fix(port): add atomic ClaimPort() to prevent race condition

- Replace GetPortStatus/SetPortStatus calls with atomic ClaimPort() operation. - Fixed a logic error when handling headless tunneling.
refactor: consolidate error handling with fail() function in session handlers
2026-01-12 18:25:35 +07:00 · 2026-01-12 14:42:42 +07:00 · 2026-01-11 15:21:11 +07:00 · 2026-01-09 12:15:30 +00:00 · 2026-01-09 12:15:05 +00:00 · 2026-01-09 10:00:35 +00:00
18 changed files with 1214 additions and 523 deletions
--- a/.gitea/workflows/renovate.yml
+++ b/.gitea/workflows/renovate.yml
@@ -1,21 +0,0 @@
 name: renovate
 on:
  schedule:
    - cron: "0 0 * * *"
  push:
    branches:
      - staging
 jobs:
  renovate:
    runs-on: ubuntu-latest
    container: git.fossy.my.id/renovate-clanker/renovate:latest
    steps:
      - uses: actions/checkout@v6
      - run: renovate
        env:
          RENOVATE_CONFIG_FILE: ${{ gitea.workspace }}/renovate-config.js
          LOG_LEVEL: "debug"
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          GITHUB_COM_TOKEN: ${{ secrets.COM_TOKEN }}
--- a/README.md
+++ b/README.md
@@ -33,6 +33,10 @@ The following environment variables can be configured in the `.env` file:
 | `BUFFER_SIZE` | Buffer size for io.Copy operations in bytes (4096-1048576) | `32768` | No |
 | `PPROF_ENABLED` | Enable pprof profiling server | `false` | No |
 | `PPROF_PORT` | Port for pprof server | `6060` | No |
 | `MODE` | Runtime mode: `standalone` (default, no gRPC/auth) or `node` (enable gRPC + auth) | `standalone` | No |
 | `GRPC_ADDRESS` | gRPC server address/host used in `node` mode | `localhost` | No |
 | `GRPC_PORT` | gRPC server port used in `node` mode | `8080` | No |
 | `NODE_TOKEN` | Authentication token sent to controller in `node` mode | - (required in `node`) | Yes (node mode) |
 **Note:** All environment variables now use UPPERCASE naming. The application includes sensible defaults for all variables, so you can run it without a `.env` file for basic functionality.
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,9 @@
 module tunnel_pls
-go 1.24.4
+go 1.25.5
 require (
 	git.fossy.my.id/bagas/tunnel-please-grpc v1.5.0
 	github.com/caddyserver/certmagic v0.25.1
 	github.com/charmbracelet/bubbles v0.21.0
 	github.com/charmbracelet/bubbletea v1.3.10
@@ -11,23 +12,28 @@ require (
 	github.com/libdns/cloudflare v0.2.2
 	github.com/muesli/termenv v0.16.0
 	golang.org/x/crypto v0.46.0
 	google.golang.org/grpc v1.78.0
 	google.golang.org/protobuf v1.36.11
 )
 require (
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/caddyserver/zerossl v0.1.4 // indirect
-	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
+	github.com/charmbracelet/colorprofile v0.4.1 // indirect
-	github.com/charmbracelet/x/ansi v0.10.1 // indirect
+	github.com/charmbracelet/x/ansi v0.11.3 // indirect
-	github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd // indirect
+	github.com/charmbracelet/x/cellbuf v0.0.14 // indirect
-	github.com/charmbracelet/x/term v0.2.1 // indirect
+	github.com/charmbracelet/x/term v0.2.2 // indirect
 	github.com/clipperhouse/displaywidth v0.6.2 // indirect
 	github.com/clipperhouse/stringish v0.1.1 // indirect
 	github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
 	github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/libdns/libdns v1.1.1 // indirect
-	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/lucasb-eyer/go-colorful v1.3.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
-	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mattn/go-runewidth v0.0.19 // indirect
 	github.com/mholt/acmez/v3 v3.1.4 // indirect
 	github.com/miekg/dns v1.1.69 // indirect
 	github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
@@ -39,10 +45,11 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.1 // indirect
 	go.uber.org/zap/exp v0.3.0 // indirect
-	golang.org/x/mod v0.30.0 // indirect
+	golang.org/x/mod v0.31.0 // indirect
 	golang.org/x/net v0.48.0 // indirect
 	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.39.0 // indirect
 	golang.org/x/text v0.32.0 // indirect
-	golang.org/x/tools v0.39.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,9 @@
 git.fossy.my.id/bagas/tunnel-please-grpc v1.3.0 h1:RhcBKUG41/om4jgN+iF/vlY/RojTeX1QhBa4p4428ec=
 git.fossy.my.id/bagas/tunnel-please-grpc v1.3.0/go.mod h1:fG+VkArdkceGB0bNA7IFQus9GetLAwdF5Oi4jdMlXtY=
 git.fossy.my.id/bagas/tunnel-please-grpc v1.4.0 h1:tpJSKjaSmV+vxxbVx6qnStjxFVXjj2M0rygWXxLb99o=
 git.fossy.my.id/bagas/tunnel-please-grpc v1.4.0/go.mod h1:fG+VkArdkceGB0bNA7IFQus9GetLAwdF5Oi4jdMlXtY=
 git.fossy.my.id/bagas/tunnel-please-grpc v1.5.0 h1:3xszIhck4wo9CoeRq9vnkar4PhY7kz9QrR30qj2XszA=
 git.fossy.my.id/bagas/tunnel-please-grpc v1.5.0/go.mod h1:Weh6ZujgWmT8XxD3Qba7sJ6r5eyUMB9XSWynqdyOoLo=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
@@ -16,24 +22,38 @@ github.com/charmbracelet/bubbles v0.21.0 h1:9TdC97SdRVg/1aaXNVWfFH3nnLAwOXr8Fn6u
 github.com/charmbracelet/bubbles v0.21.0/go.mod h1:HF+v6QUR4HkEpz62dx7ym2xc71/KBHg+zKwJtMw+qtg=
 github.com/charmbracelet/bubbletea v1.3.10 h1:otUDHWMMzQSB0Pkc87rm691KZ3SWa4KUlvF9nRvCICw=
 github.com/charmbracelet/bubbletea v1.3.10/go.mod h1:ORQfo0fk8U+po9VaNvnV95UPWA1BitP1E0N6xJPlHr4=
-github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc h1:4pZI35227imm7yK2bGPcfpFEmuY1gc2YSTShr4iJBfs=
+github.com/charmbracelet/colorprofile v0.4.1 h1:a1lO03qTrSIRaK8c3JRxJDZOvhvIeSco3ej+ngLk1kk=
-github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc/go.mod h1:X4/0JoqgTIPSFcRA/P6INZzIuyqdFY5rm8tb41s9okk=
+github.com/charmbracelet/colorprofile v0.4.1/go.mod h1:U1d9Dljmdf9DLegaJ0nGZNJvoXAhayhmidOdcBwAvKk=
 github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY=
 github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=
-github.com/charmbracelet/x/ansi v0.10.1 h1:rL3Koar5XvX0pHGfovN03f5cxLbCF2YvLeyz7D2jVDQ=
+github.com/charmbracelet/x/ansi v0.11.3 h1:6DcVaqWI82BBVM/atTyq6yBoRLZFBsnoDoX9GCu2YOI=
-github.com/charmbracelet/x/ansi v0.10.1/go.mod h1:3RQDQ6lDnROptfpWuUVIUG64bD2g2BgntdxH0Ya5TeE=
+github.com/charmbracelet/x/ansi v0.11.3/go.mod h1:yI7Zslym9tCJcedxz5+WBq+eUGMJT0bM06Fqy1/Y4dI=
-github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd h1:vy0GVL4jeHEwG5YOXDmi86oYw2yuYUGqz6a8sLwg0X8=
+github.com/charmbracelet/x/cellbuf v0.0.14 h1:iUEMryGyFTelKW3THW4+FfPgi4fkmKnnaLOXuc+/Kj4=
-github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs=
+github.com/charmbracelet/x/cellbuf v0.0.14/go.mod h1:P447lJl49ywBbil/KjCk2HexGh4tEY9LH0/1QrZZ9rA=
 github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91 h1:payRxjMjKgx2PaCWLZ4p3ro9y97+TVLZNaRZgJwSVDQ=
 github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91/go.mod h1:wDlXFlCrmJ8J+swcL/MnGUuYnqgQdW9rhSD61oNMb6U=
-github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=
+github.com/charmbracelet/x/term v0.2.2 h1:xVRT/S2ZcKdhhOuSP4t5cLi5o+JxklsoEObBSgfgZRk=
-github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
+github.com/charmbracelet/x/term v0.2.2/go.mod h1:kF8CY5RddLWrsgVwpw4kAa6TESp6EB5y3uxGLeCqzAI=
 github.com/clipperhouse/displaywidth v0.6.2 h1:ZDpTkFfpHOKte4RG5O/BOyf3ysnvFswpyYrV7z2uAKo=
 github.com/clipperhouse/displaywidth v0.6.2/go.mod h1:R+kHuzaYWFkTm7xoMmK1lFydbci4X2CicfbGstSGg0o=
 github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs=
 github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA=
 github.com/clipperhouse/uax29/v2 v2.3.0 h1:SNdx9DVUqMoBuBoW3iLOj4FQv3dN5mDtuqwuhIGpJy4=
 github.com/clipperhouse/uax29/v2 v2.3.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=
 github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
@@ -44,20 +64,16 @@ github.com/libdns/cloudflare v0.2.2 h1:XWHv+C1dDcApqazlh08Q6pjytYLgR2a+Y3xrXFu0v
 github.com/libdns/cloudflare v0.2.2/go.mod h1:w9uTmRCDlAoafAsTPnn2nJ0XHK/eaUMh86DUk8BWi60=
 github.com/libdns/libdns v1.1.1 h1:wPrHrXILoSHKWJKGd0EiAVmiJbFShguILTg9leS/P/U=
 github.com/libdns/libdns v1.1.1/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
-github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
+github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag=
-github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
+github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4=
 github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
-github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw=
-github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
 github.com/mholt/acmez/v3 v3.1.3 h1:gUl789rjbJSuM5hYzOFnNaGgWPV1xVfnOs59o0dZEcc=
 github.com/mholt/acmez/v3 v3.1.3/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
 github.com/mholt/acmez/v3 v3.1.4 h1:DyzZe/RnAzT3rpZj/2Ii5xZpiEvvYk3cQEN/RmqxwFQ=
 github.com/mholt/acmez/v3 v3.1.4/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
 github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
 github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
 github.com/miekg/dns v1.1.69 h1:Kb7Y/1Jo+SG+a2GtfoFUfDkG//csdRPwRLkCsxDG9Sc=
 github.com/miekg/dns v1.1.69/go.mod h1:7OyjD9nEba5OkqQ/hB4fy3PIoxafSZJtducccIelz3g=
 github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=
@@ -68,7 +84,6 @@ github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc
 github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA=
@@ -83,24 +98,32 @@ github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI=
 github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE=
 github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
 github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
 go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
 go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
 go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
 go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
 go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
 go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
 go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
 go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
 go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc=
 go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go.uber.org/zap/exp v0.3.0 h1:6JYzdifzYkGmTdRR59oYH+Ng7k49H9qVpWwNSsGJj3U=
 go.uber.org/zap/exp v0.3.0/go.mod h1:5I384qq7XGxYyByIhHm6jg5CHkGY0nsTfbDLgDDlgJQ=
 golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
 golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
-golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561 h1:MDc5xs78ZrZr3HMQugiXOAkSZtfTpbJLDr/lwfgO53E=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
-golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
-golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
-golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
 golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
 golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
 golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
 golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
@@ -113,7 +136,15 @@ golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
 golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
 golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
-golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
-golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b h1:Mv8VFug0MP9e5vUxfBcE3vUkV6CImK3cMNMIDFjmzxU=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
 google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
 google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/internal/grpc/client/client.go
+++ b/internal/grpc/client/client.go
@@ -0,0 +1,421 @@
 package client
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
 	"log"
 	"time"
 	"tunnel_pls/internal/config"
 	"tunnel_pls/types"
 	"tunnel_pls/session"
 	proto "git.fossy.my.id/bagas/tunnel-please-grpc/gen"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/health/grpc_health_v1"
 	"google.golang.org/grpc/keepalive"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 type GrpcConfig struct {
 	Address             string
 	UseTLS              bool
 	InsecureSkipVerify  bool
 	Timeout             time.Duration
 	KeepAlive           bool
 	MaxRetries          int
 	KeepAliveTime       time.Duration
 	KeepAliveTimeout    time.Duration
 	PermitWithoutStream bool
 }
 type Client struct {
 	conn                       *grpc.ClientConn
 	config                     *GrpcConfig
 	sessionRegistry            session.Registry
 	eventService               proto.EventServiceClient
 	authorizeConnectionService proto.UserServiceClient
 	closing                    bool
 }
 func DefaultConfig() *GrpcConfig {
 	return &GrpcConfig{
 		Address:             "localhost:50051",
 		UseTLS:              false,
 		InsecureSkipVerify:  false,
 		Timeout:             10 * time.Second,
 		KeepAlive:           true,
 		MaxRetries:          3,
 		KeepAliveTime:       2 * time.Minute,
 		KeepAliveTimeout:    10 * time.Second,
 		PermitWithoutStream: false,
 	}
 }
 func New(config *GrpcConfig, sessionRegistry session.Registry) (*Client, error) {
 	if config == nil {
 		config = DefaultConfig()
 	} else {
 		defaults := DefaultConfig()
 		if config.Address == "" {
 			config.Address = defaults.Address
 		}
 		if config.Timeout == 0 {
 			config.Timeout = defaults.Timeout
 		}
 		if config.MaxRetries == 0 {
 			config.MaxRetries = defaults.MaxRetries
 		}
 		if config.KeepAliveTime == 0 {
 			config.KeepAliveTime = defaults.KeepAliveTime
 		}
 		if config.KeepAliveTimeout == 0 {
 			config.KeepAliveTimeout = defaults.KeepAliveTimeout
 		}
 	}
 	var opts []grpc.DialOption
 	if config.UseTLS {
 		tlsConfig := &tls.Config{
 			InsecureSkipVerify: config.InsecureSkipVerify,
 		}
 		creds := credentials.NewTLS(tlsConfig)
 		opts = append(opts, grpc.WithTransportCredentials(creds))
 	} else {
 		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	}
 	if config.KeepAlive {
 		kaParams := keepalive.ClientParameters{
 			Time:                config.KeepAliveTime,
 			Timeout:             config.KeepAliveTimeout,
 			PermitWithoutStream: config.PermitWithoutStream,
 		}
 		opts = append(opts, grpc.WithKeepaliveParams(kaParams))
 	}
 	opts = append(opts,
 		grpc.WithDefaultCallOptions(
 			grpc.MaxCallRecvMsgSize(4*1024*1024),
 			grpc.MaxCallSendMsgSize(4*1024*1024),
 		),
 	)
 	conn, err := grpc.NewClient(config.Address, opts...)
 	if err != nil {
 		return nil, fmt.Errorf("failed to connect to gRPC server at %s: %w", config.Address, err)
 	}
 	eventService := proto.NewEventServiceClient(conn)
 	authorizeConnectionService := proto.NewUserServiceClient(conn)
 	return &Client{
 		conn:                       conn,
 		config:                     config,
 		sessionRegistry:            sessionRegistry,
 		eventService:               eventService,
 		authorizeConnectionService: authorizeConnectionService,
 	}, nil
 }
 func (c *Client) SubscribeEvents(ctx context.Context, identity, authToken string) error {
 	const (
 		baseBackoff = time.Second
 		maxBackoff  = 30 * time.Second
 	)
 	backoff := baseBackoff
 	wait := func() error {
 		if backoff <= 0 {
 			return nil
 		}
 		select {
 		case <-time.After(backoff):
 			return nil
 		case <-ctx.Done():
 			return ctx.Err()
 		}
 	}
 	growBackoff := func() {
 		backoff *= 2
 		if backoff > maxBackoff {
 			backoff = maxBackoff
 		}
 	}
 	for {
 		subscribe, err := c.eventService.Subscribe(ctx)
 		if err != nil {
 			if errors.Is(err, context.Canceled) || status.Code(err) == codes.Canceled || ctx.Err() != nil {
 				return err
 			}
 			if !c.isConnectionError(err) || status.Code(err) == codes.Unauthenticated {
 				return err
 			}
 			if err = wait(); err != nil {
 				return err
 			}
 			growBackoff()
 			log.Printf("Reconnect to controller within %v sec", backoff.Seconds())
 			continue
 		}
 		err = subscribe.Send(&proto.Node{
 			Type: proto.EventType_AUTHENTICATION,
 			Payload: &proto.Node_AuthEvent{
 				AuthEvent: &proto.Authentication{
 					Identity:  identity,
 					AuthToken: authToken,
 				},
 			},
 		})
 		if err != nil {
 			log.Println("Authentication failed to send to gRPC server:", err)
 			if c.isConnectionError(err) {
 				if err = wait(); err != nil {
 					return err
 				}
 				growBackoff()
 				continue
 			}
 			return err
 		}
 		log.Println("Authentication Successfully sent to gRPC server")
 		backoff = baseBackoff
 		if err = c.processEventStream(subscribe); err != nil {
 			if errors.Is(err, context.Canceled) || status.Code(err) == codes.Canceled || ctx.Err() != nil {
 				return err
 			}
 			if c.isConnectionError(err) {
 				log.Printf("Reconnect to controller within %v sec", backoff.Seconds())
 				if err = wait(); err != nil {
 					return err
 				}
 				growBackoff()
 				continue
 			}
 			return err
 		}
 	}
 }
 func (c *Client) processEventStream(subscribe grpc.BidiStreamingClient[proto.Node, proto.Events]) error {
 	handlers := c.eventHandlers(subscribe)
 	for {
 		recv, err := subscribe.Recv()
 		if err != nil {
 			return err
 		}
 		handler, ok := handlers[recv.GetType()]
 		if !ok {
 			log.Printf("Unknown event type received: %v", recv.GetType())
 			continue
 		}
 		if err = handler(recv); err != nil {
 			return err
 		}
 	}
 }
 func (c *Client) eventHandlers(subscribe grpc.BidiStreamingClient[proto.Node, proto.Events]) map[proto.EventType]func(*proto.Events) error {
 	return map[proto.EventType]func(*proto.Events) error{
 		proto.EventType_SLUG_CHANGE:       func(evt *proto.Events) error { return c.handleSlugChange(subscribe, evt) },
 		proto.EventType_GET_SESSIONS:      func(evt *proto.Events) error { return c.handleGetSessions(subscribe, evt) },
 		proto.EventType_TERMINATE_SESSION: func(evt *proto.Events) error { return c.handleTerminateSession(subscribe, evt) },
 	}
 }
 func (c *Client) handleSlugChange(subscribe grpc.BidiStreamingClient[proto.Node, proto.Events], evt *proto.Events) error {
 	slugEvent := evt.GetSlugEvent()
 	user := slugEvent.GetUser()
 	oldSlug := slugEvent.GetOld()
 	newSlug := slugEvent.GetNew()
 	userSession, err := c.sessionRegistry.Get(types.SessionKey{Id: oldSlug, Type: types.HTTP})
 	if err != nil {
 		return c.sendNode(subscribe, &proto.Node{
 			Type: proto.EventType_SLUG_CHANGE_RESPONSE,
 			Payload: &proto.Node_SlugEventResponse{
 				SlugEventResponse: &proto.SlugChangeEventResponse{Success: false, Message: err.Error()},
 			},
 		}, "slug change failure response")
 	}
 	if err = c.sessionRegistry.Update(user, types.SessionKey{Id: oldSlug, Type: types.HTTP}, types.SessionKey{Id: newSlug, Type: types.HTTP}); err != nil {
 		return c.sendNode(subscribe, &proto.Node{
 			Type: proto.EventType_SLUG_CHANGE_RESPONSE,
 			Payload: &proto.Node_SlugEventResponse{
 				SlugEventResponse: &proto.SlugChangeEventResponse{Success: false, Message: err.Error()},
 			},
 		}, "slug change failure response")
 	}
 	userSession.GetInteraction().Redraw()
 	return c.sendNode(subscribe, &proto.Node{
 		Type: proto.EventType_SLUG_CHANGE_RESPONSE,
 		Payload: &proto.Node_SlugEventResponse{
 			SlugEventResponse: &proto.SlugChangeEventResponse{Success: true, Message: ""},
 		},
 	}, "slug change success response")
 }
 func (c *Client) handleGetSessions(subscribe grpc.BidiStreamingClient[proto.Node, proto.Events], evt *proto.Events) error {
 	sessions := c.sessionRegistry.GetAllSessionFromUser(evt.GetGetSessionsEvent().GetIdentity())
 	var details []*proto.Detail
 	for _, ses := range sessions {
 		detail := ses.Detail()
 		details = append(details, &proto.Detail{
 			Node:           config.Getenv("DOMAIN", "localhost"),
 			ForwardingType: detail.ForwardingType,
 			Slug:           detail.Slug,
 			UserId:         detail.UserID,
 			Active:         detail.Active,
 			StartedAt:      timestamppb.New(detail.StartedAt),
 		})
 	}
 	return c.sendNode(subscribe, &proto.Node{
 		Type: proto.EventType_GET_SESSIONS,
 		Payload: &proto.Node_GetSessionsEvent{
 			GetSessionsEvent: &proto.GetSessionsResponse{Details: details},
 		},
 	}, "send get sessions response")
 }
 func (c *Client) handleTerminateSession(subscribe grpc.BidiStreamingClient[proto.Node, proto.Events], evt *proto.Events) error {
 	terminate := evt.GetTerminateSessionEvent()
 	user := terminate.GetUser()
 	slug := terminate.GetSlug()
 	tunnelType, err := c.protoToTunnelType(terminate.GetTunnelType())
 	if err != nil {
 		return c.sendNode(subscribe, &proto.Node{
 			Type: proto.EventType_TERMINATE_SESSION,
 			Payload: &proto.Node_TerminateSessionEventResponse{
 				TerminateSessionEventResponse: &proto.TerminateSessionEventResponse{Success: false, Message: err.Error()},
 			},
 		}, "terminate session invalid tunnel type")
 	}
 	userSession, err := c.sessionRegistry.GetWithUser(user, types.SessionKey{Id: slug, Type: tunnelType})
 	if err != nil {
 		return c.sendNode(subscribe, &proto.Node{
 			Type: proto.EventType_TERMINATE_SESSION,
 			Payload: &proto.Node_TerminateSessionEventResponse{
 				TerminateSessionEventResponse: &proto.TerminateSessionEventResponse{Success: false, Message: err.Error()},
 			},
 		}, "terminate session fetch failed")
 	}
 	if err = userSession.GetLifecycle().Close(); err != nil {
 		return c.sendNode(subscribe, &proto.Node{
 			Type: proto.EventType_TERMINATE_SESSION,
 			Payload: &proto.Node_TerminateSessionEventResponse{
 				TerminateSessionEventResponse: &proto.TerminateSessionEventResponse{Success: false, Message: err.Error()},
 			},
 		}, "terminate session close failed")
 	}
 	return c.sendNode(subscribe, &proto.Node{
 		Type: proto.EventType_TERMINATE_SESSION,
 		Payload: &proto.Node_TerminateSessionEventResponse{
 			TerminateSessionEventResponse: &proto.TerminateSessionEventResponse{Success: true, Message: ""},
 		},
 	}, "terminate session success response")
 }
 func (c *Client) sendNode(subscribe grpc.BidiStreamingClient[proto.Node, proto.Events], node *proto.Node, context string) error {
 	if err := subscribe.Send(node); err != nil {
 		if c.isConnectionError(err) {
 			return err
 		}
 		log.Printf("%s: %v", context, err)
 	}
 	return nil
 }
 func (c *Client) protoToTunnelType(t proto.TunnelType) (types.TunnelType, error) {
 	switch t {
 	case proto.TunnelType_HTTP:
 		return types.HTTP, nil
 	case proto.TunnelType_TCP:
 		return types.TCP, nil
 	default:
 		return types.UNKNOWN, fmt.Errorf("unknown tunnel type received")
 	}
 }
 func (c *Client) GetConnection() *grpc.ClientConn {
 	return c.conn
 }
 func (c *Client) AuthorizeConn(ctx context.Context, token string) (authorized bool, user string, err error) {
 	check, err := c.authorizeConnectionService.Check(ctx, &proto.CheckRequest{AuthToken: token})
 	if err != nil {
 		return false, "UNAUTHORIZED", err
 	}
 	if check.GetResponse() == proto.AuthorizationResponse_MESSAGE_TYPE_UNAUTHORIZED {
 		return false, "UNAUTHORIZED", nil
 	}
 	return true, check.GetUser(), nil
 }
 func (c *Client) Close() error {
 	if c.conn != nil {
 		log.Printf("Closing gRPC connection to %s", c.config.Address)
 		c.closing = true
 		return c.conn.Close()
 	}
 	return nil
 }
 func (c *Client) CheckServerHealth(ctx context.Context) error {
 	healthClient := grpc_health_v1.NewHealthClient(c.GetConnection())
 	resp, err := healthClient.Check(ctx, &grpc_health_v1.HealthCheckRequest{
 		Service: "",
 	})
 	if err != nil {
 		return fmt.Errorf("health check failed: %w", err)
 	}
 	if resp.Status != grpc_health_v1.HealthCheckResponse_SERVING {
 		return fmt.Errorf("server not serving: %v", resp.Status)
 	}
 	return nil
 }
 func (c *Client) GetConfig() *GrpcConfig {
 	return c.config
 }
 func (c *Client) isConnectionError(err error) bool {
 	if c.closing {
 		return false
 	}
 	if err == nil {
 		return false
 	}
 	if errors.Is(err, io.EOF) {
 		return true
 	}
 	switch status.Code(err) {
 	case codes.Unavailable, codes.Canceled, codes.DeadlineExceeded:
 		return true
 	default:
 		return false
 	}
 }
--- a/internal/port/port.go
+++ b/internal/port/port.go
@@ -13,7 +13,7 @@ type Manager interface {
 	AddPortRange(startPort, endPort uint16) error
 	GetUnassignedPort() (uint16, bool)
 	SetPortStatus(port uint16, assigned bool) error
-	GetPortStatus(port uint16) (bool, bool)
+	ClaimPort(port uint16) (claimed bool)
 }
 type manager struct {
@@ -74,7 +74,6 @@ func (pm *manager) GetUnassignedPort() (uint16, bool) {
 	for _, port := range pm.sortedPorts {
 		if !pm.ports[port] {
 			pm.ports[port] = true
 			return port, true
 		}
 	}
@@ -89,10 +88,21 @@ func (pm *manager) SetPortStatus(port uint16, assigned bool) error {
 	return nil
 }
-func (pm *manager) GetPortStatus(port uint16) (bool, bool) {
+func (pm *manager) ClaimPort(port uint16) (claimed bool) {
-	pm.mu.RLock()
+	pm.mu.Lock()
-	defer pm.mu.RUnlock()
+	defer pm.mu.Unlock()
 	status, exists := pm.ports[port]
-	return status, exists
+
 	if exists && status {
 		return false
 	}
 	if !exists {
 		pm.ports[port] = true
 		return true
 	}
 	pm.ports[port] = true
 	return true
 }
--- a/main.go
+++ b/main.go
@@ -1,12 +1,18 @@
 package main
 import (
 	"context"
 	"fmt"
 	"log"
 	"net/http"
 	_ "net/http/pprof"
 	"os"
 	"os/signal"
 	"strings"
 	"syscall"
 	"time"
 	"tunnel_pls/internal/config"
 	"tunnel_pls/internal/grpc/client"
 	"tunnel_pls/internal/key"
 	"tunnel_pls/server"
 	"tunnel_pls/session"
@@ -26,6 +32,9 @@ func main() {
 	log.Printf("Starting %s", version.GetVersion())
 	mode := strings.ToLower(config.Getenv("MODE", "standalone"))
 	isNodeMode := mode == "node"
 	pprofEnabled := config.Getenv("PPROF_ENABLED", "false")
 	if pprofEnabled == "true" {
 		pprofPort := config.Getenv("PPROF_PORT", "6060")
@@ -61,9 +70,72 @@ func main() {
 	sshConfig.AddHostKey(private)
 	sessionRegistry := session.NewRegistry()
-	app, err := server.NewServer(sshConfig, sessionRegistry)
+	ctx, cancel := context.WithCancel(context.Background())
-	if err != nil {
+	defer cancel()
-		log.Fatalf("Failed to start server: %s", err)
+
 	errChan := make(chan error, 2)
 	shutdownChan := make(chan os.Signal, 1)
 	signal.Notify(shutdownChan, os.Interrupt, syscall.SIGTERM)
 	var grpcClient *client.Client
 	if isNodeMode {
 		grpcHost := config.Getenv("GRPC_ADDRESS", "localhost")
 		grpcPort := config.Getenv("GRPC_PORT", "8080")
 		grpcAddr := fmt.Sprintf("%s:%s", grpcHost, grpcPort)
 		nodeToken := config.Getenv("NODE_TOKEN", "")
 		if nodeToken == "" {
 			log.Fatalf("NODE_TOKEN is required in node mode")
 		}
 		c, err := client.New(&client.GrpcConfig{
 			Address:            grpcAddr,
 			UseTLS:             false,
 			InsecureSkipVerify: false,
 			Timeout:            10 * time.Second,
 			KeepAlive:          true,
 			MaxRetries:         3,
 		}, sessionRegistry)
 		if err != nil {
 			log.Fatalf("failed to create grpc client: %v", err)
 		}
 		grpcClient = c
 		healthCtx, healthCancel := context.WithTimeout(ctx, 5*time.Second)
 		if err := grpcClient.CheckServerHealth(healthCtx); err != nil {
 			healthCancel()
 			log.Fatalf("gRPC health check failed: %v", err)
 		}
 		healthCancel()
 		go func() {
 			identity := config.Getenv("DOMAIN", "localhost")
 			if err := grpcClient.SubscribeEvents(ctx, identity, nodeToken); err != nil {
 				errChan <- fmt.Errorf("failed to subscribe to events: %w", err)
 			}
 		}()
 	}
 	go func() {
 		app, err := server.NewServer(sshConfig, sessionRegistry, grpcClient)
 		if err != nil {
 			errChan <- fmt.Errorf("failed to start server: %s", err)
 			return
 		}
 		app.Start()
 	}()
 	select {
 	case err := <-errChan:
 		log.Printf("error happen : %s", err)
 	case sig := <-shutdownChan:
 		log.Printf("received signal %s, shutting down", sig)
 	}
 	cancel()
 	if grpcClient != nil {
 		if err := grpcClient.Close(); err != nil {
 			log.Printf("failed to close grpc conn : %s", err)
 		}
 	}
 	app.Start()
 }
--- a/renovate-config.js
+++ b/renovate-config.js
@@ -1,8 +0,0 @@
 module.exports = {
    "endpoint": "https://git.fossy.my.id/api/v1",
    "gitAuthor": "Renovate-Clanker <renovate-bot@fossy.my.id>",
    "platform": "gitea",
    "onboardingConfigFileName": "renovate.json",
    "autodiscover": true,
    "optimizeForDisabled": true,
 };
--- a/server/http.go
+++ b/server/http.go
@@ -13,6 +13,7 @@ import (
 	"time"
 	"tunnel_pls/internal/config"
 	"tunnel_pls/session"
 	"tunnel_pls/types"
 	"golang.org/x/crypto/ssh"
 )
@@ -313,8 +314,11 @@ func (hs *httpServer) handler(conn net.Conn) {
 		return
 	}
-	sshSession, exist := hs.sessionRegistry.Get(slug)
+	sshSession, err := hs.sessionRegistry.Get(types.SessionKey{
-	if !exist {
+		Id:   slug,
 		Type: types.HTTP,
 	})
 	if err != nil {
 		_, err = conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" +
 			fmt.Sprintf("Location: https://tunnl.live/tunnel-not-found?slug=%s\r\n", slug) +
 			"Content-Length: 0\r\n" +
--- a/server/https.go
+++ b/server/https.go
@@ -9,6 +9,7 @@ import (
 	"net"
 	"strings"
 	"tunnel_pls/internal/config"
 	"tunnel_pls/types"
 )
 func (hs *httpServer) ListenAndServeTLS() error {
@@ -89,8 +90,11 @@ func (hs *httpServer) handlerTLS(conn net.Conn) {
 		return
 	}
-	sshSession, exist := hs.sessionRegistry.Get(slug)
+	sshSession, err := hs.sessionRegistry.Get(types.SessionKey{
-	if !exist {
+		Id:   slug,
 		Type: types.HTTP,
 	})
 	if err != nil {
 		_, err = conn.Write([]byte("HTTP/1.1 301 Moved Permanently\r\n" +
 			fmt.Sprintf("Location: https://tunnl.live/tunnel-not-found?slug=%s\r\n", slug) +
 			"Content-Length: 0\r\n" +
--- a/server/server.go
+++ b/server/server.go
@@ -1,10 +1,14 @@
 package server
 import (
 	"context"
 	"errors"
 	"fmt"
 	"log"
 	"net"
 	"time"
 	"tunnel_pls/internal/config"
 	"tunnel_pls/internal/grpc/client"
 	"tunnel_pls/session"
 	"golang.org/x/crypto/ssh"
@@ -14,9 +18,10 @@ type Server struct {
 	conn            *net.Listener
 	config          *ssh.ServerConfig
 	sessionRegistry session.Registry
 	grpcClient      *client.Client
 }
-func NewServer(sshConfig *ssh.ServerConfig, sessionRegistry session.Registry) (*Server, error) {
+func NewServer(sshConfig *ssh.ServerConfig, sessionRegistry session.Registry, grpcClient *client.Client) (*Server, error) {
 	listener, err := net.Listen("tcp", fmt.Sprintf(":%s", config.Getenv("PORT", "2200")))
 	if err != nil {
 		log.Fatalf("failed to listen on port 2200: %v", err)
@@ -42,6 +47,7 @@ func NewServer(sshConfig *ssh.ServerConfig, sessionRegistry session.Registry) (*
 		conn:            &listener,
 		config:          sshConfig,
 		sessionRegistry: sessionRegistry,
 		grpcClient:      grpcClient,
 	}, nil
 }
@@ -62,7 +68,7 @@ func (s *Server) handleConnection(conn net.Conn) {
 	sshConn, chans, forwardingReqs, err := ssh.NewServerConn(conn, s.config)
 	if err != nil {
 		log.Printf("failed to establish SSH connection: %v", err)
-		err := conn.Close()
+		err = conn.Close()
 		if err != nil {
 			log.Printf("failed to close SSH connection: %v", err)
 			return
@@ -70,9 +76,22 @@ func (s *Server) handleConnection(conn net.Conn) {
 		return
 	}
-	log.Println("SSH connection established:", sshConn.User())
+	defer func(sshConn *ssh.ServerConn) {
 		err = sshConn.Close()
 		if err != nil && !errors.Is(err, net.ErrClosed) {
 			log.Printf("failed to close SSH server: %v", err)
 		}
 	}(sshConn)
-	sshSession := session.New(sshConn, forwardingReqs, chans, s.sessionRegistry)
+	user := "UNAUTHORIZED"
 	if s.grpcClient != nil {
 		ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
 		_, u, _ := s.grpcClient.AuthorizeConn(ctx, sshConn.User())
 		user = u
 		cancel()
 	}
 	log.Println("SSH connection established:", sshConn.User())
 	sshSession := session.New(sshConn, forwardingReqs, chans, s.sessionRegistry, user)
 	err = sshSession.Start()
 	if err != nil {
 		log.Printf("SSH session ended with error: %v", err)
--- a/session/handler.go
+++ b/session/handler.go
@@ -59,142 +59,79 @@ func (s *SSHSession) HandleGlobalRequest(GlobalRequest <-chan *ssh.Request) {
 func (s *SSHSession) HandleTCPIPForward(req *ssh.Request) {
 	log.Println("Port forwarding request detected")
 	fail := func(msg string) {
 		log.Println(msg)
 		if err := req.Reply(false, nil); err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
 		if err := s.lifecycle.Close(); err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
 	}
 	reader := bytes.NewReader(req.Payload)
 	addr, err := readSSHString(reader)
 	if err != nil {
-		log.Println("Failed to read address from payload:", err)
+		fail(fmt.Sprintf("Failed to read address from payload: %v", err))
 		err := req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
 		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
 		return
 	}
 	var rawPortToBind uint32
-	if err := binary.Read(reader, binary.BigEndian, &rawPortToBind); err != nil {
+	if err = binary.Read(reader, binary.BigEndian, &rawPortToBind); err != nil {
-		log.Println("Failed to read port from payload:", err)
+		fail(fmt.Sprintf("Failed to read port from payload: %v", err))
 		err := req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
 		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
 		return
 	}
 	if rawPortToBind > 65535 {
-		log.Printf("Port %d is larger than allowed port of 65535", rawPortToBind)
+		fail(fmt.Sprintf("Port %d is larger than allowed port of 65535", rawPortToBind))
 		err := req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
 		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
 		return
 	}
 	portToBind := uint16(rawPortToBind)
 	if isBlockedPort(portToBind) {
-		log.Printf("Port %d is blocked or restricted", portToBind)
+		fail(fmt.Sprintf("Port %d is blocked or restricted", portToBind))
 		err := req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
 		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
 		return
 	}
-	if portToBind == 80 || portToBind == 443 {
+	switch portToBind {
 	case 80, 443:
 		s.HandleHTTPForward(req, portToBind)
-		return
+	default:
 		s.HandleTCPForward(req, addr, portToBind)
 	}
 	if portToBind == 0 {
 		unassign, success := portUtil.Default.GetUnassignedPort()
 		portToBind = unassign
 		if !success {
 			log.Println("No available port")
 			err := req.Reply(false, nil)
 			if err != nil {
 				log.Println("Failed to reply to request:", err)
 				return
 			}
 			err = s.lifecycle.Close()
 			if err != nil {
 				log.Printf("failed to close session: %v", err)
 			}
 			return
 		}
 	} else if isUse, isExist := portUtil.Default.GetPortStatus(portToBind); isExist && isUse {
 		log.Printf("Port %d is already in use or restricted", portToBind)
 		err := req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
 		err = s.lifecycle.Close()
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
 		return
 	}
 	err = portUtil.Default.SetPortStatus(portToBind, true)
 	if err != nil {
 		log.Println("Failed to set port status:", err)
 		return
 	}
 	s.HandleTCPForward(req, addr, portToBind)
 }
 func (s *SSHSession) HandleHTTPForward(req *ssh.Request, portToBind uint16) {
-	slug := random.GenerateRandomString(20)
+	fail := func(msg string, key *types.SessionKey) {
-
+		log.Println(msg)
-	if !s.registry.Register(slug, s) {
+		if key != nil {
-		log.Printf("Failed to register client with slug: %s", slug)
+			s.registry.Remove(*key)
-		err := req.Reply(false, nil)
+		}
-		if err != nil {
+		if err := req.Reply(false, nil); err != nil {
 			log.Println("Failed to reply to request:", err)
 		}
 	}
 	slug := random.GenerateRandomString(20)
 	key := types.SessionKey{Id: slug, Type: types.HTTP}
 	if !s.registry.Register(key, s) {
 		fail(fmt.Sprintf("Failed to register client with slug: %s", slug), nil)
 		return
 	}
 	buf := new(bytes.Buffer)
 	err := binary.Write(buf, binary.BigEndian, uint32(portToBind))
 	if err != nil {
-		log.Println("Failed to write port to buffer:", err)
+		fail(fmt.Sprintf("Failed to write port to buffer: %v", err), &key)
 		s.registry.Remove(slug)
 		err = req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 		}
 		return
 	}
 	log.Printf("HTTP forwarding approved on port: %d", portToBind)
 	err = req.Reply(true, buf.Bytes())
 	if err != nil {
-		log.Println("Failed to reply to request:", err)
+		fail(fmt.Sprintf("Failed to reply to request: %v", err), &key)
 		s.registry.Remove(slug)
 		err = req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 		}
 		return
 	}
@@ -202,65 +139,89 @@ func (s *SSHSession) HandleHTTPForward(req *ssh.Request, portToBind uint16) {
 	s.forwarder.SetForwardedPort(portToBind)
 	s.slugManager.Set(slug)
 	s.lifecycle.SetStatus(types.RUNNING)
 	s.interaction.Start()
 }
 func (s *SSHSession) HandleTCPForward(req *ssh.Request, addr string, portToBind uint16) {
-	log.Printf("Requested forwarding on %s:%d", addr, portToBind)
+	fail := func(msg string) {
-	listener, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", portToBind))
+		log.Println(msg)
-	if err != nil {
+		if err := req.Reply(false, nil); err != nil {
 		log.Printf("Port %d is already in use or restricted", portToBind)
 		if setErr := portUtil.Default.SetPortStatus(portToBind, false); setErr != nil {
 			log.Printf("Failed to reset port status: %v", setErr)
 		}
 		err = req.Reply(false, nil)
 		if err != nil {
 			log.Println("Failed to reply to request:", err)
 			return
 		}
-		err = s.lifecycle.Close()
+		if err := s.lifecycle.Close(); err != nil {
 		if err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
 	}
 	cleanup := func(msg string, port uint16, listener net.Listener, key *types.SessionKey) {
 		log.Println(msg)
 		if key != nil {
 			s.registry.Remove(*key)
 		}
 		if port != 0 {
 			if setErr := portUtil.Default.SetPortStatus(port, false); setErr != nil {
 				log.Printf("Failed to reset port status: %v", setErr)
 			}
 		}
 		if listener != nil {
 			if closeErr := listener.Close(); closeErr != nil {
 				log.Printf("Failed to close listener: %v", closeErr)
 			}
 		}
 		if err := req.Reply(false, nil); err != nil {
 			log.Println("Failed to reply to request:", err)
 		}
 		_ = s.lifecycle.Close()
 	}
 	if portToBind == 0 {
 		unassigned, ok := portUtil.Default.GetUnassignedPort()
 		if !ok {
 			fail("No available port")
 			return
 		}
 		portToBind = unassigned
 	}
 	if claimed := portUtil.Default.ClaimPort(portToBind); !claimed {
 		fail(fmt.Sprintf("Port %d is already in use or restricted", portToBind))
 		return
 	}
 	log.Printf("Requested forwarding on %s:%d", addr, portToBind)
 	listener, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", portToBind))
 	if err != nil {
 		cleanup(fmt.Sprintf("Port %d is already in use or restricted", portToBind), portToBind, nil, nil)
 		return
 	}
 	key := types.SessionKey{Id: fmt.Sprintf("%d", portToBind), Type: types.TCP}
 	if !s.registry.Register(key, s) {
 		cleanup(fmt.Sprintf("Failed to register TCP client with id: %s", key.Id), portToBind, listener, nil)
 		return
 	}
 	buf := new(bytes.Buffer)
 	err = binary.Write(buf, binary.BigEndian, uint32(portToBind))
 	if err != nil {
-		log.Println("Failed to write port to buffer:", err)
+		cleanup(fmt.Sprintf("Failed to write port to buffer: %v", err), portToBind, listener, &key)
 		if setErr := portUtil.Default.SetPortStatus(portToBind, false); setErr != nil {
 			log.Printf("Failed to reset port status: %v", setErr)
 		}
 		err = listener.Close()
 		if err != nil {
 			log.Printf("Failed to close listener: %s", err)
 			return
 		}
 		return
 	}
 	log.Printf("TCP forwarding approved on port: %d", portToBind)
 	err = req.Reply(true, buf.Bytes())
 	if err != nil {
-		log.Println("Failed to reply to request:", err)
+		cleanup(fmt.Sprintf("Failed to reply to request: %v", err), portToBind, listener, &key)
 		if setErr := portUtil.Default.SetPortStatus(portToBind, false); setErr != nil {
 			log.Printf("Failed to reset port status: %v", setErr)
 		}
 		err = listener.Close()
 		if err != nil {
 			log.Printf("Failed to close listener: %s", err)
 			return
 		}
 		return
 	}
 	s.forwarder.SetType(types.TCP)
 	s.forwarder.SetListener(listener)
 	s.forwarder.SetForwardedPort(portToBind)
 	s.slugManager.Set(key.Id)
 	s.lifecycle.SetStatus(types.RUNNING)
 	go s.forwarder.AcceptTCPConnections()
 	s.interaction.Start()
 }
 func readSSHString(reader *bytes.Reader) (string, error) {
--- a/session/interaction/constants.go
+++ b/session/interaction/constants.go
@@ -1,152 +0,0 @@
 package interaction
 const (
 	backspaceChar    = 8
 	deleteChar       = 127
 	enterChar        = 13
 	escapeChar       = 27
 	ctrlC            = 3
 	forwardSlash     = '/'
 	minPrintableChar = 32
 	maxPrintableChar = 126
 	minSlugLength = 3
 	maxSlugLength = 20
 	clearScreen    = "\033[H\033[2J"
 	clearLine      = "\033[K"
 	clearToLineEnd = "\r\033[K"
 	backspaceSeq   = "\b \b"
 	minBoxWidth  = 50
 	paddingRight = 4
 )
 var forbiddenSlugs = map[string]struct{}{
 	"ping":          {},
 	"staging":       {},
 	"admin":         {},
 	"root":          {},
 	"api":           {},
 	"www":           {},
 	"support":       {},
 	"help":          {},
 	"status":        {},
 	"health":        {},
 	"login":         {},
 	"logout":        {},
 	"signup":        {},
 	"register":      {},
 	"settings":      {},
 	"config":        {},
 	"null":          {},
 	"undefined":     {},
 	"example":       {},
 	"test":          {},
 	"dev":           {},
 	"system":        {},
 	"administrator": {},
 	"dashboard":     {},
 	"account":       {},
 	"profile":       {},
 	"user":          {},
 	"users":         {},
 	"auth":          {},
 	"oauth":         {},
 	"callback":      {},
 	"webhook":       {},
 	"webhooks":      {},
 	"static":        {},
 	"assets":        {},
 	"cdn":           {},
 	"mail":          {},
 	"email":         {},
 	"ftp":           {},
 	"ssh":           {},
 	"git":           {},
 	"svn":           {},
 	"blog":          {},
 	"news":          {},
 	"about":         {},
 	"contact":       {},
 	"terms":         {},
 	"privacy":       {},
 	"legal":         {},
 	"billing":       {},
 	"payment":       {},
 	"checkout":      {},
 	"cart":          {},
 	"shop":          {},
 	"store":         {},
 	"download":      {},
 	"uploads":       {},
 	"images":        {},
 	"img":           {},
 	"css":           {},
 	"js":            {},
 	"fonts":         {},
 	"public":        {},
 	"private":       {},
 	"internal":      {},
 	"external":      {},
 	"proxy":         {},
 	"cache":         {},
 	"debug":         {},
 	"metrics":       {},
 	"monitoring":    {},
 	"graphql":       {},
 	"rest":          {},
 	"rpc":           {},
 	"socket":        {},
 	"ws":            {},
 	"wss":           {},
 	"app":           {},
 	"apps":          {},
 	"mobile":        {},
 	"desktop":       {},
 	"embed":         {},
 	"widget":        {},
 	"docs":          {},
 	"documentation": {},
 	"wiki":          {},
 	"forum":         {},
 	"community":     {},
 	"feedback":      {},
 	"report":        {},
 	"abuse":         {},
 	"spam":          {},
 	"security":      {},
 	"verify":        {},
 	"confirm":       {},
 	"reset":         {},
 	"password":      {},
 	"recovery":      {},
 	"unsubscribe":   {},
 	"subscribe":     {},
 	"notifications": {},
 	"alerts":        {},
 	"messages":      {},
 	"inbox":         {},
 	"outbox":        {},
 	"sent":          {},
 	"draft":         {},
 	"trash":         {},
 	"archive":       {},
 	"search":        {},
 	"explore":       {},
 	"discover":      {},
 	"trending":      {},
 	"popular":       {},
 	"featured":      {},
 	"new":           {},
 	"latest":        {},
 	"top":           {},
 	"best":          {},
 	"hot":           {},
 	"random":        {},
 	"all":           {},
 	"any":           {},
 	"none":          {},
 	"true":          {},
 	"false":         {},
 }
--- a/session/interaction/interaction.go
+++ b/session/interaction/interaction.go
@@ -23,14 +23,23 @@ import (
 type Lifecycle interface {
 	Close() error
 	GetUser() string
 }
 type SessionRegistry interface {
 	Update(user string, oldKey, newKey types.SessionKey) error
 }
 type Controller interface {
 	SetChannel(channel ssh.Channel)
 	SetLifecycle(lifecycle Lifecycle)
 	SetSlugModificator(func(oldSlug, newSlug string) bool)
 	Start()
 	SetWH(w, h int)
 	Redraw()
 	SetSessionRegistry(registry SessionRegistry)
 	SetMode(m types.Mode)
 	GetMode() types.Mode
 	Send(message string) error
 }
 type Forwarder interface {
@@ -40,16 +49,32 @@ type Forwarder interface {
 }
 type Interaction struct {
-	channel          ssh.Channel
+	channel         ssh.Channel
-	slugManager      slug.Manager
+	slugManager     slug.Manager
-	forwarder        Forwarder
+	forwarder       Forwarder
-	lifecycle        Lifecycle
+	lifecycle       Lifecycle
-	updateClientSlug func(oldSlug, newSlug string) bool
+	sessionRegistry SessionRegistry
-	program          *tea.Program
+	program         *tea.Program
-	ctx              context.Context
+	ctx             context.Context
-	cancel           context.CancelFunc
+	cancel          context.CancelFunc
 	mode            types.Mode
 }
 func (i *Interaction) SetMode(m types.Mode) {
 	i.mode = m
 }
 func (i *Interaction) GetMode() types.Mode {
 	return i.mode
 }
 func (i *Interaction) Send(message string) error {
 	if i.channel != nil {
 		_, err := i.channel.Write([]byte(message))
 		return err
 	}
 	return nil
 }
 func (i *Interaction) SetWH(w, h int) {
 	if i.program != nil {
 		i.program.Send(tea.WindowSizeMsg{
@@ -65,7 +90,6 @@ type commandItem struct {
 }
 type model struct {
 	tunnelURL         string
 	domain            string
 	protocol          string
 	tunnelType        types.TunnelType
@@ -84,6 +108,13 @@ type model struct {
 	height            int
 }
 func (m *model) getTunnelURL() string {
 	if m.tunnelType == types.HTTP {
 		return buildURL(m.protocol, m.interaction.slugManager.Get(), m.domain)
 	}
 	return fmt.Sprintf("tcp://%s:%d", m.domain, m.port)
 }
 type keymap struct {
 	quit    key.Binding
 	command key.Binding
@@ -95,17 +126,21 @@ type tickMsg time.Time
 func NewInteraction(slugManager slug.Manager, forwarder Forwarder) *Interaction {
 	ctx, cancel := context.WithCancel(context.Background())
 	return &Interaction{
-		channel:          nil,
+		channel:         nil,
-		slugManager:      slugManager,
+		slugManager:     slugManager,
-		forwarder:        forwarder,
+		forwarder:       forwarder,
-		lifecycle:        nil,
+		lifecycle:       nil,
-		updateClientSlug: nil,
+		sessionRegistry: nil,
-		program:          nil,
+		program:         nil,
-		ctx:              ctx,
+		ctx:             ctx,
-		cancel:           cancel,
+		cancel:          cancel,
 	}
 }
 func (i *Interaction) SetSessionRegistry(registry SessionRegistry) {
 	i.sessionRegistry = registry
 }
 func (i *Interaction) SetLifecycle(lifecycle Lifecycle) {
 	i.lifecycle = lifecycle
 }
@@ -114,10 +149,6 @@ func (i *Interaction) SetChannel(channel ssh.Channel) {
 	i.channel = channel
 }
 func (i *Interaction) SetSlugModificator(modificator func(oldSlug, newSlug string) (success bool)) {
 	i.updateClientSlug = modificator
 }
 func (i *Interaction) Stop() {
 	if i.cancel != nil {
 		i.cancel()
@@ -163,11 +194,11 @@ func tickCmd(d time.Duration) tea.Cmd {
 	})
 }
-func (m model) Init() tea.Cmd {
+func (m *model) Init() tea.Cmd {
 	return tea.Batch(textinput.Blink, tea.WindowSize())
 }
-func (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
+func (m *model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 	var cmd tea.Cmd
 	switch msg := msg.(type) {
@@ -211,21 +242,16 @@ func (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 				return m, tea.Batch(tea.ClearScreen, textinput.Blink)
 			case "enter":
 				inputValue := m.slugInput.Value()
-
+				if err := m.interaction.sessionRegistry.Update(m.interaction.lifecycle.GetUser(), types.SessionKey{
-				if isForbiddenSlug(inputValue) {
+					Id:   m.interaction.slugManager.Get(),
-					m.slugError = "This subdomain is reserved. Please choose a different one."
+					Type: types.HTTP,
-					return m, nil
+				}, types.SessionKey{
-				} else if !isValidSlug(inputValue) {
+					Id:   inputValue,
-					m.slugError = "Invalid subdomain. Follow the rules."
+					Type: types.HTTP,
 				}); err != nil {
 					m.slugError = err.Error()
 					return m, nil
 				}
 				if !m.interaction.updateClientSlug(m.interaction.slugManager.Get(), inputValue) {
 					m.slugError = "Someone already uses this subdomain."
 					return m, nil
 				}
 				m.tunnelURL = buildURL(m.protocol, inputValue, m.domain)
 				m.editingSlug = false
 				m.slugError = ""
 				return m, tea.Batch(tea.ClearScreen, textinput.Blink)
@@ -291,14 +317,20 @@ func (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 	return m, nil
 }
-func (m model) helpView() string {
+func (i *Interaction) Redraw() {
 	if i.program != nil {
 		i.program.Send(tea.ClearScreen())
 	}
 }
 func (m *model) helpView() string {
 	return "\n" + m.help.ShortHelpView([]key.Binding{
 		m.keymap.command,
 		m.keymap.quit,
 	})
 }
-func (m model) View() string {
+func (m *model) View() string {
 	if m.quitting {
 		return ""
 	}
@@ -659,22 +691,32 @@ func (m model) View() string {
 		MarginBottom(boxMargin).
 		Width(boxMaxWidth)
-	urlDisplay := m.tunnelURL
+	authenticatedUser := m.interaction.lifecycle.GetUser()
-	if shouldUseCompactLayout(m.width, 80) && len(m.tunnelURL) > m.width-20 {
+
-		maxLen := m.width - 25
+	userInfoStyle := lipgloss.NewStyle().
-		if maxLen > 10 {
+		Foreground(lipgloss.Color("#FAFAFA")).
-			urlDisplay = truncateString(m.tunnelURL, maxLen)
+		Bold(true)
-		}
+
-	}
+	sectionHeaderStyle := lipgloss.NewStyle().
 		Foreground(lipgloss.Color("#888888")).
 		Bold(true)
 	addressStyle := lipgloss.NewStyle().
 		Foreground(lipgloss.Color("#FAFAFA"))
 	var infoContent string
 	if shouldUseCompactLayout(m.width, 70) {
-		infoContent = fmt.Sprintf("🌐 %s", urlBoxStyle.Render(urlDisplay))
+		infoContent = fmt.Sprintf("👤 %s\n\n%s\n%s",
-	} else if isCompact {
+			userInfoStyle.Render(authenticatedUser),
-		infoContent = fmt.Sprintf("🌐  Forwarding to:\n\n     %s", urlBoxStyle.Render(urlDisplay))
+			sectionHeaderStyle.Render("🌐 FORWARDING ADDRESS:"),
 			addressStyle.Render(fmt.Sprintf("   %s", urlBoxStyle.Render(m.getTunnelURL()))))
 	} else {
-		infoContent = fmt.Sprintf("🌐  F O R W A R D I N G   T O:\n\n     %s", urlBoxStyle.Render(urlDisplay))
+		infoContent = fmt.Sprintf("👤  Authenticated as: %s\n\n%s\n     %s",
 			userInfoStyle.Render(authenticatedUser),
 			sectionHeaderStyle.Render("🌐  FORWARDING ADDRESS:"),
 			addressStyle.Render(urlBoxStyle.Render(m.getTunnelURL())))
 	}
 	b.WriteString(responsiveInfoBox.Render(infoContent))
 	b.WriteString("\n")
@@ -726,6 +768,9 @@ func (m model) View() string {
 }
 func (i *Interaction) Start() {
 	if i.mode == types.HEADLESS {
 		return
 	}
 	lipgloss.SetColorProfile(termenv.TrueColor)
 	domain := config.Getenv("DOMAIN", "localhost")
@@ -737,13 +782,6 @@ func (i *Interaction) Start() {
 	tunnelType := i.forwarder.GetTunnelType()
 	port := i.forwarder.GetForwardedPort()
 	var tunnelURL string
 	if tunnelType == types.HTTP {
 		tunnelURL = buildURL(protocol, i.slugManager.Get(), domain)
 	} else {
 		tunnelURL = fmt.Sprintf("tcp://%s:%d", domain, port)
 	}
 	items := []list.Item{
 		commandItem{name: "slug", desc: "Set custom subdomain"},
 		commandItem{name: "tunnel-type", desc: "Change tunnel type (Coming Soon)"},
@@ -764,8 +802,7 @@ func (i *Interaction) Start() {
 	ti.CharLimit = 20
 	ti.Width = 50
-	m := model{
+	m := &model{
 		tunnelURL:   tunnelURL,
 		domain:      domain,
 		protocol:    protocol,
 		tunnelType:  tunnelType,
@@ -819,30 +856,3 @@ func buildURL(protocol, subdomain, domain string) string {
 func generateRandomSubdomain() string {
 	return random.GenerateRandomString(20)
 }
 func isValidSlug(slug string) bool {
 	if len(slug) < minSlugLength || len(slug) > maxSlugLength {
 		return false
 	}
 	if slug[0] == '-' || slug[len(slug)-1] == '-' {
 		return false
 	}
 	for _, c := range slug {
 		if !isValidSlugChar(byte(c)) {
 			return false
 		}
 	}
 	return true
 }
 func isValidSlugChar(c byte) bool {
 	return (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '-'
 }
 func isForbiddenSlug(slug string) bool {
 	_, ok := forbiddenSlugs[slug]
 	return ok
 }
--- a/session/lifecycle/lifecycle.go
+++ b/session/lifecycle/lifecycle.go
@@ -4,6 +4,8 @@ import (
 	"errors"
 	"io"
 	"net"
 	"time"
 	portUtil "tunnel_pls/internal/port"
 	"tunnel_pls/session/slug"
 	"tunnel_pls/types"
@@ -17,28 +19,36 @@ type Forwarder interface {
 	GetForwardedPort() uint16
 }
-type Lifecycle struct {
+type SessionRegistry interface {
-	status           types.Status
+	Remove(key types.SessionKey)
 	conn             ssh.Conn
 	channel          ssh.Channel
 	forwarder        Forwarder
 	slugManager      slug.Manager
 	unregisterClient func(slug string)
 }
-func NewLifecycle(conn ssh.Conn, forwarder Forwarder, slugManager slug.Manager) *Lifecycle {
+type Lifecycle struct {
 	status          types.Status
 	conn            ssh.Conn
 	channel         ssh.Channel
 	forwarder       Forwarder
 	sessionRegistry SessionRegistry
 	slugManager     slug.Manager
 	startedAt       time.Time
 	user            string
 }
 func NewLifecycle(conn ssh.Conn, forwarder Forwarder, slugManager slug.Manager, user string) *Lifecycle {
 	return &Lifecycle{
-		status:           "",
+		status:          types.INITIALIZING,
-		conn:             conn,
+		conn:            conn,
-		channel:          nil,
+		channel:         nil,
-		forwarder:        forwarder,
+		forwarder:       forwarder,
-		slugManager:      slugManager,
+		slugManager:     slugManager,
-		unregisterClient: nil,
+		sessionRegistry: nil,
 		startedAt:       time.Now(),
 		user:            user,
 	}
 }
-func (l *Lifecycle) SetUnregisterClient(unregisterClient func(slug string)) {
+func (l *Lifecycle) SetSessionRegistry(registry SessionRegistry) {
-	l.unregisterClient = unregisterClient
+	l.sessionRegistry = registry
 }
 type SessionLifecycle interface {
@@ -46,8 +56,15 @@ type SessionLifecycle interface {
 	SetStatus(status types.Status)
 	GetConnection() ssh.Conn
 	GetChannel() ssh.Channel
 	GetUser() string
 	SetChannel(channel ssh.Channel)
-	SetUnregisterClient(unregisterClient func(slug string))
+	SetSessionRegistry(registry SessionRegistry)
 	IsActive() bool
 	StartedAt() time.Time
 }
 func (l *Lifecycle) GetUser() string {
 	return l.user
 }
 func (l *Lifecycle) GetChannel() ssh.Channel {
@@ -62,6 +79,9 @@ func (l *Lifecycle) GetConnection() ssh.Conn {
 }
 func (l *Lifecycle) SetStatus(status types.Status) {
 	l.status = status
 	if status == types.RUNNING && l.startedAt.IsZero() {
 		l.startedAt = time.Now()
 	}
 }
 func (l *Lifecycle) Close() error {
@@ -85,12 +105,13 @@ func (l *Lifecycle) Close() error {
 	}
 	clientSlug := l.slugManager.Get()
-	if clientSlug != "" {
+	if clientSlug != "" && l.sessionRegistry.Remove != nil {
-		l.unregisterClient(clientSlug)
+		key := types.SessionKey{Id: clientSlug, Type: l.forwarder.GetTunnelType()}
 		l.sessionRegistry.Remove(key)
 	}
 	if l.forwarder.GetTunnelType() == types.TCP {
-		err := portUtil.Default.SetPortStatus(l.forwarder.GetForwardedPort(), false)
+		err = portUtil.Default.SetPortStatus(l.forwarder.GetForwardedPort(), false)
 		if err != nil {
 			return err
 		}
@@ -98,3 +119,11 @@ func (l *Lifecycle) Close() error {
 	return nil
 }
 func (l *Lifecycle) IsActive() bool {
 	return l.status == types.RUNNING
 }
 func (l *Lifecycle) StartedAt() time.Time {
 	return l.startedAt
 }
--- a/session/registry.go
+++ b/session/registry.go
@@ -1,66 +1,309 @@
 package session
-import "sync"
+import (
 	"fmt"
 	"sync"
 	"tunnel_pls/types"
 )
 type Key = types.SessionKey
 type Registry interface {
-	Get(slug string) (session *SSHSession, exist bool)
+	Get(key Key) (session *SSHSession, err error)
-	Update(oldSlug, newSlug string) (success bool)
+	GetWithUser(user string, key Key) (session *SSHSession, err error)
-	Register(slug string, session *SSHSession) (success bool)
+	Update(user string, oldKey, newKey Key) error
-	Remove(slug string)
+	Register(key Key, session *SSHSession) (success bool)
 	Remove(key Key)
 	GetAllSessionFromUser(user string) []*SSHSession
 }
 type registry struct {
-	mu      sync.RWMutex
+	mu        sync.RWMutex
-	clients map[string]*SSHSession
+	byUser    map[string]map[Key]*SSHSession
 	slugIndex map[Key]string
 }
 func NewRegistry() Registry {
 	return &registry{
-		clients: make(map[string]*SSHSession),
+		byUser:    make(map[string]map[Key]*SSHSession),
 		slugIndex: make(map[Key]string),
 	}
 }
-func (r *registry) Get(slug string) (session *SSHSession, exist bool) {
+func (r *registry) Get(key Key) (session *SSHSession, err error) {
 	r.mu.RLock()
 	defer r.mu.RUnlock()
-	session, exist = r.clients[slug]
+	userID, ok := r.slugIndex[key]
 	return
 }
 func (r *registry) Update(oldSlug, newSlug string) (success bool) {
 	r.mu.Lock()
 	defer r.mu.Unlock()
 	if _, exists := r.clients[newSlug]; exists && newSlug != oldSlug {
 		return false
 	}
 	client, ok := r.clients[oldSlug]
 	if !ok {
-		return false
+		return nil, fmt.Errorf("session not found")
 	}
-	delete(r.clients, oldSlug)
+	client, ok := r.byUser[userID][key]
-	client.slugManager.Set(newSlug)
+	if !ok {
-	r.clients[newSlug] = client
+		return nil, fmt.Errorf("session not found")
-	return true
+	}
 	return client, nil
 }
-func (r *registry) Register(slug string, session *SSHSession) (success bool) {
+func (r *registry) GetWithUser(user string, key Key) (session *SSHSession, err error) {
 	r.mu.RLock()
 	defer r.mu.RUnlock()
 	client, ok := r.byUser[user][key]
 	if !ok {
 		return nil, fmt.Errorf("session not found")
 	}
 	return client, nil
 }
 func (r *registry) Update(user string, oldKey, newKey Key) error {
 	if oldKey.Type != newKey.Type {
 		return fmt.Errorf("tunnel type cannot change")
 	}
 	if newKey.Type != types.HTTP {
 		return fmt.Errorf("non http tunnel cannot change slug")
 	}
 	if isForbiddenSlug(newKey.Id) {
 		return fmt.Errorf("this subdomain is reserved. Please choose a different one")
 	}
 	if !isValidSlug(newKey.Id) {
 		return fmt.Errorf("invalid subdomain. Follow the rules")
 	}
 	r.mu.Lock()
 	defer r.mu.Unlock()
-	if _, exists := r.clients[slug]; exists {
+	if _, exists := r.slugIndex[newKey]; exists && newKey != oldKey {
-		return false
+		return fmt.Errorf("someone already uses this subdomain")
 	}
 	client, ok := r.byUser[user][oldKey]
 	if !ok {
 		return fmt.Errorf("session not found")
 	}
-	r.clients[slug] = session
+	delete(r.byUser[user], oldKey)
-	return true
+	delete(r.slugIndex, oldKey)
 	client.slugManager.Set(newKey.Id)
 	r.slugIndex[newKey] = user
 	if r.byUser[user] == nil {
 		r.byUser[user] = make(map[Key]*SSHSession)
 	}
 	r.byUser[user][newKey] = client
 	return nil
 }
-func (r *registry) Remove(slug string) {
+func (r *registry) Register(key Key, session *SSHSession) (success bool) {
 	r.mu.Lock()
 	defer r.mu.Unlock()
-	delete(r.clients, slug)
+	if _, exists := r.slugIndex[key]; exists {
 		return false
 	}
 	userID := session.lifecycle.GetUser()
 	if r.byUser[userID] == nil {
 		r.byUser[userID] = make(map[Key]*SSHSession)
 	}
 	r.byUser[userID][key] = session
 	r.slugIndex[key] = userID
 	return true
 }
 func (r *registry) GetAllSessionFromUser(user string) []*SSHSession {
 	r.mu.RLock()
 	defer r.mu.RUnlock()
 	m := r.byUser[user]
 	if len(m) == 0 {
 		return []*SSHSession{}
 	}
 	sessions := make([]*SSHSession, 0, len(m))
 	for _, s := range m {
 		sessions = append(sessions, s)
 	}
 	return sessions
 }
 func (r *registry) Remove(key Key) {
 	r.mu.Lock()
 	defer r.mu.Unlock()
 	userID, ok := r.slugIndex[key]
 	if !ok {
 		return
 	}
 	delete(r.byUser[userID], key)
 	if len(r.byUser[userID]) == 0 {
 		delete(r.byUser, userID)
 	}
 	delete(r.slugIndex, key)
 }
 func isValidSlug(slug string) bool {
 	if len(slug) < minSlugLength || len(slug) > maxSlugLength {
 		return false
 	}
 	if slug[0] == '-' || slug[len(slug)-1] == '-' {
 		return false
 	}
 	for _, c := range slug {
 		if !isValidSlugChar(byte(c)) {
 			return false
 		}
 	}
 	return true
 }
 func isValidSlugChar(c byte) bool {
 	return (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '-'
 }
 func isForbiddenSlug(slug string) bool {
 	_, ok := forbiddenSlugs[slug]
 	return ok
 }
 var forbiddenSlugs = map[string]struct{}{
 	"ping":          {},
 	"staging":       {},
 	"admin":         {},
 	"root":          {},
 	"api":           {},
 	"www":           {},
 	"support":       {},
 	"help":          {},
 	"status":        {},
 	"health":        {},
 	"login":         {},
 	"logout":        {},
 	"signup":        {},
 	"register":      {},
 	"settings":      {},
 	"config":        {},
 	"null":          {},
 	"undefined":     {},
 	"example":       {},
 	"test":          {},
 	"dev":           {},
 	"system":        {},
 	"administrator": {},
 	"dashboard":     {},
 	"account":       {},
 	"profile":       {},
 	"user":          {},
 	"users":         {},
 	"auth":          {},
 	"oauth":         {},
 	"callback":      {},
 	"webhook":       {},
 	"webhooks":      {},
 	"static":        {},
 	"assets":        {},
 	"cdn":           {},
 	"mail":          {},
 	"email":         {},
 	"ftp":           {},
 	"ssh":           {},
 	"git":           {},
 	"svn":           {},
 	"blog":          {},
 	"news":          {},
 	"about":         {},
 	"contact":       {},
 	"terms":         {},
 	"privacy":       {},
 	"legal":         {},
 	"billing":       {},
 	"payment":       {},
 	"checkout":      {},
 	"cart":          {},
 	"shop":          {},
 	"store":         {},
 	"download":      {},
 	"uploads":       {},
 	"images":        {},
 	"img":           {},
 	"css":           {},
 	"js":            {},
 	"fonts":         {},
 	"public":        {},
 	"private":       {},
 	"internal":      {},
 	"external":      {},
 	"proxy":         {},
 	"cache":         {},
 	"debug":         {},
 	"metrics":       {},
 	"monitoring":    {},
 	"graphql":       {},
 	"rest":          {},
 	"rpc":           {},
 	"socket":        {},
 	"ws":            {},
 	"wss":           {},
 	"app":           {},
 	"apps":          {},
 	"mobile":        {},
 	"desktop":       {},
 	"embed":         {},
 	"widget":        {},
 	"docs":          {},
 	"documentation": {},
 	"wiki":          {},
 	"forum":         {},
 	"community":     {},
 	"feedback":      {},
 	"report":        {},
 	"abuse":         {},
 	"spam":          {},
 	"security":      {},
 	"verify":        {},
 	"confirm":       {},
 	"reset":         {},
 	"password":      {},
 	"recovery":      {},
 	"unsubscribe":   {},
 	"subscribe":     {},
 	"notifications": {},
 	"alerts":        {},
 	"messages":      {},
 	"inbox":         {},
 	"outbox":        {},
 	"sent":          {},
 	"draft":         {},
 	"trash":         {},
 	"archive":       {},
 	"search":        {},
 	"explore":       {},
 	"discover":      {},
 	"trending":      {},
 	"popular":       {},
 	"featured":      {},
 	"new":           {},
 	"latest":        {},
 	"top":           {},
 	"best":          {},
 	"hot":           {},
 	"random":        {},
 	"all":           {},
 	"any":           {},
 	"none":          {},
 	"true":          {},
 	"false":         {},
 }
 var (
 	minSlugLength = 3
 	maxSlugLength = 20
 )
--- a/session/session.go
+++ b/session/session.go
@@ -9,6 +9,7 @@ import (
 	"tunnel_pls/session/interaction"
 	"tunnel_pls/session/lifecycle"
 	"tunnel_pls/session/slug"
 	"tunnel_pls/types"
 	"golang.org/x/crypto/ssh"
 )
@@ -46,16 +47,16 @@ func (s *SSHSession) GetSlugManager() slug.Manager {
 	return s.slugManager
 }
-func New(conn *ssh.ServerConn, forwardingReq <-chan *ssh.Request, sshChan <-chan ssh.NewChannel, sessionRegistry Registry) *SSHSession {
+func New(conn *ssh.ServerConn, forwardingReq <-chan *ssh.Request, sshChan <-chan ssh.NewChannel, sessionRegistry Registry, user string) *SSHSession {
 	slugManager := slug.NewManager()
 	forwarderManager := forwarder.NewForwarder(slugManager)
 	interactionManager := interaction.NewInteraction(slugManager, forwarderManager)
-	lifecycleManager := lifecycle.NewLifecycle(conn, forwarderManager, slugManager)
+	lifecycleManager := lifecycle.NewLifecycle(conn, forwarderManager, slugManager, user)
 	interactionManager.SetLifecycle(lifecycleManager)
 	interactionManager.SetSlugModificator(sessionRegistry.Update)
 	forwarderManager.SetLifecycle(lifecycleManager)
-	lifecycleManager.SetUnregisterClient(sessionRegistry.Remove)
+	interactionManager.SetSessionRegistry(sessionRegistry)
 	lifecycleManager.SetSessionRegistry(sessionRegistry)
 	return &SSHSession{
 		initialReq:    forwardingReq,
@@ -68,32 +69,75 @@ func New(conn *ssh.ServerConn, forwardingReq <-chan *ssh.Request, sshChan <-chan
 	}
 }
-func (s *SSHSession) Start() error {
+type Detail struct {
-	channel := <-s.sshReqChannel
+	ForwardingType string    `json:"forwarding_type,omitempty"`
-	ch, reqs, err := channel.Accept()
+	Slug           string    `json:"slug,omitempty"`
-	if err != nil {
+	UserID         string    `json:"user_id,omitempty"`
-		log.Printf("failed to accept channel: %v", err)
+	Active         bool      `json:"active,omitempty"`
-		return err
+	StartedAt      time.Time `json:"started_at,omitempty"`
 }
 func (s *SSHSession) Detail() Detail {
 	return Detail{
 		ForwardingType: string(s.forwarder.GetTunnelType()),
 		Slug:           s.slugManager.Get(),
 		UserID:         s.lifecycle.GetUser(),
 		Active:         s.lifecycle.IsActive(),
 		StartedAt:      s.lifecycle.StartedAt(),
 	}
 }
 func (s *SSHSession) Start() error {
 	var channel ssh.NewChannel
 	var ok bool
 	select {
 	case channel, ok = <-s.sshReqChannel:
 		if !ok {
 			log.Println("Forwarding request channel closed")
 			return nil
 		}
 		ch, reqs, err := channel.Accept()
 		if err != nil {
 			log.Printf("failed to accept channel: %v", err)
 			return err
 		}
 		go s.HandleGlobalRequest(reqs)
 		s.lifecycle.SetChannel(ch)
 		s.interaction.SetChannel(ch)
 		s.interaction.SetMode(types.INTERACTIVE)
 	case <-time.After(500 * time.Millisecond):
 		s.interaction.SetMode(types.HEADLESS)
 	}
 	go s.HandleGlobalRequest(reqs)
 	tcpipReq := s.waitForTCPIPForward()
 	if tcpipReq == nil {
-		_, err := ch.Write([]byte(fmt.Sprintf("Port forwarding request not received. Ensure you ran the correct command with -R flag. Example: ssh %s -p %s -R 80:localhost:3000", config.Getenv("DOMAIN", "localhost"), config.Getenv("PORT", "2200"))))
+		err := s.interaction.Send(fmt.Sprintf("Port forwarding request not received. Ensure you ran the correct command with -R flag. Example: ssh %s -p %s -R 80:localhost:3000", config.Getenv("DOMAIN", "localhost"), config.Getenv("PORT", "2200")))
 		if err != nil {
 			return err
 		}
 		if err = s.lifecycle.Close(); err != nil {
 			log.Printf("failed to close session: %v", err)
 		}
 		return fmt.Errorf("no forwarding Request")
 	}
 	if (s.interaction.GetMode() == types.HEADLESS && config.Getenv("MODE", "standalone") == "standalone") && s.lifecycle.GetUser() == "UNAUTHORIZED" {
 		if err := tcpipReq.Reply(false, nil); err != nil {
 			log.Printf("cannot reply to tcpip req: %s\n", err)
 			return err
 		}
 		if err := s.lifecycle.Close(); err != nil {
 			log.Printf("failed to close session: %v", err)
 			return err
 		}
-		return fmt.Errorf("No forwarding Request")
+		return nil
 	}
 	s.lifecycle.SetChannel(ch)
 	s.interaction.SetChannel(ch)
 	s.HandleTCPIPForward(tcpipReq)
 	s.interaction.Start()
 	s.lifecycle.GetConnection().Wait()
 	if err := s.lifecycle.Close(); err != nil {
 		log.Printf("failed to close session: %v", err)
 		return err
--- a/types/types.go
+++ b/types/types.go
@@ -8,13 +8,26 @@ const (
 	SETUP        Status = "SETUP"
 )
 type Mode string
 const (
 	INTERACTIVE Mode = "INTERACTIVE"
 	HEADLESS    Mode = "HEADLESS"
 )
 type TunnelType string
 const (
-	HTTP TunnelType = "HTTP"
+	UNKNOWN TunnelType = "UNKNOWN"
-	TCP  TunnelType = "TCP"
+	HTTP    TunnelType = "HTTP"
 	TCP     TunnelType = "TCP"
 )
 type SessionKey struct {
 	Id   string
 	Type TunnelType
 }
 var BadGatewayResponse = []byte("HTTP/1.1 502 Bad Gateway\r\n" +
 	"Content-Length: 11\r\n" +
 	"Content-Type: text/plain\r\n\r\n" +
Author	SHA1	Message	Date
bagas	abd103b5ab	fix(port): add atomic ClaimPort() to prevent race condition All checks were successful Docker Build and Push / build-and-push-tags (push) Successful in 3m23s Details Docker Build and Push / build-and-push-branches (push) Has been skipped Details - Replace GetPortStatus/SetPortStatus calls with atomic ClaimPort() operation. - Fixed a logic error when handling headless tunneling.	2026-01-12 18:25:35 +07:00
bagas	560c98b869	refactor: consolidate error handling with fail() function in session handlers All checks were successful Docker Build and Push / build-and-push-tags (push) Successful in 3m21s Details Docker Build and Push / build-and-push-branches (push) Has been skipped Details - Replace repetitive error handling code with fail() function in HandleGlobalRequest - Standardize error response pattern across all handler methods - Improve code maintainability and reduce duplication	2026-01-12 14:42:42 +07:00
bagas	e1f5d73e03	feat: add headless mode support for SSH -N connections All checks were successful Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Successful in 3m3s Details - use s.lifecycle.GetConnection().Wait() to block until SSH connection closes - Prevent premature session closure in headless mode In headless mode (ssh -N), there's no channel interaction to block on, so the session would immediately return and close. Now blocking on conn.Wait() keeps the session alive until the client disconnects.	2026-01-11 15:21:11 +07:00
bagas	19fd6d59d2	Merge pull request 'main' (#62 ) from main into staging All checks were successful Docker Build and Push / build-and-push-tags (push) Has been skipped Details Docker Build and Push / build-and-push-branches (push) Successful in 3m32s Details Reviewed-on: #62	2026-01-09 12:15:30 +00:00
bagas	e3988b339f	Merge pull request 'fix(deps): update module github.com/caddyserver/certmagic to v0.25.1' (#61 ) from renovate/github.com-caddyserver-certmagic-0.x into main All checks were successful Docker Build and Push / build-and-push-tags (push) Has been skipped Details Docker Build and Push / build-and-push-branches (push) Successful in 3m21s Details Reviewed-on: #61	2026-01-09 12:15:05 +00:00
Renovate-Clanker	336948a397	fix(deps): update module github.com/caddyserver/certmagic to v0.25.1	2026-01-09 10:00:35 +00:00
bagas	50ae422de8	Merge pull request 'staging' (#60 ) from staging into main All checks were successful Docker Build and Push / build-and-push-tags (push) Has been skipped Details Docker Build and Push / build-and-push-branches (push) Successful in 3m20s Details Reviewed-on: #60	2026-01-09 09:33:28 +00:00
bagas	8467ed555e	revert `01ddc76f7e` Some checks failed Docker Build and Push / build-and-push-tags (push) Has been skipped Details Docker Build and Push / build-and-push-branches (push) Has been cancelled Details revert Merge pull request 'fix(deps): update module github.com/caddyserver/certmagic to v0.25.1' (#58) from renovate/github.com-caddyserver-certmagic-0.x into main	2026-01-09 09:33:04 +00:00
Renovate-Clanker	01ddc76f7e	Merge pull request 'fix(deps): update module github.com/caddyserver/certmagic to v0.25.1' (#58 ) from renovate/github.com-caddyserver-certmagic-0.x into main Some checks are pending Docker Build and Push / build-and-push-branches (push) Waiting to run Details Docker Build and Push / build-and-push-tags (push) Has been skipped Details	2026-01-09 09:30:23 +00:00
Renovate-Clanker	ffb3565ff5	fix(deps): update module github.com/caddyserver/certmagic to v0.25.1	2026-01-09 09:30:18 +00:00
bagas	6d700ef6dd	Merge pull request 'feat/grpc-integration' (#59 ) from feat/grpc-integration into staging All checks were successful Docker Build and Push / build-and-push-branches (push) Successful in 5m25s Details Docker Build and Push / build-and-push-tags (push) Has been skipped Details Reviewed-on: #59	2026-01-09 09:24:20 +00:00
bagas	b8acb6da4c	ci: remove renovate Some checks failed Docker Build and Push / build-and-push-tags (push) Has been skipped Details Docker Build and Push / build-and-push-branches (push) Has been cancelled Details	2026-01-08 13:03:02 +07:00
bagas	6b4127f0ef	feat: add authenticated user info and restructure handleConnection All checks were successful Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Successful in 3m21s Details - Display authenticated username in welcome page information box - Refactor handleConnection function for better structure and clarity	2026-01-07 23:07:02 +07:00
bagas	16d48ff906	refactor(grpc/client): simplify processEventStream with per-event handlers All checks were successful Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Successful in 3m20s Details - Extract eventHandlers dispatch table - Add per-event handlers: handleSlugChange, handleGetSessions, handleTerminateSession - Introduce sendNode helper to centralize send/error handling and preserve connection-error propagation - Add protoToTunnelType for tunnel-type validation - Map unknown proto.TunnelType to types.UNKNOWN in protoToTunnelType and return a descriptive error - Reduce boilerplate and improve readability of processEventStream	2026-01-06 20:14:56 +07:00
bagas	6213ff8a30	feat: implement forwarder session termination All checks were successful Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Successful in 3m36s Details	2026-01-06 18:32:48 +07:00
bagas	4ffaec9d9a	refactor: inject SessionRegistry interface instead of individual functions All checks were successful Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Successful in 4m16s Details	2026-01-05 16:49:17 +07:00
bagas	6de0a618ee	update: proto file to v1.3.0 All checks were successful Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Successful in 4m0s Details	2026-01-05 00:55:51 +07:00
bagas	8cc70fa45e	feat(session): use session key for registry	2026-01-05 00:50:42 +07:00
bagas	d666ae5545	fix: use correct environment variable key All checks were successful Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Successful in 4m1s Details	2026-01-04 18:21:34 +07:00
bagas	5edb3c8086	fix: startup order All checks were successful Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Successful in 3m51s Details	2026-01-04 15:19:03 +07:00
bagas	5b603d8317	feat: implement sessions request from grpc server All checks were successful Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Successful in 4m7s Details	2026-01-03 21:17:01 +07:00
bagas	5ceade81db	Merge pull request 'staging' (#57 ) from staging into main Some checks failed Docker Build and Push / build-and-push-tags (push) Has been skipped Details Docker Build and Push / build-and-push-branches (push) Successful in 3m57s Details renovate / renovate (push) Failing after 34s Details Reviewed-on: #57	2026-01-03 13:07:49 +00:00
bagas	8fd9f8b567	feat: implement sessions request from grpc server Some checks failed Docker Build and Push / build-and-push-branches (push) Has been skipped Details Docker Build and Push / build-and-push-tags (push) Has been cancelled Details	2026-01-03 20:06:14 +07:00
bagas	30e84ac3b7	feat: implement get sessions by user	2026-01-02 22:58:54 +07:00
bagas	fd6ffc2500	feat(grpc): integrate slug edit handling	2026-01-02 18:27:48 +07:00
bagas	e1cd4ed981	WIP: gRPC integration, initial implementation	2026-01-01 21:03:17 +07:00
bagas	96d2b88f95	WIP: gRPC integration, initial implementation	2026-01-01 21:01:15 +07:00
bagas	8a456d2cde	Merge pull request 'staging' (#55 ) from staging into main All checks were successful Docker Build and Push / build-and-push-tags (push) Has been skipped Details Docker Build and Push / build-and-push-branches (push) Successful in 5m50s Details renovate / renovate (push) Successful in 35s Details Reviewed-on: #55	2025-12-31 08:51:25 +00:00
bagas	8841230653	Merge pull request 'fix: prevent subdomain change to already-in-use subdomains' (#54 ) from staging into main All checks were successful Docker Build and Push / build-and-push (push) Successful in 5m20s Details renovate / renovate (push) Successful in 38s Details Reviewed-on: #54	2025-12-30 12:42:05 +00:00
bagas	4d0a7deaf2	Merge pull request 'staging' (#53 ) from staging into main All checks were successful Docker Build and Push / build-and-push (push) Successful in 3m33s Details renovate / renovate (push) Successful in 22s Details Reviewed-on: #53	2025-12-29 17:18:25 +00:00