jest-util": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/fast-glob": {
+      "version": "3.3.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@nodelib/fs.stat": "^2.0.2",
+        "@nodelib/fs.walk": "^1.2.3",
+        "glob-parent": "^5.1.2",
+        "merge2": "^1.3.0",
+        "micromatch": "^4.0.4"
+      },
+      "engines": {
+        "node": ">=8.6.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/fast-json-stable-stringify": {
+      "version": "2.1.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/fastq": {
+      "version": "1.17.1",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "reusify": "^1.0.4"
+      }
+    },
+    "../sdk/baseDist/node_modules/fb-watchman": {
+      "version": "2.0.2",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "bser": "2.1.1"
+      }
+    },
+    "../sdk/baseDist/node_modules/filelist": {
+      "version": "1.0.4",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "minimatch": "^5.0.1"
+      }
+    },
+    "../sdk/baseDist/node_modules/filelist/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/filelist/node_modules/minimatch": {
+      "version": "5.1.6",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/fill-range": {
+      "version": "7.1.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/find-up": {
+      "version": "4.1.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "locate-path": "^5.0.0",
+        "path-exists": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/fs.realpath": {
+      "version": "1.0.0",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/function-bind": {
+      "version": "1.1.2",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "../sdk/baseDist/node_modules/gensync": {
+      "version": "1.0.0-beta.2",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/get-caller-file": {
+      "version": "2.0.5",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": "6.* || 8.* || >= 10.*"
+      }
+    },
+    "../sdk/baseDist/node_modules/get-package-type": {
+      "version": "0.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/get-stream": {
+      "version": "6.0.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/get-tsconfig": {
+      "version": "4.8.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "resolve-pkg-maps": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/privatenumber/get-tsconfig?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/glob": {
+      "version": "7.2.3",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.1.1",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "../sdk/baseDist/node_modules/glob-parent": {
+      "version": "5.1.2",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "../sdk/baseDist/node_modules/globals": {
+      "version": "11.12.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../sdk/baseDist/node_modules/graceful-fs": {
+      "version": "4.2.11",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/has-flag": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/hasown": {
+      "version": "2.0.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "../sdk/baseDist/node_modules/html-escaper": {
+      "version": "2.0.2",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/human-signals": {
+      "version": "2.1.0",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=10.17.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/import-local": {
+      "version": "3.2.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "pkg-dir": "^4.2.0",
+        "resolve-cwd": "^3.0.0"
+      },
+      "bin": {
+        "import-local-fixture": "fixtures/cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/imurmurhash": {
+      "version": "0.1.4",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.8.19"
+      }
+    },
+    "../sdk/baseDist/node_modules/inflight": {
+      "version": "1.0.6",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "../sdk/baseDist/node_modules/inherits": {
+      "version": "2.0.4",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/is-arrayish": {
+      "version": "0.2.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/is-core-module": {
+      "version": "2.15.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "../sdk/baseDist/node_modules/is-extglob": {
+      "version": "2.1.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/is-generator-fn": {
+      "version": "2.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/is-glob": {
+      "version": "4.0.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-extglob": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/is-number": {
+      "version": "7.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/is-stream": {
+      "version": "2.0.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/isexe": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/isomorphic-fetch": {
+      "version": "3.0.0",
+      "license": "MIT",
+      "dependencies": {
+        "node-fetch": "^2.6.1",
+        "whatwg-fetch": "^3.4.1"
+      }
+    },
+    "../sdk/baseDist/node_modules/istanbul-lib-coverage": {
+      "version": "3.2.2",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/istanbul-lib-instrument": {
+      "version": "6.0.3",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@babel/core": "^7.23.9",
+        "@babel/parser": "^7.23.9",
+        "@istanbuljs/schema": "^0.1.3",
+        "istanbul-lib-coverage": "^3.2.0",
+        "semver": "^7.5.4"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/istanbul-lib-instrument/node_modules/semver": {
+      "version": "7.6.3",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/istanbul-lib-report": {
+      "version": "3.0.1",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "istanbul-lib-coverage": "^3.0.0",
+        "make-dir": "^4.0.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/istanbul-lib-source-maps": {
+      "version": "4.0.1",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "debug": "^4.1.1",
+        "istanbul-lib-coverage": "^3.0.0",
+        "source-map": "^0.6.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/istanbul-reports": {
+      "version": "3.1.7",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "html-escaper": "^2.0.0",
+        "istanbul-lib-report": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/jake": {
+      "version": "10.9.2",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "async": "^3.2.3",
+        "chalk": "^4.0.2",
+        "filelist": "^1.0.4",
+        "minimatch": "^3.1.2"
+      },
+      "bin": {
+        "jake": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "@jest/core": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "import-local": "^3.0.2",
+        "jest-cli": "^29.7.0"
+      },
+      "bin": {
+        "jest": "bin/jest.js"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      },
+      "peerDependencies": {
+        "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0"
+      },
+      "peerDependenciesMeta": {
+        "node-notifier": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-changed-files": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "execa": "^5.0.0",
+        "jest-util": "^29.7.0",
+        "p-limit": "^3.1.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-circus": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/environment": "^29.7.0",
+        "@jest/expect": "^29.7.0",
+        "@jest/test-result": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "co": "^4.6.0",
+        "dedent": "^1.0.0",
+        "is-generator-fn": "^2.0.0",
+        "jest-each": "^29.7.0",
+        "jest-matcher-utils": "^29.7.0",
+        "jest-message-util": "^29.7.0",
+        "jest-runtime": "^29.7.0",
+        "jest-snapshot": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "p-limit": "^3.1.0",
+        "pretty-format": "^29.7.0",
+        "pure-rand": "^6.0.0",
+        "slash": "^3.0.0",
+        "stack-utils": "^2.0.3"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-cli": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/core": "^29.7.0",
+        "@jest/test-result": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "chalk": "^4.0.0",
+        "create-jest": "^29.7.0",
+        "exit": "^0.1.2",
+        "import-local": "^3.0.2",
+        "jest-config": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "jest-validate": "^29.7.0",
+        "yargs": "^17.3.1"
+      },
+      "bin": {
+        "jest": "bin/jest.js"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      },
+      "peerDependencies": {
+        "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0"
+      },
+      "peerDependenciesMeta": {
+        "node-notifier": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-config": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/core": "^7.11.6",
+        "@jest/test-sequencer": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "babel-jest": "^29.7.0",
+        "chalk": "^4.0.0",
+        "ci-info": "^3.2.0",
+        "deepmerge": "^4.2.2",
+        "glob": "^7.1.3",
+        "graceful-fs": "^4.2.9",
+        "jest-circus": "^29.7.0",
+        "jest-environment-node": "^29.7.0",
+        "jest-get-type": "^29.6.3",
+        "jest-regex-util": "^29.6.3",
+        "jest-resolve": "^29.7.0",
+        "jest-runner": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "jest-validate": "^29.7.0",
+        "micromatch": "^4.0.4",
+        "parse-json": "^5.2.0",
+        "pretty-format": "^29.7.0",
+        "slash": "^3.0.0",
+        "strip-json-comments": "^3.1.1"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      },
+      "peerDependencies": {
+        "@types/node": "*",
+        "ts-node": ">=9.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
+        "ts-node": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-diff": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chalk": "^4.0.0",
+        "diff-sequences": "^29.6.3",
+        "jest-get-type": "^29.6.3",
+        "pretty-format": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-docblock": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "detect-newline": "^3.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-each": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/types": "^29.6.3",
+        "chalk": "^4.0.0",
+        "jest-get-type": "^29.6.3",
+        "jest-util": "^29.7.0",
+        "pretty-format": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-environment-node": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/environment": "^29.7.0",
+        "@jest/fake-timers": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "jest-mock": "^29.7.0",
+        "jest-util": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-get-type": {
+      "version": "29.6.3",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-haste-map": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/types": "^29.6.3",
+        "@types/graceful-fs": "^4.1.3",
+        "@types/node": "*",
+        "anymatch": "^3.0.3",
+        "fb-watchman": "^2.0.0",
+        "graceful-fs": "^4.2.9",
+        "jest-regex-util": "^29.6.3",
+        "jest-util": "^29.7.0",
+        "jest-worker": "^29.7.0",
+        "micromatch": "^4.0.4",
+        "walker": "^1.0.8"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "^2.3.2"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-leak-detector": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "jest-get-type": "^29.6.3",
+        "pretty-format": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-matcher-utils": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chalk": "^4.0.0",
+        "jest-diff": "^29.7.0",
+        "jest-get-type": "^29.6.3",
+        "pretty-format": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-message-util": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.13",
+        "@jest/types": "^29.6.3",
+        "@types/stack-utils": "^2.0.0",
+        "chalk": "^4.0.0",
+        "graceful-fs": "^4.2.9",
+        "micromatch": "^4.0.4",
+        "pretty-format": "^29.7.0",
+        "slash": "^3.0.0",
+        "stack-utils": "^2.0.3"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-mock": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "jest-util": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-pnp-resolver": {
+      "version": "1.2.3",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      },
+      "peerDependencies": {
+        "jest-resolve": "*"
+      },
+      "peerDependenciesMeta": {
+        "jest-resolve": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-regex-util": {
+      "version": "29.6.3",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-resolve": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chalk": "^4.0.0",
+        "graceful-fs": "^4.2.9",
+        "jest-haste-map": "^29.7.0",
+        "jest-pnp-resolver": "^1.2.2",
+        "jest-util": "^29.7.0",
+        "jest-validate": "^29.7.0",
+        "resolve": "^1.20.0",
+        "resolve.exports": "^2.0.0",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-resolve-dependencies": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "jest-regex-util": "^29.6.3",
+        "jest-snapshot": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-runner": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/console": "^29.7.0",
+        "@jest/environment": "^29.7.0",
+        "@jest/test-result": "^29.7.0",
+        "@jest/transform": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "emittery": "^0.13.1",
+        "graceful-fs": "^4.2.9",
+        "jest-docblock": "^29.7.0",
+        "jest-environment-node": "^29.7.0",
+        "jest-haste-map": "^29.7.0",
+        "jest-leak-detector": "^29.7.0",
+        "jest-message-util": "^29.7.0",
+        "jest-resolve": "^29.7.0",
+        "jest-runtime": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "jest-watcher": "^29.7.0",
+        "jest-worker": "^29.7.0",
+        "p-limit": "^3.1.0",
+        "source-map-support": "0.5.13"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-runtime": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/environment": "^29.7.0",
+        "@jest/fake-timers": "^29.7.0",
+        "@jest/globals": "^29.7.0",
+        "@jest/source-map": "^29.6.3",
+        "@jest/test-result": "^29.7.0",
+        "@jest/transform": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "cjs-module-lexer": "^1.0.0",
+        "collect-v8-coverage": "^1.0.0",
+        "glob": "^7.1.3",
+        "graceful-fs": "^4.2.9",
+        "jest-haste-map": "^29.7.0",
+        "jest-message-util": "^29.7.0",
+        "jest-mock": "^29.7.0",
+        "jest-regex-util": "^29.6.3",
+        "jest-resolve": "^29.7.0",
+        "jest-snapshot": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "slash": "^3.0.0",
+        "strip-bom": "^4.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-snapshot": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/core": "^7.11.6",
+        "@babel/generator": "^7.7.2",
+        "@babel/plugin-syntax-jsx": "^7.7.2",
+        "@babel/plugin-syntax-typescript": "^7.7.2",
+        "@babel/types": "^7.3.3",
+        "@jest/expect-utils": "^29.7.0",
+        "@jest/transform": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "babel-preset-current-node-syntax": "^1.0.0",
+        "chalk": "^4.0.0",
+        "expect": "^29.7.0",
+        "graceful-fs": "^4.2.9",
+        "jest-diff": "^29.7.0",
+        "jest-get-type": "^29.6.3",
+        "jest-matcher-utils": "^29.7.0",
+        "jest-message-util": "^29.7.0",
+        "jest-util": "^29.7.0",
+        "natural-compare": "^1.4.0",
+        "pretty-format": "^29.7.0",
+        "semver": "^7.5.3"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-snapshot/node_modules/semver": {
+      "version": "7.6.3",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-util": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "ci-info": "^3.2.0",
+        "graceful-fs": "^4.2.9",
+        "picomatch": "^2.2.3"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-validate": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/types": "^29.6.3",
+        "camelcase": "^6.2.0",
+        "chalk": "^4.0.0",
+        "jest-get-type": "^29.6.3",
+        "leven": "^3.1.0",
+        "pretty-format": "^29.7.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-validate/node_modules/camelcase": {
+      "version": "6.3.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-watcher": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/test-result": "^29.7.0",
+        "@jest/types": "^29.6.3",
+        "@types/node": "*",
+        "ansi-escapes": "^4.2.1",
+        "chalk": "^4.0.0",
+        "emittery": "^0.13.1",
+        "jest-util": "^29.7.0",
+        "string-length": "^4.0.1"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-worker": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*",
+        "jest-util": "^29.7.0",
+        "merge-stream": "^2.0.0",
+        "supports-color": "^8.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/jest-worker/node_modules/supports-color": {
+      "version": "8.1.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/supports-color?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/js-tokens": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/js-yaml": {
+      "version": "3.14.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "../sdk/baseDist/node_modules/jsesc": {
+      "version": "3.0.2",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "jsesc": "bin/jsesc"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/json-parse-even-better-errors": {
+      "version": "2.3.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/json5": {
+      "version": "2.2.3",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "json5": "lib/cli.js"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/kleur": {
+      "version": "3.0.3",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/leven": {
+      "version": "3.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/lines-and-columns": {
+      "version": "1.2.4",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/locate-path": {
+      "version": "5.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-locate": "^4.1.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/lodash.memoize": {
+      "version": "4.1.2",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/lru-cache": {
+      "version": "5.1.1",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "yallist": "^3.0.2"
+      }
+    },
+    "../sdk/baseDist/node_modules/make-dir": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.5.3"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/make-dir/node_modules/semver": {
+      "version": "7.6.3",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/make-error": {
+      "version": "1.3.6",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/makeerror": {
+      "version": "1.0.12",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "tmpl": "1.0.5"
+      }
+    },
+    "../sdk/baseDist/node_modules/merge-stream": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/merge2": {
+      "version": "1.4.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "../sdk/baseDist/node_modules/micromatch": {
+      "version": "4.0.8",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "braces": "^3.0.3",
+        "picomatch": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=8.6"
+      }
+    },
+    "../sdk/baseDist/node_modules/mime": {
+      "version": "4.0.7",
+      "funding": [
+        "https://github.com/sponsors/broofa"
+      ],
+      "license": "MIT",
+      "bin": {
+        "mime": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "../sdk/baseDist/node_modules/mimic-fn": {
+      "version": "2.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/minimatch": {
+      "version": "3.1.2",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "../sdk/baseDist/node_modules/mkdirp": {
+      "version": "2.1.6",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "mkdirp": "dist/cjs/src/bin.js"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "../sdk/baseDist/node_modules/ms": {
+      "version": "2.1.3",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/natural-compare": {
+      "version": "1.4.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/node-fetch": {
+      "version": "2.7.0",
+      "license": "MIT",
+      "dependencies": {
+        "whatwg-url": "^5.0.0"
+      },
+      "engines": {
+        "node": "4.x || >=6.0.0"
+      },
+      "peerDependencies": {
+        "encoding": "^0.1.0"
+      },
+      "peerDependenciesMeta": {
+        "encoding": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/node-int64": {
+      "version": "0.4.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/node-releases": {
+      "version": "2.0.18",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/normalize-path": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/npm-run-path": {
+      "version": "4.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "path-key": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/object-hash": {
+      "version": "3.0.0",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "../sdk/baseDist/node_modules/once": {
+      "version": "1.4.0",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "wrappy": "1"
+      }
+    },
+    "../sdk/baseDist/node_modules/onetime": {
+      "version": "5.1.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mimic-fn": "^2.1.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/p-limit": {
+      "version": "3.1.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "yocto-queue": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/p-locate": {
+      "version": "4.1.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-limit": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/p-locate/node_modules/p-limit": {
+      "version": "2.3.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-try": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/p-try": {
+      "version": "2.2.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/parse-json": {
+      "version": "5.2.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.0.0",
+        "error-ex": "^1.3.1",
+        "json-parse-even-better-errors": "^2.3.0",
+        "lines-and-columns": "^1.1.6"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/path-browserify": {
+      "version": "1.0.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/path-exists": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/path-is-absolute": {
+      "version": "1.0.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/path-key": {
+      "version": "3.1.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/path-parse": {
+      "version": "1.0.7",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/peggy": {
+      "version": "3.0.2",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "commander": "^10.0.0",
+        "source-map-generator": "0.8.0"
+      },
+      "bin": {
+        "peggy": "bin/peggy.js"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "../sdk/baseDist/node_modules/picocolors": {
+      "version": "1.1.1",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/picomatch": {
+      "version": "2.3.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "../sdk/baseDist/node_modules/pirates": {
+      "version": "4.0.6",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "../sdk/baseDist/node_modules/pkg-dir": {
+      "version": "4.2.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "find-up": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/prettier": {
+      "version": "3.4.0",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "prettier": "bin/prettier.cjs"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/prettier/prettier?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/pretty-format": {
+      "version": "29.7.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jest/schemas": "^29.6.3",
+        "ansi-styles": "^5.0.0",
+        "react-is": "^18.0.0"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/pretty-format/node_modules/ansi-styles": {
+      "version": "5.2.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/prompts": {
+      "version": "2.4.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "kleur": "^3.0.3",
+        "sisteransi": "^1.0.5"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "../sdk/baseDist/node_modules/pure-rand": {
+      "version": "6.1.0",
+      "dev": true,
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/dubzzz"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/fast-check"
+        }
+      ],
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/queue-microtask": {
+      "version": "1.2.3",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/react-is": {
+      "version": "18.3.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/require-directory": {
+      "version": "2.1.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/resolve": {
+      "version": "1.22.8",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-core-module": "^2.13.0",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      },
+      "bin": {
+        "resolve": "bin/resolve"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "../sdk/baseDist/node_modules/resolve-cwd": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "resolve-from": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/resolve-from": {
+      "version": "5.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/resolve-pkg-maps": {
+      "version": "1.0.0",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/privatenumber/resolve-pkg-maps?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/resolve.exports": {
+      "version": "2.0.2",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/reusify": {
+      "version": "1.0.4",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "iojs": ">=1.0.0",
+        "node": ">=0.10.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/run-parallel": {
+      "version": "1.2.0",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "queue-microtask": "^1.2.2"
+      }
+    },
+    "../sdk/baseDist/node_modules/semver": {
+      "version": "6.3.1",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "../sdk/baseDist/node_modules/shebang-command": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "shebang-regex": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/shebang-regex": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/signal-exit": {
+      "version": "3.0.7",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/sisteransi": {
+      "version": "1.0.5",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/slash": {
+      "version": "3.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/source-map": {
+      "version": "0.6.1",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/source-map-generator": {
+      "version": "0.8.0",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "../sdk/baseDist/node_modules/source-map-support": {
+      "version": "0.5.13",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "buffer-from": "^1.0.0",
+        "source-map": "^0.6.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/sprintf-js": {
+      "version": "1.0.3",
+      "dev": true,
+      "license": "BSD-3-Clause"
+    },
+    "../sdk/baseDist/node_modules/stack-utils": {
+      "version": "2.0.6",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "escape-string-regexp": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/string-length": {
+      "version": "4.0.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "char-regex": "^1.0.2",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/string-width": {
+      "version": "4.2.3",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/strip-bom": {
+      "version": "4.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/strip-final-newline": {
+      "version": "2.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/strip-json-comments": {
+      "version": "3.1.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/supports-color": {
+      "version": "7.2.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/supports-preserve-symlinks-flag": {
+      "version": "1.0.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "../sdk/baseDist/node_modules/test-exclude": {
+      "version": "6.0.0",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "@istanbuljs/schema": "^0.1.2",
+        "glob": "^7.1.4",
+        "minimatch": "^3.0.4"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "../sdk/baseDist/node_modules/tmpl": {
+      "version": "1.0.5",
+      "dev": true,
+      "license": "BSD-3-Clause"
+    },
+    "../sdk/baseDist/node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/tr46": {
+      "version": "0.0.3",
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/ts-jest": {
+      "version": "29.2.5",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "bs-logger": "^0.2.6",
+        "ejs": "^3.1.10",
+        "fast-json-stable-stringify": "^2.1.0",
+        "jest-util": "^29.0.0",
+        "json5": "^2.2.3",
+        "lodash.memoize": "^4.1.2",
+        "make-error": "^1.3.6",
+        "semver": "^7.6.3",
+        "yargs-parser": "^21.1.1"
+      },
+      "bin": {
+        "ts-jest": "cli.js"
+      },
+      "engines": {
+        "node": "^14.15.0 || ^16.10.0 || ^18.0.0 || >=20.0.0"
+      },
+      "peerDependencies": {
+        "@babel/core": ">=7.0.0-beta.0 <8",
+        "@jest/transform": "^29.0.0",
+        "@jest/types": "^29.0.0",
+        "babel-jest": "^29.0.0",
+        "jest": "^29.0.0",
+        "typescript": ">=4.3 <6"
+      },
+      "peerDependenciesMeta": {
+        "@babel/core": {
+          "optional": true
+        },
+        "@jest/transform": {
+          "optional": true
+        },
+        "@jest/types": {
+          "optional": true
+        },
+        "babel-jest": {
+          "optional": true
+        },
+        "esbuild": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/ts-jest/node_modules/semver": {
+      "version": "7.6.3",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/ts-matches": {
+      "version": "6.3.2",
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/ts-morph": {
+      "version": "18.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@ts-morph/common": "~0.19.0",
+        "code-block-writer": "^12.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/ts-node": {
+      "version": "10.9.2",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "@cspotcode/source-map-support": "^0.8.0",
+        "@tsconfig/node10": "^1.0.7",
+        "@tsconfig/node12": "^1.0.7",
+        "@tsconfig/node14": "^1.0.0",
+        "@tsconfig/node16": "^1.0.2",
+        "acorn": "^8.4.1",
+        "acorn-walk": "^8.1.1",
+        "arg": "^4.1.0",
+        "create-require": "^1.1.0",
+        "diff": "^4.0.1",
+        "make-error": "^1.1.1",
+        "v8-compile-cache-lib": "^3.0.1",
+        "yn": "3.1.1"
+      },
+      "bin": {
+        "ts-node": "dist/bin.js",
+        "ts-node-cwd": "dist/bin-cwd.js",
+        "ts-node-esm": "dist/bin-esm.js",
+        "ts-node-script": "dist/bin-script.js",
+        "ts-node-transpile-only": "dist/bin-transpile.js",
+        "ts-script": "dist/bin-script-deprecated.js"
+      },
+      "peerDependencies": {
+        "@swc/core": ">=1.2.50",
+        "@swc/wasm": ">=1.2.50",
+        "@types/node": "*",
+        "typescript": ">=2.7"
+      },
+      "peerDependenciesMeta": {
+        "@swc/core": {
+          "optional": true
+        },
+        "@swc/wasm": {
+          "optional": true
+        }
+      }
+    },
+    "../sdk/baseDist/node_modules/ts-pegjs": {
+      "version": "4.2.1",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "prettier": "^2.8.8",
+        "ts-morph": "^18.0.0"
+      },
+      "bin": {
+        "tspegjs": "dist/cli.mjs"
+      },
+      "peerDependencies": {
+        "peggy": "^3.0.2"
+      }
+    },
+    "../sdk/baseDist/node_modules/ts-pegjs/node_modules/prettier": {
+      "version": "2.8.8",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "prettier": "bin-prettier.js"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      },
+      "funding": {
+        "url": "https://github.com/prettier/prettier?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/tsx": {
+      "version": "4.19.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "~0.23.0",
+        "get-tsconfig": "^4.7.5"
+      },
+      "bin": {
+        "tsx": "dist/cli.mjs"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      }
+    },
+    "../sdk/baseDist/node_modules/type-detect": {
+      "version": "4.0.8",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "../sdk/baseDist/node_modules/type-fest": {
+      "version": "0.21.3",
+      "dev": true,
+      "license": "(MIT OR CC0-1.0)",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "../sdk/baseDist/node_modules/typescript": {
+      "version": "5.7.3",
+      "dev": true,
+      "license": "Apache-2.0",
+      "peer": true,
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "../sdk/baseDist/node_modules/undici-types": {
+      "version": "6.20.0",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/update-browserslist-db": {
+      "version": "1.1.1",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/browserslist"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "escalade": "^3.2.0",
+        "picocolors": "^1.1.0"
+      },
+      "bin": {
+        "update-browserslist-db": "cli.js"
+      },
+      "peerDependencies": {
+        "browserslist": ">= 4.21.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/v8-compile-cache-lib": {
+      "version": "3.0.1",
+      "dev": true,
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/v8-to-istanbul": {
+      "version": "9.3.0",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "^0.3.12",
+        "@types/istanbul-lib-coverage": "^2.0.1",
+        "convert-source-map": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10.12.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/walker": {
+      "version": "1.0.8",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "makeerror": "1.0.12"
+      }
+    },
+    "../sdk/baseDist/node_modules/webidl-conversions": {
+      "version": "3.0.1",
+      "license": "BSD-2-Clause"
+    },
+    "../sdk/baseDist/node_modules/whatwg-fetch": {
+      "version": "3.6.20",
+      "license": "MIT"
+    },
+    "../sdk/baseDist/node_modules/whatwg-url": {
+      "version": "5.0.0",
+      "license": "MIT",
+      "dependencies": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/which": {
+      "version": "2.0.2",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "isexe": "^2.0.0"
+      },
+      "bin": {
+        "node-which": "bin/node-which"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "../sdk/baseDist/node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "../sdk/baseDist/node_modules/wrappy": {
+      "version": "1.0.2",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/write-file-atomic": {
+      "version": "4.0.2",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "imurmurhash": "^0.1.4",
+        "signal-exit": "^3.0.7"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "../sdk/baseDist/node_modules/y18n": {
+      "version": "5.0.8",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "../sdk/baseDist/node_modules/yallist": {
+      "version": "3.1.1",
+      "dev": true,
+      "license": "ISC"
+    },
+    "../sdk/baseDist/node_modules/yaml": {
+      "version": "2.7.1",
+      "license": "ISC",
+      "bin": {
+        "yaml": "bin.mjs"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "../sdk/baseDist/node_modules/yargs": {
+      "version": "17.7.2",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cliui": "^8.0.1",
+        "escalade": "^3.1.1",
+        "get-caller-file": "^2.0.5",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.3",
+        "y18n": "^5.0.5",
+        "yargs-parser": "^21.1.1"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "../sdk/baseDist/node_modules/yargs-parser": {
+      "version": "21.1.1",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "../sdk/baseDist/node_modules/yn": {
+      "version": "3.1.1",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "../sdk/baseDist/node_modules/yocto-queue": {
+      "version": "0.1.0",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/@algolia/abtesting": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@algolia/abtesting/-/abtesting-1.1.0.tgz",
-      "integrity": "sha512-sEyWjw28a/9iluA37KLGu8vjxEIlb60uxznfTUmXImy7H5NvbpSO6yYgmgH5KiD7j+zTUUihiST0jEP12IoXow==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -160,8 +5631,6 @@
     },
     "node_modules/@algolia/client-abtesting": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/client-abtesting/-/client-abtesting-5.35.0.tgz",
-      "integrity": "sha512-uUdHxbfHdoppDVflCHMxRlj49/IllPwwQ2cQ8DLC4LXr3kY96AHBpW0dMyi6ygkn2MtFCc6BxXCzr668ZRhLBQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -176,8 +5645,6 @@
     },
     "node_modules/@algolia/client-analytics": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/client-analytics/-/client-analytics-5.35.0.tgz",
-      "integrity": "sha512-SunAgwa9CamLcRCPnPHx1V2uxdQwJGqb1crYrRWktWUdld0+B2KyakNEeVn5lln4VyeNtW17Ia7V7qBWyM/Skw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -192,8 +5659,6 @@
     },
     "node_modules/@algolia/client-common": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.35.0.tgz",
-      "integrity": "sha512-ipE0IuvHu/bg7TjT2s+187kz/E3h5ssfTtjpg1LbWMgxlgiaZIgTTbyynM7NfpSJSKsgQvCQxWjGUO51WSCu7w==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -202,8 +5667,6 @@
     },
     "node_modules/@algolia/client-insights": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/client-insights/-/client-insights-5.35.0.tgz",
-      "integrity": "sha512-UNbCXcBpqtzUucxExwTSfAe8gknAJ485NfPN6o1ziHm6nnxx97piIbcBQ3edw823Tej2Wxu1C0xBY06KgeZ7gA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -218,8 +5681,6 @@
     },
     "node_modules/@algolia/client-personalization": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/client-personalization/-/client-personalization-5.35.0.tgz",
-      "integrity": "sha512-/KWjttZ6UCStt4QnWoDAJ12cKlQ+fkpMtyPmBgSS2WThJQdSV/4UWcqCUqGH7YLbwlj3JjNirCu3Y7uRTClxvA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -234,8 +5695,6 @@
     },
     "node_modules/@algolia/client-query-suggestions": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/client-query-suggestions/-/client-query-suggestions-5.35.0.tgz",
-      "integrity": "sha512-8oCuJCFf/71IYyvQQC+iu4kgViTODbXDk3m7yMctEncRSRV+u2RtDVlpGGfPlJQOrAY7OONwJlSHkmbbm2Kp/w==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -250,8 +5709,6 @@
     },
     "node_modules/@algolia/client-search": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.35.0.tgz",
-      "integrity": "sha512-FfmdHTrXhIduWyyuko1YTcGLuicVbhUyRjO3HbXE4aP655yKZgdTIfMhZ/V5VY9bHuxv/fGEh3Od1Lvv2ODNTg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -266,8 +5723,6 @@
     },
     "node_modules/@algolia/ingestion": {
       "version": "1.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/ingestion/-/ingestion-1.35.0.tgz",
-      "integrity": "sha512-gPzACem9IL1Co8mM1LKMhzn1aSJmp+Vp434An4C0OBY4uEJRcqsLN3uLBlY+bYvFg8C8ImwM9YRiKczJXRk0XA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -282,8 +5737,6 @@
     },
     "node_modules/@algolia/monitoring": {
       "version": "1.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/monitoring/-/monitoring-1.35.0.tgz",
-      "integrity": "sha512-w9MGFLB6ashI8BGcQoVt7iLgDIJNCn4OIu0Q0giE3M2ItNrssvb8C0xuwJQyTy1OFZnemG0EB1OvXhIHOvQwWw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -298,8 +5751,6 @@
     },
     "node_modules/@algolia/recommend": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/recommend/-/recommend-5.35.0.tgz",
-      "integrity": "sha512-AhrVgaaXAb8Ue0u2nuRWwugt0dL5UmRgS9LXe0Hhz493a8KFeZVUE56RGIV3hAa6tHzmAV7eIoqcWTQvxzlJeQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -314,8 +5765,6 @@
     },
     "node_modules/@algolia/requester-browser-xhr": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.35.0.tgz",
-      "integrity": "sha512-diY415KLJZ6x1Kbwl9u96Jsz0OstE3asjXtJ9pmk1d+5gPuQ5jQyEsgC+WmEXzlec3iuVszm8AzNYYaqw6B+Zw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -327,8 +5776,6 @@
     },
     "node_modules/@algolia/requester-fetch": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.35.0.tgz",
-      "integrity": "sha512-uydqnSmpAjrgo8bqhE9N1wgcB98psTRRQXcjc4izwMB7yRl9C8uuAQ/5YqRj04U0mMQ+fdu2fcNF6m9+Z1BzDQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -340,8 +5787,6 @@
     },
     "node_modules/@algolia/requester-node-http": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.35.0.tgz",
-      "integrity": "sha512-RgLX78ojYOrThJHrIiPzT4HW3yfQa0D7K+MQ81rhxqaNyNBu4F1r+72LNHYH/Z+y9I1Mrjrd/c/Ue5zfDgAEjQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -353,8 +5798,6 @@
     },
     "node_modules/@ampproject/remapping": {
       "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz",
-      "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -367,8 +5810,6 @@
     },
     "node_modules/@angular-devkit/architect": {
       "version": "0.2003.13",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.2003.13.tgz",
-      "integrity": "sha512-JyH6Af6PNC1IHJToColFk1RaXDU87mpPjz7M5sWDfn8bC+KBipw6dSdRkCEuw0D9HY1lZkC9EBV9k9GhpvHjCQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -383,8 +5824,6 @@
     },
     "node_modules/@angular-devkit/core": {
       "version": "20.3.13",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-20.3.13.tgz",
-      "integrity": "sha512-/D84T1Caxll3I2sRihPDR9UaWBhF50M+tAX15PdP6uSh/TxwAlLl9p7Rm1bD0mPjPercqaEKA+h9a9qLP16hug==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -411,8 +5850,6 @@
     },
     "node_modules/@angular-devkit/schematics": {
       "version": "20.3.13",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-20.3.13.tgz",
-      "integrity": "sha512-hdMKY4rUTko8xqeWYGnwwDYDomkeOoLsYsP6SdaHWK7hpGvzWsT6Q/aIv8J8NrCYkLu+M+5nLiKOooweUZu3GQ==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -430,8 +5867,6 @@
     },
     "node_modules/@angular-experts/hawkeye": {
       "version": "1.7.2",
-      "resolved": "https://registry.npmjs.org/@angular-experts/hawkeye/-/hawkeye-1.7.2.tgz",
-      "integrity": "sha512-6i6XJfWnyeeJICNsTieAr2CAPw4rNg7uWpu382EkneONaVkjbekVCQD0TO5SeXXxfc4L/JskrJe+HCuw9ys+pg==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -448,8 +5883,6 @@
     },
     "node_modules/@angular/animations": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/animations/-/animations-20.3.15.tgz",
-      "integrity": "sha512-ikyKfhkxoqQA6JcBN0B9RaN6369sM1XYX81Id0lI58dmWCe7gYfrTp8ejqxxKftl514psQO3pkW8Gn1nJ131Gw==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -464,8 +5897,6 @@
     },
     "node_modules/@angular/build": {
       "version": "20.3.13",
-      "resolved": "https://registry.npmjs.org/@angular/build/-/build-20.3.13.tgz",
-      "integrity": "sha512-/5pM3ZS+lLkZgA+n6TMmNV8I6t9Ow1C6Vkj6bXqWeOgFDH5LwnIEZFAKzEDBkCGos0m2gPKPcREcDD5tfp9h4g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -563,8 +5994,6 @@
     },
     "node_modules/@angular/cdk": {
       "version": "20.2.14",
-      "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-20.2.14.tgz",
-      "integrity": "sha512-7bZxc01URbiPiIBWThQ69XwOxVduqEKN4PhpbF2AAyfMc/W8Hcr4VoIJOwL0O1Nkq5beS8pCAqoOeIgFyXd/kg==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -579,8 +6008,6 @@
     },
     "node_modules/@angular/cli": {
       "version": "20.3.13",
-      "resolved": "https://registry.npmjs.org/@angular/cli/-/cli-20.3.13.tgz",
-      "integrity": "sha512-G78I/HDJULloS2LSqfUfbmBlhDCbcWujIRWfuMnGsRf82TyGA2OEPe3IA/F8MrJfeOzPQim2fMyn24MqHL40Vg==",
       "devOptional": true,
       "license": "MIT",
       "peer": true,
@@ -615,8 +6042,6 @@
     },
     "node_modules/@angular/common": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/common/-/common-20.3.15.tgz",
-      "integrity": "sha512-k4mCXWRFiOHK3bUKfWkRQQ8KBPxW8TAJuKLYCsSHPCpMz6u0eA1F0VlrnOkZVKWPI792fOaEAWH2Y4PTaXlUHw==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -632,8 +6057,6 @@
     },
     "node_modules/@angular/compiler": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/compiler/-/compiler-20.3.15.tgz",
-      "integrity": "sha512-lMicIAFAKZXa+BCZWs3soTjNQPZZXrF/WMVDinm8dQcggNarnDj4UmXgKSyXkkyqK5SLfnLsXVzrX6ndVT6z7A==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -645,8 +6068,6 @@
     },
     "node_modules/@angular/compiler-cli": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/compiler-cli/-/compiler-cli-20.3.15.tgz",
-      "integrity": "sha512-8sJoxodxsfyZ8eJ5r6Bx7BCbazXYgsZ1+dE8t5u5rTQ6jNggwNtYEzkyReoD5xvP+MMtRkos3xpwq4rtFnpI6A==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -679,8 +6100,6 @@
     },
     "node_modules/@angular/core": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/core/-/core-20.3.15.tgz",
-      "integrity": "sha512-NMbX71SlTZIY9+rh/SPhRYFJU0pMJYW7z/TBD4lqiO+b0DTOIg1k7Pg9ydJGqSjFO1Z4dQaA6TteNuF99TJCNw==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -705,8 +6124,6 @@
     },
     "node_modules/@angular/forms": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/forms/-/forms-20.3.15.tgz",
-      "integrity": "sha512-gS5hQkinq52pm/7mxz4yHPCzEcmRWjtUkOVddPH0V1BW/HMni/p4Y6k2KqKBeGb9p8S5EAp6PDxDVLOPukp3mg==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -724,8 +6141,6 @@
     },
     "node_modules/@angular/language-service": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/language-service/-/language-service-20.3.15.tgz",
-      "integrity": "sha512-oD5rvAsZYzNqdJqMTYYp6T9yITG6axTI/j64v3qxHe+Y/PlHKfNHXcjENpA+LcR5wq0wtIE+s96APykCq9ouEQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -734,8 +6149,6 @@
     },
     "node_modules/@angular/platform-browser": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/platform-browser/-/platform-browser-20.3.15.tgz",
-      "integrity": "sha512-TxRM/wTW/oGXv/3/Iohn58yWoiYXOaeEnxSasiGNS1qhbkcKtR70xzxW6NjChBUYAixz2ERkLURkpx3pI8Q6Dw==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -757,8 +6170,6 @@
     },
     "node_modules/@angular/platform-browser-dynamic": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/platform-browser-dynamic/-/platform-browser-dynamic-20.3.15.tgz",
-      "integrity": "sha512-RizuRdBt0d6ongQ2y8cr8YsXFyjF8f91vFfpSNw+cFj+oiEmRC1txcWUlH5bPLD9qSDied8qazUi0Tb8VPQDGw==",
       "license": "MIT",
       "dependencies": {
         "tslib": "^2.3.0"
@@ -775,8 +6186,6 @@
     },
     "node_modules/@angular/pwa": {
       "version": "20.3.13",
-      "resolved": "https://registry.npmjs.org/@angular/pwa/-/pwa-20.3.13.tgz",
-      "integrity": "sha512-k5H5Pn32SeHRMlnTZgu1wsZ4RJVNZjzu9IMVaKn8hqOwlLIqjBeKi1Mlrg/sJk6bWp3VPRzAzR9s/GJQCAWXYQ==",
       "license": "MIT",
       "dependencies": {
         "@angular-devkit/schematics": "20.3.13",
@@ -799,8 +6208,6 @@
     },
     "node_modules/@angular/router": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/router/-/router-20.3.15.tgz",
-      "integrity": "sha512-6+qgk8swGSoAu7ISSY//GatAyCP36hEvvUgvjbZgkXLLH9yUQxdo77ij05aJ5s0OyB25q/JkqS8VTY0z1yE9NQ==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -818,8 +6225,6 @@
     },
     "node_modules/@angular/service-worker": {
       "version": "20.3.15",
-      "resolved": "https://registry.npmjs.org/@angular/service-worker/-/service-worker-20.3.15.tgz",
-      "integrity": "sha512-HCptODPVWg30XJwSueOz2zqsJjQ1chSscTs7FyIQcfuCTTthO35Lvz2Gtct8/GNHel9QNvvVwA5jrLjsU4dt1A==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -838,8 +6243,6 @@
     },
     "node_modules/@babel/code-frame": {
       "version": "7.27.1",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
-      "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -853,8 +6256,6 @@
     },
     "node_modules/@babel/compat-data": {
       "version": "7.28.5",
-      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.5.tgz",
-      "integrity": "sha512-6uFXyCayocRbqhZOB+6XcuZbkMNimwfVGFji8CTZnCzOHVGvDqzvitu1re2AU5LROliz7eQPhB8CpAMvnx9EjA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -863,8 +6264,6 @@
     },
     "node_modules/@babel/core": {
       "version": "7.28.3",
-      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.3.tgz",
-      "integrity": "sha512-yDBHV9kQNcr2/sUr9jghVyz9C3Y5G2zUM2H2lo+9mKv4sFgbA8s8Z9t8D1jiTkGoO/NoIfKMyKWr4s6CN23ZwQ==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -895,15 +6294,11 @@
     },
     "node_modules/@babel/core/node_modules/convert-source-map": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz",
-      "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@babel/core/node_modules/semver": {
       "version": "6.3.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
-      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
       "dev": true,
       "license": "ISC",
       "bin": {
@@ -912,8 +6307,6 @@
     },
     "node_modules/@babel/generator": {
       "version": "7.28.5",
-      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.5.tgz",
-      "integrity": "sha512-3EwLFhZ38J4VyIP6WNtt2kUdW9dokXA9Cr4IVIFHuCpZ3H8/YFOl5JjZHisrn1fATPBmKKqXzDFvh9fUwHz6CQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -929,8 +6322,6 @@
     },
     "node_modules/@babel/helper-annotate-as-pure": {
       "version": "7.27.3",
-      "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.27.3.tgz",
-      "integrity": "sha512-fXSwMQqitTGeHLBC08Eq5yXz2m37E4pJX1qAU1+2cNedz/ifv/bVXft90VeSav5nFO61EcNgwr0aJxbyPaWBPg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -942,8 +6333,6 @@
     },
     "node_modules/@babel/helper-compilation-targets": {
       "version": "7.27.2",
-      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz",
-      "integrity": "sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -959,8 +6348,6 @@
     },
     "node_modules/@babel/helper-compilation-targets/node_modules/semver": {
       "version": "6.3.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
-      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
       "dev": true,
       "license": "ISC",
       "bin": {
@@ -969,8 +6356,6 @@
     },
     "node_modules/@babel/helper-globals": {
       "version": "7.28.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
-      "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -979,8 +6364,6 @@
     },
     "node_modules/@babel/helper-module-imports": {
       "version": "7.27.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz",
-      "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -993,8 +6376,6 @@
     },
     "node_modules/@babel/helper-module-transforms": {
       "version": "7.28.3",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.3.tgz",
-      "integrity": "sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1011,8 +6392,6 @@
     },
     "node_modules/@babel/helper-split-export-declaration": {
       "version": "7.24.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.24.7.tgz",
-      "integrity": "sha512-oy5V7pD+UvfkEATUKvIjvIAH/xCzfsFVw7ygW2SI6NClZzquT+mwdTfgfdbUiceh6iQO0CHtCPsyze/MZ2YbAA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1024,8 +6403,6 @@
     },
     "node_modules/@babel/helper-string-parser": {
       "version": "7.27.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
-      "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1034,8 +6411,6 @@
     },
     "node_modules/@babel/helper-validator-identifier": {
       "version": "7.28.5",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
-      "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1044,8 +6419,6 @@
     },
     "node_modules/@babel/helper-validator-option": {
       "version": "7.27.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz",
-      "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1054,8 +6427,6 @@
     },
     "node_modules/@babel/helpers": {
       "version": "7.28.4",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.4.tgz",
-      "integrity": "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1068,8 +6439,6 @@
     },
     "node_modules/@babel/parser": {
       "version": "7.28.5",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.5.tgz",
-      "integrity": "sha512-KKBU1VGYR7ORr3At5HAtUQ+TV3SzRCXmA/8OdDZiLDBIZxVyzXuztPjfLd3BV1PRAQGCMWWSHYhL0F8d5uHBDQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1084,8 +6453,6 @@
     },
     "node_modules/@babel/template": {
       "version": "7.27.2",
-      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz",
-      "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1099,8 +6466,6 @@
     },
     "node_modules/@babel/traverse": {
       "version": "7.28.5",
-      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.5.tgz",
-      "integrity": "sha512-TCCj4t55U90khlYkVV/0TfkJkAkUg3jZFA3Neb7unZT8CPok7iiRfaX0F+WnqWqt7OxhOn0uBKXCw4lbL8W0aQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1118,8 +6483,6 @@
     },
     "node_modules/@babel/types": {
       "version": "7.28.5",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.5.tgz",
-      "integrity": "sha512-qQ5m48eI/MFLQ5PxQj4PFaprjyCTLI37ElWMmNs0K8Lk3dVeOdNpB3ks8jc7yM5CDmVC73eMVk/trk3fgmrUpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1132,8 +6495,6 @@
     },
     "node_modules/@cspotcode/source-map-support": {
       "version": "0.8.1",
-      "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz",
-      "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1145,8 +6506,6 @@
     },
     "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping": {
       "version": "0.3.9",
-      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz",
-      "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1154,282 +6513,8 @@
         "@jridgewell/sourcemap-codec": "^1.4.10"
       }
     },
-    "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.9.tgz",
-      "integrity": "sha512-OaGtL73Jck6pBKjNIe24BnFE6agGl+6KxDtTfHhy1HmhthfKouEcOhqpSL64K4/0WCtbKFLOdzD/44cJ4k9opA==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "aix"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/android-arm": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.9.tgz",
-      "integrity": "sha512-5WNI1DaMtxQ7t7B6xa572XMXpHAaI/9Hnhk8lcxF4zVN4xstUgTlvuGDorBguKEnZO70qwEcLpfifMLoxiPqHQ==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/android-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.9.tgz",
-      "integrity": "sha512-IDrddSmpSv51ftWslJMvl3Q2ZT98fUSL2/rlUXuVqRXHCs5EUF1/f+jbjF5+NG9UffUDMCiTyh8iec7u8RlTLg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/android-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.9.tgz",
-      "integrity": "sha512-I853iMZ1hWZdNllhVZKm34f4wErd4lMyeV7BLzEExGEIZYsOzqDWDf+y082izYUE8gtJnYHdeDpN/6tUdwvfiw==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/darwin-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.9.tgz",
-      "integrity": "sha512-XIpIDMAjOELi/9PB30vEbVMs3GV1v2zkkPnuyRRURbhqjyzIINwj+nbQATh4H9GxUgH1kFsEyQMxwiLFKUS6Rg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/darwin-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.9.tgz",
-      "integrity": "sha512-jhHfBzjYTA1IQu8VyrjCX4ApJDnH+ez+IYVEoJHeqJm9VhG9Dh2BYaJritkYK3vMaXrf7Ogr/0MQ8/MeIefsPQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.9.tgz",
-      "integrity": "sha512-z93DmbnY6fX9+KdD4Ue/H6sYs+bhFQJNCPZsi4XWJoYblUqT06MQUdBCpcSfuiN72AbqeBFu5LVQTjfXDE2A6Q==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/freebsd-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.9.tgz",
-      "integrity": "sha512-mrKX6H/vOyo5v71YfXWJxLVxgy1kyt1MQaD8wZJgJfG4gq4DpQGpgTB74e5yBeQdyMTbgxp0YtNj7NuHN0PoZg==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/linux-arm": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.9.tgz",
-      "integrity": "sha512-HBU2Xv78SMgaydBmdor38lg8YDnFKSARg1Q6AT0/y2ezUAKiZvc211RDFHlEZRFNRVhcMamiToo7bDx3VEOYQw==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/linux-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.9.tgz",
-      "integrity": "sha512-BlB7bIcLT3G26urh5Dmse7fiLmLXnRlopw4s8DalgZ8ef79Jj4aUcYbk90g8iCa2467HX8SAIidbL7gsqXHdRw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/linux-ia32": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.9.tgz",
-      "integrity": "sha512-e7S3MOJPZGp2QW6AK6+Ly81rC7oOSerQ+P8L0ta4FhVi+/j/v2yZzx5CqqDaWjtPFfYz21Vi1S0auHrap3Ma3A==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/linux-loong64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.9.tgz",
-      "integrity": "sha512-Sbe10Bnn0oUAB2AalYztvGcK+o6YFFA/9829PhOCUS9vkJElXGdphz0A3DbMdP8gmKkqPmPcMJmJOrI3VYB1JQ==",
-      "cpu": [
-        "loong64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/linux-mips64el": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.9.tgz",
-      "integrity": "sha512-YcM5br0mVyZw2jcQeLIkhWtKPeVfAerES5PvOzaDxVtIyZ2NUBZKNLjC5z3/fUlDgT6w89VsxP2qzNipOaaDyA==",
-      "cpu": [
-        "mips64el"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/linux-ppc64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.9.tgz",
-      "integrity": "sha512-++0HQvasdo20JytyDpFvQtNrEsAgNG2CY1CLMwGXfFTKGBGQT3bOeLSYE2l1fYdvML5KUuwn9Z8L1EWe2tzs1w==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/linux-riscv64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.9.tgz",
-      "integrity": "sha512-uNIBa279Y3fkjV+2cUjx36xkx7eSjb8IvnL01eXUKXez/CBHNRw5ekCGMPM0BcmqBxBcdgUWuUXmVWwm4CH9kg==",
-      "cpu": [
-        "riscv64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/linux-s390x": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.9.tgz",
-      "integrity": "sha512-Mfiphvp3MjC/lctb+7D287Xw1DGzqJPb/J2aHHcHxflUo+8tmN/6d4k6I2yFR7BVo5/g7x2Monq4+Yew0EHRIA==",
-      "cpu": [
-        "s390x"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
     "node_modules/@esbuild/linux-x64": {
       "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.9.tgz",
-      "integrity": "sha512-iSwByxzRe48YVkmpbgoxVzn76BXjlYFXC7NvLYq+b+kDjyyk30J0JY47DIn8z1MO3K0oSl9fZoRmZPQI4Hklzg==",
       "cpu": [
         "x64"
       ],
@@ -1443,163 +6528,8 @@
         "node": ">=18"
       }
     },
-    "node_modules/@esbuild/netbsd-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.9.tgz",
-      "integrity": "sha512-9jNJl6FqaUG+COdQMjSCGW4QiMHH88xWbvZ+kRVblZsWrkXlABuGdFJ1E9L7HK+T0Yqd4akKNa/lO0+jDxQD4Q==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "netbsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/netbsd-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.9.tgz",
-      "integrity": "sha512-RLLdkflmqRG8KanPGOU7Rpg829ZHu8nFy5Pqdi9U01VYtG9Y0zOG6Vr2z4/S+/3zIyOxiK6cCeYNWOFR9QP87g==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "netbsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/openbsd-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.9.tgz",
-      "integrity": "sha512-YaFBlPGeDasft5IIM+CQAhJAqS3St3nJzDEgsgFixcfZeyGPCd6eJBWzke5piZuZ7CtL656eOSYKk4Ls2C0FRQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openbsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/openbsd-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.9.tgz",
-      "integrity": "sha512-1MkgTCuvMGWuqVtAvkpkXFmtL8XhWy+j4jaSO2wxfJtilVCi0ZE37b8uOdMItIHz4I6z1bWWtEX4CJwcKYLcuA==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openbsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/openharmony-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.9.tgz",
-      "integrity": "sha512-4Xd0xNiMVXKh6Fa7HEJQbrpP3m3DDn43jKxMjxLLRjWnRsfxjORYJlXPO4JNcXtOyfajXorRKY9NkOpTHptErg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openharmony"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/sunos-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.9.tgz",
-      "integrity": "sha512-WjH4s6hzo00nNezhp3wFIAfmGZ8U7KtrJNlFMRKxiI9mxEK1scOMAaa9i4crUtu+tBr+0IN6JCuAcSBJZfnphw==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "sunos"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/win32-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.9.tgz",
-      "integrity": "sha512-mGFrVJHmZiRqmP8xFOc6b84/7xa5y5YvR1x8djzXpJBSv/UsNK6aqec+6JDjConTgvvQefdGhFDAs2DLAds6gQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/win32-ia32": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.9.tgz",
-      "integrity": "sha512-b33gLVU2k11nVx1OhX3C8QQP6UHQK4ZtN56oFWvVXvz2VkDoe6fbG8TOgHFxEvqeqohmRnIHe5A1+HADk4OQww==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@esbuild/win32-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.9.tgz",
-      "integrity": "sha512-PPOl1mi6lpLNQxnGoyAfschAodRFYXJ+9fs6WHXz7CSWKbOqiMZsubC+BQsVKuul+3vKLuwTHsS2c2y9EoKwxQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
     "node_modules/@inquirer/ansi": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/@inquirer/ansi/-/ansi-1.0.2.tgz",
-      "integrity": "sha512-S8qNSZiYzFd0wAcyG5AXCvUHC5Sr7xpZ9wZ2py9XR88jUz8wooStVx5M6dRzczbBWjic9NP7+rY0Xi7qqK/aMQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -1608,8 +6538,6 @@
     },
     "node_modules/@inquirer/checkbox": {
       "version": "4.3.2",
-      "resolved": "https://registry.npmjs.org/@inquirer/checkbox/-/checkbox-4.3.2.tgz",
-      "integrity": "sha512-VXukHf0RR1doGe6Sm4F0Em7SWYLTHSsbGfJdS9Ja2bX5/D5uwVOEjr07cncLROdBvmnvCATYEWlHqYmXv2IlQA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1633,8 +6561,6 @@
     },
     "node_modules/@inquirer/confirm": {
       "version": "5.1.14",
-      "resolved": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-5.1.14.tgz",
-      "integrity": "sha512-5yR4IBfe0kXe59r1YCTG8WXkUbl7Z35HK87Sw+WUyGD8wNUx7JvY7laahzeytyE1oLn74bQnL7hstctQxisQ8Q==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1655,8 +6581,6 @@
     },
     "node_modules/@inquirer/core": {
       "version": "10.3.2",
-      "resolved": "https://registry.npmjs.org/@inquirer/core/-/core-10.3.2.tgz",
-      "integrity": "sha512-43RTuEbfP8MbKzedNqBrlhhNKVwoK//vUFNW3Q3vZ88BLcrs4kYpGg+B2mm5p2K/HfygoCxuKwJJiv8PbGmE0A==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1683,8 +6607,6 @@
     },
     "node_modules/@inquirer/editor": {
       "version": "4.2.23",
-      "resolved": "https://registry.npmjs.org/@inquirer/editor/-/editor-4.2.23.tgz",
-      "integrity": "sha512-aLSROkEwirotxZ1pBaP8tugXRFCxW94gwrQLxXfrZsKkfjOYC1aRvAZuhpJOb5cu4IBTJdsCigUlf2iCOu4ZDQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1706,8 +6628,6 @@
     },
     "node_modules/@inquirer/expand": {
       "version": "4.0.23",
-      "resolved": "https://registry.npmjs.org/@inquirer/expand/-/expand-4.0.23.tgz",
-      "integrity": "sha512-nRzdOyFYnpeYTTR2qFwEVmIWypzdAx/sIkCMeTNTcflFOovfqUk+HcFhQQVBftAh9gmGrpFj6QcGEqrDMDOiew==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1729,8 +6649,6 @@
     },
     "node_modules/@inquirer/external-editor": {
       "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/@inquirer/external-editor/-/external-editor-1.0.3.tgz",
-      "integrity": "sha512-RWbSrDiYmO4LbejWY7ttpxczuwQyZLBUyygsA9Nsv95hpzUWwnNTVQmAq3xuh7vNwCp07UTmE5i11XAEExx4RA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1751,8 +6669,6 @@
     },
     "node_modules/@inquirer/figures": {
       "version": "1.0.15",
-      "resolved": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.15.tgz",
-      "integrity": "sha512-t2IEY+unGHOzAaVM5Xx6DEWKeXlDDcNPeDyUpsRc6CUhBfU3VQOEl+Vssh7VNp1dR8MdUJBWhuObjXCsVpjN5g==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -1761,8 +6677,6 @@
     },
     "node_modules/@inquirer/input": {
       "version": "4.3.1",
-      "resolved": "https://registry.npmjs.org/@inquirer/input/-/input-4.3.1.tgz",
-      "integrity": "sha512-kN0pAM4yPrLjJ1XJBjDxyfDduXOuQHrBB8aLDMueuwUGn+vNpF7Gq7TvyVxx8u4SHlFFj4trmj+a2cbpG4Jn1g==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1783,8 +6697,6 @@
     },
     "node_modules/@inquirer/number": {
       "version": "3.0.23",
-      "resolved": "https://registry.npmjs.org/@inquirer/number/-/number-3.0.23.tgz",
-      "integrity": "sha512-5Smv0OK7K0KUzUfYUXDXQc9jrf8OHo4ktlEayFlelCjwMXz0299Y8OrI+lj7i4gCBY15UObk76q0QtxjzFcFcg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1805,8 +6717,6 @@
     },
     "node_modules/@inquirer/password": {
       "version": "4.0.23",
-      "resolved": "https://registry.npmjs.org/@inquirer/password/-/password-4.0.23.tgz",
-      "integrity": "sha512-zREJHjhT5vJBMZX/IUbyI9zVtVfOLiTO66MrF/3GFZYZ7T4YILW5MSkEYHceSii/KtRk+4i3RE7E1CUXA2jHcA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1828,8 +6738,6 @@
     },
     "node_modules/@inquirer/prompts": {
       "version": "7.8.2",
-      "resolved": "https://registry.npmjs.org/@inquirer/prompts/-/prompts-7.8.2.tgz",
-      "integrity": "sha512-nqhDw2ZcAUrKNPwhjinJny903bRhI0rQhiDz1LksjeRxqa36i3l75+4iXbOy0rlDpLJGxqtgoPavQjmmyS5UJw==",
       "devOptional": true,
       "license": "MIT",
       "peer": true,
@@ -1859,8 +6767,6 @@
     },
     "node_modules/@inquirer/rawlist": {
       "version": "4.1.11",
-      "resolved": "https://registry.npmjs.org/@inquirer/rawlist/-/rawlist-4.1.11.tgz",
-      "integrity": "sha512-+LLQB8XGr3I5LZN/GuAHo+GpDJegQwuPARLChlMICNdwW7OwV2izlCSCxN6cqpL0sMXmbKbFcItJgdQq5EBXTw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1882,8 +6788,6 @@
     },
     "node_modules/@inquirer/search": {
       "version": "3.2.2",
-      "resolved": "https://registry.npmjs.org/@inquirer/search/-/search-3.2.2.tgz",
-      "integrity": "sha512-p2bvRfENXCZdWF/U2BXvnSI9h+tuA8iNqtUKb9UWbmLYCRQxd8WkvwWvYn+3NgYaNwdUkHytJMGG4MMLucI1kA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1906,8 +6810,6 @@
     },
     "node_modules/@inquirer/select": {
       "version": "4.4.2",
-      "resolved": "https://registry.npmjs.org/@inquirer/select/-/select-4.4.2.tgz",
-      "integrity": "sha512-l4xMuJo55MAe+N7Qr4rX90vypFwCajSakx59qe/tMaC1aEHWLyw68wF4o0A4SLAY4E0nd+Vt+EyskeDIqu1M6w==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1931,8 +6833,6 @@
     },
     "node_modules/@inquirer/type": {
       "version": "3.0.10",
-      "resolved": "https://registry.npmjs.org/@inquirer/type/-/type-3.0.10.tgz",
-      "integrity": "sha512-BvziSRxfz5Ov8ch0z/n3oijRSEcEsHnhggm4xFZe93DHcUCTlutlq9Ox4SVENAfcRD22UQq7T/atg9Wr3k09eA==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -1949,8 +6849,6 @@
     },
     "node_modules/@isaacs/balanced-match": {
       "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz",
-      "integrity": "sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -1959,8 +6857,6 @@
     },
     "node_modules/@isaacs/brace-expansion": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz",
-      "integrity": "sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -1972,8 +6868,6 @@
     },
     "node_modules/@isaacs/cliui": {
       "version": "8.0.2",
-      "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
-      "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -1990,15 +6884,11 @@
     },
     "node_modules/@isaacs/cliui/node_modules/emoji-regex": {
       "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
-      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/@isaacs/cliui/node_modules/string-width": {
       "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
-      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -2015,8 +6905,6 @@
     },
     "node_modules/@isaacs/cliui/node_modules/wrap-ansi": {
       "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
-      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -2033,8 +6921,6 @@
     },
     "node_modules/@isaacs/fs-minipass": {
       "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz",
-      "integrity": "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -2046,8 +6932,6 @@
     },
     "node_modules/@istanbuljs/schema": {
       "version": "0.1.3",
-      "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz",
-      "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2056,8 +6940,6 @@
     },
     "node_modules/@jridgewell/gen-mapping": {
       "version": "0.3.13",
-      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
-      "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2067,8 +6949,6 @@
     },
     "node_modules/@jridgewell/resolve-uri": {
       "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
-      "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2077,14 +6957,10 @@
     },
     "node_modules/@jridgewell/sourcemap-codec": {
       "version": "1.5.5",
-      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz",
-      "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==",
       "license": "MIT"
     },
     "node_modules/@jridgewell/trace-mapping": {
       "version": "0.3.31",
-      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz",
-      "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2094,8 +6970,6 @@
     },
     "node_modules/@listr2/prompt-adapter-inquirer": {
       "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@listr2/prompt-adapter-inquirer/-/prompt-adapter-inquirer-3.0.1.tgz",
-      "integrity": "sha512-3XFmGwm3u6ioREG+ynAQB7FoxfajgQnMhIu8wC5eo/Lsih4aKDg0VuIMGaOsYn7hJSJagSeaD4K8yfpkEoDEmA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -2109,66 +6983,8 @@
         "listr2": "9.0.1"
       }
     },
-    "node_modules/@lmdb/lmdb-darwin-arm64": {
-      "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/@lmdb/lmdb-darwin-arm64/-/lmdb-darwin-arm64-3.4.2.tgz",
-      "integrity": "sha512-NK80WwDoODyPaSazKbzd3NEJ3ygePrkERilZshxBViBARNz21rmediktGHExoj9n5t9+ChlgLlxecdFKLCuCKg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ]
-    },
-    "node_modules/@lmdb/lmdb-darwin-x64": {
-      "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/@lmdb/lmdb-darwin-x64/-/lmdb-darwin-x64-3.4.2.tgz",
-      "integrity": "sha512-zevaowQNmrp3U7Fz1s9pls5aIgpKRsKb3dZWDINtLiozh3jZI9fBrI19lYYBxqdyiIyNdlyiidPnwPShj4aK+w==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ]
-    },
-    "node_modules/@lmdb/lmdb-linux-arm": {
-      "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/@lmdb/lmdb-linux-arm/-/lmdb-linux-arm-3.4.2.tgz",
-      "integrity": "sha512-OmHCULY17rkx/RoCoXlzU7LyR8xqrksgdYWwtYa14l/sseezZ8seKWXcogHcjulBddER5NnEFV4L/Jtr2nyxeg==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@lmdb/lmdb-linux-arm64": {
-      "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/@lmdb/lmdb-linux-arm64/-/lmdb-linux-arm64-3.4.2.tgz",
-      "integrity": "sha512-ZBEfbNZdkneebvZs98Lq30jMY8V9IJzckVeigGivV7nTHJc+89Ctomp1kAIWKlwIG0ovCDrFI448GzFPORANYg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
     "node_modules/@lmdb/lmdb-linux-x64": {
       "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/@lmdb/lmdb-linux-x64/-/lmdb-linux-x64-3.4.2.tgz",
-      "integrity": "sha512-vL9nM17C77lohPYE4YaAQvfZCSVJSryE4fXdi8M7uWPBnU+9DJabgKVAeyDb84ZM2vcFseoBE4/AagVtJeRE7g==",
       "cpu": [
         "x64"
       ],
@@ -2179,38 +6995,8 @@
         "linux"
       ]
     },
-    "node_modules/@lmdb/lmdb-win32-arm64": {
-      "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/@lmdb/lmdb-win32-arm64/-/lmdb-win32-arm64-3.4.2.tgz",
-      "integrity": "sha512-SXWjdBfNDze4ZPeLtYIzsIeDJDJ/SdsA0pEXcUBayUIMO0FQBHfVZZyHXQjjHr4cvOAzANBgIiqaXRwfMhzmLw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
-    "node_modules/@lmdb/lmdb-win32-x64": {
-      "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/@lmdb/lmdb-win32-x64/-/lmdb-win32-x64-3.4.2.tgz",
-      "integrity": "sha512-IY+r3bxKW6Q6sIPiMC0L533DEfRJSXibjSI3Ft/w9Q8KQBNqEIvUFXt+09wV8S5BRk0a8uSF19YWxuRwEfI90g==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
     "node_modules/@maskito/angular": {
       "version": "3.11.1",
-      "resolved": "https://registry.npmjs.org/@maskito/angular/-/angular-3.11.1.tgz",
-      "integrity": "sha512-+OZzbRJj/9fOGhgPr0xYctSHe/Ngahip3VdNWBslRTpt7g+UTBYcB8vU9J4cHfpdXYeLM3tM0tnKksc3Eis0+Q==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -2224,15 +7010,11 @@
     },
     "node_modules/@maskito/core": {
       "version": "3.11.1",
-      "resolved": "https://registry.npmjs.org/@maskito/core/-/core-3.11.1.tgz",
-      "integrity": "sha512-zN5k/BiZXblo8mEFhsGnnXBCqKMkjEGArorOOcpB1/ymZyqF12Dk6IipEsSE6abMnWw4YF2tukzfq73BFZKz8A==",
       "license": "Apache-2.0",
       "peer": true
     },
     "node_modules/@maskito/kit": {
       "version": "3.11.1",
-      "resolved": "https://registry.npmjs.org/@maskito/kit/-/kit-3.11.1.tgz",
-      "integrity": "sha512-KOBUqxRz383xJWCoe+Emwxv2oAzUrZobIN+Gntmi5Py2S10XbqYnGX/6W7QHN8CUK2Nx11d3HsxbEQaq5Hinjg==",
       "license": "Apache-2.0",
       "peer": true,
       "peerDependencies": {
@@ -2241,8 +7023,6 @@
     },
     "node_modules/@maskito/phone": {
       "version": "3.11.1",
-      "resolved": "https://registry.npmjs.org/@maskito/phone/-/phone-3.11.1.tgz",
-      "integrity": "sha512-ptNDPIZQs/v598qydBa9cnvoCE8+k2Sv07kKKVx3vG0V40DQnIlEL+LYKrJJbMIiPOB6CH90hB9eaA9KKReZ6w==",
       "license": "Apache-2.0",
       "peer": true,
       "peerDependencies": {
@@ -2253,8 +7033,6 @@
     },
     "node_modules/@materia-ui/ngx-monaco-editor": {
       "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/@materia-ui/ngx-monaco-editor/-/ngx-monaco-editor-6.0.0.tgz",
-      "integrity": "sha512-gTqNQjOGznZxOC0NlmKdKSGCJuTts8YmK4dsTQAGc5IgIV7cZdQWiW6AL742h0ruED6q0cAunEYjXT6jzHBoIQ==",
       "license": "MIT",
       "dependencies": {
         "tslib": "^2.0.0"
@@ -2266,8 +7044,6 @@
     },
     "node_modules/@modelcontextprotocol/sdk": {
       "version": "1.24.0",
-      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.24.0.tgz",
-      "integrity": "sha512-D8h5KXY2vHFW8zTuxn2vuZGN0HGrQ5No6LkHwlEA9trVgNdPL3TF1dSqKA7Dny6BbBYKSW/rOBDXdC8KJAjUCg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -2304,74 +7080,14 @@
     },
     "node_modules/@modelcontextprotocol/sdk/node_modules/jose": {
       "version": "6.1.3",
-      "resolved": "https://registry.npmjs.org/jose/-/jose-6.1.3.tgz",
-      "integrity": "sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ==",
       "devOptional": true,
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/panva"
       }
     },
-    "node_modules/@msgpackr-extract/msgpackr-extract-darwin-arm64": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@msgpackr-extract/msgpackr-extract-darwin-arm64/-/msgpackr-extract-darwin-arm64-3.0.3.tgz",
-      "integrity": "sha512-QZHtlVgbAdy2zAqNA9Gu1UpIuI8Xvsd1v8ic6B2pZmeFnFcMWiPLfWXh7TVw4eGEZ/C9TH281KwhVoeQUKbyjw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ]
-    },
-    "node_modules/@msgpackr-extract/msgpackr-extract-darwin-x64": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@msgpackr-extract/msgpackr-extract-darwin-x64/-/msgpackr-extract-darwin-x64-3.0.3.tgz",
-      "integrity": "sha512-mdzd3AVzYKuUmiWOQ8GNhl64/IoFGol569zNRdkLReh6LRLHOXxU4U8eq0JwaD8iFHdVGqSy4IjFL4reoWCDFw==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ]
-    },
-    "node_modules/@msgpackr-extract/msgpackr-extract-linux-arm": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@msgpackr-extract/msgpackr-extract-linux-arm/-/msgpackr-extract-linux-arm-3.0.3.tgz",
-      "integrity": "sha512-fg0uy/dG/nZEXfYilKoRe7yALaNmHoYeIoJuJ7KJ+YyU2bvY8vPv27f7UKhGRpY6euFYqEVhxCFZgAUNQBM3nw==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@msgpackr-extract/msgpackr-extract-linux-arm64": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@msgpackr-extract/msgpackr-extract-linux-arm64/-/msgpackr-extract-linux-arm64-3.0.3.tgz",
-      "integrity": "sha512-YxQL+ax0XqBJDZiKimS2XQaf+2wDGVa1enVRGzEvLLVFeqa5kx2bWbtcSXgsxjQB7nRqqIGFIcLteF/sHeVtQg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
     "node_modules/@msgpackr-extract/msgpackr-extract-linux-x64": {
       "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@msgpackr-extract/msgpackr-extract-linux-x64/-/msgpackr-extract-linux-x64-3.0.3.tgz",
-      "integrity": "sha512-cvwNfbP07pKUfq1uH+S6KJ7dT9K8WOE4ZiAcsrSes+UY55E/0jLYc+vq+DO7jlmqRb5zAggExKm0H7O/CBaesg==",
       "cpu": [
         "x64"
       ],
@@ -2382,24 +7098,8 @@
         "linux"
       ]
     },
-    "node_modules/@msgpackr-extract/msgpackr-extract-win32-x64": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@msgpackr-extract/msgpackr-extract-win32-x64/-/msgpackr-extract-win32-x64-3.0.3.tgz",
-      "integrity": "sha512-x0fWaQtYp4E6sktbsdAqnehxDgEc/VwM7uLsRCYWaiGu0ykYdZPiS8zCWdnjHwyiumousxfBm4SO31eXqwEZhQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
     "node_modules/@napi-rs/nice": {
       "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice/-/nice-1.1.1.tgz",
-      "integrity": "sha512-xJIPs+bYuc9ASBl+cvGsKbGrJmS6fAKaSZCnT0lhahT5rhA2VVy9/EcIgd2JhtEuFOJNx7UHNn/qiTPTY4nrQw==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -2430,197 +7130,8 @@
         "@napi-rs/nice-win32-x64-msvc": "1.1.1"
       }
     },
-    "node_modules/@napi-rs/nice-android-arm-eabi": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-android-arm-eabi/-/nice-android-arm-eabi-1.1.1.tgz",
-      "integrity": "sha512-kjirL3N6TnRPv5iuHw36wnucNqXAO46dzK9oPb0wj076R5Xm8PfUVA9nAFB5ZNMmfJQJVKACAPd/Z2KYMppthw==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-android-arm64": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-android-arm64/-/nice-android-arm64-1.1.1.tgz",
-      "integrity": "sha512-blG0i7dXgbInN5urONoUCNf+DUEAavRffrO7fZSeoRMJc5qD+BJeNcpr54msPF6qfDD6kzs9AQJogZvT2KD5nw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-darwin-arm64": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-darwin-arm64/-/nice-darwin-arm64-1.1.1.tgz",
-      "integrity": "sha512-s/E7w45NaLqTGuOjC2p96pct4jRfo61xb9bU1unM/MJ/RFkKlJyJDx7OJI/O0ll/hrfpqKopuAFDV8yo0hfT7A==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-darwin-x64": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-darwin-x64/-/nice-darwin-x64-1.1.1.tgz",
-      "integrity": "sha512-dGoEBnVpsdcC+oHHmW1LRK5eiyzLwdgNQq3BmZIav+9/5WTZwBYX7r5ZkQC07Nxd3KHOCkgbHSh4wPkH1N1LiQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-freebsd-x64": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-freebsd-x64/-/nice-freebsd-x64-1.1.1.tgz",
-      "integrity": "sha512-kHv4kEHAylMYmlNwcQcDtXjklYp4FCf0b05E+0h6nDHsZ+F0bDe04U/tXNOqrx5CmIAth4vwfkjjUmp4c4JktQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-linux-arm-gnueabihf": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-linux-arm-gnueabihf/-/nice-linux-arm-gnueabihf-1.1.1.tgz",
-      "integrity": "sha512-E1t7K0efyKXZDoZg1LzCOLxgolxV58HCkaEkEvIYQx12ht2pa8hoBo+4OB3qh7e+QiBlp1SRf+voWUZFxyhyqg==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-linux-arm64-gnu": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-linux-arm64-gnu/-/nice-linux-arm64-gnu-1.1.1.tgz",
-      "integrity": "sha512-CIKLA12DTIZlmTaaKhQP88R3Xao+gyJxNWEn04wZwC2wmRapNnxCUZkVwggInMJvtVElA+D4ZzOU5sX4jV+SmQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-linux-arm64-musl": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-linux-arm64-musl/-/nice-linux-arm64-musl-1.1.1.tgz",
-      "integrity": "sha512-+2Rzdb3nTIYZ0YJF43qf2twhqOCkiSrHx2Pg6DJaCPYhhaxbLcdlV8hCRMHghQ+EtZQWGNcS2xF4KxBhSGeutg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-linux-ppc64-gnu": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-linux-ppc64-gnu/-/nice-linux-ppc64-gnu-1.1.1.tgz",
-      "integrity": "sha512-4FS8oc0GeHpwvv4tKciKkw3Y4jKsL7FRhaOeiPei0X9T4Jd619wHNe4xCLmN2EMgZoeGg+Q7GY7BsvwKpL22Tg==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-linux-riscv64-gnu": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-linux-riscv64-gnu/-/nice-linux-riscv64-gnu-1.1.1.tgz",
-      "integrity": "sha512-HU0nw9uD4FO/oGCCk409tCi5IzIZpH2agE6nN4fqpwVlCn5BOq0MS1dXGjXaG17JaAvrlpV5ZeyZwSon10XOXw==",
-      "cpu": [
-        "riscv64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-linux-s390x-gnu": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-linux-s390x-gnu/-/nice-linux-s390x-gnu-1.1.1.tgz",
-      "integrity": "sha512-2YqKJWWl24EwrX0DzCQgPLKQBxYDdBxOHot1KWEq7aY2uYeX+Uvtv4I8xFVVygJDgf6/92h9N3Y43WPx8+PAgQ==",
-      "cpu": [
-        "s390x"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
     "node_modules/@napi-rs/nice-linux-x64-gnu": {
       "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-linux-x64-gnu/-/nice-linux-x64-gnu-1.1.1.tgz",
-      "integrity": "sha512-/gaNz3R92t+dcrfCw/96pDopcmec7oCcAQ3l/M+Zxr82KT4DljD37CpgrnXV+pJC263JkW572pdbP3hP+KjcIg==",
       "cpu": [
         "x64"
       ],
@@ -2636,8 +7147,6 @@
     },
     "node_modules/@napi-rs/nice-linux-x64-musl": {
       "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-linux-x64-musl/-/nice-linux-x64-musl-1.1.1.tgz",
-      "integrity": "sha512-xScCGnyj/oppsNPMnevsBe3pvNaoK7FGvMjT35riz9YdhB2WtTG47ZlbxtOLpjeO9SqqQ2J2igCmz6IJOD5JYw==",
       "cpu": [
         "x64"
       ],
@@ -2651,78 +7160,8 @@
         "node": ">= 10"
       }
     },
-    "node_modules/@napi-rs/nice-openharmony-arm64": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-openharmony-arm64/-/nice-openharmony-arm64-1.1.1.tgz",
-      "integrity": "sha512-6uJPRVwVCLDeoOaNyeiW0gp2kFIM4r7PL2MczdZQHkFi9gVlgm+Vn+V6nTWRcu856mJ2WjYJiumEajfSm7arPQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openharmony"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-win32-arm64-msvc": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-win32-arm64-msvc/-/nice-win32-arm64-msvc-1.1.1.tgz",
-      "integrity": "sha512-uoTb4eAvM5B2aj/z8j+Nv8OttPf2m+HVx3UjA5jcFxASvNhQriyCQF1OB1lHL43ZhW+VwZlgvjmP5qF3+59atA==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-win32-ia32-msvc": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-win32-ia32-msvc/-/nice-win32-ia32-msvc-1.1.1.tgz",
-      "integrity": "sha512-CNQqlQT9MwuCsg1Vd/oKXiuH+TcsSPJmlAFc5frFyX/KkOh0UpBLEj7aoY656d5UKZQMQFP7vJNa1DNUNORvug==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@napi-rs/nice-win32-x64-msvc": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/nice-win32-x64-msvc/-/nice-win32-x64-msvc-1.1.1.tgz",
-      "integrity": "sha512-vB+4G/jBQCAh0jelMTY3+kgFy00Hlx2f2/1zjMoH821IbplbWZOkLiTYXQkygNTzQJTq5cvwBDgn2ppHD+bglQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
     "node_modules/@ng-web-apis/common": {
       "version": "4.14.0",
-      "resolved": "https://registry.npmjs.org/@ng-web-apis/common/-/common-4.14.0.tgz",
-      "integrity": "sha512-eLrpy9e8R+eJKRUWv06jauaDCJ/6/9llmHPTvmWH3yTS9HIn+twk5ZmyfNwFqA/r8g9Kt4Ap48YuaydQy00nuw==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -2736,8 +7175,6 @@
     },
     "node_modules/@ng-web-apis/intersection-observer": {
       "version": "4.14.0",
-      "resolved": "https://registry.npmjs.org/@ng-web-apis/intersection-observer/-/intersection-observer-4.14.0.tgz",
-      "integrity": "sha512-VDuak0+jDPwPttqQbgIYCD1tM2F7wKSXZWWUjFdNfkV47GspEPzzf12lY1eiltIiCB4cv6asZNs5ijnsxpnb9A==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -2750,8 +7187,6 @@
     },
     "node_modules/@ng-web-apis/mutation-observer": {
       "version": "4.14.0",
-      "resolved": "https://registry.npmjs.org/@ng-web-apis/mutation-observer/-/mutation-observer-4.14.0.tgz",
-      "integrity": "sha512-AUZDtVWN1rUSZoaB5AWhRYZ8DNSPoPQ2Ld8G8q9ocxfpslDHvjQQjUj5r0zHjAwKe1f9cNuow2nU+n6k3hF6ew==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -2764,8 +7199,6 @@
     },
     "node_modules/@ng-web-apis/platform": {
       "version": "4.14.0",
-      "resolved": "https://registry.npmjs.org/@ng-web-apis/platform/-/platform-4.14.0.tgz",
-      "integrity": "sha512-zmsbg0cEumppG6VlxIpM+ghJXBJ6G2mlTm+XmC9HYCnRJxYJjqIVRDZbYUQ4pGQHz4iJxRbp2C3VOndre72+3g==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -2774,8 +7207,6 @@
     },
     "node_modules/@ng-web-apis/resize-observer": {
       "version": "4.14.0",
-      "resolved": "https://registry.npmjs.org/@ng-web-apis/resize-observer/-/resize-observer-4.14.0.tgz",
-      "integrity": "sha512-W5VXT/y0Vv68Gx/2urgu/JmIQfv0jPtzfvGtyulgGALfBrnei4oVXvJe2aZmLb0/VkxH65qlYOKVEOGqBrwSwQ==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -2788,8 +7219,6 @@
     },
     "node_modules/@ng-web-apis/screen-orientation": {
       "version": "4.14.0",
-      "resolved": "https://registry.npmjs.org/@ng-web-apis/screen-orientation/-/screen-orientation-4.14.0.tgz",
-      "integrity": "sha512-XlXjxhYT7QKW0WKQE4BIJ2OZ7c1EFRXUQ4eXQ41Jwl8ukG0zkixOTrxGlnfy7ijX5df3sX/+0kKCXwsyj/n5BA==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -2803,8 +7232,6 @@
     },
     "node_modules/@noble/curves": {
       "version": "1.9.7",
-      "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.9.7.tgz",
-      "integrity": "sha512-gbKGcRUYIjA3/zCCNaWDciTMFI0dCkvou3TL8Zmy5Nc7sJ47a0jtOeZoTaMxkuqRo9cRhjOdZJXegxYE5FN/xw==",
       "license": "MIT",
       "dependencies": {
         "@noble/hashes": "1.8.0"
@@ -2818,8 +7245,6 @@
     },
     "node_modules/@noble/hashes": {
       "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz",
-      "integrity": "sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==",
       "license": "MIT",
       "engines": {
         "node": "^14.21.3 || >=16"
@@ -2830,8 +7255,6 @@
     },
     "node_modules/@nodelib/fs.scandir": {
       "version": "2.1.5",
-      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
-      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
@@ -2844,8 +7267,6 @@
     },
     "node_modules/@nodelib/fs.stat": {
       "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
-      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
       "license": "MIT",
       "optional": true,
       "engines": {
@@ -2854,8 +7275,6 @@
     },
     "node_modules/@nodelib/fs.walk": {
       "version": "1.2.8",
-      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
-      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
@@ -2868,8 +7287,6 @@
     },
     "node_modules/@npmcli/agent": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@npmcli/agent/-/agent-3.0.0.tgz",
-      "integrity": "sha512-S79NdEgDQd/NGCay6TCoVzXSj74skRZIKJcpJjC5lOq34SZzyI6MqtiiWoiVWoVrTcGjNeC4ipbh1VIHlpfF5Q==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -2885,15 +7302,11 @@
     },
     "node_modules/@npmcli/agent/node_modules/lru-cache": {
       "version": "10.4.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
-      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/@npmcli/fs": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-4.0.0.tgz",
-      "integrity": "sha512-/xGlezI6xfGO9NwuJlnwz/K14qD1kCSAGtacBHnGzeAIuJGazcp45KP5NuyARXoKb7cwulAGWVsbeSxdG/cb0Q==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -2905,8 +7318,6 @@
     },
     "node_modules/@npmcli/git": {
       "version": "6.0.3",
-      "resolved": "https://registry.npmjs.org/@npmcli/git/-/git-6.0.3.tgz",
-      "integrity": "sha512-GUYESQlxZRAdhs3UhbB6pVRNUELQOHXwK9ruDkwmCv2aZ5y0SApQzUJCg02p3A7Ue2J5hxvlk1YI53c00NmRyQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -2925,8 +7336,6 @@
     },
     "node_modules/@npmcli/git/node_modules/isexe": {
       "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz",
-      "integrity": "sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -2935,15 +7344,11 @@
     },
     "node_modules/@npmcli/git/node_modules/lru-cache": {
       "version": "10.4.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
-      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/@npmcli/git/node_modules/which": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/which/-/which-5.0.0.tgz",
-      "integrity": "sha512-JEdGzHwwkrbWoGOlIHqQ5gtprKGOenpDHpxE9zVR1bWbOtYRyPPHMe9FaP6x61CmNaTThSkb0DAJte5jD+DmzQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -2958,8 +7363,6 @@
     },
     "node_modules/@npmcli/installed-package-contents": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@npmcli/installed-package-contents/-/installed-package-contents-3.0.0.tgz",
-      "integrity": "sha512-fkxoPuFGvxyrH+OQzyTkX2LUEamrF4jZSmxjAtPPHHGO0dqsQ8tTKjnIS8SAnPHdk2I03BDtSMR5K/4loKg79Q==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -2975,8 +7378,6 @@
     },
     "node_modules/@npmcli/node-gyp": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/@npmcli/node-gyp/-/node-gyp-4.0.0.tgz",
-      "integrity": "sha512-+t5DZ6mO/QFh78PByMq1fGSAub/agLJZDRfJRMeOSNCt8s9YVlTjmGpIPwPhvXTGUIJk+WszlT0rQa1W33yzNA==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -2985,8 +7386,6 @@
     },
     "node_modules/@npmcli/package-json": {
       "version": "6.2.0",
-      "resolved": "https://registry.npmjs.org/@npmcli/package-json/-/package-json-6.2.0.tgz",
-      "integrity": "sha512-rCNLSB/JzNvot0SEyXqWZ7tX2B5dD2a1br2Dp0vSYVo5jh8Z0EZ7lS9TsZ1UtziddB1UfNUaMCc538/HztnJGA==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -3004,8 +7403,6 @@
     },
     "node_modules/@npmcli/package-json/node_modules/hosted-git-info": {
       "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-8.1.0.tgz",
-      "integrity": "sha512-Rw/B2DNQaPBICNXEm8balFz9a6WpZrkCGpcWFpy7nCj+NyhSdqXipmfvtmWt9xGfp0wZnBxB+iVpLmQMYt47Tw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -3017,15 +7414,11 @@
     },
     "node_modules/@npmcli/package-json/node_modules/lru-cache": {
       "version": "10.4.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
-      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/@npmcli/promise-spawn": {
       "version": "8.0.3",
-      "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-8.0.3.tgz",
-      "integrity": "sha512-Yb00SWaL4F8w+K8YGhQ55+xE4RUNdMHV43WZGsiTM92gS+lC0mGsn7I4hLug7pbao035S6bj3Y3w0cUNGLfmkg==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -3037,8 +7430,6 @@
     },
     "node_modules/@npmcli/promise-spawn/node_modules/isexe": {
       "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz",
-      "integrity": "sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -3047,8 +7438,6 @@
     },
     "node_modules/@npmcli/promise-spawn/node_modules/which": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/which/-/which-5.0.0.tgz",
-      "integrity": "sha512-JEdGzHwwkrbWoGOlIHqQ5gtprKGOenpDHpxE9zVR1bWbOtYRyPPHMe9FaP6x61CmNaTThSkb0DAJte5jD+DmzQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -3063,8 +7452,6 @@
     },
     "node_modules/@npmcli/redact": {
       "version": "3.2.2",
-      "resolved": "https://registry.npmjs.org/@npmcli/redact/-/redact-3.2.2.tgz",
-      "integrity": "sha512-7VmYAmk4csGv08QzrDKScdzn11jHPFGyqJW39FyPgPuAp3zIaUmuCo1yxw9aGs+NEJuTGQ9Gwqpt93vtJubucg==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -3073,8 +7460,6 @@
     },
     "node_modules/@npmcli/run-script": {
       "version": "9.1.0",
-      "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-9.1.0.tgz",
-      "integrity": "sha512-aoNSbxtkePXUlbZB+anS1LqsJdctG5n3UVhfU47+CDdwMi6uNTBMF9gPcQRnqghQd2FGzcwwIFBruFMxjhBewg==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -3091,8 +7476,6 @@
     },
     "node_modules/@npmcli/run-script/node_modules/isexe": {
       "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz",
-      "integrity": "sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -3101,8 +7484,6 @@
     },
     "node_modules/@npmcli/run-script/node_modules/which": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/which/-/which-5.0.0.tgz",
-      "integrity": "sha512-JEdGzHwwkrbWoGOlIHqQ5gtprKGOenpDHpxE9zVR1bWbOtYRyPPHMe9FaP6x61CmNaTThSkb0DAJte5jD+DmzQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -3117,8 +7498,6 @@
     },
     "node_modules/@parcel/watcher": {
       "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher/-/watcher-2.5.1.tgz",
-      "integrity": "sha512-dfUnCxiN9H4ap84DvD2ubjw+3vUNpstxa0TneY/Paat8a3R4uQZDLSvWjmznAY/DoahqTHl9V46HF/Zs3F29pg==",
       "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
@@ -3152,178 +7531,8 @@
         "@parcel/watcher-win32-x64": "2.5.1"
       }
     },
-    "node_modules/@parcel/watcher-android-arm64": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-android-arm64/-/watcher-android-arm64-2.5.1.tgz",
-      "integrity": "sha512-KF8+j9nNbUN8vzOFDpRMsaKBHZ/mcjEjMToVMJOhTozkDonQFFrRcfdLWn6yWKCmJKmdVxSgHiYvTCef4/qcBA==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
-    "node_modules/@parcel/watcher-darwin-arm64": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-darwin-arm64/-/watcher-darwin-arm64-2.5.1.tgz",
-      "integrity": "sha512-eAzPv5osDmZyBhou8PoF4i6RQXAfeKL9tjb3QzYuccXFMQU0ruIc/POh30ePnaOyD1UXdlKguHBmsTs53tVoPw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
-    "node_modules/@parcel/watcher-darwin-x64": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-darwin-x64/-/watcher-darwin-x64-2.5.1.tgz",
-      "integrity": "sha512-1ZXDthrnNmwv10A0/3AJNZ9JGlzrF82i3gNQcWOzd7nJ8aj+ILyW1MTxVk35Db0u91oD5Nlk9MBiujMlwmeXZg==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
-    "node_modules/@parcel/watcher-freebsd-x64": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-freebsd-x64/-/watcher-freebsd-x64-2.5.1.tgz",
-      "integrity": "sha512-SI4eljM7Flp9yPuKi8W0ird8TI/JK6CSxju3NojVI6BjHsTyK7zxA9urjVjEKJ5MBYC+bLmMcbAWlZ+rFkLpJQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
-    "node_modules/@parcel/watcher-linux-arm-glibc": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm-glibc/-/watcher-linux-arm-glibc-2.5.1.tgz",
-      "integrity": "sha512-RCdZlEyTs8geyBkkcnPWvtXLY44BCeZKmGYRtSgtwwnHR4dxfHRG3gR99XdMEdQ7KeiDdasJwwvNSF5jKtDwdA==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
-    "node_modules/@parcel/watcher-linux-arm-musl": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm-musl/-/watcher-linux-arm-musl-2.5.1.tgz",
-      "integrity": "sha512-6E+m/Mm1t1yhB8X412stiKFG3XykmgdIOqhjWj+VL8oHkKABfu/gjFj8DvLrYVHSBNC+/u5PeNrujiSQ1zwd1Q==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
-    "node_modules/@parcel/watcher-linux-arm64-glibc": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm64-glibc/-/watcher-linux-arm64-glibc-2.5.1.tgz",
-      "integrity": "sha512-LrGp+f02yU3BN9A+DGuY3v3bmnFUggAITBGriZHUREfNEzZh/GO06FF5u2kx8x+GBEUYfyTGamol4j3m9ANe8w==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
-    "node_modules/@parcel/watcher-linux-arm64-musl": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm64-musl/-/watcher-linux-arm64-musl-2.5.1.tgz",
-      "integrity": "sha512-cFOjABi92pMYRXS7AcQv9/M1YuKRw8SZniCDw0ssQb/noPkRzA+HBDkwmyOJYp5wXcsTrhxO0zq1U11cK9jsFg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
     "node_modules/@parcel/watcher-linux-x64-glibc": {
       "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-x64-glibc/-/watcher-linux-x64-glibc-2.5.1.tgz",
-      "integrity": "sha512-GcESn8NZySmfwlTsIur+49yDqSny2IhPeZfXunQi48DMugKeZ7uy1FX83pO0X22sHntJ4Ub+9k34XQCX+oHt2A==",
       "cpu": [
         "x64"
       ],
@@ -3343,8 +7552,6 @@
     },
     "node_modules/@parcel/watcher-linux-x64-musl": {
       "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-x64-musl/-/watcher-linux-x64-musl-2.5.1.tgz",
-      "integrity": "sha512-n0E2EQbatQ3bXhcH2D1XIAANAcTZkQICBPVaxMeaCVBtOpBZpWJuf7LwyWPSBDITb7In8mqQgJ7gH8CILCURXg==",
       "cpu": [
         "x64"
       ],
@@ -3362,73 +7569,8 @@
         "url": "https://opencollective.com/parcel"
       }
     },
-    "node_modules/@parcel/watcher-win32-arm64": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-win32-arm64/-/watcher-win32-arm64-2.5.1.tgz",
-      "integrity": "sha512-RFzklRvmc3PkjKjry3hLF9wD7ppR4AKcWNzH7kXR7GUe0Igb3Nz8fyPwtZCSquGrhU5HhUNDr/mKBqj7tqA2Vw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
-    "node_modules/@parcel/watcher-win32-ia32": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-win32-ia32/-/watcher-win32-ia32-2.5.1.tgz",
-      "integrity": "sha512-c2KkcVN+NJmuA7CGlaGD1qJh1cLfDnQsHjE89E60vUEMlqduHGCdCLJCID5geFVM0dOtA3ZiIO8BoEQmzQVfpQ==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
-    "node_modules/@parcel/watcher-win32-x64": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@parcel/watcher-win32-x64/-/watcher-win32-x64-2.5.1.tgz",
-      "integrity": "sha512-9lHBdJITeNR++EvSQVUcaZoWupyHfXe1jZvGZ06O/5MflPcuPLtEphScIBL+AiCWBO46tDSHzWyD0uDmmZqsgA==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/parcel"
-      }
-    },
     "node_modules/@parcel/watcher/node_modules/detect-libc": {
       "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-1.0.3.tgz",
-      "integrity": "sha512-pGjwhsmsp4kL2RTz08wcOlGN83otlqHeD/Z5T8GXZB+/YcpQ/dgo+lbU8ZsGxV0HIvqqxo9l7mqYwyYMD9bKDg==",
       "dev": true,
       "license": "Apache-2.0",
       "optional": true,
@@ -3441,16 +7583,12 @@
     },
     "node_modules/@parcel/watcher/node_modules/node-addon-api": {
       "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-7.1.1.tgz",
-      "integrity": "sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==",
       "dev": true,
       "license": "MIT",
       "optional": true
     },
     "node_modules/@pkgjs/parseargs": {
       "version": "0.11.0",
-      "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
-      "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -3460,8 +7598,6 @@
     },
     "node_modules/@rollup/plugin-json": {
       "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/@rollup/plugin-json/-/plugin-json-6.1.0.tgz",
-      "integrity": "sha512-EGI2te5ENk1coGeADSIwZ7G2Q8CJS2sF120T7jLw4xFw9n7wIOXHo+kIYRAoVpJAN+kmqZSoO3Fp4JtoNF4ReA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3481,8 +7617,6 @@
     },
     "node_modules/@rollup/pluginutils": {
       "version": "5.3.0",
-      "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-5.3.0.tgz",
-      "integrity": "sha512-5EdhGZtnu3V88ces7s53hhfK5KSASnJZv8Lulpc04cWO3REESroJXg73DFsOmgbU2BhwV0E20bu2IDZb3VKW4Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3504,225 +7638,11 @@
     },
     "node_modules/@rollup/pluginutils/node_modules/@types/estree": {
       "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
-      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.52.3.tgz",
-      "integrity": "sha512-h6cqHGZ6VdnwliFG1NXvMPTy/9PS3h8oLh7ImwR+kl+oYnQizgjxsONmmPSb2C66RksfkfIxEVtDSEcJiO0tqw==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ]
-    },
-    "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.52.3.tgz",
-      "integrity": "sha512-wd+u7SLT/u6knklV/ifG7gr5Qy4GUbH2hMWcDauPFJzmCZUAJ8L2bTkVXC2niOIxp8lk3iH/QX8kSrUxVZrOVw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ]
-    },
-    "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.52.3.tgz",
-      "integrity": "sha512-lj9ViATR1SsqycwFkJCtYfQTheBdvlWJqzqxwc9f2qrcVrQaF/gCuBRTiTolkRWS6KvNxSk4KHZWG7tDktLgjg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ]
-    },
-    "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.52.3.tgz",
-      "integrity": "sha512-+Dyo7O1KUmIsbzx1l+4V4tvEVnVQqMOIYtrxK7ncLSknl1xnMHLgn7gddJVrYPNZfEB8CIi3hK8gq8bDhb3h5A==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ]
-    },
-    "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.52.3.tgz",
-      "integrity": "sha512-u9Xg2FavYbD30g3DSfNhxgNrxhi6xVG4Y6i9Ur1C7xUuGDW3banRbXj+qgnIrwRN4KeJ396jchwy9bCIzbyBEQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ]
-    },
-    "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.52.3.tgz",
-      "integrity": "sha512-5M8kyi/OX96wtD5qJR89a/3x5x8x5inXBZO04JWhkQb2JWavOWfjgkdvUqibGJeNNaz1/Z1PPza5/tAPXICI6A==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.52.3.tgz",
-      "integrity": "sha512-IoerZJ4l1wRMopEHRKOO16e04iXRDyZFZnNZKrWeNquh5d6bucjezgd+OxG03mOMTnS1x7hilzb3uURPkJ0OfA==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.52.3.tgz",
-      "integrity": "sha512-ZYdtqgHTDfvrJHSh3W22TvjWxwOgc3ThK/XjgcNGP2DIwFIPeAPNsQxrJO5XqleSlgDux2VAoWQ5iJrtaC1TbA==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.52.3.tgz",
-      "integrity": "sha512-NcViG7A0YtuFDA6xWSgmFb6iPFzHlf5vcqb2p0lGEbT+gjrEEz8nC/EeDHvx6mnGXnGCC1SeVV+8u+smj0CeGQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.52.3.tgz",
-      "integrity": "sha512-d3pY7LWno6SYNXRm6Ebsq0DJGoiLXTb83AIPCXl9fmtIQs/rXoS8SJxxUNtFbJ5MiOvs+7y34np77+9l4nfFMw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-loong64-gnu": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.52.3.tgz",
-      "integrity": "sha512-3y5GA0JkBuirLqmjwAKwB0keDlI6JfGYduMlJD/Rl7fvb4Ni8iKdQs1eiunMZJhwDWdCvrcqXRY++VEBbvk6Eg==",
-      "cpu": [
-        "loong64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.52.3.tgz",
-      "integrity": "sha512-AUUH65a0p3Q0Yfm5oD2KVgzTKgwPyp9DSXc3UA7DtxhEb/WSPfbG4wqXeSN62OG5gSo18em4xv6dbfcUGXcagw==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.52.3.tgz",
-      "integrity": "sha512-1makPhFFVBqZE+XFg3Dkq+IkQ7JvmUrwwqaYBL2CE+ZpxPaqkGaiWFEWVGyvTwZace6WLJHwjVh/+CXbKDGPmg==",
-      "cpu": [
-        "riscv64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.52.3.tgz",
-      "integrity": "sha512-OOFJa28dxfl8kLOPMUOQBCO6z3X2SAfzIE276fwT52uXDWUS178KWq0pL7d6p1kz7pkzA0yQwtqL0dEPoVcRWg==",
-      "cpu": [
-        "riscv64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.52.3.tgz",
-      "integrity": "sha512-jMdsML2VI5l+V7cKfZx3ak+SLlJ8fKvLJ0Eoa4b9/vCUrzXKgoKxvHqvJ/mkWhFiyp88nCkM5S2v6nIwRtPcgg==",
-      "cpu": [
-        "s390x"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
       "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.52.3.tgz",
-      "integrity": "sha512-tPgGd6bY2M2LJTA1uGq8fkSPK8ZLYjDjY+ZLK9WHncCnfIz29LIXIqUgzCR0hIefzy6Hpbe8Th5WOSwTM8E7LA==",
       "cpu": [
         "x64"
       ],
@@ -3735,8 +7655,6 @@
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
       "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.52.3.tgz",
-      "integrity": "sha512-BCFkJjgk+WFzP+tcSMXq77ymAPIxsX9lFJWs+2JzuZTLtksJ2o5hvgTdIcZ5+oKzUDMwI0PfWzRBYAydAHF2Mw==",
       "cpu": [
         "x64"
       ],
@@ -3747,80 +7665,8 @@
         "linux"
       ]
     },
-    "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.52.3.tgz",
-      "integrity": "sha512-KTD/EqjZF3yvRaWUJdD1cW+IQBk4fbQaHYJUmP8N4XoKFZilVL8cobFSTDnjTtxWJQ3JYaMgF4nObY/+nYkumA==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openharmony"
-      ]
-    },
-    "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.52.3.tgz",
-      "integrity": "sha512-+zteHZdoUYLkyYKObGHieibUFLbttX2r+58l27XZauq0tcWYYuKUwY2wjeCN9oK1Um2YgH2ibd6cnX/wFD7DuA==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
-    "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.52.3.tgz",
-      "integrity": "sha512-of1iHkTQSo3kr6dTIRX6t81uj/c/b15HXVsPcEElN5sS859qHrOepM5p9G41Hah+CTqSh2r8Bm56dL2z9UQQ7g==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
-    "node_modules/@rollup/rollup-win32-x64-gnu": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.52.3.tgz",
-      "integrity": "sha512-s0hybmlHb56mWVZQj8ra9048/WZTPLILKxcvcq+8awSZmyiSUZjjem1AhU3Tf4ZKpYhK4mg36HtHDOe8QJS5PQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
-    "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.52.3.tgz",
-      "integrity": "sha512-zGIbEVVXVtauFgl3MRwGWEN36P5ZGenHRMgNw88X5wEhEBpq0XrMEZwOn07+ICrwM17XO5xfMZqh0OldCH5VTA==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
     "node_modules/@rollup/wasm-node": {
       "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/wasm-node/-/wasm-node-4.54.0.tgz",
-      "integrity": "sha512-CeEdHzNY+ZIR6NWpIOiJuCrr6tTK7cRGeOf6GYg5f73+UwJLqn5a4d5Ovf/hOWDyHM1KcySbxHQESJ9krhe0+A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3839,15 +7685,11 @@
     },
     "node_modules/@rollup/wasm-node/node_modules/@types/estree": {
       "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
-      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@schematics/angular": {
       "version": "20.3.13",
-      "resolved": "https://registry.npmjs.org/@schematics/angular/-/angular-20.3.13.tgz",
-      "integrity": "sha512-ETJ1budKmrkdxojo5QP6TPr6zQZYGxtWWf8NrX1cBIS851zPCmFkKyhSFLZsoksariYF/LP8ljvm8tlcIzt/XA==",
       "license": "MIT",
       "dependencies": {
         "@angular-devkit/core": "20.3.13",
@@ -3862,8 +7704,6 @@
     },
     "node_modules/@sigstore/bundle": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-3.1.0.tgz",
-      "integrity": "sha512-Mm1E3/CmDDCz3nDhFKTuYdB47EdRFRQMOE/EAbiG1MJW77/w1b3P7Qx7JSrVJs8PfwOLOVcKQCHErIwCTyPbag==",
       "devOptional": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3875,8 +7715,6 @@
     },
     "node_modules/@sigstore/core": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/core/-/core-2.0.0.tgz",
-      "integrity": "sha512-nYxaSb/MtlSI+JWcwTHQxyNmWeWrUXJJ/G4liLrGG7+tS4vAz6LF3xRXqLH6wPIVUoZQel2Fs4ddLx4NCpiIYg==",
       "devOptional": true,
       "license": "Apache-2.0",
       "engines": {
@@ -3885,8 +7723,6 @@
     },
     "node_modules/@sigstore/protobuf-specs": {
       "version": "0.4.3",
-      "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.4.3.tgz",
-      "integrity": "sha512-fk2zjD9117RL9BjqEwF7fwv7Q/P9yGsMV4MUJZ/DocaQJ6+3pKr+syBq1owU5Q5qGw5CUbXzm+4yJ2JVRDQeSA==",
       "devOptional": true,
       "license": "Apache-2.0",
       "engines": {
@@ -3895,8 +7731,6 @@
     },
     "node_modules/@sigstore/sign": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-3.1.0.tgz",
-      "integrity": "sha512-knzjmaOHOov1Ur7N/z4B1oPqZ0QX5geUfhrVaqVlu+hl0EAoL4o+l0MSULINcD5GCWe3Z0+YJO8ues6vFlW0Yw==",
       "devOptional": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3913,8 +7747,6 @@
     },
     "node_modules/@sigstore/tuf": {
       "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/@sigstore/tuf/-/tuf-3.1.1.tgz",
-      "integrity": "sha512-eFFvlcBIoGwVkkwmTi/vEQFSva3xs5Ot3WmBcjgjVdiaoelBLQaQ/ZBfhlG0MnG0cmTYScPpk7eDdGDWUcFUmg==",
       "devOptional": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3927,8 +7759,6 @@
     },
     "node_modules/@sigstore/verify": {
       "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/@sigstore/verify/-/verify-2.1.1.tgz",
-      "integrity": "sha512-hVJD77oT67aowHxwT4+M6PGOp+E2LtLdTK3+FC0lBO9T7sYwItDMXZ7Z07IDCvR1M717a4axbIWckrW67KMP/w==",
       "devOptional": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3941,9 +7771,7 @@
       }
     },
     "node_modules/@start9labs/argon2": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/@start9labs/argon2/-/argon2-0.3.0.tgz",
-      "integrity": "sha512-nAuIxTJKwPNMideyJsDX3gbiF6SFnmg8LBwNbB672ff94COc73CyrB7WQUxXjkVjfG09s54qW/FpnMrnCANl7g=="
+      "version": "0.3.0"
     },
     "node_modules/@start9labs/start-sdk": {
       "resolved": "../sdk/baseDist",
@@ -3951,8 +7779,6 @@
     },
     "node_modules/@taiga-ui/addon-charts": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/addon-charts/-/addon-charts-4.66.0.tgz",
-      "integrity": "sha512-PKC00Tbuhouz5mEylelhBvy+t4uVXQ6ZEh5YnpZu3KBOdEd2qO3uWZ7/rXLVW/mWvVEbU4PXOpTPfxl6J8ekCA==",
       "license": "Apache-2.0",
       "dependencies": {
         "tslib": ">=2.8.1"
@@ -3968,8 +7794,6 @@
     },
     "node_modules/@taiga-ui/addon-commerce": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/addon-commerce/-/addon-commerce-4.66.0.tgz",
-      "integrity": "sha512-tRWyuqK5j5nEjlk0x5HaeLArgVpAIJZNeMiPy//95v4/8tlHdQLM4gh3qcvwS70GN5fnlFXINWhnblvxSDv2dw==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -3993,8 +7817,6 @@
     },
     "node_modules/@taiga-ui/addon-mobile": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/addon-mobile/-/addon-mobile-4.66.0.tgz",
-      "integrity": "sha512-0Oc5E3h88KwBes3ozKFHcfJsbZeQPjFDAS56HfTSJUbeoSLsnxaWc0mwLbxcel49OOpOEThgrgUDZ3MEs7+yEQ==",
       "license": "Apache-2.0",
       "dependencies": {
         "tslib": ">=2.8.1"
@@ -4014,8 +7836,6 @@
     },
     "node_modules/@taiga-ui/addon-table": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/addon-table/-/addon-table-4.66.0.tgz",
-      "integrity": "sha512-rm/7kSyQEJIypTMBtqXT9Q9LwdOqIaqzClfl0j3W0/i0F/hzyjKz/ZUPJs8treGqZhDSlC/tk5M3eqVskZB1bQ==",
       "license": "Apache-2.0",
       "dependencies": {
         "tslib": ">=2.8.1"
@@ -4034,8 +7854,6 @@
     },
     "node_modules/@taiga-ui/cdk": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/cdk/-/cdk-4.66.0.tgz",
-      "integrity": "sha512-5DFbwHo7JHKBjgizbGTaIRJsai20+ZknhOQ1SRYwRTc9+6C1HbY/gGC+cjJTLmEQvk14rOoz8qbeWzJx88BU2Q==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -4066,8 +7884,6 @@
     },
     "node_modules/@taiga-ui/core": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/core/-/core-4.66.0.tgz",
-      "integrity": "sha512-AjjH+xhgonjf9Xnx3SHNrP5VbsS9jdtGB3BCTQbicYd6QuujQBKldK0fnYMjCY3L0+lboI2OPCVg9PTliOdJ8A==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -4091,8 +7907,6 @@
     },
     "node_modules/@taiga-ui/dompurify": {
       "version": "4.1.11",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/dompurify/-/dompurify-4.1.11.tgz",
-      "integrity": "sha512-nwskeI/wFe+spuLQdkhVCn/GJBHJamxZ5deZuyto7C4I3O+pF8GaCNJdKM1YG5TZyGz932Qm8uNtBVZ/fZX8sQ==",
       "license": "Apache-2.0",
       "dependencies": {
         "tslib": "^2.8.1"
@@ -4106,8 +7920,6 @@
     },
     "node_modules/@taiga-ui/event-plugins": {
       "version": "4.7.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/event-plugins/-/event-plugins-4.7.0.tgz",
-      "integrity": "sha512-j3HPRPR7XxKxgMeytb+r/CNUoLBMVrfdfL8KJr1XiFO9jyEvoC4chFXDXWlkGyUHJIC6wy5VIXlIlI/kpqOiGg==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -4121,8 +7933,6 @@
     },
     "node_modules/@taiga-ui/experimental": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/experimental/-/experimental-4.66.0.tgz",
-      "integrity": "sha512-H942VRcWBp2XtHD3KBqEvBQRapRBAZ16lGUqAilAc1vfHjqj3oTHZnFehv0o/2MFTWGb+UfR9F2RPTRFv54nHA==",
       "license": "Apache-2.0",
       "dependencies": {
         "tslib": ">=2.8.1"
@@ -4141,8 +7951,6 @@
     },
     "node_modules/@taiga-ui/i18n": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/i18n/-/i18n-4.66.0.tgz",
-      "integrity": "sha512-8S9slzAxiSWCBOn2QZhTLM5rH2Lxw/vRt9sZc0xFh0lW5cv47EcRd0Hgs8MwwTwnHmitWgS7uGSlnvkFlJbOxQ==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -4156,8 +7964,6 @@
     },
     "node_modules/@taiga-ui/icons": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/icons/-/icons-4.66.0.tgz",
-      "integrity": "sha512-tEOPNy7zdw32q6oPVwN7dZONif1qQOrICVGuRpf6gsN91gLNdEdpoh+6X6rl17CR/qFxSfurE9GwhiKAogD9rw==",
       "license": "Apache-2.0",
       "dependencies": {
         "tslib": "^2.3.0"
@@ -4165,8 +7971,6 @@
     },
     "node_modules/@taiga-ui/kit": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/kit/-/kit-4.66.0.tgz",
-      "integrity": "sha512-uqY3wslMs7KiBceaHPwCyWVrP8IPqb3OgAy1zd5DHosoUj/ciUl4JWVdx+QdsDypV/Cs4EZrqcIUtMDKQ/Zk0g==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -4194,8 +7998,6 @@
     },
     "node_modules/@taiga-ui/layout": {
       "version": "4.66.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/layout/-/layout-4.66.0.tgz",
-      "integrity": "sha512-D6REwySoaPGZlkdqTfrWahMqziXOY7GGTm1pXWVYDi5kEcSP9+F8ojo6saHDlwhN+V4/2jlMrkseSPlfXbmngQ==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -4213,8 +8015,6 @@
     },
     "node_modules/@taiga-ui/polymorpheus": {
       "version": "4.9.0",
-      "resolved": "https://registry.npmjs.org/@taiga-ui/polymorpheus/-/polymorpheus-4.9.0.tgz",
-      "integrity": "sha512-TbIIwslbEnxunKuL9OyPZdmefrvJEK6HYiADEKQHUMUs4Pk2UbhMckUieURo83yPDamk/Mww+Nu/g60J/4uh2w==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -4227,8 +8027,6 @@
     },
     "node_modules/@ts-morph/common": {
       "version": "0.24.0",
-      "resolved": "https://registry.npmjs.org/@ts-morph/common/-/common-0.24.0.tgz",
-      "integrity": "sha512-c1xMmNHWpNselmpIqursHeOHHBTIsJLbB+NuovbTTRCNiTLEr/U9dbJ8qy0jd/O2x5pc3seWuOUN5R2IoOTp8A==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
@@ -4240,8 +8038,6 @@
     },
     "node_modules/@ts-morph/common/node_modules/minimatch": {
       "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
       "license": "ISC",
       "optional": true,
       "dependencies": {
@@ -4256,8 +8052,6 @@
     },
     "node_modules/@ts-morph/common/node_modules/mkdirp": {
       "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz",
-      "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==",
       "license": "MIT",
       "optional": true,
       "bin": {
@@ -4272,36 +8066,26 @@
     },
     "node_modules/@tsconfig/node10": {
       "version": "1.0.12",
-      "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.12.tgz",
-      "integrity": "sha512-UCYBaeFvM11aU2y3YPZ//O5Rhj+xKyzy7mvcIoAjASbigy8mHMryP5cK7dgjlz2hWxh1g5pLw084E0a/wlUSFQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@tsconfig/node12": {
       "version": "1.0.11",
-      "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz",
-      "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@tsconfig/node14": {
       "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz",
-      "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@tsconfig/node16": {
       "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz",
-      "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@tufjs/canonical-json": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@tufjs/canonical-json/-/canonical-json-2.0.0.tgz",
-      "integrity": "sha512-yVtV8zsdo8qFHe+/3kw81dSLyF7D576A5cCFCi4X7B39tWT7SekaEFUnvnWJHz+9qO7qJTah1JbrDjWKqFtdWA==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -4310,8 +8094,6 @@
     },
     "node_modules/@tufjs/models": {
       "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@tufjs/models/-/models-3.0.1.tgz",
-      "integrity": "sha512-UUYHISyhCU3ZgN8yaear3cGATHb3SMuKHsQ/nVbHXcmnBf+LzQ/cQfhNG+rfaSHgqGKNEm2cOCLVLELStUQ1JA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -4324,8 +8106,6 @@
     },
     "node_modules/@tufjs/models/node_modules/minimatch": {
       "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -4340,8 +8120,6 @@
     },
     "node_modules/@types/dompurify": {
       "version": "3.0.5",
-      "resolved": "https://registry.npmjs.org/@types/dompurify/-/dompurify-3.0.5.tgz",
-      "integrity": "sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -4350,49 +8128,35 @@
     },
     "node_modules/@types/estree": {
       "version": "0.0.51",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.51.tgz",
-      "integrity": "sha512-CuPgU6f3eT/XgKKPqKd/gLZV1Xmvf1a2R5POBOGQa6uv82xpls89HU5zKeVoyR8XzHd1RGNOlQlvUe3CFkjWNQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@types/js-yaml": {
       "version": "4.0.9",
-      "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz",
-      "integrity": "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@types/luxon": {
       "version": "3.3.8",
-      "resolved": "https://registry.npmjs.org/@types/luxon/-/luxon-3.3.8.tgz",
-      "integrity": "sha512-jYvz8UMLDgy3a5SkGJne8H7VA7zPV2Lwohjx0V8V31+SqAjNmurWMkk9cQhfvlcnXWudBpK9xPM1n4rljOcHYQ==",
       "license": "MIT"
     },
     "node_modules/@types/marked": {
       "version": "4.3.2",
-      "resolved": "https://registry.npmjs.org/@types/marked/-/marked-4.3.2.tgz",
-      "integrity": "sha512-a79Yc3TOk6dGdituy8hmTTJXjOkZ7zsFYV10L337ttq/rec8lRMDBpV7fL3uLx6TgbFCa5DU/h8FmIBQPSbU0w==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@types/minimatch": {
       "version": "3.0.5",
-      "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.5.tgz",
-      "integrity": "sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ==",
       "license": "MIT",
       "optional": true
     },
     "node_modules/@types/mustache": {
       "version": "4.2.6",
-      "resolved": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.6.tgz",
-      "integrity": "sha512-t+8/QWTAhOFlrF1IVZqKnMRJi84EgkIK5Kh0p2JV4OLywUvCwJPFxbJAl7XAow7DVIHsF+xW9f1MVzg0L6Szjw==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@types/node": {
       "version": "22.19.3",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.19.3.tgz",
-      "integrity": "sha512-1N9SBnWYOJTrNZCdh/yJE+t910Y128BoyY+zBLWhL3r0TYzlTmFdXrPwHL9DyFZmlEXNQQolTZh3KHV31QDhyA==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -4402,8 +8166,6 @@
     },
     "node_modules/@types/node-jose": {
       "version": "1.1.13",
-      "resolved": "https://registry.npmjs.org/@types/node-jose/-/node-jose-1.1.13.tgz",
-      "integrity": "sha512-QjMd4yhwy1EvSToQn0YI3cD29YhyfxFwj7NecuymjLys2/P0FwxWnkgBlFxCai6Y3aBCe7rbwmqwJJawxlgcXw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4412,15 +8174,11 @@
     },
     "node_modules/@types/parse-json": {
       "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/@types/parse-json/-/parse-json-4.0.2.tgz",
-      "integrity": "sha512-dISoDXWWQwUquiKsyZ4Ng+HX2KsPL7LyHKHQwgGFEA3IaKac4Obd+h2a/a6waisAoepJlBcx9paWqjA8/HVjCw==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@types/pbkdf2": {
       "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/@types/pbkdf2/-/pbkdf2-3.1.2.tgz",
-      "integrity": "sha512-uRwJqmiXmh9++aSu1VNEn3iIxWOhd8AHXNSdlaLfdAAdSTY9jYVeGWnzejM3dvrkbqE3/hyQkQQ29IFATEGlew==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4429,21 +8187,15 @@
     },
     "node_modules/@types/trusted-types": {
       "version": "2.0.7",
-      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
-      "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
       "license": "MIT"
     },
     "node_modules/@types/uuid": {
       "version": "8.3.4",
-      "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-8.3.4.tgz",
-      "integrity": "sha512-c/I8ZRb51j+pYGAu5CrFMRxqZ2ke4y2grEBO5AUjgSkSk+qT2Ea+OdWElz/OiMf5MNpn2b17kuVBwZLQJXzihw==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@vitejs/plugin-basic-ssl": {
       "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/@vitejs/plugin-basic-ssl/-/plugin-basic-ssl-2.1.0.tgz",
-      "integrity": "sha512-dOxxrhgyDIEUADhb/8OlV9JIqYLgos03YorAueTIeOUskLJSEsfwCByjbu98ctXitUN3znXKp0bYD/WHSudCeA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4455,15 +8207,11 @@
     },
     "node_modules/@yarnpkg/lockfile": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz",
-      "integrity": "sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ==",
       "devOptional": true,
       "license": "BSD-2-Clause"
     },
     "node_modules/abbrev": {
       "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-3.0.1.tgz",
-      "integrity": "sha512-AO2ac6pjRB3SJmGJo+v5/aK6Omggp6fsLrs6wN9bd35ulu4cCwaAU9+7ZhXjeqHVkaHThLuzH0nZr0YpCDhygg==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -4472,8 +8220,6 @@
     },
     "node_modules/accepts": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz",
-      "integrity": "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -4486,8 +8232,6 @@
     },
     "node_modules/acorn": {
       "version": "8.15.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
-      "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -4499,8 +8243,6 @@
     },
     "node_modules/acorn-walk": {
       "version": "8.3.4",
-      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz",
-      "integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4512,8 +8254,6 @@
     },
     "node_modules/agent-base": {
       "version": "7.1.4",
-      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz",
-      "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -4522,8 +8262,6 @@
     },
     "node_modules/ajv": {
       "version": "8.17.1",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
-      "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
       "license": "MIT",
       "dependencies": {
         "fast-deep-equal": "^3.1.3",
@@ -4538,8 +8276,6 @@
     },
     "node_modules/ajv-formats": {
       "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-3.0.1.tgz",
-      "integrity": "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==",
       "license": "MIT",
       "dependencies": {
         "ajv": "^8.0.0"
@@ -4555,8 +8291,6 @@
     },
     "node_modules/algoliasearch": {
       "version": "5.35.0",
-      "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.35.0.tgz",
-      "integrity": "sha512-Y+moNhsqgLmvJdgTsO4GZNgsaDWv8AOGAaPeIeHKlDn/XunoAqYbA+XNpBd1dW8GOXAUDyxC9Rxc7AV4kpFcIg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -4581,8 +8315,6 @@
     },
     "node_modules/ansi-colors": {
       "version": "4.1.3",
-      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.3.tgz",
-      "integrity": "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4591,8 +8323,6 @@
     },
     "node_modules/ansi-escapes": {
       "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-7.2.0.tgz",
-      "integrity": "sha512-g6LhBsl+GBPRWGWsBtutpzBYuIIdBkLEvad5C/va/74Db018+5TZiyA26cZJAr3Rft5lprVqOIPxf5Vid6tqAw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -4607,8 +8337,6 @@
     },
     "node_modules/ansi-regex": {
       "version": "6.2.2",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
-      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
       "license": "MIT",
       "engines": {
         "node": ">=12"
@@ -4619,8 +8347,6 @@
     },
     "node_modules/ansi-styles": {
       "version": "6.2.3",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz",
-      "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -4632,8 +8358,6 @@
     },
     "node_modules/ansi-to-html": {
       "version": "0.7.2",
-      "resolved": "https://registry.npmjs.org/ansi-to-html/-/ansi-to-html-0.7.2.tgz",
-      "integrity": "sha512-v6MqmEpNlxF+POuyhKkidusCHWWkaLcGRURzivcU3I9tv7k4JVhFcnukrM5Rlk2rUywdZuzYAZ+kbZqWCnfN3g==",
       "license": "MIT",
       "dependencies": {
         "entities": "^2.2.0"
@@ -4647,21 +8371,15 @@
     },
     "node_modules/arg": {
       "version": "4.1.3",
-      "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
-      "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/argparse": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
-      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
       "license": "Python-2.0"
     },
     "node_modules/array-differ": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/array-differ/-/array-differ-3.0.0.tgz",
-      "integrity": "sha512-THtfYS6KtME/yIAhKjZ2ul7XI96lQGHRputJQHO80LAWQnuGP4iCIN8vdMRboGbIEYBwU33q8Tch1os2+X0kMg==",
       "license": "MIT",
       "optional": true,
       "engines": {
@@ -4670,8 +8388,6 @@
     },
     "node_modules/array-union": {
       "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
-      "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
       "license": "MIT",
       "optional": true,
       "engines": {
@@ -4680,8 +8396,6 @@
     },
     "node_modules/arrify": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz",
-      "integrity": "sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==",
       "license": "MIT",
       "optional": true,
       "engines": {
@@ -4690,15 +8404,11 @@
     },
     "node_modules/async": {
       "version": "3.2.6",
-      "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
-      "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/available-typed-arrays": {
       "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz",
-      "integrity": "sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==",
       "license": "MIT",
       "dependencies": {
         "possible-typed-array-names": "^1.0.0"
@@ -4712,15 +8422,11 @@
     },
     "node_modules/balanced-match": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/base64-js": {
       "version": "1.5.1",
-      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
-      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
       "funding": [
         {
           "type": "github",
@@ -4739,8 +8445,6 @@
     },
     "node_modules/base64url": {
       "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz",
-      "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==",
       "license": "MIT",
       "engines": {
         "node": ">=6.0.0"
@@ -4748,8 +8452,6 @@
     },
     "node_modules/baseline-browser-mapping": {
       "version": "2.9.11",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.11.tgz",
-      "integrity": "sha512-Sg0xJUNDU1sJNGdfGWhVHX0kkZ+HWcvmVymJbj6NSgZZmW/8S9Y2HQ5euytnIgakgxN6papOAWiwDo1ctFDcoQ==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
@@ -4758,8 +8460,6 @@
     },
     "node_modules/basic-auth": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
-      "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4771,8 +8471,6 @@
     },
     "node_modules/beasties": {
       "version": "0.3.5",
-      "resolved": "https://registry.npmjs.org/beasties/-/beasties-0.3.5.tgz",
-      "integrity": "sha512-NaWu+f4YrJxEttJSm16AzMIFtVldCvaJ68b1L098KpqXmxt9xOLtKoLkKxb8ekhOrLqEJAbvT6n6SEvB/sac7A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -4791,8 +8489,6 @@
     },
     "node_modules/body-parser": {
       "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.1.tgz",
-      "integrity": "sha512-nfDwkulwiZYQIGwxdy0RUmowMhKcFVcYXUU7m4QlKYim1rUtg83xm2yjZ40QjDuc291AJjjeSc9b++AWHSgSHw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -4816,15 +8512,11 @@
     },
     "node_modules/boolbase": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
-      "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==",
       "dev": true,
       "license": "ISC"
     },
     "node_modules/brace-expansion": {
       "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -4833,8 +8525,6 @@
     },
     "node_modules/braces": {
       "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
-      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -4846,8 +8536,6 @@
     },
     "node_modules/browserslist": {
       "version": "4.28.1",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.1.tgz",
-      "integrity": "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA==",
       "dev": true,
       "funding": [
         {
@@ -4881,8 +8569,6 @@
     },
     "node_modules/buffer": {
       "version": "6.0.3",
-      "resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz",
-      "integrity": "sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA==",
       "funding": [
         {
           "type": "github",
@@ -4905,15 +8591,11 @@
     },
     "node_modules/buffer-from": {
       "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
-      "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/builtin-modules": {
       "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz",
-      "integrity": "sha512-wxXCdllwGhI2kCC0MnvTGYTMvnVZTvqgypkiTI8Pa5tcz2i6VqsqwYGgqwXji+4RgCzms6EajE4IxiUH6HH8nQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4922,8 +8604,6 @@
     },
     "node_modules/bundle-name": {
       "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz",
-      "integrity": "sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4938,8 +8618,6 @@
     },
     "node_modules/bytes": {
       "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
-      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -4948,8 +8626,6 @@
     },
     "node_modules/cacache": {
       "version": "19.0.1",
-      "resolved": "https://registry.npmjs.org/cacache/-/cacache-19.0.1.tgz",
-      "integrity": "sha512-hdsUxulXCi5STId78vRVYEtDAjq99ICAUktLTeTYsLoTE6Z8dS0c8pWNCxwdrk9YfJeobDZc2Y186hD/5ZQgFQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -4972,8 +8648,6 @@
     },
     "node_modules/cacache/node_modules/chownr": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz",
-      "integrity": "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "engines": {
@@ -4982,15 +8656,11 @@
     },
     "node_modules/cacache/node_modules/lru-cache": {
       "version": "10.4.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
-      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/cacache/node_modules/tar": {
       "version": "7.5.2",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.2.tgz",
-      "integrity": "sha512-7NyxrTE4Anh8km8iEy7o0QYPs+0JKBTj5ZaqHg6B39erLg0qYXN3BijtShwbsNSvQ+LN75+KV+C4QR/f6Gwnpg==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -5006,8 +8676,6 @@
     },
     "node_modules/cacache/node_modules/yallist": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz",
-      "integrity": "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "engines": {
@@ -5016,8 +8684,6 @@
     },
     "node_modules/call-bind": {
       "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.8.tgz",
-      "integrity": "sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww==",
       "license": "MIT",
       "dependencies": {
         "call-bind-apply-helpers": "^1.0.0",
@@ -5034,8 +8700,6 @@
     },
     "node_modules/call-bind-apply-helpers": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
-      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
       "license": "MIT",
       "dependencies": {
         "es-errors": "^1.3.0",
@@ -5047,8 +8711,6 @@
     },
     "node_modules/call-bound": {
       "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
-      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
       "license": "MIT",
       "dependencies": {
         "call-bind-apply-helpers": "^1.0.2",
@@ -5063,8 +8725,6 @@
     },
     "node_modules/callsites": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz",
-      "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -5073,8 +8733,6 @@
     },
     "node_modules/camelcase": {
       "version": "5.3.1",
-      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
-      "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
       "license": "MIT",
       "engines": {
         "node": ">=6"
@@ -5082,8 +8740,6 @@
     },
     "node_modules/caniuse-lite": {
       "version": "1.0.30001761",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001761.tgz",
-      "integrity": "sha512-JF9ptu1vP2coz98+5051jZ4PwQgd2ni8A+gYSN7EA7dPKIMf0pDlSUxhdmVOaV3/fYK5uWBkgSXJaRLr4+3A6g==",
       "dev": true,
       "funding": [
         {
@@ -5104,14 +8760,10 @@
     "node_modules/cbor": {
       "name": "@jprochazk/cbor",
       "version": "0.4.9",
-      "resolved": "https://registry.npmjs.org/@jprochazk/cbor/-/cbor-0.4.9.tgz",
-      "integrity": "sha512-FWNnkOtWrFOLXKG2nzOHR/EnCCGZZPvatAvWXDmkTDxgjj9JHDK3DkMUHcFCY3a9weylMCSO/nLOUM170NAO0Q==",
       "license": "MIT"
     },
     "node_modules/cbor-web": {
       "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/cbor-web/-/cbor-web-8.1.0.tgz",
-      "integrity": "sha512-2hWHHMVrfffgoEmsAUh8vCxHoLa1vgodtC73+C5cSarkJlwTapnqAzcHINlP6Ej0DXuP4OmmJ9LF+JaNM5Lj/g==",
       "license": "MIT",
       "engines": {
         "node": ">=12.19"
@@ -5119,8 +8771,6 @@
     },
     "node_modules/chalk": {
       "version": "5.6.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.6.2.tgz",
-      "integrity": "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==",
       "license": "MIT",
       "engines": {
         "node": "^12.17.0 || ^14.13 || >=16.0.0"
@@ -5131,15 +8781,11 @@
     },
     "node_modules/chardet": {
       "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/chardet/-/chardet-2.1.1.tgz",
-      "integrity": "sha512-PsezH1rqdV9VvyNhxxOW32/d75r01NY7TQCmOqomRo15ZSOKbpTFVsfjghxo6JloQUCGnH4k1LGu0R4yCLlWQQ==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/chokidar": {
       "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
-      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
       "devOptional": true,
       "license": "MIT",
       "peer": true,
@@ -5155,8 +8801,6 @@
     },
     "node_modules/chownr": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz",
-      "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -5165,15 +8809,11 @@
     },
     "node_modules/ci-info": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz",
-      "integrity": "sha512-5tK7EtrZ0N+OLFMthtqOj4fI2Jeb88C4CAZPu25LDVUgXJ0A3Js4PMGqrn0JU1W0Mh1/Z8wZzYPxqUrXeBboCQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/cipher-base": {
       "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/cipher-base/-/cipher-base-1.0.7.tgz",
-      "integrity": "sha512-Mz9QMT5fJe7bKI7MH31UilT5cEK5EHHRCccw/YRFsRY47AuNgaV6HY3rscp0/I4Q+tTW/5zoqpSeRRI54TkDWA==",
       "license": "MIT",
       "dependencies": {
         "inherits": "^2.0.4",
@@ -5186,8 +8826,6 @@
     },
     "node_modules/cipher-base/node_modules/safe-buffer": {
       "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
       "funding": [
         {
           "type": "github",
@@ -5206,8 +8844,6 @@
     },
     "node_modules/cli-cursor": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-5.0.0.tgz",
-      "integrity": "sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==",
       "license": "MIT",
       "dependencies": {
         "restore-cursor": "^5.0.0"
@@ -5221,8 +8857,6 @@
     },
     "node_modules/cli-spinners": {
       "version": "2.9.2",
-      "resolved": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz",
-      "integrity": "sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg==",
       "license": "MIT",
       "engines": {
         "node": ">=6"
@@ -5233,8 +8867,6 @@
     },
     "node_modules/cli-truncate": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-4.0.0.tgz",
-      "integrity": "sha512-nPdaFdQ0h/GEigbPClz11D0v/ZJEwxmeVZGeMo3Z5StPtUTkA9o1lD6QwoirYiSDzbcwn2XcjwmCp68W1IS4TA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -5250,8 +8882,6 @@
     },
     "node_modules/cli-width": {
       "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz",
-      "integrity": "sha512-ouuZd4/dm2Sw5Gmqy6bGyNNNe1qt9RpmxveLSO7KcgsTnU7RXfsw+/bukWGo1abgBiMAic068rclZsO4IWmmxQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -5260,8 +8890,6 @@
     },
     "node_modules/cliui": {
       "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/cliui/-/cliui-9.0.1.tgz",
-      "integrity": "sha512-k7ndgKhwoQveBL+/1tqGJYNz097I7WOvwbmmU2AR5+magtbjPWQTS1C5vzGkBC8Ym8UWRzfKUzUUqFLypY4Q+w==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -5275,8 +8903,6 @@
     },
     "node_modules/cliui/node_modules/wrap-ansi": {
       "version": "9.0.2",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.2.tgz",
-      "integrity": "sha512-42AtmgqjV+X1VpdOfyTGOYRi0/zsoLqtXQckTmqTeybT+BDIbM/Guxo7x3pE2vtpr1ok6xRqM9OpBe+Jyoqyww==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -5293,15 +8919,11 @@
     },
     "node_modules/code-block-writer": {
       "version": "13.0.3",
-      "resolved": "https://registry.npmjs.org/code-block-writer/-/code-block-writer-13.0.3.tgz",
-      "integrity": "sha512-Oofo0pq3IKnsFtuHqSF7TqBfr71aeyZDVJ0HpmqB7FBM2qEigL0iPONSCZSO9pE9dZTAxANe5XHG9Uy0YMv8cg==",
       "license": "MIT",
       "optional": true
     },
     "node_modules/color-convert": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
       "license": "MIT",
       "dependencies": {
         "color-name": "~1.1.4"
@@ -5312,21 +8934,15 @@
     },
     "node_modules/color-name": {
       "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
       "license": "MIT"
     },
     "node_modules/colorette": {
       "version": "2.0.20",
-      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz",
-      "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/commander": {
       "version": "12.1.0",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz",
-      "integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -5335,29 +8951,21 @@
     },
     "node_modules/common-path-prefix": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/common-path-prefix/-/common-path-prefix-3.0.0.tgz",
-      "integrity": "sha512-QE33hToZseCH3jS0qN96O/bSh3kaw/h+Tq7ngyY9eWDUnTlTNUyqfqvCXioLe5Na5jFsL78ra/wuBU4iuEgd4w==",
       "dev": true,
       "license": "ISC"
     },
     "node_modules/compare-versions": {
       "version": "3.6.0",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-3.6.0.tgz",
-      "integrity": "sha512-W6Af2Iw1z4CB7q4uU4hv646dW9GQuBM+YpC0UvUCWSD8w90SJjp+ujJuXaEMtAXBtSqGfMPuFOVn4/+FlaqfBA==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/concat-map": {
       "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/content-disposition": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.0.1.tgz",
-      "integrity": "sha512-oIXISMynqSqm241k6kcQ5UwttDILMK4BiurCfGEREw6+X9jkkpEe5T9FZaApyLGGOnFuyMWZpdolTXMtvEJ08Q==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -5370,8 +8978,6 @@
     },
     "node_modules/content-type": {
       "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
-      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -5380,15 +8986,11 @@
     },
     "node_modules/convert-source-map": {
       "version": "1.9.0",
-      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz",
-      "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/cookie": {
       "version": "0.7.2",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
-      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -5397,8 +8999,6 @@
     },
     "node_modules/cookie-signature": {
       "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",
-      "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -5407,8 +9007,6 @@
     },
     "node_modules/copy-anything": {
       "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/copy-anything/-/copy-anything-2.0.6.tgz",
-      "integrity": "sha512-1j20GZTsvKNkc4BY3NpMOM8tt///wY3FpIzozTOFO2ffuZcV61nojHXVKIy3WM+7ADCy5FVhdZYHYDdgTU0yJw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5420,8 +9018,6 @@
     },
     "node_modules/core-js": {
       "version": "3.47.0",
-      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.47.0.tgz",
-      "integrity": "sha512-c3Q2VVkGAUyupsjRnaNX6u8Dq2vAdzm9iuPj5FW0fRxzlxgq9Q39MDq10IvmQSpLgHQNyQzQmOo6bgGHmH3NNg==",
       "hasInstallScript": true,
       "license": "MIT",
       "funding": {
@@ -5431,14 +9027,10 @@
     },
     "node_modules/core-util-is": {
       "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
-      "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==",
       "license": "MIT"
     },
     "node_modules/cors": {
       "version": "2.8.5",
-      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
-      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -5451,8 +9043,6 @@
     },
     "node_modules/corser": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/corser/-/corser-2.0.1.tgz",
-      "integrity": "sha512-utCYNzRSQIZNPIcGZdQc92UVJYAhtGAteCFg0yRaFm8f0P+CPtyGyHXJcGXnffjCybUCEx3FQ2G7U3/o9eIkVQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -5461,8 +9051,6 @@
     },
     "node_modules/cosmiconfig": {
       "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.1.0.tgz",
-      "integrity": "sha512-AdmX6xUzdNASswsFtmwSt7Vj8po9IuqXm0UXz7QKPuEUmPB4XyjGfaAr2PSuELMwkRMVH1EpIkX5bTZGRB3eCA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5478,8 +9066,6 @@
     },
     "node_modules/cosmiconfig/node_modules/yaml": {
       "version": "1.10.2",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz",
-      "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==",
       "dev": true,
       "license": "ISC",
       "engines": {
@@ -5488,8 +9074,6 @@
     },
     "node_modules/create-hash": {
       "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
-      "integrity": "sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==",
       "license": "MIT",
       "dependencies": {
         "cipher-base": "^1.0.1",
@@ -5501,8 +9085,6 @@
     },
     "node_modules/create-hmac": {
       "version": "1.1.7",
-      "resolved": "https://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz",
-      "integrity": "sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==",
       "license": "MIT",
       "dependencies": {
         "cipher-base": "^1.0.3",
@@ -5515,15 +9097,11 @@
     },
     "node_modules/create-require": {
       "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz",
-      "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/cron": {
       "version": "2.4.4",
-      "resolved": "https://registry.npmjs.org/cron/-/cron-2.4.4.tgz",
-      "integrity": "sha512-MHlPImXJj3K7x7lyUHjtKEOl69CSlTOWxS89jiFgNkzXfvhVjhMz/nc7/EIfN9vgooZp8XTtXJ1FREdmbyXOiQ==",
       "license": "MIT",
       "dependencies": {
         "@types/luxon": "~3.3.0",
@@ -5532,8 +9110,6 @@
     },
     "node_modules/cronstrue": {
       "version": "2.59.0",
-      "resolved": "https://registry.npmjs.org/cronstrue/-/cronstrue-2.59.0.tgz",
-      "integrity": "sha512-YKGmAy84hKH+hHIIER07VCAHf9u0Ldelx1uU6EBxsRPDXIA1m5fsKmJfyC3xBhw6cVC/1i83VdbL4PvepTrt8A==",
       "license": "MIT",
       "bin": {
         "cronstrue": "bin/cli.js"
@@ -5541,8 +9117,6 @@
     },
     "node_modules/cross-spawn": {
       "version": "7.0.6",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
-      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -5556,8 +9130,6 @@
     },
     "node_modules/css-select": {
       "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/css-select/-/css-select-6.0.0.tgz",
-      "integrity": "sha512-rZZVSLle8v0+EY8QAkDWrKhpgt6SA5OtHsgBnsj6ZaLb5dmDVOWUDtQitd9ydxxvEjhewNudS6eTVU7uOyzvXw==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -5573,8 +9145,6 @@
     },
     "node_modules/css-what": {
       "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/css-what/-/css-what-7.0.0.tgz",
-      "integrity": "sha512-wD5oz5xibMOPHzy13CyGmogB3phdvcDaB5t0W/Nr5Z2O/agcB8YwOz6e2Lsp10pNDzBoDO9nVa3RGs/2BttpHQ==",
       "dev": true,
       "license": "BSD-2-Clause",
       "engines": {
@@ -5586,8 +9156,6 @@
     },
     "node_modules/debug": {
       "version": "4.4.3",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
-      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -5604,8 +9172,6 @@
     },
     "node_modules/decamelize": {
       "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz",
-      "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==",
       "license": "MIT",
       "engines": {
         "node": ">=0.10.0"
@@ -5613,8 +9179,6 @@
     },
     "node_modules/deep-equality-data-structures": {
       "version": "1.5.1",
-      "resolved": "https://registry.npmjs.org/deep-equality-data-structures/-/deep-equality-data-structures-1.5.1.tgz",
-      "integrity": "sha512-P7zsL2/AbZIGHDxbo/LLEhCp11AttRp8GvzXOXudqMT/qiGCLo/pyI4lAZvjUZyQnlIbPna3fv8DMsuRvLt4ww==",
       "license": "MIT",
       "dependencies": {
         "object-hash": "^3.0.0"
@@ -5622,8 +9186,6 @@
     },
     "node_modules/default-browser": {
       "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/default-browser/-/default-browser-5.4.0.tgz",
-      "integrity": "sha512-XDuvSq38Hr1MdN47EDvYtx3U0MTqpCEn+F6ft8z2vYDzMrvQhVp0ui9oQdqW3MvK3vqUETglt1tVGgjLuJ5izg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5639,8 +9201,6 @@
     },
     "node_modules/default-browser-id": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.1.tgz",
-      "integrity": "sha512-x1VCxdX4t+8wVfd1so/9w+vQ4vx7lKd2Qp5tDRutErwmR85OgmfX7RlLRMWafRMY7hbEiXIbudNrjOAPa/hL8Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -5652,8 +9212,6 @@
     },
     "node_modules/define-data-property": {
       "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
-      "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
       "license": "MIT",
       "dependencies": {
         "es-define-property": "^1.0.0",
@@ -5669,8 +9227,6 @@
     },
     "node_modules/define-lazy-prop": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz",
-      "integrity": "sha512-N+MeXYoqr3pOgn8xfyRPREN7gHakLYjhsHhWGT3fWAiL4IkAt0iDw14QiiEm2bE30c5XX5q0FtAA3CK5f9/BUg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -5682,8 +9238,6 @@
     },
     "node_modules/depd": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
-      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -5692,8 +9246,6 @@
     },
     "node_modules/dependency-graph": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/dependency-graph/-/dependency-graph-1.0.0.tgz",
-      "integrity": "sha512-cW3gggJ28HZ/LExwxP2B++aiKxhJXMSIt9K48FOXQkm+vuG5gyatXnLsONRJdzO/7VfjDIiaOOa/bs4l464Lwg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -5702,8 +9254,6 @@
     },
     "node_modules/detect-libc": {
       "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
-      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
       "dev": true,
       "license": "Apache-2.0",
       "optional": true,
@@ -5713,8 +9263,6 @@
     },
     "node_modules/diff": {
       "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
-      "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==",
       "dev": true,
       "license": "BSD-3-Clause",
       "engines": {
@@ -5723,14 +9271,10 @@
     },
     "node_modules/dijkstrajs": {
       "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz",
-      "integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==",
       "license": "MIT"
     },
     "node_modules/dom-serializer": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz",
-      "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5744,8 +9288,6 @@
     },
     "node_modules/dom-serializer/node_modules/entities": {
       "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
-      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
       "dev": true,
       "license": "BSD-2-Clause",
       "engines": {
@@ -5757,8 +9299,6 @@
     },
     "node_modules/domelementtype": {
       "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz",
-      "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==",
       "dev": true,
       "funding": [
         {
@@ -5770,8 +9310,6 @@
     },
     "node_modules/domhandler": {
       "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz",
-      "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -5786,15 +9324,11 @@
     },
     "node_modules/dompurify": {
       "version": "3.1.7",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz",
-      "integrity": "sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ==",
       "license": "(MPL-2.0 OR Apache-2.0)",
       "peer": true
     },
     "node_modules/domutils": {
       "version": "3.2.2",
-      "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz",
-      "integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -5808,8 +9342,6 @@
     },
     "node_modules/dunder-proto": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
-      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
       "license": "MIT",
       "dependencies": {
         "call-bind-apply-helpers": "^1.0.1",
@@ -5822,35 +9354,25 @@
     },
     "node_modules/eastasianwidth": {
       "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
-      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/ee-first": {
       "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
-      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/electron-to-chromium": {
       "version": "1.5.267",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.267.tgz",
-      "integrity": "sha512-0Drusm6MVRXSOJpGbaSVgcQsuB4hEkMpHXaVstcPmhu5LIedxs1xNK/nIxmQIU/RPC0+1/o0AVZfBTkTNJOdUw==",
       "dev": true,
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
       "version": "10.6.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz",
-      "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==",
       "license": "MIT"
     },
     "node_modules/encodeurl": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
-      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -5859,8 +9381,6 @@
     },
     "node_modules/encoding": {
       "version": "0.1.13",
-      "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz",
-      "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -5870,8 +9390,6 @@
     },
     "node_modules/encoding/node_modules/iconv-lite": {
       "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
-      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -5884,8 +9402,6 @@
     },
     "node_modules/entities": {
       "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz",
-      "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==",
       "license": "BSD-2-Clause",
       "funding": {
         "url": "https://github.com/fb55/entities?sponsor=1"
@@ -5893,8 +9409,6 @@
     },
     "node_modules/env-paths": {
       "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz",
-      "integrity": "sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -5903,8 +9417,6 @@
     },
     "node_modules/environment": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/environment/-/environment-1.1.0.tgz",
-      "integrity": "sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -5916,15 +9428,11 @@
     },
     "node_modules/err-code": {
       "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/err-code/-/err-code-2.0.3.tgz",
-      "integrity": "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/errno": {
       "version": "0.1.8",
-      "resolved": "https://registry.npmjs.org/errno/-/errno-0.1.8.tgz",
-      "integrity": "sha512-dJ6oBr5SQ1VSd9qkk7ByRgb/1SH4JZjCHSW/mr63/QcXO9zLVxvJ6Oy13nio03rxpSnVDDjFor75SjVeZWPW/A==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -5937,8 +9445,6 @@
     },
     "node_modules/error-ex": {
       "version": "1.3.4",
-      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.4.tgz",
-      "integrity": "sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5947,8 +9453,6 @@
     },
     "node_modules/es-define-property": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
-      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.4"
@@ -5956,8 +9460,6 @@
     },
     "node_modules/es-errors": {
       "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
-      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.4"
@@ -5965,8 +9467,6 @@
     },
     "node_modules/es-object-atoms": {
       "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
-      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
       "license": "MIT",
       "dependencies": {
         "es-errors": "^1.3.0"
@@ -5977,14 +9477,10 @@
     },
     "node_modules/es6-promise": {
       "version": "4.2.8",
-      "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz",
-      "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==",
       "license": "MIT"
     },
     "node_modules/esbuild": {
       "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.9.tgz",
-      "integrity": "sha512-CRbODhYyQx3qp7ZEwzxOk4JBqmD/seJrzPa/cGjY1VtIn5E09Oi9/dB4JwctnfZ8Q8iT7rioVv5k/FNT/uf54g==",
       "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
@@ -6025,8 +9521,6 @@
     },
     "node_modules/escalade": {
       "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
-      "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -6035,15 +9529,11 @@
     },
     "node_modules/escape-html": {
       "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
-      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/escape-string-regexp": {
       "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6052,8 +9542,6 @@
     },
     "node_modules/esprima": {
       "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
-      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
       "dev": true,
       "license": "BSD-2-Clause",
       "bin": {
@@ -6066,15 +9554,11 @@
     },
     "node_modules/estree-walker": {
       "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.2.tgz",
-      "integrity": "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/etag": {
       "version": "1.8.1",
-      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
-      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -6083,15 +9567,11 @@
     },
     "node_modules/eventemitter3": {
       "version": "4.0.7",
-      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz",
-      "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/eventsource": {
       "version": "3.0.7",
-      "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-3.0.7.tgz",
-      "integrity": "sha512-CRT1WTyuQoD771GW56XEZFQ/ZoSfWid1alKGDYMmkt2yl8UXrVR4pspqWNEcqKvVIzg6PAltWjxcSSPrboA4iA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -6103,8 +9583,6 @@
     },
     "node_modules/eventsource-parser": {
       "version": "3.0.6",
-      "resolved": "https://registry.npmjs.org/eventsource-parser/-/eventsource-parser-3.0.6.tgz",
-      "integrity": "sha512-Vo1ab+QXPzZ4tCa8SwIHJFaSzy4R6SHf7BY79rFBDf0idraZWAkYrDjDj8uWaSm3S2TK+hJ7/t1CEmZ7jXw+pg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -6113,8 +9591,6 @@
     },
     "node_modules/execa": {
       "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/execa/-/execa-7.2.0.tgz",
-      "integrity": "sha512-UduyVP7TLB5IcAQl+OzLyLcS/l32W/GLg+AhHJ+ow40FOk2U3SAllPwR44v4vmdFwIWqpdwxxpQbF1n5ta9seA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6137,22 +9613,16 @@
     },
     "node_modules/execa/node_modules/signal-exit": {
       "version": "3.0.7",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
-      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
       "dev": true,
       "license": "ISC"
     },
     "node_modules/exponential-backoff": {
       "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/exponential-backoff/-/exponential-backoff-3.1.3.tgz",
-      "integrity": "sha512-ZgEeZXj30q+I0EN+CbSSpIyPaJ5HVQD18Z1m+u1FXbAeT94mr1zw50q4q6jiiC447Nl/YTcIYSAftiGqetwXCA==",
       "devOptional": true,
       "license": "Apache-2.0"
     },
     "node_modules/express": {
       "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz",
-      "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==",
       "devOptional": true,
       "license": "MIT",
       "peer": true,
@@ -6196,8 +9666,6 @@
     },
     "node_modules/express-rate-limit": {
       "version": "7.5.1",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.1.tgz",
-      "integrity": "sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -6212,14 +9680,10 @@
     },
     "node_modules/fast-deep-equal": {
       "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
-      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
       "license": "MIT"
     },
     "node_modules/fast-glob": {
       "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz",
-      "integrity": "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
@@ -6235,8 +9699,6 @@
     },
     "node_modules/fast-glob/node_modules/micromatch": {
       "version": "4.0.8",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
-      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
@@ -6249,8 +9711,6 @@
     },
     "node_modules/fast-glob/node_modules/picomatch": {
       "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
       "license": "MIT",
       "optional": true,
       "engines": {
@@ -6262,14 +9722,10 @@
     },
     "node_modules/fast-json-patch": {
       "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/fast-json-patch/-/fast-json-patch-3.1.1.tgz",
-      "integrity": "sha512-vf6IHUX2SBcA+5/+4883dsIjpBTqmfBjmYiWK1savxQmFk4JfBMLa7ynTYOs1Rolp/T1betJxHiGD3g1Mn8lUQ==",
       "license": "MIT"
     },
     "node_modules/fast-uri": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz",
-      "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==",
       "funding": [
         {
           "type": "github",
@@ -6284,8 +9740,6 @@
     },
     "node_modules/fastq": {
       "version": "1.20.1",
-      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz",
-      "integrity": "sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==",
       "license": "ISC",
       "optional": true,
       "dependencies": {
@@ -6294,8 +9748,6 @@
     },
     "node_modules/fdir": {
       "version": "6.5.0",
-      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
-      "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -6312,8 +9764,6 @@
     },
     "node_modules/fill-range": {
       "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
-      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -6325,8 +9775,6 @@
     },
     "node_modules/finalhandler": {
       "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.1.tgz",
-      "integrity": "sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -6347,8 +9795,6 @@
     },
     "node_modules/find-cache-directory": {
       "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/find-cache-directory/-/find-cache-directory-6.0.0.tgz",
-      "integrity": "sha512-CvFd5ivA6HcSHbD+59P7CyzINHXzwhuQK8RY7CxJZtgDSAtRlHiCaQpZQ2lMR/WRyUIEmzUvL6G2AGurMfegZA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6364,8 +9810,6 @@
     },
     "node_modules/find-cache-directory/node_modules/pkg-dir": {
       "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-8.0.0.tgz",
-      "integrity": "sha512-4peoBq4Wks0riS0z8741NVv+/8IiTvqnZAr8QGgtdifrtpdXbNw/FxRS1l6NFqm4EMzuS0EDqNNx4XGaz8cuyQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6380,8 +9824,6 @@
     },
     "node_modules/find-up": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz",
-      "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6397,8 +9839,6 @@
     },
     "node_modules/find-up-simple": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/find-up-simple/-/find-up-simple-1.0.1.tgz",
-      "integrity": "sha512-afd4O7zpqHeRyg4PfDQsXmlDe2PfdHtJt6Akt8jOWaApLOZk5JXs6VMR29lz03pRe9mpykrRCYIYxaJYcfpncQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6410,8 +9850,6 @@
     },
     "node_modules/find-versions": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/find-versions/-/find-versions-4.0.0.tgz",
-      "integrity": "sha512-wgpWy002tA+wgmO27buH/9KzyEOQnKsG/R0yrcjPT9BOFm0zRBVQbZ95nRGXWMywS8YR5knRbpohio0bcJABxQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6426,8 +9864,6 @@
     },
     "node_modules/follow-redirects": {
       "version": "1.15.11",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz",
-      "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==",
       "dev": true,
       "funding": [
         {
@@ -6447,8 +9883,6 @@
     },
     "node_modules/for-each": {
       "version": "0.3.5",
-      "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.5.tgz",
-      "integrity": "sha512-dKx12eRCVIzqCxFGplyFKJMPvLEWgmNtUrpTiJIR5u97zEhRG8ySrtboPHZXx7daLxQVrl643cTzbab2tkQjxg==",
       "license": "MIT",
       "dependencies": {
         "is-callable": "^1.2.7"
@@ -6462,8 +9896,6 @@
     },
     "node_modules/foreground-child": {
       "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz",
-      "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -6479,8 +9911,6 @@
     },
     "node_modules/forwarded": {
       "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
-      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -6489,8 +9919,6 @@
     },
     "node_modules/fresh": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/fresh/-/fresh-2.0.0.tgz",
-      "integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -6499,8 +9927,6 @@
     },
     "node_modules/fs-minipass": {
       "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-3.0.3.tgz",
-      "integrity": "sha512-XUBA9XClHbnJWSfBzjkm6RvPsyg3sryZt06BEQoXcF7EK/xpGaQYJgQKDJSUH5SGZ76Y7pFx1QBnXz09rU5Fbw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -6512,30 +9938,11 @@
     },
     "node_modules/fs.realpath": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
-      "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==",
       "dev": true,
       "license": "ISC"
     },
-    "node_modules/fsevents": {
-      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
-      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
-      "dev": true,
-      "hasInstallScript": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
-      }
-    },
     "node_modules/function-bind": {
       "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
-      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
@@ -6543,8 +9950,6 @@
     },
     "node_modules/fuse.js": {
       "version": "6.6.2",
-      "resolved": "https://registry.npmjs.org/fuse.js/-/fuse.js-6.6.2.tgz",
-      "integrity": "sha512-cJaJkxCCxC8qIIcPBF9yGxY0W/tVZS3uEISDxhYIdtk8OL93pe+6Zj7LjCqVV4dzbqcriOZ+kQ/NE4RXZHsIGA==",
       "license": "Apache-2.0",
       "engines": {
         "node": ">=10"
@@ -6552,8 +9957,6 @@
     },
     "node_modules/gensync": {
       "version": "1.0.0-beta.2",
-      "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz",
-      "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6562,8 +9965,6 @@
     },
     "node_modules/get-caller-file": {
       "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
-      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
       "license": "ISC",
       "engines": {
         "node": "6.* || 8.* || >= 10.*"
@@ -6571,8 +9972,6 @@
     },
     "node_modules/get-east-asian-width": {
       "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.4.0.tgz",
-      "integrity": "sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==",
       "license": "MIT",
       "engines": {
         "node": ">=18"
@@ -6583,8 +9982,6 @@
     },
     "node_modules/get-intrinsic": {
       "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
-      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
       "license": "MIT",
       "dependencies": {
         "call-bind-apply-helpers": "^1.0.2",
@@ -6607,8 +10004,6 @@
     },
     "node_modules/get-proto": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
-      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
       "license": "MIT",
       "dependencies": {
         "dunder-proto": "^1.0.1",
@@ -6620,8 +10015,6 @@
     },
     "node_modules/get-stream": {
       "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz",
-      "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6633,8 +10026,6 @@
     },
     "node_modules/glob": {
       "version": "10.5.0",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
-      "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -6654,8 +10045,6 @@
     },
     "node_modules/glob-parent": {
       "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
-      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
       "license": "ISC",
       "optional": true,
       "dependencies": {
@@ -6667,15 +10056,11 @@
     },
     "node_modules/glob-to-regexp": {
       "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz",
-      "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==",
       "dev": true,
       "license": "BSD-2-Clause"
     },
     "node_modules/glob/node_modules/minimatch": {
       "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -6690,8 +10075,6 @@
     },
     "node_modules/gopd": {
       "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
-      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.4"
@@ -6702,15 +10085,11 @@
     },
     "node_modules/graceful-fs": {
       "version": "4.2.11",
-      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
-      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/has-flag": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6719,8 +10098,6 @@
     },
     "node_modules/has-property-descriptors": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
-      "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
       "license": "MIT",
       "dependencies": {
         "es-define-property": "^1.0.0"
@@ -6731,8 +10108,6 @@
     },
     "node_modules/has-symbols": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
-      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.4"
@@ -6743,8 +10118,6 @@
     },
     "node_modules/has-tostringtag": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
-      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
       "license": "MIT",
       "dependencies": {
         "has-symbols": "^1.0.3"
@@ -6758,8 +10131,6 @@
     },
     "node_modules/hash-base": {
       "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/hash-base/-/hash-base-3.1.2.tgz",
-      "integrity": "sha512-Bb33KbowVTIj5s7Ked1OsqHUeCpz//tPwR+E2zJgJKo9Z5XolZ9b6bdUgjmYlwnWhoOQKoTd1TYToZGn5mAYOg==",
       "license": "MIT",
       "dependencies": {
         "inherits": "^2.0.4",
@@ -6773,8 +10144,6 @@
     },
     "node_modules/hash-base/node_modules/safe-buffer": {
       "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
       "funding": [
         {
           "type": "github",
@@ -6793,8 +10162,6 @@
     },
     "node_modules/hasown": {
       "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
-      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
       "license": "MIT",
       "dependencies": {
         "function-bind": "^1.1.2"
@@ -6805,8 +10172,6 @@
     },
     "node_modules/he": {
       "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz",
-      "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -6815,8 +10180,6 @@
     },
     "node_modules/hosted-git-info": {
       "version": "9.0.2",
-      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-9.0.2.tgz",
-      "integrity": "sha512-M422h7o/BR3rmCQ8UHi7cyyMqKltdP9Uo+J2fXK+RSAY+wTcKOIRyhTuKv4qn+DJf3g+PL890AzId5KZpX+CBg==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -6828,8 +10191,6 @@
     },
     "node_modules/hosted-git-info/node_modules/lru-cache": {
       "version": "11.2.4",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.4.tgz",
-      "integrity": "sha512-B5Y16Jr9LB9dHVkh6ZevG+vAbOsNOYCX+sXvFWFu7B3Iz5mijW3zdbMyhsh8ANd2mSWBYdJgnqi+mL7/LrOPYg==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "engines": {
@@ -6838,8 +10199,6 @@
     },
     "node_modules/html-encoding-sniffer": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-3.0.0.tgz",
-      "integrity": "sha512-oWv4T4yJ52iKrufjnyZPkrN0CH3QnrUqdB6In1g5Fe1mia8GmF36gnfNySxoZtxD5+NmYw1EElVXiBk93UeskA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6851,8 +10210,6 @@
     },
     "node_modules/htmlparser2": {
       "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-10.0.0.tgz",
-      "integrity": "sha512-TwAZM+zE5Tq3lrEHvOlvwgj1XLWQCtaaibSN11Q+gGBAS7Y1uZSWwXXRe4iF6OXnaq1riyQAPFOBtYc77Mxq0g==",
       "dev": true,
       "funding": [
         "https://github.com/fb55/htmlparser2?sponsor=1",
@@ -6871,8 +10228,6 @@
     },
     "node_modules/htmlparser2/node_modules/entities": {
       "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz",
-      "integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==",
       "dev": true,
       "license": "BSD-2-Clause",
       "engines": {
@@ -6884,15 +10239,11 @@
     },
     "node_modules/http-cache-semantics": {
       "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz",
-      "integrity": "sha512-dTxcvPXqPvXBQpq5dUr6mEMJX4oIEFv6bwom3FDwKRDsuIjjJGANqhBuoAn9c1RQJIdAKav33ED65E2ys+87QQ==",
       "devOptional": true,
       "license": "BSD-2-Clause"
     },
     "node_modules/http-errors": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
-      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -6912,8 +10263,6 @@
     },
     "node_modules/http-proxy": {
       "version": "1.18.1",
-      "resolved": "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz",
-      "integrity": "sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6927,8 +10276,6 @@
     },
     "node_modules/http-proxy-agent": {
       "version": "7.0.2",
-      "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz",
-      "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -6941,8 +10288,6 @@
     },
     "node_modules/http-server": {
       "version": "14.1.1",
-      "resolved": "https://registry.npmjs.org/http-server/-/http-server-14.1.1.tgz",
-      "integrity": "sha512-+cbxadF40UXd9T01zUHgA+rlo2Bg1Srer4+B4NwIHdaGxAGGv59nYRnGGDJ9LBk7alpS0US+J+bLLdQOOkJq4A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6969,8 +10314,6 @@
     },
     "node_modules/http-server/node_modules/ansi-styles": {
       "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6985,8 +10328,6 @@
     },
     "node_modules/http-server/node_modules/chalk": {
       "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7002,8 +10343,6 @@
     },
     "node_modules/http-server/node_modules/mime": {
       "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
-      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -7015,8 +10354,6 @@
     },
     "node_modules/https-proxy-agent": {
       "version": "7.0.6",
-      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz",
-      "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -7029,8 +10366,6 @@
     },
     "node_modules/human-signals": {
       "version": "4.3.1",
-      "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-4.3.1.tgz",
-      "integrity": "sha512-nZXjEF2nbo7lIw3mgYjItAfgQXog3OjJogSbKa2CQIIvSGWcKgeJnQlNXip6NglNzYH45nSRiEVimMvYL8DDqQ==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -7039,8 +10374,6 @@
     },
     "node_modules/husky": {
       "version": "4.3.8",
-      "resolved": "https://registry.npmjs.org/husky/-/husky-4.3.8.tgz",
-      "integrity": "sha512-LCqqsB0PzJQ/AlCgfrfzRe3e3+NvmefAdKQhRYpxS4u6clblBoDdzzvHi8fmxKRzvMxPY/1WZWzomPZww0Anow==",
       "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
@@ -7070,8 +10403,6 @@
     },
     "node_modules/husky/node_modules/ansi-styles": {
       "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7086,8 +10417,6 @@
     },
     "node_modules/husky/node_modules/chalk": {
       "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7103,8 +10432,6 @@
     },
     "node_modules/iconv-lite": {
       "version": "0.7.1",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.1.tgz",
-      "integrity": "sha512-2Tth85cXwGFHfvRgZWszZSvdo+0Xsqmw8k8ZwxScfcBneNUraK+dxRxRm24nszx80Y0TVio8kKLt5sLE7ZCLlw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -7120,8 +10447,6 @@
     },
     "node_modules/ieee754": {
       "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
-      "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==",
       "funding": [
         {
           "type": "github",
@@ -7140,8 +10465,6 @@
     },
     "node_modules/ignore-walk": {
       "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/ignore-walk/-/ignore-walk-8.0.0.tgz",
-      "integrity": "sha512-FCeMZT4NiRQGh+YkeKMtWrOmBgWjHjMJ26WQWrRQyoyzqevdaGSakUaJW5xQYmjLlUVk2qUnCjYVBax9EKKg8A==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -7153,8 +10476,6 @@
     },
     "node_modules/ignore-walk/node_modules/minimatch": {
       "version": "10.1.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.1.tgz",
-      "integrity": "sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -7169,8 +10490,6 @@
     },
     "node_modules/image-size": {
       "version": "0.5.5",
-      "resolved": "https://registry.npmjs.org/image-size/-/image-size-0.5.5.tgz",
-      "integrity": "sha512-6TDAlDPZxUFCv+fuOkIoXT/V/f3Qbq8e37p+YOiYrUv3v9cc3/6x78VdfPgFVaB9dZYeLUfKgHRebpkm/oP2VQ==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -7183,15 +10502,11 @@
     },
     "node_modules/immutable": {
       "version": "5.1.4",
-      "resolved": "https://registry.npmjs.org/immutable/-/immutable-5.1.4.tgz",
-      "integrity": "sha512-p6u1bG3YSnINT5RQmx/yRZBpenIl30kVxkTLDyHLIMk0gict704Q9n+thfDI7lTRm9vXdDYutVzXhzcThxTnXA==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/import-fresh": {
       "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz",
-      "integrity": "sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7207,8 +10522,6 @@
     },
     "node_modules/imurmurhash": {
       "version": "0.1.4",
-      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
-      "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -7217,9 +10530,6 @@
     },
     "node_modules/inflight": {
       "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
-      "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
-      "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -7229,14 +10539,10 @@
     },
     "node_modules/inherits": {
       "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
       "license": "ISC"
     },
     "node_modules/ini": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/ini/-/ini-5.0.0.tgz",
-      "integrity": "sha512-+N0ngpO3e7cRUWOJAS7qw0IZIVc6XPrW4MlFBdD066F2L4k1L6ker3hLqSq7iXxU5tgS4WGkIUElWn5vogAEnw==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -7245,8 +10551,6 @@
     },
     "node_modules/injection-js": {
       "version": "2.6.1",
-      "resolved": "https://registry.npmjs.org/injection-js/-/injection-js-2.6.1.tgz",
-      "integrity": "sha512-dbR5bdhi7TWDoCye9cByZqeg/gAfamm8Vu3G1KZOTYkOif8WkuM8CD0oeDPtZYMzT5YH76JAFB7bkmyY9OJi2A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7255,8 +10559,6 @@
     },
     "node_modules/inquirer": {
       "version": "12.11.1",
-      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-12.11.1.tgz",
-      "integrity": "sha512-9VF7mrY+3OmsAfjH3yKz/pLbJ5z22E23hENKw3/LNSaA/sAt3v49bDRY+Ygct1xwuKT+U+cBfTzjCPySna69Qw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7282,8 +10584,6 @@
     },
     "node_modules/inquirer/node_modules/@inquirer/confirm": {
       "version": "5.1.21",
-      "resolved": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-5.1.21.tgz",
-      "integrity": "sha512-KR8edRkIsUayMXV+o3Gv+q4jlhENF9nMYUZs9PA2HzrXeHI8M5uDag70U7RJn9yyiMZSbtF5/UexBtAVtZGSbQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7304,8 +10604,6 @@
     },
     "node_modules/inquirer/node_modules/@inquirer/prompts": {
       "version": "7.10.1",
-      "resolved": "https://registry.npmjs.org/@inquirer/prompts/-/prompts-7.10.1.tgz",
-      "integrity": "sha512-Dx/y9bCQcXLI5ooQ5KyvA4FTgeo2jYj/7plWfV5Ak5wDPKQZgudKez2ixyfz7tKXzcJciTxqLeK7R9HItwiByg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7334,8 +10632,6 @@
     },
     "node_modules/ip-address": {
       "version": "10.1.0",
-      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.1.0.tgz",
-      "integrity": "sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -7344,8 +10640,6 @@
     },
     "node_modules/ipaddr.js": {
       "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
-      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -7354,15 +10648,11 @@
     },
     "node_modules/is-arrayish": {
       "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz",
-      "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/is-callable": {
       "version": "1.2.7",
-      "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz",
-      "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.4"
@@ -7373,8 +10663,6 @@
     },
     "node_modules/is-core-module": {
       "version": "2.16.1",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz",
-      "integrity": "sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -7389,8 +10677,6 @@
     },
     "node_modules/is-docker": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz",
-      "integrity": "sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -7405,8 +10691,6 @@
     },
     "node_modules/is-extglob": {
       "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
-      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
       "license": "MIT",
       "optional": true,
       "engines": {
@@ -7415,8 +10699,6 @@
     },
     "node_modules/is-fullwidth-code-point": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-4.0.0.tgz",
-      "integrity": "sha512-O4L094N2/dZ7xqVdrXhh9r1KODPJpFms8B5sGdJLPy664AgvXsreZUyCQQNItZRDlYug4xStLjNp/sz3HvBowQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -7428,8 +10710,6 @@
     },
     "node_modules/is-glob": {
       "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
-      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
@@ -7441,8 +10721,6 @@
     },
     "node_modules/is-inside-container": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz",
-      "integrity": "sha512-KIYLCCJghfHZxqjYBE7rEy0OBuTd5xCHS7tHVgvCLkx7StIoaxwNW3hCALgEUjFfeRk+MG/Qxmp/vtETEF3tRA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7460,8 +10738,6 @@
     },
     "node_modules/is-interactive": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/is-interactive/-/is-interactive-2.0.0.tgz",
-      "integrity": "sha512-qP1vozQRI+BMOPcjFzrjXuQvdak2pHNUMZoeG2eRbiSqyvbEf/wQtEOTOX1guk6E3t36RkaqiSt8A/6YElNxLQ==",
       "license": "MIT",
       "engines": {
         "node": ">=12"
@@ -7472,8 +10748,6 @@
     },
     "node_modules/is-number": {
       "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
-      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -7482,15 +10756,11 @@
     },
     "node_modules/is-promise": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz",
-      "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/is-stream": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-3.0.0.tgz",
-      "integrity": "sha512-LnQR4bZ9IADDRSkvpqMGvt/tEJWclzklNgSw48V5EAaAeDd6qGvN8ei6k5p0tvxSR171VmGyHuTiAOfxAbr8kA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -7502,8 +10772,6 @@
     },
     "node_modules/is-typed-array": {
       "version": "1.1.15",
-      "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.15.tgz",
-      "integrity": "sha512-p3EcsicXjit7SaskXHs1hA91QxgTw46Fv6EFKKGS5DRFLD8yKnohjF3hxoju94b/OcMZoQukzpPpBE9uLVKzgQ==",
       "license": "MIT",
       "dependencies": {
         "which-typed-array": "^1.1.16"
@@ -7517,8 +10785,6 @@
     },
     "node_modules/is-unicode-supported": {
       "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-2.1.0.tgz",
-      "integrity": "sha512-mE00Gnza5EEB3Ds0HfMyllZzbBrmLOX3vfWoj9A9PEnTfratQ/BcaJOuMhnkhjXvb2+FkY3VuHqtAGpTPmglFQ==",
       "license": "MIT",
       "engines": {
         "node": ">=18"
@@ -7529,15 +10795,11 @@
     },
     "node_modules/is-what": {
       "version": "3.14.1",
-      "resolved": "https://registry.npmjs.org/is-what/-/is-what-3.14.1.tgz",
-      "integrity": "sha512-sNxgpk9793nzSs7bA6JQJGeIuRBQhAaNGG77kzYQgMkrID+lS6SlK07K5LaptscDlSaIgH+GPFzf+d75FVxozA==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/is-wsl": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz",
-      "integrity": "sha512-UcVfVfaK4Sc4m7X3dUSoHoozQGBEFeDC+zVo06t98xe8CzHSZZBekNXH+tu0NalHolcJ/QAGqS46Hef7QXBIMw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7552,21 +10814,15 @@
     },
     "node_modules/isarray": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
-      "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==",
       "license": "MIT"
     },
     "node_modules/isexe": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
-      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/istanbul-lib-coverage": {
       "version": "3.2.2",
-      "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz",
-      "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==",
       "dev": true,
       "license": "BSD-3-Clause",
       "engines": {
@@ -7575,8 +10831,6 @@
     },
     "node_modules/istanbul-lib-instrument": {
       "version": "6.0.3",
-      "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.3.tgz",
-      "integrity": "sha512-Vtgk7L/R2JHyyGW07spoFlB8/lpjiOLTjMdms6AFMraYt3BaJauod/NGrfnVG/y4Ix1JEuMRPDPEj2ua+zz1/Q==",
       "dev": true,
       "license": "BSD-3-Clause",
       "dependencies": {
@@ -7592,8 +10846,6 @@
     },
     "node_modules/jackspeak": {
       "version": "3.4.3",
-      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz",
-      "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -7608,8 +10860,6 @@
     },
     "node_modules/jose": {
       "version": "4.15.9",
-      "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz",
-      "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==",
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/panva"
@@ -7617,15 +10867,11 @@
     },
     "node_modules/js-tokens": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
-      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/js-yaml": {
       "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
-      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
       "license": "MIT",
       "dependencies": {
         "argparse": "^2.0.1"
@@ -7636,8 +10882,6 @@
     },
     "node_modules/jsesc": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz",
-      "integrity": "sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -7649,8 +10893,6 @@
     },
     "node_modules/json-parse-even-better-errors": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-4.0.0.tgz",
-      "integrity": "sha512-lR4MXjGNgkJc7tkQ97kb2nuEMnNCyU//XYVH0MKTGcXEiSudQ5MKGKen3C5QubYy0vmq+JGitUg92uuywGEwIA==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -7659,14 +10901,10 @@
     },
     "node_modules/json-schema-traverse": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
-      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==",
       "license": "MIT"
     },
     "node_modules/json5": {
       "version": "2.2.3",
-      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
-      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -7678,14 +10916,10 @@
     },
     "node_modules/jsonc-parser": {
       "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.3.1.tgz",
-      "integrity": "sha512-HUgH65KyejrUFPvHFPbqOY0rsFip3Bo5wb4ngvdi1EpCYWUQDC5V+Y7mZws+DLkr4M//zQJoanu1SP+87Dv1oQ==",
       "license": "MIT"
     },
     "node_modules/jsonparse": {
       "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/jsonparse/-/jsonparse-1.3.1.tgz",
-      "integrity": "sha512-POQXvpdL69+CluYsillJ7SUhKvytYjW9vG/GKpnf+xP8UWgYEM/RaMzHHofbALDiKbbP1W8UEYmgGl39WkPZsg==",
       "devOptional": true,
       "engines": [
         "node >= 0.2.0"
@@ -7694,8 +10928,6 @@
     },
     "node_modules/less": {
       "version": "4.5.1",
-      "resolved": "https://registry.npmjs.org/less/-/less-4.5.1.tgz",
-      "integrity": "sha512-UKgI3/KON4u6ngSsnDADsUERqhZknsVZbnuzlRZXLQCmfC/MDld42fTydUE9B+Mla1AL6SJ/Pp6SlEFi/AVGfw==",
       "dev": true,
       "hasInstallScript": true,
       "license": "Apache-2.0",
@@ -7723,8 +10955,6 @@
     },
     "node_modules/less/node_modules/mime": {
       "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
-      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -7737,8 +10967,6 @@
     },
     "node_modules/less/node_modules/source-map": {
       "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
-      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
       "dev": true,
       "license": "BSD-3-Clause",
       "optional": true,
@@ -7748,15 +10976,11 @@
     },
     "node_modules/libphonenumber-js": {
       "version": "1.12.33",
-      "resolved": "https://registry.npmjs.org/libphonenumber-js/-/libphonenumber-js-1.12.33.tgz",
-      "integrity": "sha512-r9kw4OA6oDO4dPXkOrXTkArQAafIKAU71hChInV4FxZ69dxCfbwQGDPzqR5/vea94wU705/3AZroEbSoeVWrQw==",
       "license": "MIT",
       "peer": true
     },
     "node_modules/lilconfig": {
       "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz",
-      "integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -7765,15 +10989,11 @@
     },
     "node_modules/lines-and-columns": {
       "version": "1.2.4",
-      "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz",
-      "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/lint-staged": {
       "version": "13.3.0",
-      "resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-13.3.0.tgz",
-      "integrity": "sha512-mPRtrYnipYYv1FEE134ufbWpeggNTo+O/UPzngoaKzbzHAthvR55am+8GfHTnqNRQVRRrYQLGW9ZyUoD7DsBHQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7800,8 +11020,6 @@
     },
     "node_modules/lint-staged/node_modules/ansi-escapes": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-5.0.0.tgz",
-      "integrity": "sha512-5GFMVX8HqE/TB+FuBJGuO5XG0WrsA6ptUqoODaT/n9mmUaZFkqnBueB4leqGBCmrUHnCnC4PCZTCd0E7QQ83bA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7816,8 +11034,6 @@
     },
     "node_modules/lint-staged/node_modules/chalk": {
       "version": "5.3.0",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.3.0.tgz",
-      "integrity": "sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -7829,8 +11045,6 @@
     },
     "node_modules/lint-staged/node_modules/cli-cursor": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-4.0.0.tgz",
-      "integrity": "sha512-VGtlMu3x/4DOtIUwEkRezxUZ2lBacNJCHash0N0WeZDBS+7Ux1dm3XWAgWYxLJFMMdOeXMHXorshEFhbMSGelg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7845,8 +11059,6 @@
     },
     "node_modules/lint-staged/node_modules/cli-truncate": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-3.1.0.tgz",
-      "integrity": "sha512-wfOBkjXteqSnI59oPcJkcPl/ZmwvMMOj340qUIY1SKZCv0B9Cf4D4fAucRkIKQmsIuYK3x1rrgU7MeGRruiuiA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7862,8 +11074,6 @@
     },
     "node_modules/lint-staged/node_modules/commander": {
       "version": "11.0.0",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz",
-      "integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -7872,8 +11082,6 @@
     },
     "node_modules/lint-staged/node_modules/debug": {
       "version": "4.3.4",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7890,22 +11098,16 @@
     },
     "node_modules/lint-staged/node_modules/emoji-regex": {
       "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
-      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/lint-staged/node_modules/eventemitter3": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.1.tgz",
-      "integrity": "sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/lint-staged/node_modules/listr2": {
       "version": "6.6.1",
-      "resolved": "https://registry.npmjs.org/listr2/-/listr2-6.6.1.tgz",
-      "integrity": "sha512-+rAXGHh0fkEWdXBmX+L6mmfmXmXvDGEKzkjxO+8mP3+nI/r/CWznVBvsibXdxda9Zz0OW2e2ikphN3OwCT/jSg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7930,8 +11132,6 @@
     },
     "node_modules/lint-staged/node_modules/log-update": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/log-update/-/log-update-5.0.1.tgz",
-      "integrity": "sha512-5UtUDQ/6edw4ofyljDNcOVJQ4c7OjDro4h3y8e1GQL5iYElYclVHJ3zeWchylvMaKnDbDilC8irOVyexnA/Slw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7950,8 +11150,6 @@
     },
     "node_modules/lint-staged/node_modules/mimic-fn": {
       "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz",
-      "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -7960,15 +11158,11 @@
     },
     "node_modules/lint-staged/node_modules/ms": {
       "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/lint-staged/node_modules/onetime": {
       "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz",
-      "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7983,8 +11177,6 @@
     },
     "node_modules/lint-staged/node_modules/restore-cursor": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-4.0.0.tgz",
-      "integrity": "sha512-I9fPXU9geO9bHOt9pHHOhOkYerIMsmVaWB0rA2AI9ERh/+x/i7MV5HKBNrg+ljO5eoPVgCcnFuRjJ9uH6I/3eg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8000,15 +11192,11 @@
     },
     "node_modules/lint-staged/node_modules/signal-exit": {
       "version": "3.0.7",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
-      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
       "dev": true,
       "license": "ISC"
     },
     "node_modules/lint-staged/node_modules/string-width": {
       "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
-      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8025,8 +11213,6 @@
     },
     "node_modules/lint-staged/node_modules/wrap-ansi": {
       "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
-      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8043,8 +11229,6 @@
     },
     "node_modules/lint-staged/node_modules/yaml": {
       "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.1.tgz",
-      "integrity": "sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ==",
       "dev": true,
       "license": "ISC",
       "engines": {
@@ -8053,8 +11237,6 @@
     },
     "node_modules/listr2": {
       "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/listr2/-/listr2-9.0.1.tgz",
-      "integrity": "sha512-SL0JY3DaxylDuo/MecFeiC+7pedM0zia33zl0vcjgwcq1q1FWWF1To9EIauPbl8GbMCU0R2e0uJ8bZunhYKD2g==",
       "devOptional": true,
       "license": "MIT",
       "peer": true,
@@ -8072,15 +11254,11 @@
     },
     "node_modules/listr2/node_modules/eventemitter3": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.1.tgz",
-      "integrity": "sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/listr2/node_modules/wrap-ansi": {
       "version": "9.0.2",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.2.tgz",
-      "integrity": "sha512-42AtmgqjV+X1VpdOfyTGOYRi0/zsoLqtXQckTmqTeybT+BDIbM/Guxo7x3pE2vtpr1ok6xRqM9OpBe+Jyoqyww==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -8097,8 +11275,6 @@
     },
     "node_modules/lmdb": {
       "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/lmdb/-/lmdb-3.4.2.tgz",
-      "integrity": "sha512-nwVGUfTBUwJKXd6lRV8pFNfnrCC1+l49ESJRM19t/tFb/97QfJEixe5DYRvug5JO7DSFKoKaVy7oGMt5rVqZvg==",
       "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
@@ -8125,8 +11301,6 @@
     },
     "node_modules/locate-path": {
       "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz",
-      "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8141,14 +11315,10 @@
     },
     "node_modules/lodash": {
       "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
       "license": "MIT"
     },
     "node_modules/log-symbols": {
       "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-6.0.0.tgz",
-      "integrity": "sha512-i24m8rpwhmPIS4zscNzK6MSEhk0DUWa/8iYQWxhffV8jkI4Phvs3F+quL5xvS0gdQR0FyTCMMH33Y78dDTzzIw==",
       "license": "MIT",
       "dependencies": {
         "chalk": "^5.3.0",
@@ -8163,8 +11333,6 @@
     },
     "node_modules/log-symbols/node_modules/is-unicode-supported": {
       "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-1.3.0.tgz",
-      "integrity": "sha512-43r2mRvz+8JRIKnWJ+3j8JtjRKZ6GmjzfaE/qiBJnikNnYv/6bagRJ1kUhNk8R5EX/GkobD+r+sfxCPJsiKBLQ==",
       "license": "MIT",
       "engines": {
         "node": ">=12"
@@ -8175,8 +11343,6 @@
     },
     "node_modules/log-update": {
       "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/log-update/-/log-update-6.1.0.tgz",
-      "integrity": "sha512-9ie8ItPR6tjY5uYJh8K/Zrv/RMZ5VOlOWvtZdEHYSTFKZfIBPQa9tOAEeAWhd+AnIneLJ22w5fjOYtoutpWq5w==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -8195,8 +11361,6 @@
     },
     "node_modules/log-update/node_modules/is-fullwidth-code-point": {
       "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-5.1.0.tgz",
-      "integrity": "sha512-5XHYaSyiqADb4RnZ1Bdad6cPp8Toise4TzEjcOYDHZkTCbKgiUl7WTUCpNWHuxmDt91wnsZBc9xinNzopv3JMQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -8211,8 +11375,6 @@
     },
     "node_modules/log-update/node_modules/slice-ansi": {
       "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-7.1.2.tgz",
-      "integrity": "sha512-iOBWFgUX7caIZiuutICxVgX1SdxwAVFFKwt1EvMYYec/NWO5meOJ6K5uQxhrYBdQJne4KxiqZc+KptFOWFSI9w==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -8228,8 +11390,6 @@
     },
     "node_modules/log-update/node_modules/wrap-ansi": {
       "version": "9.0.2",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.2.tgz",
-      "integrity": "sha512-42AtmgqjV+X1VpdOfyTGOYRi0/zsoLqtXQckTmqTeybT+BDIbM/Guxo7x3pE2vtpr1ok6xRqM9OpBe+Jyoqyww==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -8246,14 +11406,10 @@
     },
     "node_modules/long": {
       "version": "5.3.2",
-      "resolved": "https://registry.npmjs.org/long/-/long-5.3.2.tgz",
-      "integrity": "sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA==",
       "license": "Apache-2.0"
     },
     "node_modules/lru-cache": {
       "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
-      "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -8262,8 +11418,6 @@
     },
     "node_modules/luxon": {
       "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/luxon/-/luxon-3.3.0.tgz",
-      "integrity": "sha512-An0UCfG/rSiqtAIiBPO0Y9/zAnHUZxAMiCpTd5h2smgsj7GGmcenvrvww2cqNA8/4A5ZrD1gJpHN2mIHZQF+Mg==",
       "license": "MIT",
       "engines": {
         "node": ">=12"
@@ -8271,8 +11425,6 @@
     },
     "node_modules/magic-string": {
       "version": "0.30.17",
-      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.17.tgz",
-      "integrity": "sha512-sNPKHvyjVf7gyjwS4xGTaW/mCnF8wnjtifKBEhxfZ7E/S8tQ0rssrwGNn6q8JH/ohItJfSQp9mBtQYuTlH5QnA==",
       "license": "MIT",
       "dependencies": {
         "@jridgewell/sourcemap-codec": "^1.5.0"
@@ -8280,8 +11432,6 @@
     },
     "node_modules/make-dir": {
       "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-2.1.0.tgz",
-      "integrity": "sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -8295,8 +11445,6 @@
     },
     "node_modules/make-dir/node_modules/semver": {
       "version": "5.7.2",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz",
-      "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==",
       "dev": true,
       "license": "ISC",
       "optional": true,
@@ -8306,15 +11454,11 @@
     },
     "node_modules/make-error": {
       "version": "1.3.6",
-      "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz",
-      "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==",
       "dev": true,
       "license": "ISC"
     },
     "node_modules/make-fetch-happen": {
       "version": "14.0.3",
-      "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-14.0.3.tgz",
-      "integrity": "sha512-QMjGbFTP0blj97EeidG5hk/QhKQ3T4ICckQGLgz38QF7Vgbk6e6FTARN8KhKxyBbWn8R0HU+bnw8aSoFPD4qtQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -8336,8 +11480,6 @@
     },
     "node_modules/marked": {
       "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/marked/-/marked-4.3.0.tgz",
-      "integrity": "sha512-PRsaiG84bK+AMvxziE/lCFss8juXjNaWzVbN5tXAm4XjeaS9NAHhop+PjQxz2A9h8Q4M/xGmzP8vqNwy6JeK0A==",
       "license": "MIT",
       "bin": {
         "marked": "bin/marked.js"
@@ -8348,8 +11490,6 @@
     },
     "node_modules/math-intrinsics": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
-      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.4"
@@ -8357,8 +11497,6 @@
     },
     "node_modules/md5.js": {
       "version": "1.3.5",
-      "resolved": "https://registry.npmjs.org/md5.js/-/md5.js-1.3.5.tgz",
-      "integrity": "sha512-xitP+WxNPcTTOgnTJcrhM0xvdPepipPSf3I8EIpGKeFLjt3PlJLIDG3u8EX53ZIubkb+5U2+3rELYpEhHhzdkg==",
       "license": "MIT",
       "dependencies": {
         "hash-base": "^3.0.0",
@@ -8368,8 +11506,6 @@
     },
     "node_modules/media-typer": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz",
-      "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -8378,8 +11514,6 @@
     },
     "node_modules/merge-descriptors": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-2.0.0.tgz",
-      "integrity": "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -8391,15 +11525,11 @@
     },
     "node_modules/merge-stream": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz",
-      "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/merge2": {
       "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
-      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
       "license": "MIT",
       "optional": true,
       "engines": {
@@ -8408,8 +11538,6 @@
     },
     "node_modules/micromatch": {
       "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
-      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8422,8 +11550,6 @@
     },
     "node_modules/micromatch/node_modules/picomatch": {
       "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -8435,8 +11561,6 @@
     },
     "node_modules/mime": {
       "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/mime/-/mime-4.1.0.tgz",
-      "integrity": "sha512-X5ju04+cAzsojXKes0B/S4tcYtFAJ6tTMuSPBEn9CPGlrWr8Fiw7qYeLT0XyH80HSoAoqWCaz+MWKh22P7G1cw==",
       "funding": [
         "https://github.com/sponsors/broofa"
       ],
@@ -8450,8 +11574,6 @@
     },
     "node_modules/mime-db": {
       "version": "1.54.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz",
-      "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -8460,8 +11582,6 @@
     },
     "node_modules/mime-types": {
       "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.2.tgz",
-      "integrity": "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -8477,8 +11597,6 @@
     },
     "node_modules/mimic-fn": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-4.0.0.tgz",
-      "integrity": "sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -8490,8 +11608,6 @@
     },
     "node_modules/mimic-function": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/mimic-function/-/mimic-function-5.0.1.tgz",
-      "integrity": "sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==",
       "license": "MIT",
       "engines": {
         "node": ">=18"
@@ -8502,8 +11618,6 @@
     },
     "node_modules/minimatch": {
       "version": "10.0.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.0.1.tgz",
-      "integrity": "sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==",
       "license": "ISC",
       "optional": true,
       "dependencies": {
@@ -8518,8 +11632,6 @@
     },
     "node_modules/minimist": {
       "version": "1.2.8",
-      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
-      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
       "dev": true,
       "license": "MIT",
       "funding": {
@@ -8528,8 +11640,6 @@
     },
     "node_modules/minipass": {
       "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
-      "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -8538,8 +11648,6 @@
     },
     "node_modules/minipass-collect": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/minipass-collect/-/minipass-collect-2.0.1.tgz",
-      "integrity": "sha512-D7V8PO9oaz7PWGLbCACuI1qEOsq7UKfLotx/C0Aet43fCUB/wfQ7DYeq2oR/svFJGYDHPr38SHATeaj/ZoKHKw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -8551,8 +11659,6 @@
     },
     "node_modules/minipass-fetch": {
       "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-4.0.1.tgz",
-      "integrity": "sha512-j7U11C5HXigVuutxebFadoYBbd7VSdZWggSe64NVdvWNBqGAiXPL2QVCehjmw7lY1oF9gOllYbORh+hiNgfPgQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -8569,8 +11675,6 @@
     },
     "node_modules/minipass-flush": {
       "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/minipass-flush/-/minipass-flush-1.0.5.tgz",
-      "integrity": "sha512-JmQSYYpPUqX5Jyn1mXaRwOda1uQ8HP5KAT/oDSLCzt1BYRhQU0/hDtsB1ufZfEEzMZ9aAVmsBw8+FWsIXlClWw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -8582,8 +11686,6 @@
     },
     "node_modules/minipass-flush/node_modules/minipass": {
       "version": "3.3.6",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
-      "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -8595,15 +11697,11 @@
     },
     "node_modules/minipass-flush/node_modules/yallist": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/minipass-pipeline": {
       "version": "1.2.4",
-      "resolved": "https://registry.npmjs.org/minipass-pipeline/-/minipass-pipeline-1.2.4.tgz",
-      "integrity": "sha512-xuIq7cIOt09RPRJ19gdi4b+RiNvDFYe5JH+ggNvBqGqpQXcru3PcRmOZuHBKWK1Txf9+cQ+HMVN4d6z46LZP7A==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -8615,8 +11713,6 @@
     },
     "node_modules/minipass-pipeline/node_modules/minipass": {
       "version": "3.3.6",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
-      "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -8628,15 +11724,11 @@
     },
     "node_modules/minipass-pipeline/node_modules/yallist": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/minipass-sized": {
       "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/minipass-sized/-/minipass-sized-1.0.3.tgz",
-      "integrity": "sha512-MbkQQ2CTiBMlA2Dm/5cY+9SWFEN8pzzOXi6rlM5Xxq0Yqbda5ZQy9sU75a673FE9ZK0Zsbr6Y5iP6u9nktfg2g==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -8648,8 +11740,6 @@
     },
     "node_modules/minipass-sized/node_modules/minipass": {
       "version": "3.3.6",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
-      "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -8661,15 +11751,11 @@
     },
     "node_modules/minipass-sized/node_modules/yallist": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/minizlib": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz",
-      "integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -8681,8 +11767,6 @@
     },
     "node_modules/mkdirp": {
       "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
-      "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==",
       "devOptional": true,
       "license": "MIT",
       "bin": {
@@ -8694,14 +11778,10 @@
     },
     "node_modules/monaco-editor": {
       "version": "0.33.0",
-      "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.33.0.tgz",
-      "integrity": "sha512-VcRWPSLIUEgQJQIE0pVT8FcGBIgFoxz7jtqctE+IiCxWugD0DwgyQBcZBhdSrdMC84eumoqMZsGl2GTreOzwqw==",
       "license": "MIT"
     },
     "node_modules/mrmime": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/mrmime/-/mrmime-2.0.1.tgz",
-      "integrity": "sha512-Y3wQdFg2Va6etvQ5I82yUhGdsKrcYox6p7FfL1LbK2J4V01F9TGlepTIhnK24t7koZibmg82KGglhA1XK5IsLQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -8710,15 +11790,11 @@
     },
     "node_modules/ms": {
       "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/msgpackr": {
       "version": "1.11.8",
-      "resolved": "https://registry.npmjs.org/msgpackr/-/msgpackr-1.11.8.tgz",
-      "integrity": "sha512-bC4UGzHhVvgDNS7kn9tV8fAucIYUBuGojcaLiz7v+P63Lmtm0Xeji8B/8tYKddALXxJLpwIeBmUN3u64C4YkRA==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -8728,8 +11804,6 @@
     },
     "node_modules/msgpackr-extract": {
       "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/msgpackr-extract/-/msgpackr-extract-3.0.3.tgz",
-      "integrity": "sha512-P0efT1C9jIdVRefqjzOQ9Xml57zpOXnIuS+csaB4MdZbTdmGDLo8XhzBG1N7aO11gKDDkJvBLULeFTo46wwreA==",
       "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
@@ -8751,8 +11825,6 @@
     },
     "node_modules/multimatch": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/multimatch/-/multimatch-5.0.0.tgz",
-      "integrity": "sha512-ypMKuglUrZUD99Tk2bUQ+xNQj43lPEfAeX2o9cTteAmShXy2VHDJpuwu1o0xqoKCt9jLVAvwyFKdLTPXKAfJyA==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
@@ -8771,8 +11843,6 @@
     },
     "node_modules/multimatch/node_modules/brace-expansion": {
       "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
@@ -8782,8 +11852,6 @@
     },
     "node_modules/multimatch/node_modules/minimatch": {
       "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
       "license": "ISC",
       "optional": true,
       "dependencies": {
@@ -8795,8 +11863,6 @@
     },
     "node_modules/mustache": {
       "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz",
-      "integrity": "sha512-71ippSywq5Yb7/tVYyGbkBggbU8H3u5Rz56fH60jGFgr8uHwxs+aSKeqmluIVzM0m0kB7xQjKS6qPfd0b2ZoqQ==",
       "license": "MIT",
       "bin": {
         "mustache": "bin/mustache"
@@ -8804,8 +11870,6 @@
     },
     "node_modules/mute-stream": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-2.0.0.tgz",
-      "integrity": "sha512-WWdIxpyjEn+FhQJQQv9aQAYlHoNVdzIzUySNV1gHUPDSdZJ3yZn7pAAbQcV7B56Mvu881q9FZV+0Vx2xC44VWA==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -8814,8 +11878,6 @@
     },
     "node_modules/nanoid": {
       "version": "3.3.11",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz",
-      "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==",
       "dev": true,
       "funding": [
         {
@@ -8833,8 +11895,6 @@
     },
     "node_modules/needle": {
       "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/needle/-/needle-3.3.1.tgz",
-      "integrity": "sha512-6k0YULvhpw+RoLNiQCRKOl09Rv1dPLr8hHnVjHqdolKwDrdNyk+Hmrthi4lIGPPz3r39dLx0hsF5s40sZ3Us4Q==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -8851,8 +11911,6 @@
     },
     "node_modules/needle/node_modules/iconv-lite": {
       "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
-      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -8865,8 +11923,6 @@
     },
     "node_modules/negotiator": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz",
-      "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -8875,8 +11931,6 @@
     },
     "node_modules/ng-morph": {
       "version": "4.8.4",
-      "resolved": "https://registry.npmjs.org/ng-morph/-/ng-morph-4.8.4.tgz",
-      "integrity": "sha512-XwL53wCOhyaAxvoekN74ONbWUK30huzp+GpZYyC01RfaG2AX9l7YlC1mGG/l7Rx7YXtFAk85VFnNJqn2e46K8g==",
       "license": "Apache-2.0",
       "optional": true,
       "dependencies": {
@@ -8893,8 +11947,6 @@
     },
     "node_modules/ng-packagr": {
       "version": "20.3.2",
-      "resolved": "https://registry.npmjs.org/ng-packagr/-/ng-packagr-20.3.2.tgz",
-      "integrity": "sha512-yW5ME0hqTz38r/th/7zVwX5oSIw1FviSA2PUlGZdVjghDme/KX6iiwmOBmlt9E9whNmwijEC6Gn3KKbrsBx8ig==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -8944,8 +11996,6 @@
     },
     "node_modules/ng-packagr/node_modules/commander": {
       "version": "14.0.2",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.2.tgz",
-      "integrity": "sha512-TywoWNNRbhoD0BXs1P3ZEScW8W5iKrnbithIl0YH+uCmBd0QpPOA8yc82DS3BIE5Ma6FnBVUsJ7wVUDz4dvOWQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -8954,8 +12004,6 @@
     },
     "node_modules/ng-qrcode": {
       "version": "20.0.1",
-      "resolved": "https://registry.npmjs.org/ng-qrcode/-/ng-qrcode-20.0.1.tgz",
-      "integrity": "sha512-XKaPKbqaSXK5xPJYBO9gry88wGs6QeL1mK1dOkJaTutfrjDan9QbD47vFpHLxCCMkU0o5fIrbXqxm9h3Fi2PEA==",
       "license": "MIT",
       "dependencies": {
         "qrcode": "^1.5.3",
@@ -8968,16 +12016,12 @@
     },
     "node_modules/node-addon-api": {
       "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-6.1.0.tgz",
-      "integrity": "sha512-+eawOlIgy680F0kBzPUNFhMZGtJ1YmqM6l4+Crf4IkImjYrO/mqPwRMh352g23uIaQKFItcQ64I7KMaJxHgAVA==",
       "dev": true,
       "license": "MIT",
       "optional": true
     },
     "node_modules/node-forge": {
       "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.3.tgz",
-      "integrity": "sha512-rLvcdSyRCyouf6jcOIPe/BgwG/d7hKjzMKOas33/pHEr6gbq18IK9zV7DiPvzsz0oBJPme6qr6H6kGZuI9/DZg==",
       "license": "(BSD-3-Clause OR GPL-2.0)",
       "engines": {
         "node": ">= 6.13.0"
@@ -8985,8 +12029,6 @@
     },
     "node_modules/node-gyp": {
       "version": "11.5.0",
-      "resolved": "https://registry.npmjs.org/node-gyp/-/node-gyp-11.5.0.tgz",
-      "integrity": "sha512-ra7Kvlhxn5V9Slyus0ygMa2h+UqExPqUIkfk7Pc8QTLT956JLSy51uWFwHtIYy0vI8cB4BDhc/S03+880My/LQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -9010,8 +12052,6 @@
     },
     "node_modules/node-gyp-build-optional-packages": {
       "version": "5.2.2",
-      "resolved": "https://registry.npmjs.org/node-gyp-build-optional-packages/-/node-gyp-build-optional-packages-5.2.2.tgz",
-      "integrity": "sha512-s+w+rBWnpTMwSFbaE0UXsRlg7hU4FjekKU4eyAih5T8nJuNZT1nNsskXpxmeqSK9UzkBl6UgRlnKc8hz8IEqOw==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -9026,8 +12066,6 @@
     },
     "node_modules/node-gyp/node_modules/chownr": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz",
-      "integrity": "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "engines": {
@@ -9036,8 +12074,6 @@
     },
     "node_modules/node-gyp/node_modules/isexe": {
       "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz",
-      "integrity": "sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -9046,8 +12082,6 @@
     },
     "node_modules/node-gyp/node_modules/tar": {
       "version": "7.5.2",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.2.tgz",
-      "integrity": "sha512-7NyxrTE4Anh8km8iEy7o0QYPs+0JKBTj5ZaqHg6B39erLg0qYXN3BijtShwbsNSvQ+LN75+KV+C4QR/f6Gwnpg==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -9063,8 +12097,6 @@
     },
     "node_modules/node-gyp/node_modules/which": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/which/-/which-5.0.0.tgz",
-      "integrity": "sha512-JEdGzHwwkrbWoGOlIHqQ5gtprKGOenpDHpxE9zVR1bWbOtYRyPPHMe9FaP6x61CmNaTThSkb0DAJte5jD+DmzQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9079,8 +12111,6 @@
     },
     "node_modules/node-gyp/node_modules/yallist": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz",
-      "integrity": "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "engines": {
@@ -9089,8 +12119,6 @@
     },
     "node_modules/node-html-parser": {
       "version": "5.4.2",
-      "resolved": "https://registry.npmjs.org/node-html-parser/-/node-html-parser-5.4.2.tgz",
-      "integrity": "sha512-RaBPP3+51hPne/OolXxcz89iYvQvKOydaqoePpOgXcrOKZhjVIzmpKZz+Hd/RBO2/zN2q6CNJhQzucVz+u3Jyw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9100,8 +12128,6 @@
     },
     "node_modules/node-html-parser/node_modules/css-select": {
       "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/css-select/-/css-select-4.3.0.tgz",
-      "integrity": "sha512-wPpOYtnsVontu2mODhA19JrqWxNsfdatRKd64kmpRbQgh1KtItko5sTnEpPdpSaJszTOhEMlF/RPz28qj4HqhQ==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -9117,8 +12143,6 @@
     },
     "node_modules/node-html-parser/node_modules/css-what": {
       "version": "6.2.2",
-      "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.2.2.tgz",
-      "integrity": "sha512-u/O3vwbptzhMs3L1fQE82ZSLHQQfto5gyZzwteVIEyeaY5Fc7R4dapF/BvRoSYFeqfBk4m0V1Vafq5Pjv25wvA==",
       "dev": true,
       "license": "BSD-2-Clause",
       "engines": {
@@ -9130,8 +12154,6 @@
     },
     "node_modules/node-html-parser/node_modules/dom-serializer": {
       "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz",
-      "integrity": "sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9145,8 +12167,6 @@
     },
     "node_modules/node-html-parser/node_modules/domhandler": {
       "version": "4.3.1",
-      "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz",
-      "integrity": "sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -9161,8 +12181,6 @@
     },
     "node_modules/node-html-parser/node_modules/domutils": {
       "version": "2.8.0",
-      "resolved": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz",
-      "integrity": "sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -9176,8 +12194,6 @@
     },
     "node_modules/node-jose": {
       "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/node-jose/-/node-jose-2.2.0.tgz",
-      "integrity": "sha512-XPCvJRr94SjLrSIm4pbYHKLEaOsDvJCpyFw/6V/KK/IXmyZ6SFBzAUDO9HQf4DB/nTEFcRGH87mNciOP23kFjw==",
       "license": "Apache-2.0",
       "dependencies": {
         "base64url": "^3.0.1",
@@ -9193,8 +12209,6 @@
     },
     "node_modules/node-jose/node_modules/uuid": {
       "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz",
-      "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==",
       "funding": [
         "https://github.com/sponsors/broofa",
         "https://github.com/sponsors/ctavan"
@@ -9206,15 +12220,11 @@
     },
     "node_modules/node-releases": {
       "version": "2.0.27",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.27.tgz",
-      "integrity": "sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/nopt": {
       "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/nopt/-/nopt-8.1.0.tgz",
-      "integrity": "sha512-ieGu42u/Qsa4TFktmaKEwM6MQH0pOWnaB3htzh0JRtx84+Mebc0cbZYN5bC+6WTZ4+77xrL9Pn5m7CV6VIkV7A==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9229,8 +12239,6 @@
     },
     "node_modules/npm-bundled": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/npm-bundled/-/npm-bundled-4.0.0.tgz",
-      "integrity": "sha512-IxaQZDMsqfQ2Lz37VvyyEtKLe8FsRZuysmedy/N06TU1RyVppYKXrO4xIhR0F+7ubIBox6Q7nir6fQI3ej39iA==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9242,8 +12250,6 @@
     },
     "node_modules/npm-install-checks": {
       "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/npm-install-checks/-/npm-install-checks-7.1.2.tgz",
-      "integrity": "sha512-z9HJBCYw9Zr8BqXcllKIs5nI+QggAImbBdHphOzVYrz2CB4iQ6FzWyKmlqDZua+51nAu7FcemlbTc9VgQN5XDQ==",
       "devOptional": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -9255,8 +12261,6 @@
     },
     "node_modules/npm-normalize-package-bin": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-4.0.0.tgz",
-      "integrity": "sha512-TZKxPvItzai9kN9H/TkmCtx/ZN/hvr3vUycjlfmH0ootY9yFBzNOpiXAdIn1Iteqsvk4lQn6B5PTrt+n6h8k/w==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -9265,8 +12269,6 @@
     },
     "node_modules/npm-package-arg": {
       "version": "13.0.0",
-      "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-13.0.0.tgz",
-      "integrity": "sha512-+t2etZAGcB7TbbLHfDwooV9ppB2LhhcT6A+L9cahsf9mEUAoQ6CktLEVvEnpD0N5CkX7zJqnPGaFtoQDy9EkHQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9281,8 +12283,6 @@
     },
     "node_modules/npm-packlist": {
       "version": "10.0.3",
-      "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-10.0.3.tgz",
-      "integrity": "sha512-zPukTwJMOu5X5uvm0fztwS5Zxyvmk38H/LfidkOMt3gbZVCyro2cD/ETzwzVPcWZA3JOyPznfUN/nkyFiyUbxg==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9295,8 +12295,6 @@
     },
     "node_modules/npm-packlist/node_modules/proc-log": {
       "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-6.1.0.tgz",
-      "integrity": "sha512-iG+GYldRf2BQ0UDUAd6JQ/RwzaQy6mXmsk/IzlYyal4A4SNFw54MeH4/tLkF4I5WoWG9SQwuqWzS99jaFQHBuQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -9305,8 +12303,6 @@
     },
     "node_modules/npm-pick-manifest": {
       "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-10.0.0.tgz",
-      "integrity": "sha512-r4fFa4FqYY8xaM7fHecQ9Z2nE9hgNfJR+EmoKv0+chvzWkBcORX3r0FpTByP+CbOVJDladMXnPQGVN8PBLGuTQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9321,8 +12317,6 @@
     },
     "node_modules/npm-pick-manifest/node_modules/hosted-git-info": {
       "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-8.1.0.tgz",
-      "integrity": "sha512-Rw/B2DNQaPBICNXEm8balFz9a6WpZrkCGpcWFpy7nCj+NyhSdqXipmfvtmWt9xGfp0wZnBxB+iVpLmQMYt47Tw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9334,15 +12328,11 @@
     },
     "node_modules/npm-pick-manifest/node_modules/lru-cache": {
       "version": "10.4.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
-      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/npm-pick-manifest/node_modules/npm-package-arg": {
       "version": "12.0.2",
-      "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-12.0.2.tgz",
-      "integrity": "sha512-f1NpFjNI9O4VbKMOlA5QoBq/vSQPORHcTZ2feJpFkTHJ9eQkdlmZEKSjcAhxTGInC7RlEyScT9ui67NaOsjFWA==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9357,8 +12347,6 @@
     },
     "node_modules/npm-registry-fetch": {
       "version": "18.0.2",
-      "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-18.0.2.tgz",
-      "integrity": "sha512-LeVMZBBVy+oQb5R6FDV9OlJCcWDU+al10oKpe+nsvcHnG24Z3uM3SvJYKfGJlfGjVU8v9liejCrUR/M5HO5NEQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9377,8 +12365,6 @@
     },
     "node_modules/npm-registry-fetch/node_modules/hosted-git-info": {
       "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-8.1.0.tgz",
-      "integrity": "sha512-Rw/B2DNQaPBICNXEm8balFz9a6WpZrkCGpcWFpy7nCj+NyhSdqXipmfvtmWt9xGfp0wZnBxB+iVpLmQMYt47Tw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9390,15 +12376,11 @@
     },
     "node_modules/npm-registry-fetch/node_modules/lru-cache": {
       "version": "10.4.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
-      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/npm-registry-fetch/node_modules/npm-package-arg": {
       "version": "12.0.2",
-      "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-12.0.2.tgz",
-      "integrity": "sha512-f1NpFjNI9O4VbKMOlA5QoBq/vSQPORHcTZ2feJpFkTHJ9eQkdlmZEKSjcAhxTGInC7RlEyScT9ui67NaOsjFWA==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9413,8 +12395,6 @@
     },
     "node_modules/npm-run-path": {
       "version": "5.3.0",
-      "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz",
-      "integrity": "sha512-ppwTtiJZq0O/ai0z7yfudtBpWIoxM8yE6nHi1X47eFR2EWORqfbu6CnPlNsjeN683eT0qG6H/Pyf9fCcvjnnnQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9429,8 +12409,6 @@
     },
     "node_modules/npm-run-path/node_modules/path-key": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz",
-      "integrity": "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -9442,8 +12420,6 @@
     },
     "node_modules/nth-check": {
       "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz",
-      "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -9455,8 +12431,6 @@
     },
     "node_modules/object-assign": {
       "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
-      "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -9465,8 +12439,6 @@
     },
     "node_modules/object-hash": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz",
-      "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==",
       "license": "MIT",
       "engines": {
         "node": ">= 6"
@@ -9474,8 +12446,6 @@
     },
     "node_modules/object-inspect": {
       "version": "1.13.4",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
-      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -9487,8 +12457,6 @@
     },
     "node_modules/on-finished": {
       "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
-      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -9500,8 +12468,6 @@
     },
     "node_modules/once": {
       "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
-      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9510,8 +12476,6 @@
     },
     "node_modules/onetime": {
       "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/onetime/-/onetime-6.0.0.tgz",
-      "integrity": "sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9526,8 +12490,6 @@
     },
     "node_modules/open": {
       "version": "10.2.0",
-      "resolved": "https://registry.npmjs.org/open/-/open-10.2.0.tgz",
-      "integrity": "sha512-YgBpdJHPyQ2UE5x+hlSXcnejzAvD0b22U2OuAP+8OnlJT+PjWPxtgmGqKKc+RgTM63U9gN0YzrYc71R2WT/hTA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9545,8 +12507,6 @@
     },
     "node_modules/opencollective-postinstall": {
       "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/opencollective-postinstall/-/opencollective-postinstall-2.0.3.tgz",
-      "integrity": "sha512-8AV/sCtuzUeTo8gQK5qDZzARrulB3egtLzFgteqB2tcT4Mw7B8Kt7JcDHmltjz6FOAHsvTevk70gZEbhM4ZS9Q==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -9555,8 +12515,6 @@
     },
     "node_modules/opener": {
       "version": "1.5.2",
-      "resolved": "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz",
-      "integrity": "sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A==",
       "dev": true,
       "license": "(WTFPL OR MIT)",
       "bin": {
@@ -9565,8 +12523,6 @@
     },
     "node_modules/ora": {
       "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/ora/-/ora-8.2.0.tgz",
-      "integrity": "sha512-weP+BZ8MVNnlCm8c0Qdc1WSWq4Qn7I+9CJGm7Qali6g44e/PUzbjNqJX5NJ9ljlNMosfJvg1fKEGILklK9cwnw==",
       "license": "MIT",
       "dependencies": {
         "chalk": "^5.3.0",
@@ -9588,16 +12544,12 @@
     },
     "node_modules/ordered-binary": {
       "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/ordered-binary/-/ordered-binary-1.6.0.tgz",
-      "integrity": "sha512-IQh2aMfMIDbPjI/8a3Edr+PiOpcsB7yo8NdW7aHWVaoR/pcDldunMvnnwbk/auPGqmKeAdxtZl7MHX/QmPwhvQ==",
       "dev": true,
       "license": "MIT",
       "optional": true
     },
     "node_modules/p-limit": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
-      "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9612,8 +12564,6 @@
     },
     "node_modules/p-locate": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz",
-      "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9628,8 +12578,6 @@
     },
     "node_modules/p-map": {
       "version": "7.0.4",
-      "resolved": "https://registry.npmjs.org/p-map/-/p-map-7.0.4.tgz",
-      "integrity": "sha512-tkAQEw8ysMzmkhgw8k+1U/iPhWNhykKnSk4Rd5zLoPJCuJaGRPo6YposrZgaxHKzDHdDWWZvE/Sk7hsL2X/CpQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -9641,8 +12589,6 @@
     },
     "node_modules/p-try": {
       "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
-      "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
       "license": "MIT",
       "engines": {
         "node": ">=6"
@@ -9650,15 +12596,11 @@
     },
     "node_modules/package-json-from-dist": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz",
-      "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==",
       "devOptional": true,
       "license": "BlueOak-1.0.0"
     },
     "node_modules/pacote": {
       "version": "21.0.0",
-      "resolved": "https://registry.npmjs.org/pacote/-/pacote-21.0.0.tgz",
-      "integrity": "sha512-lcqexq73AMv6QNLo7SOpz0JJoaGdS3rBFgF122NZVl1bApo2mfu+XzUBU/X/XsiJu+iUmKpekRayqQYAs+PhkA==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9689,8 +12631,6 @@
     },
     "node_modules/pacote/node_modules/hosted-git-info": {
       "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-8.1.0.tgz",
-      "integrity": "sha512-Rw/B2DNQaPBICNXEm8balFz9a6WpZrkCGpcWFpy7nCj+NyhSdqXipmfvtmWt9xGfp0wZnBxB+iVpLmQMYt47Tw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9702,15 +12642,11 @@
     },
     "node_modules/pacote/node_modules/lru-cache": {
       "version": "10.4.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
-      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/pacote/node_modules/npm-package-arg": {
       "version": "12.0.2",
-      "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-12.0.2.tgz",
-      "integrity": "sha512-f1NpFjNI9O4VbKMOlA5QoBq/vSQPORHcTZ2feJpFkTHJ9eQkdlmZEKSjcAhxTGInC7RlEyScT9ui67NaOsjFWA==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -9725,14 +12661,10 @@
     },
     "node_modules/pako": {
       "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/pako/-/pako-2.1.0.tgz",
-      "integrity": "sha512-w+eufiZ1WuJYgPXbV/PO3NCMEc3xqylkKHzp8bxp1uW4qaSNQUkwmLLEc3kKsfz8lpV1F8Ht3U1Cm+9Srog2ug==",
       "license": "(MIT AND Zlib)"
     },
     "node_modules/parent-module": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz",
-      "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9744,8 +12676,6 @@
     },
     "node_modules/parse-json": {
       "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz",
-      "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9763,15 +12693,11 @@
     },
     "node_modules/parse-json/node_modules/json-parse-even-better-errors": {
       "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz",
-      "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/parse-node-version": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/parse-node-version/-/parse-node-version-1.0.1.tgz",
-      "integrity": "sha512-3YHlOa/JgH6Mnpr05jP9eDG254US9ek25LyIxZlDItp2iJtwyaXQb57lBYLdT3MowkUFYEV2XXNAYIPlESvJlA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -9780,8 +12706,6 @@
     },
     "node_modules/parse5": {
       "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.0.tgz",
-      "integrity": "sha512-9m4m5GSgXjL4AjumKzq1Fgfp3Z8rsvjRNbnkVwfu2ImRqE5D0LnY2QfDen18FSY9C573YU5XxSapdHZTZ2WolA==",
       "license": "MIT",
       "dependencies": {
         "entities": "^6.0.0"
@@ -9792,8 +12716,6 @@
     },
     "node_modules/parse5-html-rewriting-stream": {
       "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/parse5-html-rewriting-stream/-/parse5-html-rewriting-stream-8.0.0.tgz",
-      "integrity": "sha512-wzh11mj8KKkno1pZEu+l2EVeWsuKDfR5KNWZOTsslfUX8lPDZx77m9T0kIoAVkFtD1nx6YF8oh4BnPHvxMtNMw==",
       "license": "MIT",
       "dependencies": {
         "entities": "^6.0.0",
@@ -9806,8 +12728,6 @@
     },
     "node_modules/parse5-html-rewriting-stream/node_modules/entities": {
       "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz",
-      "integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==",
       "license": "BSD-2-Clause",
       "engines": {
         "node": ">=0.12"
@@ -9818,8 +12738,6 @@
     },
     "node_modules/parse5-sax-parser": {
       "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/parse5-sax-parser/-/parse5-sax-parser-8.0.0.tgz",
-      "integrity": "sha512-/dQ8UzHZwnrzs3EvDj6IkKrD/jIZyTlB+8XrHJvcjNgRdmWruNdN9i9RK/JtxakmlUdPwKubKPTCqvbTgzGhrw==",
       "license": "MIT",
       "dependencies": {
         "parse5": "^8.0.0"
@@ -9830,8 +12748,6 @@
     },
     "node_modules/parse5/node_modules/entities": {
       "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz",
-      "integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==",
       "license": "BSD-2-Clause",
       "engines": {
         "node": ">=0.12"
@@ -9842,8 +12758,6 @@
     },
     "node_modules/parseurl": {
       "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
-      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -9856,15 +12770,11 @@
     },
     "node_modules/path-browserify": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-1.0.1.tgz",
-      "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==",
       "license": "MIT",
       "optional": true
     },
     "node_modules/path-exists": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
-      "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
       "license": "MIT",
       "engines": {
         "node": ">=8"
@@ -9872,8 +12782,6 @@
     },
     "node_modules/path-is-absolute": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
-      "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -9882,8 +12790,6 @@
     },
     "node_modules/path-key": {
       "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
-      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -9892,15 +12798,11 @@
     },
     "node_modules/path-parse": {
       "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
-      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/path-scurry": {
       "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
-      "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
       "devOptional": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -9916,15 +12818,11 @@
     },
     "node_modules/path-scurry/node_modules/lru-cache": {
       "version": "10.4.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
-      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/path-to-regexp": {
       "version": "8.3.0",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz",
-      "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==",
       "devOptional": true,
       "license": "MIT",
       "funding": {
@@ -9934,8 +12832,6 @@
     },
     "node_modules/path-type": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
-      "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -9944,8 +12840,6 @@
     },
     "node_modules/pbkdf2": {
       "version": "3.1.5",
-      "resolved": "https://registry.npmjs.org/pbkdf2/-/pbkdf2-3.1.5.tgz",
-      "integrity": "sha512-Q3CG/cYvCO1ye4QKkuH7EXxs3VC/rI1/trd+qX2+PolbaKG0H+bgcZzrTt96mMyRtejk+JMCiLUn3y29W8qmFQ==",
       "license": "MIT",
       "dependencies": {
         "create-hash": "^1.2.0",
@@ -9961,8 +12855,6 @@
     },
     "node_modules/pbkdf2/node_modules/safe-buffer": {
       "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
       "funding": [
         {
           "type": "github",
@@ -9981,15 +12873,11 @@
     },
     "node_modules/picocolors": {
       "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
-      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
       "dev": true,
       "license": "ISC"
     },
     "node_modules/picomatch": {
       "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "license": "MIT",
       "engines": {
         "node": ">=12"
@@ -10000,8 +12888,6 @@
     },
     "node_modules/pidtree": {
       "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/pidtree/-/pidtree-0.6.0.tgz",
-      "integrity": "sha512-eG2dWTVw5bzqGRztnHExczNxt5VGsE6OwTeCG3fdUf9KBsZzO3R5OIIIzWR+iZA0NtZ+RDVdaoE2dK1cn6jH4g==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -10013,8 +12899,6 @@
     },
     "node_modules/pify": {
       "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
-      "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -10024,8 +12908,6 @@
     },
     "node_modules/piscina": {
       "version": "5.1.3",
-      "resolved": "https://registry.npmjs.org/piscina/-/piscina-5.1.3.tgz",
-      "integrity": "sha512-0u3N7H4+hbr40KjuVn2uNhOcthu/9usKhnw5vT3J7ply79v3D3M8naI00el9Klcy16x557VsEkkUQaHCWFXC/g==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -10037,8 +12919,6 @@
     },
     "node_modules/pkce-challenge": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/pkce-challenge/-/pkce-challenge-5.0.1.tgz",
-      "integrity": "sha512-wQ0b/W4Fr01qtpHlqSqspcj3EhBvimsdh0KlHhH8HRZnMsEa0ea2fTULOXOS9ccQr3om+GcGRk4e+isrZWV8qQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -10047,8 +12927,6 @@
     },
     "node_modules/pkg-dir": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-5.0.0.tgz",
-      "integrity": "sha512-NPE8TDbzl/3YQYY7CSS228s3g2ollTFnc+Qi3tqmqJp9Vg2ovUpixcJEo2HJScN2Ez+kEaal6y70c0ehqJBJeA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10060,8 +12938,6 @@
     },
     "node_modules/please-upgrade-node": {
       "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/please-upgrade-node/-/please-upgrade-node-3.2.0.tgz",
-      "integrity": "sha512-gQR3WpIgNIKwBMVLkpMUeR3e1/E1y42bqDQZfql+kDeXd8COYfM8PQA4X6y7a8u9Ua9FHmsrrmirW2vHs45hWg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10070,8 +12946,6 @@
     },
     "node_modules/pngjs": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz",
-      "integrity": "sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==",
       "license": "MIT",
       "engines": {
         "node": ">=10.13.0"
@@ -10079,8 +12953,6 @@
     },
     "node_modules/portfinder": {
       "version": "1.0.38",
-      "resolved": "https://registry.npmjs.org/portfinder/-/portfinder-1.0.38.tgz",
-      "integrity": "sha512-rEwq/ZHlJIKw++XtLAO8PPuOQA/zaPJOZJ37BVuN97nLpMJeuDVLVGRwbFoBgLudgdTMP2hdRJP++H+8QOA3vg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10093,8 +12965,6 @@
     },
     "node_modules/possible-typed-array-names": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/possible-typed-array-names/-/possible-typed-array-names-1.1.0.tgz",
-      "integrity": "sha512-/+5VFTchJDoVj3bhoqi6UeymcD00DAwb1nJwamzPvHEszJ4FpF6SNNbUbOS8yI56qHzdV8eK0qEfOSiodkTdxg==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.4"
@@ -10102,8 +12972,6 @@
     },
     "node_modules/postcss": {
       "version": "8.5.6",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
-      "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
       "dev": true,
       "funding": [
         {
@@ -10131,15 +12999,11 @@
     },
     "node_modules/postcss-media-query-parser": {
       "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/postcss-media-query-parser/-/postcss-media-query-parser-0.2.3.tgz",
-      "integrity": "sha512-3sOlxmbKcSHMjlUXQZKQ06jOswE7oVkXPxmZdoB1r5l0q6gTFTQSHxNxOrCccElbW7dxNytifNEo8qidX2Vsig==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/prettier": {
       "version": "3.7.4",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.7.4.tgz",
-      "integrity": "sha512-v6UNi1+3hSlVvv8fSaoUbggEM5VErKmmpGA7Pl3HF8V6uKY7rvClBOJlH6yNwQtfTueNkGVpOv/mtWL9L4bgRA==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -10154,8 +13018,6 @@
     },
     "node_modules/proc-log": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-5.0.0.tgz",
-      "integrity": "sha512-Azwzvl90HaF0aCz1JrDdXQykFakSSNPaPoiZ9fm5qJIMHioDZEi7OAdRwSm6rSoPtY3Qutnm3L7ogmg3dc+wbQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -10164,8 +13026,6 @@
     },
     "node_modules/process": {
       "version": "0.11.10",
-      "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz",
-      "integrity": "sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.6.0"
@@ -10173,14 +13033,10 @@
     },
     "node_modules/process-nextick-args": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
-      "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==",
       "license": "MIT"
     },
     "node_modules/promise-retry": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/promise-retry/-/promise-retry-2.0.1.tgz",
-      "integrity": "sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -10193,8 +13049,6 @@
     },
     "node_modules/proxy-addr": {
       "version": "2.0.7",
-      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
-      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -10207,16 +13061,12 @@
     },
     "node_modules/prr": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz",
-      "integrity": "sha512-yPw4Sng1gWghHQWj0B3ZggWUm4qVbPwPFcRG8KyxiU7J2OHFSoEHKS+EZ3fv5l1t9CyCiop6l/ZYeWbrgoQejw==",
       "dev": true,
       "license": "MIT",
       "optional": true
     },
     "node_modules/qrcode": {
       "version": "1.5.4",
-      "resolved": "https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz",
-      "integrity": "sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==",
       "license": "MIT",
       "dependencies": {
         "dijkstrajs": "^1.0.1",
@@ -10232,8 +13082,6 @@
     },
     "node_modules/qrcode/node_modules/ansi-regex": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
       "license": "MIT",
       "engines": {
         "node": ">=8"
@@ -10241,8 +13089,6 @@
     },
     "node_modules/qrcode/node_modules/cliui": {
       "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz",
-      "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==",
       "license": "ISC",
       "dependencies": {
         "string-width": "^4.2.0",
@@ -10252,14 +13098,10 @@
     },
     "node_modules/qrcode/node_modules/emoji-regex": {
       "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
       "license": "MIT"
     },
     "node_modules/qrcode/node_modules/find-up": {
       "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
-      "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
       "license": "MIT",
       "dependencies": {
         "locate-path": "^5.0.0",
@@ -10271,8 +13113,6 @@
     },
     "node_modules/qrcode/node_modules/is-fullwidth-code-point": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
-      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
       "license": "MIT",
       "engines": {
         "node": ">=8"
@@ -10280,8 +13120,6 @@
     },
     "node_modules/qrcode/node_modules/locate-path": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
-      "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
       "license": "MIT",
       "dependencies": {
         "p-locate": "^4.1.0"
@@ -10292,8 +13130,6 @@
     },
     "node_modules/qrcode/node_modules/p-limit": {
       "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
-      "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
       "license": "MIT",
       "dependencies": {
         "p-try": "^2.0.0"
@@ -10307,8 +13143,6 @@
     },
     "node_modules/qrcode/node_modules/p-locate": {
       "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
-      "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
       "license": "MIT",
       "dependencies": {
         "p-limit": "^2.2.0"
@@ -10319,8 +13153,6 @@
     },
     "node_modules/qrcode/node_modules/string-width": {
       "version": "4.2.3",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
       "license": "MIT",
       "dependencies": {
         "emoji-regex": "^8.0.0",
@@ -10333,8 +13165,6 @@
     },
     "node_modules/qrcode/node_modules/strip-ansi": {
       "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
       "license": "MIT",
       "dependencies": {
         "ansi-regex": "^5.0.1"
@@ -10345,14 +13175,10 @@
     },
     "node_modules/qrcode/node_modules/y18n": {
       "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz",
-      "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==",
       "license": "ISC"
     },
     "node_modules/qrcode/node_modules/yargs": {
       "version": "15.4.1",
-      "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz",
-      "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==",
       "license": "MIT",
       "dependencies": {
         "cliui": "^6.0.0",
@@ -10373,8 +13199,6 @@
     },
     "node_modules/qrcode/node_modules/yargs-parser": {
       "version": "18.1.3",
-      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz",
-      "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==",
       "license": "ISC",
       "dependencies": {
         "camelcase": "^5.0.0",
@@ -10386,8 +13210,6 @@
     },
     "node_modules/qs": {
       "version": "6.14.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
-      "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
       "devOptional": true,
       "license": "BSD-3-Clause",
       "dependencies": {
@@ -10402,8 +13224,6 @@
     },
     "node_modules/queue-microtask": {
       "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
-      "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
       "funding": [
         {
           "type": "github",
@@ -10423,8 +13243,6 @@
     },
     "node_modules/range-parser": {
       "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
-      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -10433,8 +13251,6 @@
     },
     "node_modules/raw-body": {
       "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz",
-      "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -10449,8 +13265,6 @@
     },
     "node_modules/readable-stream": {
       "version": "2.3.8",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
-      "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
       "license": "MIT",
       "dependencies": {
         "core-util-is": "~1.0.0",
@@ -10464,8 +13278,6 @@
     },
     "node_modules/readdirp": {
       "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
-      "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -10478,15 +13290,11 @@
     },
     "node_modules/reflect-metadata": {
       "version": "0.2.2",
-      "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz",
-      "integrity": "sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==",
       "dev": true,
       "license": "Apache-2.0"
     },
     "node_modules/require-directory": {
       "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
-      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
       "license": "MIT",
       "engines": {
         "node": ">=0.10.0"
@@ -10494,8 +13302,6 @@
     },
     "node_modules/require-from-string": {
       "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz",
-      "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==",
       "license": "MIT",
       "engines": {
         "node": ">=0.10.0"
@@ -10503,21 +13309,15 @@
     },
     "node_modules/require-main-filename": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
-      "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==",
       "license": "ISC"
     },
     "node_modules/requires-port": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
-      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/resolve": {
       "version": "1.22.10",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.10.tgz",
-      "integrity": "sha512-NPRy+/ncIMeDlTAsuqwKIiferiawhefFJtkNSW0qZJEqMEb+qBt/77B/jGeeek+F0uOeN05CDa6HXbbIgtVX4w==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -10537,8 +13337,6 @@
     },
     "node_modules/resolve-from": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
-      "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -10547,8 +13345,6 @@
     },
     "node_modules/restore-cursor": {
       "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-5.1.0.tgz",
-      "integrity": "sha512-oMA2dcrw6u0YfxJQXm342bFKX/E4sG9rbTzO9ptUcR/e8A33cHuvStiYOwH7fszkZlZ1z/ta9AAoPk2F4qIOHA==",
       "license": "MIT",
       "dependencies": {
         "onetime": "^7.0.0",
@@ -10563,8 +13359,6 @@
     },
     "node_modules/restore-cursor/node_modules/onetime": {
       "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/onetime/-/onetime-7.0.0.tgz",
-      "integrity": "sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==",
       "license": "MIT",
       "dependencies": {
         "mimic-function": "^5.0.0"
@@ -10578,8 +13372,6 @@
     },
     "node_modules/retry": {
       "version": "0.12.0",
-      "resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz",
-      "integrity": "sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -10588,8 +13380,6 @@
     },
     "node_modules/reusify": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz",
-      "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==",
       "license": "MIT",
       "optional": true,
       "engines": {
@@ -10599,15 +13389,11 @@
     },
     "node_modules/rfdc": {
       "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.4.1.tgz",
-      "integrity": "sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/rimraf": {
       "version": "6.1.2",
-      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-6.1.2.tgz",
-      "integrity": "sha512-cFCkPslJv7BAXJsYlK1dZsbP8/ZNLkCAQ0bi1hf5EKX2QHegmDFEFA6QhuYJlk7UDdc+02JjO80YSOrWPpw06g==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -10626,8 +13412,6 @@
     },
     "node_modules/rimraf/node_modules/glob": {
       "version": "13.0.0",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.0.tgz",
-      "integrity": "sha512-tvZgpqk6fz4BaNZ66ZsRaZnbHvP/jG3uKJvAZOwEVUL4RTA5nJeeLYfyN9/VA8NX/V3IBG+hkeuGpKjvELkVhA==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -10644,8 +13428,6 @@
     },
     "node_modules/rimraf/node_modules/lru-cache": {
       "version": "11.2.4",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.4.tgz",
-      "integrity": "sha512-B5Y16Jr9LB9dHVkh6ZevG+vAbOsNOYCX+sXvFWFu7B3Iz5mijW3zdbMyhsh8ANd2mSWBYdJgnqi+mL7/LrOPYg==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "engines": {
@@ -10654,8 +13436,6 @@
     },
     "node_modules/rimraf/node_modules/minimatch": {
       "version": "10.1.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.1.tgz",
-      "integrity": "sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -10670,8 +13450,6 @@
     },
     "node_modules/rimraf/node_modules/path-scurry": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.1.tgz",
-      "integrity": "sha512-oWyT4gICAu+kaA7QWk/jvCHWarMKNs6pXOGWKDTr7cw4IGcUbW+PeTfbaQiLGheFRpjo6O9J0PmyMfQPjH71oA==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -10687,8 +13465,6 @@
     },
     "node_modules/ripemd160": {
       "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/ripemd160/-/ripemd160-2.0.3.tgz",
-      "integrity": "sha512-5Di9UC0+8h1L6ZD2d7awM7E/T4uA1fJRlx6zk/NvdCCVEoAnFqvHmCuNeIKoCeIixBX/q8uM+6ycDvF8woqosA==",
       "license": "MIT",
       "dependencies": {
         "hash-base": "^3.1.2",
@@ -10700,8 +13476,6 @@
     },
     "node_modules/rollup": {
       "version": "4.52.3",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.52.3.tgz",
-      "integrity": "sha512-RIDh866U8agLgiIcdpB+COKnlCreHJLfIhWC3LVflku5YHfpnsIKigRZeFfMfCc4dVcqNVfQQ5gO/afOck064A==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -10743,8 +13517,6 @@
     },
     "node_modules/rollup-plugin-dts": {
       "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/rollup-plugin-dts/-/rollup-plugin-dts-6.3.0.tgz",
-      "integrity": "sha512-d0UrqxYd8KyZ6i3M2Nx7WOMy708qsV/7fTHMHxCMCBOAe3V/U7OMPu5GkX8hC+cmkHhzGnfeYongl1IgiooddA==",
       "dev": true,
       "license": "LGPL-3.0-only",
       "dependencies": {
@@ -10766,8 +13538,6 @@
     },
     "node_modules/rollup-plugin-dts/node_modules/magic-string": {
       "version": "0.30.21",
-      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
-      "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10776,15 +13546,11 @@
     },
     "node_modules/rollup/node_modules/@types/estree": {
       "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
-      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/router": {
       "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz",
-      "integrity": "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -10800,8 +13566,6 @@
     },
     "node_modules/run-applescript": {
       "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.1.0.tgz",
-      "integrity": "sha512-DPe5pVFaAsinSaV6QjQ6gdiedWDcRCbUuiQfQa2wmWV7+xC9bGulGI8+TdRmoFkAPaBXk8CrAbnlY2ISniJ47Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -10813,8 +13577,6 @@
     },
     "node_modules/run-async": {
       "version": "4.0.6",
-      "resolved": "https://registry.npmjs.org/run-async/-/run-async-4.0.6.tgz",
-      "integrity": "sha512-IoDlSLTs3Yq593mb3ZoKWKXMNu3UpObxhgA/Xuid5p4bbfi2jdY1Hj0m1K+0/tEuQTxIGMhQDqGjKb7RuxGpAQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -10823,8 +13585,6 @@
     },
     "node_modules/run-parallel": {
       "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
-      "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
       "funding": [
         {
           "type": "github",
@@ -10847,8 +13607,6 @@
     },
     "node_modules/rxjs": {
       "version": "7.8.2",
-      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.2.tgz",
-      "integrity": "sha512-dhKf903U/PQZY6boNNtAGdWbG85WAbjT/1xYoZIC7FAY0yWapOBQVsVrDl58W86//e1VpMNBtRV4MaXfdMySFA==",
       "license": "Apache-2.0",
       "peer": true,
       "dependencies": {
@@ -10857,21 +13615,15 @@
     },
     "node_modules/safe-buffer": {
       "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
-      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
       "license": "MIT"
     },
     "node_modules/safer-buffer": {
       "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/sass": {
       "version": "1.90.0",
-      "resolved": "https://registry.npmjs.org/sass/-/sass-1.90.0.tgz",
-      "integrity": "sha512-9GUyuksjw70uNpb1MTYWsH9MQHOHY6kwfnkafC24+7aOMZn9+rVMBxRbLvw756mrBFbIsFg6Xw9IkR2Fnn3k+Q==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -10892,23 +13644,17 @@
     },
     "node_modules/sax": {
       "version": "1.4.3",
-      "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.3.tgz",
-      "integrity": "sha512-yqYn1JhPczigF94DMS+shiDMjDowYO6y9+wB/4WgO0Y19jWYk0lQ4tuG5KI7kj4FTp1wxPj5IFfcrz/s1c3jjQ==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "optional": true
     },
     "node_modules/secure-compare": {
       "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/secure-compare/-/secure-compare-3.0.1.tgz",
-      "integrity": "sha512-AckIIV90rPDcBcglUwXPF3kg0P0qmPsPXAj6BBEENQE1p5yA1xfmDJzfi1Tappj37Pv2mVbKpL3Z1T+Nn7k1Qw==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/semver": {
       "version": "7.7.2",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
-      "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
       "devOptional": true,
       "license": "ISC",
       "bin": {
@@ -10920,15 +13666,11 @@
     },
     "node_modules/semver-compare": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/semver-compare/-/semver-compare-1.0.0.tgz",
-      "integrity": "sha512-YM3/ITh2MJ5MtzaM429anh+x2jiLVjqILF4m4oyQB18W7Ggea7BfqdH/wGMK7dDiMghv/6WG7znWMwUDzJiXow==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/semver-regex": {
       "version": "3.1.4",
-      "resolved": "https://registry.npmjs.org/semver-regex/-/semver-regex-3.1.4.tgz",
-      "integrity": "sha512-6IiqeZNgq01qGf0TId0t3NvKzSvUsjcpdEO3AQNeIjR6A2+ckTnQlDpl4qu1bjRv0RzN3FP9hzFmws3lKqRWkA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -10940,8 +13682,6 @@
     },
     "node_modules/send": {
       "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/send/-/send-1.2.1.tgz",
-      "integrity": "sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -10967,8 +13707,6 @@
     },
     "node_modules/serve-static": {
       "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.1.tgz",
-      "integrity": "sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -10987,14 +13725,10 @@
     },
     "node_modules/set-blocking": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
-      "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==",
       "license": "ISC"
     },
     "node_modules/set-function-length": {
       "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz",
-      "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==",
       "license": "MIT",
       "dependencies": {
         "define-data-property": "^1.1.4",
@@ -11010,15 +13744,11 @@
     },
     "node_modules/setprototypeof": {
       "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
-      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/sha.js": {
       "version": "2.4.12",
-      "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.12.tgz",
-      "integrity": "sha512-8LzC5+bvI45BjpfXU8V5fdU2mfeKiQe1D1gIMn7XUlF3OTUrpdJpPPH4EMAnF0DsHHdSZqCdSss5qCmJKuiO3w==",
       "license": "(MIT AND BSD-3-Clause)",
       "dependencies": {
         "inherits": "^2.0.4",
@@ -11037,8 +13767,6 @@
     },
     "node_modules/sha.js/node_modules/safe-buffer": {
       "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
       "funding": [
         {
           "type": "github",
@@ -11057,8 +13785,6 @@
     },
     "node_modules/shebang-command": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
-      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11070,8 +13796,6 @@
     },
     "node_modules/shebang-regex": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
-      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -11080,8 +13804,6 @@
     },
     "node_modules/side-channel": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
-      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11100,8 +13822,6 @@
     },
     "node_modules/side-channel-list": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
-      "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11117,8 +13837,6 @@
     },
     "node_modules/side-channel-map": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
-      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11136,8 +13854,6 @@
     },
     "node_modules/side-channel-weakmap": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
-      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11156,8 +13872,6 @@
     },
     "node_modules/signal-exit": {
       "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
-      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
       "license": "ISC",
       "engines": {
         "node": ">=14"
@@ -11168,8 +13882,6 @@
     },
     "node_modules/sigstore": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/sigstore/-/sigstore-3.1.0.tgz",
-      "integrity": "sha512-ZpzWAFHIFqyFE56dXqgX/DkDRZdz+rRcjoIk/RQU4IX0wiCv1l8S7ZrXDHcCc+uaf+6o7w3h2l3g6GYG5TKN9Q==",
       "devOptional": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -11186,8 +13898,6 @@
     },
     "node_modules/slash": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
-      "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -11196,8 +13906,6 @@
     },
     "node_modules/slice-ansi": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-5.0.0.tgz",
-      "integrity": "sha512-FC+lgizVPfie0kkhqUScwRu1O/lF6NOgJmlCgK+/LYxDCTk8sGelYaHDhFcDN+Sn3Cv+3VSa4Byeo+IMCzpMgQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11213,8 +13921,6 @@
     },
     "node_modules/smart-buffer": {
       "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz",
-      "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -11224,8 +13930,6 @@
     },
     "node_modules/socks": {
       "version": "2.8.7",
-      "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.7.tgz",
-      "integrity": "sha512-HLpt+uLy/pxB+bum/9DzAgiKS8CX1EvbWxI4zlmgGCExImLdiad2iCwXT5Z4c9c3Eq8rP2318mPW2c+QbtjK8A==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11239,8 +13943,6 @@
     },
     "node_modules/socks-proxy-agent": {
       "version": "8.0.5",
-      "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.5.tgz",
-      "integrity": "sha512-HehCEsotFqbPW9sJ8WVYB6UbmIMv7kUUORIF2Nncq4VQvBfNBLibW9YZR5dlYCSUhwcD628pRllm7n+E+YTzJw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11254,8 +13956,6 @@
     },
     "node_modules/source-map": {
       "version": "0.7.6",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.6.tgz",
-      "integrity": "sha512-i5uvt8C3ikiWeNZSVZNWcfZPItFQOsYTUAOkcUPGd8DqDy1uOUikjt5dG+uRlwyvR108Fb9DOd4GvXfT0N2/uQ==",
       "license": "BSD-3-Clause",
       "engines": {
         "node": ">= 12"
@@ -11263,8 +13963,6 @@
     },
     "node_modules/source-map-js": {
       "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
-      "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
       "dev": true,
       "license": "BSD-3-Clause",
       "engines": {
@@ -11273,8 +13971,6 @@
     },
     "node_modules/source-map-support": {
       "version": "0.5.21",
-      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz",
-      "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11284,8 +13980,6 @@
     },
     "node_modules/source-map-support/node_modules/source-map": {
       "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
-      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
       "dev": true,
       "license": "BSD-3-Clause",
       "engines": {
@@ -11294,8 +13988,6 @@
     },
     "node_modules/spdx-correct": {
       "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz",
-      "integrity": "sha512-kN9dJbvnySHULIluDHy32WHRUu3Og7B9sbY7tsFLctQkIqnMh3hErYgdMjTYuqmcXX+lK5T1lnUt3G7zNswmZA==",
       "devOptional": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -11305,15 +13997,11 @@
     },
     "node_modules/spdx-exceptions": {
       "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz",
-      "integrity": "sha512-PiU42r+xO4UbUS1buo3LPJkjlO7430Xn5SVAhdpzzsPHsjbYVflnnFdATgabnLude+Cqu25p6N+g2lw/PFsa4w==",
       "devOptional": true,
       "license": "CC-BY-3.0"
     },
     "node_modules/spdx-expression-parse": {
       "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz",
-      "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11323,22 +14011,16 @@
     },
     "node_modules/spdx-license-ids": {
       "version": "3.0.22",
-      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.22.tgz",
-      "integrity": "sha512-4PRT4nh1EImPbt2jASOKHX7PB7I+e4IWNLvkKFDxNhJlfjbYlleYQh285Z/3mPTHSAK/AvdMmw5BNNuYH8ShgQ==",
       "devOptional": true,
       "license": "CC0-1.0"
     },
     "node_modules/sprintf-js": {
       "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
-      "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==",
       "dev": true,
       "license": "BSD-3-Clause"
     },
     "node_modules/ssri": {
       "version": "12.0.0",
-      "resolved": "https://registry.npmjs.org/ssri/-/ssri-12.0.0.tgz",
-      "integrity": "sha512-S7iGNosepx9RadX82oimUkvr0Ct7IjJbEbs4mJcTxst8um95J3sDYU1RBEOvdu6oL1Wek2ODI5i4MAw+dZ6cAQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -11350,8 +14032,6 @@
     },
     "node_modules/statuses": {
       "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
-      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -11360,8 +14040,6 @@
     },
     "node_modules/stdin-discarder": {
       "version": "0.2.2",
-      "resolved": "https://registry.npmjs.org/stdin-discarder/-/stdin-discarder-0.2.2.tgz",
-      "integrity": "sha512-UhDfHmA92YAlNnCfhmq0VeNL5bDbiZGg7sZ2IvPsXubGkiNa9EC+tUTsjBRsYUAz87btI6/1wf4XoVvQ3uRnmQ==",
       "license": "MIT",
       "engines": {
         "node": ">=18"
@@ -11372,8 +14050,6 @@
     },
     "node_modules/string_decoder": {
       "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
-      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
       "license": "MIT",
       "dependencies": {
         "safe-buffer": "~5.1.0"
@@ -11381,8 +14057,6 @@
     },
     "node_modules/string-argv": {
       "version": "0.3.2",
-      "resolved": "https://registry.npmjs.org/string-argv/-/string-argv-0.3.2.tgz",
-      "integrity": "sha512-aqD2Q0144Z+/RqG52NeHEkZauTAUWJO8c6yTftGJKO3Tja5tUgIfmIl6kExvhtxSDP7fXB6DvzkfMpCd/F3G+Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -11391,8 +14065,6 @@
     },
     "node_modules/string-width": {
       "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
-      "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==",
       "license": "MIT",
       "dependencies": {
         "emoji-regex": "^10.3.0",
@@ -11409,8 +14081,6 @@
     "node_modules/string-width-cjs": {
       "name": "string-width",
       "version": "4.2.3",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11424,8 +14094,6 @@
     },
     "node_modules/string-width-cjs/node_modules/ansi-regex": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -11434,15 +14102,11 @@
     },
     "node_modules/string-width-cjs/node_modules/emoji-regex": {
       "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/string-width-cjs/node_modules/is-fullwidth-code-point": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
-      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -11451,8 +14115,6 @@
     },
     "node_modules/string-width-cjs/node_modules/strip-ansi": {
       "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11464,8 +14126,6 @@
     },
     "node_modules/strip-ansi": {
       "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
-      "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==",
       "license": "MIT",
       "dependencies": {
         "ansi-regex": "^6.0.1"
@@ -11480,8 +14140,6 @@
     "node_modules/strip-ansi-cjs": {
       "name": "strip-ansi",
       "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11493,8 +14151,6 @@
     },
     "node_modules/strip-ansi-cjs/node_modules/ansi-regex": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -11503,8 +14159,6 @@
     },
     "node_modules/strip-final-newline": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz",
-      "integrity": "sha512-dOESqjYr96iWYylGObzd39EuNTa5VJxyvVAEm5Jnh7KGo75V43Hk1odPQkNDyXNmUR6k+gEiDVXnjB8HJ3crXw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -11516,8 +14170,6 @@
     },
     "node_modules/supports-color": {
       "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11529,8 +14181,6 @@
     },
     "node_modules/supports-preserve-symlinks-flag": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
-      "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -11542,8 +14192,6 @@
     },
     "node_modules/tar": {
       "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz",
-      "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -11560,8 +14208,6 @@
     },
     "node_modules/tar/node_modules/fs-minipass": {
       "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
-      "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -11573,8 +14219,6 @@
     },
     "node_modules/tar/node_modules/fs-minipass/node_modules/minipass": {
       "version": "3.3.6",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
-      "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -11586,8 +14230,6 @@
     },
     "node_modules/tar/node_modules/minipass": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz",
-      "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -11596,8 +14238,6 @@
     },
     "node_modules/tar/node_modules/minizlib": {
       "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz",
-      "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11610,8 +14250,6 @@
     },
     "node_modules/tar/node_modules/minizlib/node_modules/minipass": {
       "version": "3.3.6",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
-      "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -11623,15 +14261,11 @@
     },
     "node_modules/tar/node_modules/yallist": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/tinyglobby": {
       "version": "0.2.14",
-      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.14.tgz",
-      "integrity": "sha512-tX5e7OM1HnYr2+a2C/4V0htOcSQcoSTH9KgJnVvNm5zm/cyEWKJ7j7YutsH9CxMdtOkkLFy2AHrMci9IM8IPZQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11647,8 +14281,6 @@
     },
     "node_modules/tldts": {
       "version": "7.0.19",
-      "resolved": "https://registry.npmjs.org/tldts/-/tldts-7.0.19.tgz",
-      "integrity": "sha512-8PWx8tvC4jDB39BQw1m4x8y5MH1BcQ5xHeL2n7UVFulMPH/3Q0uiamahFJ3lXA0zO2SUyRXuVVbWSDmstlt9YA==",
       "license": "MIT",
       "dependencies": {
         "tldts-core": "^7.0.19"
@@ -11659,14 +14291,10 @@
     },
     "node_modules/tldts-core": {
       "version": "7.0.19",
-      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.0.19.tgz",
-      "integrity": "sha512-lJX2dEWx0SGH4O6p+7FPwYmJ/bu1JbcGJ8RLaG9b7liIgZ85itUVEPbMtWRVrde/0fnDPEPHW10ZsKW3kVsE9A==",
       "license": "MIT"
     },
     "node_modules/to-buffer": {
       "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/to-buffer/-/to-buffer-1.2.2.tgz",
-      "integrity": "sha512-db0E3UJjcFhpDhAF4tLo03oli3pwl3dbnzXOUIlRKrp+ldk/VUxzpWYZENsw2SZiuBjHAk7DfB0VU7NKdpb6sw==",
       "license": "MIT",
       "dependencies": {
         "isarray": "^2.0.5",
@@ -11679,14 +14307,10 @@
     },
     "node_modules/to-buffer/node_modules/isarray": {
       "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz",
-      "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==",
       "license": "MIT"
     },
     "node_modules/to-buffer/node_modules/safe-buffer": {
       "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
       "funding": [
         {
           "type": "github",
@@ -11705,8 +14329,6 @@
     },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
-      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -11718,8 +14340,6 @@
     },
     "node_modules/toidentifier": {
       "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
-      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -11728,14 +14348,10 @@
     },
     "node_modules/ts-matches": {
       "version": "6.5.0",
-      "resolved": "https://registry.npmjs.org/ts-matches/-/ts-matches-6.5.0.tgz",
-      "integrity": "sha512-MhuobYhHYn6MlOTPAF/qk3tsRRioPac5ofYn68tc3rAJaGjsw1MsX1MOSep52DkvNJPgNV0F73zfgcQfYTVeyQ==",
       "license": "MIT"
     },
     "node_modules/ts-morph": {
       "version": "23.0.0",
-      "resolved": "https://registry.npmjs.org/ts-morph/-/ts-morph-23.0.0.tgz",
-      "integrity": "sha512-FcvFx7a9E8TUe6T3ShihXJLiJOiqyafzFKUO4aqIHDUCIvADdGNShcbc2W5PMr3LerXRv7mafvFZ9lRENxJmug==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
@@ -11745,8 +14361,6 @@
     },
     "node_modules/ts-node": {
       "version": "10.9.2",
-      "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz",
-      "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11789,16 +14403,11 @@
     },
     "node_modules/tslib": {
       "version": "2.8.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
-      "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
       "license": "0BSD",
       "peer": true
     },
     "node_modules/tslint": {
       "version": "6.1.3",
-      "resolved": "https://registry.npmjs.org/tslint/-/tslint-6.1.3.tgz",
-      "integrity": "sha512-IbR4nkT96EQOvKE2PW/djGz8iGNeJ4rF2mBfiYaR/nvUWYKJhLwimoJKgjIFEIDibBtOevj7BqCRL4oHeWWUCg==",
-      "deprecated": "TSLint has been deprecated in favor of ESLint. Please see https://github.com/palantir/tslint/issues/4534 for more information.",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -11828,8 +14437,6 @@
     },
     "node_modules/tslint/node_modules/ansi-styles": {
       "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11841,8 +14448,6 @@
     },
     "node_modules/tslint/node_modules/argparse": {
       "version": "1.0.10",
-      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
-      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11851,8 +14456,6 @@
     },
     "node_modules/tslint/node_modules/brace-expansion": {
       "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11862,8 +14465,6 @@
     },
     "node_modules/tslint/node_modules/chalk": {
       "version": "2.4.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11877,8 +14478,6 @@
     },
     "node_modules/tslint/node_modules/color-convert": {
       "version": "1.9.3",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
-      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11887,23 +14486,16 @@
     },
     "node_modules/tslint/node_modules/color-name": {
       "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/tslint/node_modules/commander": {
       "version": "2.20.3",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
-      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/tslint/node_modules/glob": {
       "version": "7.2.3",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
-      "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
-      "deprecated": "Glob versions prior to v9 are no longer supported",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -11923,8 +14515,6 @@
     },
     "node_modules/tslint/node_modules/has-flag": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -11933,8 +14523,6 @@
     },
     "node_modules/tslint/node_modules/js-yaml": {
       "version": "3.14.2",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
-      "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11947,8 +14535,6 @@
     },
     "node_modules/tslint/node_modules/minimatch": {
       "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -11960,8 +14546,6 @@
     },
     "node_modules/tslint/node_modules/mkdirp": {
       "version": "0.5.6",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
-      "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11973,8 +14557,6 @@
     },
     "node_modules/tslint/node_modules/semver": {
       "version": "5.7.2",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz",
-      "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==",
       "dev": true,
       "license": "ISC",
       "bin": {
@@ -11983,8 +14565,6 @@
     },
     "node_modules/tslint/node_modules/supports-color": {
       "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11996,15 +14576,11 @@
     },
     "node_modules/tslint/node_modules/tslib": {
       "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-      "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
       "dev": true,
       "license": "0BSD"
     },
     "node_modules/tsutils": {
       "version": "2.29.0",
-      "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-2.29.0.tgz",
-      "integrity": "sha512-g5JVHCIJwzfISaXpXE1qvNalca5Jwob6FjI4AoPlqMusJ6ftFE7IkkFoMhVLRgK+4Kx3gkzb8UZK5t5yTTvEmA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -12016,15 +14592,11 @@
     },
     "node_modules/tsutils/node_modules/tslib": {
       "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-      "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
       "dev": true,
       "license": "0BSD"
     },
     "node_modules/tuf-js": {
       "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/tuf-js/-/tuf-js-3.1.0.tgz",
-      "integrity": "sha512-3T3T04WzowbwV2FDiGXBbr81t64g1MUGGJRgT4x5o97N+8ArdhVCAF9IxFrxuSJmM3E5Asn7nKHkao0ibcZXAg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -12038,8 +14610,6 @@
     },
     "node_modules/type-fest": {
       "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-1.4.0.tgz",
-      "integrity": "sha512-yGSza74xk0UG8k+pLh5oeoYirvIiWo5t0/o3zHHAO2tRDiZcxWP7fywNlXhqb6/r6sWvwi+RsyQMWhVLe4BVuA==",
       "dev": true,
       "license": "(MIT OR CC0-1.0)",
       "engines": {
@@ -12051,8 +14621,6 @@
     },
     "node_modules/type-is": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz",
-      "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -12066,8 +14634,6 @@
     },
     "node_modules/typed-array-buffer": {
       "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.3.tgz",
-      "integrity": "sha512-nAYYwfY3qnzX30IkA6AQZjVbtK6duGontcQm1WSG1MD94YLqK0515GNApXkoxKOWMusVssAHWLh9SeaoefYFGw==",
       "license": "MIT",
       "dependencies": {
         "call-bound": "^1.0.3",
@@ -12080,8 +14646,6 @@
     },
     "node_modules/typescript": {
       "version": "5.9.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
-      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
       "dev": true,
       "license": "Apache-2.0",
       "peer": true,
@@ -12095,15 +14659,11 @@
     },
     "node_modules/undici-types": {
       "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
-      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/union": {
       "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/union/-/union-0.5.0.tgz",
-      "integrity": "sha512-N6uOhuW6zO95P3Mel2I2zMsbsanvvtgn6jVqJv4vbVcz/JN0OkL9suomjQGmWtxJQXOCqUJvquc1sMeNz/IwlA==",
       "dev": true,
       "dependencies": {
         "qs": "^6.4.0"
@@ -12114,8 +14674,6 @@
     },
     "node_modules/unique-filename": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/unique-filename/-/unique-filename-4.0.0.tgz",
-      "integrity": "sha512-XSnEewXmQ+veP7xX2dS5Q4yZAvO40cBN2MWkJ7D/6sW4Dg6wYBNwM1Vrnz1FhH5AdeLIlUXRI9e28z1YZi71NQ==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -12127,8 +14685,6 @@
     },
     "node_modules/unique-slug": {
       "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/unique-slug/-/unique-slug-5.0.0.tgz",
-      "integrity": "sha512-9OdaqO5kwqR+1kVgHAhsp5vPNU0hnxRa26rBFNfNgM7M6pNtgzeBn3s/xbyCQL3dcjzOatcef6UUHpB/6MaETg==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -12140,8 +14696,6 @@
     },
     "node_modules/unpipe": {
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
-      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -12150,8 +14704,6 @@
     },
     "node_modules/update-browserslist-db": {
       "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz",
-      "integrity": "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==",
       "dev": true,
       "funding": [
         {
@@ -12181,21 +14733,15 @@
     },
     "node_modules/url-join": {
       "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/url-join/-/url-join-4.0.1.tgz",
-      "integrity": "sha512-jk1+QP6ZJqyOiuEI9AEWQfju/nB2Pw466kbA0LEZljHwKeMgd9WrAEgEGxjPDD2+TNbbb37rTyhEfrCXfuKXnA==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/util-deprecate": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==",
       "license": "MIT"
     },
     "node_modules/uuid": {
       "version": "8.3.2",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
-      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
       "license": "MIT",
       "bin": {
         "uuid": "dist/bin/uuid"
@@ -12203,15 +14749,11 @@
     },
     "node_modules/v8-compile-cache-lib": {
       "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz",
-      "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/validate-npm-package-license": {
       "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz",
-      "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==",
       "devOptional": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -12221,8 +14763,6 @@
     },
     "node_modules/validate-npm-package-name": {
       "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-6.0.2.tgz",
-      "integrity": "sha512-IUoow1YUtvoBBC06dXs8bR8B9vuA3aJfmQNKMoaPG/OFsPmoQvw8xh+6Ye25Gx9DQhoEom3Pcu9MKHerm/NpUQ==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -12231,8 +14771,6 @@
     },
     "node_modules/vary": {
       "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
-      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -12241,8 +14779,6 @@
     },
     "node_modules/vite": {
       "version": "7.1.11",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.11.tgz",
-      "integrity": "sha512-uzcxnSDVjAopEUjljkWh8EIrg6tlzrjFUfMcR1EVsRDGwf/ccef0qQPRyOrROwhrTDaApueq+ja+KLPlzR/zdg==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -12317,8 +14853,6 @@
     },
     "node_modules/vite/node_modules/tinyglobby": {
       "version": "0.2.15",
-      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
-      "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -12334,8 +14868,6 @@
     },
     "node_modules/watchpack": {
       "version": "2.4.4",
-      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.4.tgz",
-      "integrity": "sha512-c5EGNOiyxxV5qmTtAB7rbiXxi1ooX1pQKMLX/MIabJjRA0SJBQOjKF+KSVfHkr9U1cADPon0mRiVe/riyaiDUA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -12348,17 +14880,12 @@
     },
     "node_modules/weak-lru-cache": {
       "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/weak-lru-cache/-/weak-lru-cache-1.2.2.tgz",
-      "integrity": "sha512-DEAoo25RfSYMuTGc9vPJzZcZullwIqRDSI9LOy+fkCJPi6hykCnfKaXTuPBDuXAUcqHXyOgFtHNp/kB2FjYHbw==",
       "dev": true,
       "license": "MIT",
       "optional": true
     },
     "node_modules/whatwg-encoding": {
       "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-2.0.0.tgz",
-      "integrity": "sha512-p41ogyeMUrw3jWclHWTQg1k05DSVXPLcVxRTYsXUk+ZooOCZLcoYgPZ/HL/D/N+uQPOtcp1me1WhBEaX02mhWg==",
-      "deprecated": "Use @exodus/bytes instead for a more spec-conformant and faster implementation",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -12370,8 +14897,6 @@
     },
     "node_modules/whatwg-encoding/node_modules/iconv-lite": {
       "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
-      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -12383,8 +14908,6 @@
     },
     "node_modules/which": {
       "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
-      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
       "devOptional": true,
       "license": "ISC",
       "dependencies": {
@@ -12399,14 +14922,10 @@
     },
     "node_modules/which-module": {
       "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz",
-      "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==",
       "license": "ISC"
     },
     "node_modules/which-pm-runs": {
       "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/which-pm-runs/-/which-pm-runs-1.1.0.tgz",
-      "integrity": "sha512-n1brCuqClxfFfq/Rb0ICg9giSZqCS+pLtccdag6C2HyufBrh3fBOiy9nb6ggRMvWOVH5GrdJskj5iGTZNxd7SA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -12415,8 +14934,6 @@
     },
     "node_modules/which-typed-array": {
       "version": "1.1.19",
-      "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.19.tgz",
-      "integrity": "sha512-rEvr90Bck4WZt9HHFC4DJMsjvu7x+r6bImz0/BrbWb7A2djJ8hnZMrWnHo9F8ssv0OMErasDhftrfROTyqSDrw==",
       "license": "MIT",
       "dependencies": {
         "available-typed-arrays": "^1.0.7",
@@ -12436,8 +14953,6 @@
     },
     "node_modules/wrap-ansi": {
       "version": "6.2.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
-      "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
       "license": "MIT",
       "dependencies": {
         "ansi-styles": "^4.0.0",
@@ -12451,8 +14966,6 @@
     "node_modules/wrap-ansi-cjs": {
       "name": "wrap-ansi",
       "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
-      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -12469,8 +14982,6 @@
     },
     "node_modules/wrap-ansi-cjs/node_modules/ansi-regex": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -12479,8 +14990,6 @@
     },
     "node_modules/wrap-ansi-cjs/node_modules/ansi-styles": {
       "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -12495,15 +15004,11 @@
     },
     "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": {
       "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
       "devOptional": true,
       "license": "MIT"
     },
     "node_modules/wrap-ansi-cjs/node_modules/is-fullwidth-code-point": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
-      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -12512,8 +15017,6 @@
     },
     "node_modules/wrap-ansi-cjs/node_modules/string-width": {
       "version": "4.2.3",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -12527,8 +15030,6 @@
     },
     "node_modules/wrap-ansi-cjs/node_modules/strip-ansi": {
       "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -12540,8 +15041,6 @@
     },
     "node_modules/wrap-ansi/node_modules/ansi-regex": {
       "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
       "license": "MIT",
       "engines": {
         "node": ">=8"
@@ -12549,8 +15048,6 @@
     },
     "node_modules/wrap-ansi/node_modules/ansi-styles": {
       "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
       "license": "MIT",
       "dependencies": {
         "color-convert": "^2.0.1"
@@ -12564,14 +15061,10 @@
     },
     "node_modules/wrap-ansi/node_modules/emoji-regex": {
       "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
       "license": "MIT"
     },
     "node_modules/wrap-ansi/node_modules/is-fullwidth-code-point": {
       "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
-      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
       "license": "MIT",
       "engines": {
         "node": ">=8"
@@ -12579,8 +15072,6 @@
     },
     "node_modules/wrap-ansi/node_modules/string-width": {
       "version": "4.2.3",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
       "license": "MIT",
       "dependencies": {
         "emoji-regex": "^8.0.0",
@@ -12593,8 +15084,6 @@
     },
     "node_modules/wrap-ansi/node_modules/strip-ansi": {
       "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
       "license": "MIT",
       "dependencies": {
         "ansi-regex": "^5.0.1"
@@ -12605,15 +15094,11 @@
     },
     "node_modules/wrappy": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
       "devOptional": true,
       "license": "ISC"
     },
     "node_modules/wsl-utils": {
       "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/wsl-utils/-/wsl-utils-0.1.0.tgz",
-      "integrity": "sha512-h3Fbisa2nKGPxCpm89Hk33lBLsnaGBvctQopaBSOW/uIs6FTe1ATyAnKFJrzVs9vpGdsTe73WF3V4lIsk4Gacw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -12628,8 +15113,6 @@
     },
     "node_modules/y18n": {
       "version": "5.0.8",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
-      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -12638,15 +15121,11 @@
     },
     "node_modules/yallist": {
       "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
-      "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
       "dev": true,
       "license": "ISC"
     },
     "node_modules/yargs": {
       "version": "18.0.0",
-      "resolved": "https://registry.npmjs.org/yargs/-/yargs-18.0.0.tgz",
-      "integrity": "sha512-4UEqdc2RYGHZc7Doyqkrqiln3p9X2DZVxaGbwhn2pi7MrRagKaOcIKe8L3OxYcbhXLgLFUS3zAYuQjKBQgmuNg==",
       "devOptional": true,
       "license": "MIT",
       "dependencies": {
@@ -12663,8 +15142,6 @@
     },
     "node_modules/yargs-parser": {
       "version": "22.0.0",
-      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-22.0.0.tgz",
-      "integrity": "sha512-rwu/ClNdSMpkSrUb+d6BRsSkLUq1fmfsY6TOpYzTwvwkg1/NRG85KBy3kq++A8LKQwX6lsu+aWad+2khvuXrqw==",
       "devOptional": true,
       "license": "ISC",
       "engines": {
@@ -12673,8 +15150,6 @@
     },
     "node_modules/yn": {
       "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
-      "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -12683,8 +15158,6 @@
     },
     "node_modules/yocto-queue": {
       "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
-      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -12696,8 +15169,6 @@
     },
     "node_modules/yoctocolors-cjs": {
       "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/yoctocolors-cjs/-/yoctocolors-cjs-2.1.3.tgz",
-      "integrity": "sha512-U/PBtDf35ff0D8X8D0jfdzHYEPFxAI7jJlxZXwCSez5M3190m+QobIfh+sWDWSHMCWWJN2AWamkegn6vr6YBTw==",
       "devOptional": true,
       "license": "MIT",
       "engines": {
@@ -12709,8 +15180,6 @@
     },
     "node_modules/zod": {
       "version": "4.1.13",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-4.1.13.tgz",
-      "integrity": "sha512-AvvthqfqrAhNH9dnfmrfKzX5upOdjUVJYFqNSlkmGf64gRaTzlPwz99IHYnVs28qYAybvAlBV+H7pn0saFY4Ig==",
       "devOptional": true,
       "license": "MIT",
       "peer": true,
@@ -12720,8 +15189,6 @@
     },
     "node_modules/zod-to-json-schema": {
       "version": "3.25.1",
-      "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.1.tgz",
-      "integrity": "sha512-pM/SU9d3YAggzi6MtR4h7ruuQlqKtad8e9S0fmxcMi+ueAK5Korys/aWcV9LIIHTVbj01NdzxcnXSN+O74ZIVA==",
       "devOptional": true,
       "license": "ISC",
       "peerDependencies": {
@@ -12730,8 +15197,6 @@
     },
     "node_modules/zone.js": {
       "version": "0.15.1",
-      "resolved": "https://registry.npmjs.org/zone.js/-/zone.js-0.15.1.tgz",
-      "integrity": "sha512-XE96n56IQpJM7NAoXswY3XRLcWFW83xe0BiAOeMD7K5k5xecOeul3Qcpx6GqEeeHNkW5DWL5zOyTbEfB4eti8w==",
       "license": "MIT",
       "peer": true
     }