npm - pinggy - Versions diffs - 0.3.4 → 0.3.6 - Mend

pinggy 0.3.4 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/README.md +1 -1
package/dist/chunk-65R2GMKQ.js +2101 -0
package/dist/index.cjs +1814 -1362
package/dist/index.d.cts +616 -0
package/dist/index.d.ts +616 -0
package/dist/index.js +38 -55
package/dist/{main-CZY6GID4.js → main-2QDG7PWL.js} +229 -1726
package/package.json +3 -4
package/.github/workflows/npm-publish-github-packages.yml +0 -34
package/.github/workflows/publish-binaries.yml +0 -223
package/Makefile +0 -4
package/caxa_build.js +0 -24
package/dist/chunk-T5ESYDJY.js +0 -121
package/ent.plist +0 -14
package/jest.config.js +0 -19
package/src/_tests_/build_config.test.ts +0 -91
package/src/cli/buildConfig.ts +0 -475
package/src/cli/defaults.ts +0 -20
package/src/cli/extendedOptions.ts +0 -153
package/src/cli/help.ts +0 -43
package/src/cli/options.ts +0 -50
package/src/cli/starCli.ts +0 -229
package/src/index.ts +0 -30
package/src/logger.ts +0 -138
package/src/main.ts +0 -87
package/src/remote_management/handler.ts +0 -244
package/src/remote_management/remoteManagement.ts +0 -226
package/src/remote_management/remote_schema.ts +0 -176
package/src/remote_management/websocket_handlers.ts +0 -180
package/src/tui/blessed/TunnelTui.ts +0 -340
package/src/tui/blessed/components/DisplayUpdaters.ts +0 -189
package/src/tui/blessed/components/KeyBindings.ts +0 -236
package/src/tui/blessed/components/Modals.ts +0 -302
package/src/tui/blessed/components/UIComponents.ts +0 -306
package/src/tui/blessed/components/index.ts +0 -4
package/src/tui/blessed/config.ts +0 -53
package/src/tui/blessed/headerFetcher.ts +0 -42
package/src/tui/blessed/index.ts +0 -2
package/src/tui/blessed/qrCodeGenerator.ts +0 -20
package/src/tui/blessed/webDebuggerConnection.ts +0 -128
package/src/tui/ink/asciArt.ts +0 -7
package/src/tui/ink/hooks/useQrCodes.ts +0 -27
package/src/tui/ink/hooks/useReqResHeaders.ts +0 -27
package/src/tui/ink/hooks/useTerminalSize.ts +0 -26
package/src/tui/ink/hooks/useTerminalStats.ts +0 -24
package/src/tui/ink/hooks/useWebDebugger.ts +0 -98
package/src/tui/ink/index.tsx +0 -243
package/src/tui/ink/layout/Borders.tsx +0 -15
package/src/tui/ink/layout/Container.tsx +0 -15
package/src/tui/ink/sections/DebuggerDetailModal.tsx +0 -53
package/src/tui/ink/sections/KeyBindings.tsx +0 -58
package/src/tui/ink/sections/QrCodeSection.tsx +0 -28
package/src/tui/ink/sections/StatsSection.tsx +0 -20
package/src/tui/ink/sections/URLsSection.tsx +0 -53
package/src/tui/ink/utils/utils.ts +0 -35
package/src/tui/spinner/spinner.ts +0 -64
package/src/tunnel_manager/TunnelManager.ts +0 -1212
package/src/types.ts +0 -255
package/src/utils/FileServer.ts +0 -112
package/src/utils/detect_vc_redist_on_windows.ts +0 -167
package/src/utils/getFreePort.ts +0 -41
package/src/utils/htmlTemplates.ts +0 -146
package/src/utils/parseArgs.ts +0 -79
package/src/utils/printer.ts +0 -81
package/src/utils/util.ts +0 -18
package/src/workers/file_serve_worker.ts +0 -33
package/tsconfig.json +0 -17
package/tsup.config.ts +0 -12

package/dist/index.cjs CHANGED Viewed

@@ -29,6 +29,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
   mod
 ));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 // node_modules/tsup/assets/cjs_shims.js
 var getImportMetaUrl, importMetaUrl;
@@ -321,6 +322,10 @@ var init_TunnelManager = __esm({
         this.tunnelDisconnectListeners = /* @__PURE__ */ new Map();
         this.tunnelWorkerErrorListeners = /* @__PURE__ */ new Map();
         this.tunnelStartListeners = /* @__PURE__ */ new Map();
+        this.tunnelWillReconnectListeners = /* @__PURE__ */ new Map();
+        this.tunnelReconnectingListeners = /* @__PURE__ */ new Map();
+        this.tunnelReconnectionCompletedListeners = /* @__PURE__ */ new Map();
+        this.tunnelReconnectionFailedListeners = /* @__PURE__ */ new Map();
       }
       static getInstance() {
         if (!_TunnelManager.instance) {
@@ -403,6 +408,10 @@ var init_TunnelManager = __esm({
         this.setupStatsCallback(params.tunnelid, managed);
         this.setupErrorCallback(params.tunnelid, managed);
         this.setupDisconnectCallback(params.tunnelid, managed);
+        this.setupWillReconnectCallback(params.tunnelid, managed);
+        this.setupReconnectingCallback(params.tunnelid, managed);
+        this.setupReconnectionCompletedCallback(params.tunnelid, managed);
+        this.setupReconnectionFailedCallback(params.tunnelid, managed);
         this.setUpTunnelWorkerErrorCallback(params.tunnelid, managed);
         this.tunnelsByTunnelId.set(params.tunnelid, managed);
         this.tunnelsByConfigId.set(params.configid, managed);
@@ -505,6 +514,10 @@ var init_TunnelManager = __esm({
           this.tunnelDisconnectListeners.delete(tunnelId);
           this.tunnelWorkerErrorListeners.delete(tunnelId);
           this.tunnelStartListeners.delete(tunnelId);
+          this.tunnelWillReconnectListeners.delete(tunnelId);
+          this.tunnelReconnectingListeners.delete(tunnelId);
+          this.tunnelReconnectionCompletedListeners.delete(tunnelId);
+          this.tunnelReconnectionFailedListeners.delete(tunnelId);
           managed.serveWorker = null;
           managed.warnings = managed.warnings ?? [];
           managed.isStopped = true;
@@ -638,6 +651,10 @@ var init_TunnelManager = __esm({
           this.tunnelDisconnectListeners.delete(managed.tunnelid);
           this.tunnelWorkerErrorListeners.delete(managed.tunnelid);
           this.tunnelStartListeners.delete(managed.tunnelid);
+          this.tunnelWillReconnectListeners.delete(managed.tunnelid);
+          this.tunnelReconnectingListeners.delete(managed.tunnelid);
+          this.tunnelReconnectionCompletedListeners.delete(managed.tunnelid);
+          this.tunnelReconnectionFailedListeners.delete(managed.tunnelid);
           this.tunnelsByTunnelId.delete(managed.tunnelid);
           this.tunnelsByConfigId.delete(managed.configid);
         } catch (e) {
@@ -718,6 +735,10 @@ var init_TunnelManager = __esm({
           this.tunnelDisconnectListeners.delete(tunnelid);
           this.tunnelWorkerErrorListeners.delete(tunnelid);
           this.tunnelStartListeners.delete(tunnelid);
+          this.tunnelWillReconnectListeners.delete(tunnelid);
+          this.tunnelReconnectingListeners.delete(tunnelid);
+          this.tunnelReconnectionCompletedListeners.delete(tunnelid);
+          this.tunnelReconnectionFailedListeners.delete(tunnelid);
           const newTunnel = await this._createTunnelWithProcessedConfig({
             configid: currentConfigId,
             tunnelid,
@@ -974,6 +995,58 @@ var init_TunnelManager = __esm({
         logger.info("Start listener registered for tunnel", { tunnelId, listenerId });
         return listenerId;
       }
+      async registerWillReconnectListener(tunnelId, listener) {
+        const managed = this.tunnelsByTunnelId.get(tunnelId);
+        if (!managed) {
+          throw new Error(`Tunnel "${tunnelId}" not found`);
+        }
+        if (!this.tunnelWillReconnectListeners.has(tunnelId)) {
+          this.tunnelWillReconnectListeners.set(tunnelId, /* @__PURE__ */ new Map());
+        }
+        const listenerId = getRandomId();
+        this.tunnelWillReconnectListeners.get(tunnelId).set(listenerId, listener);
+        logger.info("WillReconnect listener registered for tunnel", { tunnelId, listenerId });
+        return listenerId;
+      }
+      async registerReconnectingListener(tunnelId, listener) {
+        const managed = this.tunnelsByTunnelId.get(tunnelId);
+        if (!managed) {
+          throw new Error(`Tunnel "${tunnelId}" not found`);
+        }
+        if (!this.tunnelReconnectingListeners.has(tunnelId)) {
+          this.tunnelReconnectingListeners.set(tunnelId, /* @__PURE__ */ new Map());
+        }
+        const listenerId = getRandomId();
+        this.tunnelReconnectingListeners.get(tunnelId).set(listenerId, listener);
+        logger.info("Reconnecting listener registered for tunnel", { tunnelId, listenerId });
+        return listenerId;
+      }
+      async registerReconnectionCompletedListener(tunnelId, listener) {
+        const managed = this.tunnelsByTunnelId.get(tunnelId);
+        if (!managed) {
+          throw new Error(`Tunnel "${tunnelId}" not found`);
+        }
+        if (!this.tunnelReconnectionCompletedListeners.has(tunnelId)) {
+          this.tunnelReconnectionCompletedListeners.set(tunnelId, /* @__PURE__ */ new Map());
+        }
+        const listenerId = getRandomId();
+        this.tunnelReconnectionCompletedListeners.get(tunnelId).set(listenerId, listener);
+        logger.info("ReconnectionCompleted listener registered for tunnel", { tunnelId, listenerId });
+        return listenerId;
+      }
+      async registerReconnectionFailedListener(tunnelId, listener) {
+        const managed = this.tunnelsByTunnelId.get(tunnelId);
+        if (!managed) {
+          throw new Error(`Tunnel "${tunnelId}" not found`);
+        }
+        if (!this.tunnelReconnectionFailedListeners.has(tunnelId)) {
+          this.tunnelReconnectionFailedListeners.set(tunnelId, /* @__PURE__ */ new Map());
+        }
+        const listenerId = getRandomId();
+        this.tunnelReconnectionFailedListeners.get(tunnelId).set(listenerId, listener);
+        logger.info("ReconnectionFailed listener registered for tunnel", { tunnelId, listenerId });
+        return listenerId;
+      }
       /**
        * Removes a previously registered stats listener.
        *
@@ -1028,6 +1101,72 @@ var init_TunnelManager = __esm({
           logger.warn("Attempted to deregister non-existent disconnect listener", { tunnelId, listenerId });
         }
       }
+      deregisterWillReconnectListener(tunnelId, listenerId) {
+        const listeners = this.tunnelWillReconnectListeners.get(tunnelId);
+        if (!listeners) {
+          logger.warn("No will-reconnect listeners found for tunnel", { tunnelId });
+          return;
+        }
+        ;
+        const removed = listeners.delete(listenerId);
+        if (removed) {
+          logger.info("WillReconnect listener deregistered", { tunnelId, listenerId });
+          if (listeners.size === 0) {
+            this.tunnelWillReconnectListeners.delete(tunnelId);
+          }
+        } else {
+          logger.warn("Attempted to deregister non-existent will-reconnect listener", { tunnelId, listenerId });
+        }
+      }
+      deregisterReconnectingListener(tunnelId, listenerId) {
+        const listeners = this.tunnelReconnectingListeners.get(tunnelId);
+        if (!listeners) {
+          logger.warn("No reconnecting listeners found for tunnel", { tunnelId });
+          return;
+        }
+        ;
+        const removed = listeners.delete(listenerId);
+        if (removed) {
+          logger.info("Reconnecting listener deregistered", { tunnelId, listenerId });
+          if (listeners.size === 0) {
+            this.tunnelReconnectingListeners.delete(tunnelId);
+          }
+        } else {
+          logger.warn("Attempted to deregister non-existent reconnecting listener", { tunnelId, listenerId });
+        }
+      }
+      deregisterReconnectionCompletedListener(tunnelId, listenerId) {
+        const listeners = this.tunnelReconnectionCompletedListeners.get(tunnelId);
+        if (!listeners) {
+          logger.warn("No reconnection completed listeners found for tunnel", { tunnelId });
+          return;
+        }
+        const removed = listeners.delete(listenerId);
+        if (removed) {
+          logger.info("Reconnection completed listener deregistered", { tunnelId, listenerId });
+          if (listeners.size === 0) {
+            this.tunnelReconnectionCompletedListeners.delete(tunnelId);
+          }
+        } else {
+          logger.warn("Attempted to deregister non-existent reconnection completed listener", { tunnelId, listenerId });
+        }
+      }
+      deregisterReconnectionFailedListener(tunnelId, listenerId) {
+        const listeners = this.tunnelReconnectionFailedListeners.get(tunnelId);
+        if (!listeners) {
+          logger.warn("No reconnection failed listeners found for tunnel", { tunnelId });
+          return;
+        }
+        const removed = listeners.delete(listenerId);
+        if (removed) {
+          logger.info("Reconnection failed listener deregistered", { tunnelId, listenerId });
+          if (listeners.size === 0) {
+            this.tunnelReconnectionFailedListeners.delete(tunnelId);
+          }
+        } else {
+          logger.warn("Attempted to deregister non-existent reconnection failed listener", { tunnelId, listenerId });
+        }
+      }
       async getLocalserverTlsInfo(tunnelId) {
         const managed = this.tunnelsByTunnelId.get(tunnelId);
         if (!managed) {
@@ -1106,17 +1245,6 @@ var init_TunnelManager = __esm({
                 managedTunnel.isStopped = true;
                 managedTunnel.stoppedAt = (/* @__PURE__ */ new Date()).toISOString();
               }
-              if (managedTunnel && managedTunnel.autoReconnect) {
-                logger.info("Auto-reconnecting tunnel", { tunnelId });
-                setTimeout(async () => {
-                  try {
-                    await this.restartTunnel(tunnelId);
-                    logger.info("Tunnel auto-reconnected successfully", { tunnelId });
-                  } catch (e) {
-                    logger.error("Failed to auto-reconnect tunnel", { tunnelId, e });
-                  }
-                }, 1e4);
-              }
               const listeners = this.tunnelDisconnectListeners.get(tunnelId);
               if (!listeners) return;
               for (const [id, listener] of listeners) {
@@ -1136,6 +1264,140 @@ var init_TunnelManager = __esm({
           logger.warn("Failed to set up disconnect callback", { tunnelId, error });
         }
       }
+      /**
+       * Called when the tunnel disconnects and the SDK is about to start reconnecting.
+       * Notifies registered will-reconnect listeners.
+       */
+      setupWillReconnectCallback(tunnelId, managed) {
+        try {
+          const callback = ({ error, messages }) => {
+            try {
+              logger.info("Tunnel will reconnect", { tunnelId, error, messages });
+              const listeners = this.tunnelWillReconnectListeners.get(tunnelId);
+              if (!listeners) return;
+              for (const [id, listener] of listeners) {
+                try {
+                  listener(tunnelId, error, messages);
+                } catch (err) {
+                  logger.debug("Error in will-reconnect-listener callback", { listenerId: id, tunnelId, err });
+                }
+              }
+            } catch (e) {
+              logger.warn("Error handling will-reconnect callback", { tunnelId, e });
+            }
+          };
+          managed.instance.setWillReconnectCallback(callback);
+          logger.debug("WillReconnect callback set up for tunnel", { tunnelId });
+        } catch (error) {
+          logger.warn("Failed to set up will-reconnect callback", { tunnelId, error });
+        }
+      }
+      /**
+       * Called for each reconnection attempt with the current retry count.
+       * Notifies registered reconnecting listeners.
+       */
+      setupReconnectingCallback(tunnelId, managed) {
+        try {
+          const callback = ({ retryCnt }) => {
+            try {
+              logger.info("Tunnel reconnecting", { tunnelId, retryCnt });
+              const listeners = this.tunnelReconnectingListeners.get(tunnelId);
+              if (!listeners) return;
+              for (const [id, listener] of listeners) {
+                try {
+                  listener(tunnelId, retryCnt);
+                } catch (err) {
+                  logger.debug("Error in reconnecting-listener callback", { listenerId: id, tunnelId, err });
+                }
+              }
+            } catch (e) {
+              logger.warn("Error handling reconnecting callback", { tunnelId, e });
+            }
+          };
+          managed.instance.setReconnectingCallback(callback);
+          logger.debug("Reconnecting callback set up for tunnel", { tunnelId });
+        } catch (error) {
+          logger.warn("Failed to set up reconnecting callback", { tunnelId, error });
+        }
+      }
+      /**
+       * Called when reconnection succeeds. Updates tunnel state back to active,
+       * and notifies registered reconnection-completed and start listeners with new URLs.
+       */
+      setupReconnectionCompletedCallback(tunnelId, managed) {
+        try {
+          const callback = ({ urls }) => {
+            try {
+              logger.info("Tunnel reconnection completed", { tunnelId, urls });
+              const managedTunnel = this.tunnelsByTunnelId.get(tunnelId);
+              if (managedTunnel) {
+                managedTunnel.isStopped = false;
+                managedTunnel.startedAt = (/* @__PURE__ */ new Date()).toISOString();
+                managedTunnel.stoppedAt = null;
+              }
+              const listeners = this.tunnelReconnectionCompletedListeners.get(tunnelId);
+              if (listeners) {
+                for (const [id, listener] of listeners) {
+                  try {
+                    listener(tunnelId, urls);
+                  } catch (err) {
+                    logger.debug("Error in reconnection-completed-listener callback", { listenerId: id, tunnelId, err });
+                  }
+                }
+              }
+              const startListeners = this.tunnelStartListeners.get(tunnelId);
+              if (startListeners) {
+                for (const [id, listener] of startListeners) {
+                  try {
+                    listener(tunnelId, urls);
+                  } catch (err) {
+                    logger.debug("Error in start-listener callback on reconnection", { listenerId: id, tunnelId, err });
+                  }
+                }
+              }
+            } catch (e) {
+              logger.warn("Error handling reconnection-completed callback", { tunnelId, e });
+            }
+          };
+          managed.instance.setReconnectionCompletedCallback(callback);
+          logger.debug("ReconnectionCompleted callback set up for tunnel", { tunnelId });
+        } catch (error) {
+          logger.warn("Failed to set up reconnection-completed callback", { tunnelId, error });
+        }
+      }
+      /**
+       * Called when all reconnection attempts are exhausted.
+       * Marks the tunnel as stopped and notifies registered reconnection-failed listeners.
+       */
+      setupReconnectionFailedCallback(tunnelId, managed) {
+        try {
+          const callback = ({ retryCnt }) => {
+            try {
+              logger.error("Tunnel reconnection failed", { tunnelId, retryCnt });
+              const managedTunnel = this.tunnelsByTunnelId.get(tunnelId);
+              if (managedTunnel) {
+                managedTunnel.isStopped = true;
+                managedTunnel.stoppedAt = (/* @__PURE__ */ new Date()).toISOString();
+              }
+              const listeners = this.tunnelReconnectionFailedListeners.get(tunnelId);
+              if (!listeners) return;
+              for (const [id, listener] of listeners) {
+                try {
+                  listener(tunnelId, retryCnt);
+                } catch (err) {
+                  logger.debug("Error in reconnection-failed-listener callback", { listenerId: id, tunnelId, err });
+                }
+              }
+            } catch (e) {
+              logger.warn("Error handling reconnection-failed callback", { tunnelId, e });
+            }
+          };
+          managed.instance.setReconnectionFailedCallback(callback);
+          logger.debug("ReconnectionFailed callback set up for tunnel", { tunnelId });
+        } catch (error) {
+          logger.warn("Failed to set up reconnection-failed callback", { tunnelId, error });
+        }
+      }
       setUpTunnelWorkerErrorCallback(tunnelId, managed) {
         try {
           const callback = (error) => {
@@ -1251,1397 +1513,1461 @@ var init_TunnelManager = __esm({
   }
 });
-// src/cli/options.ts
-var cliOptions;
-var init_options = __esm({
-  "src/cli/options.ts"() {
-    "use strict";
-    init_cjs_shims();
-    cliOptions = {
-      // SSH-like options
-      R: { type: "string", multiple: true, description: "Local port. Eg. -R0:localhost:3000 will forward tunnel connections to local port 3000." },
-      L: { type: "string", multiple: true, description: "Web Debugger address. Eg. -L4300:localhost:4300 will start web debugger on port 4300." },
-      o: { type: "string", multiple: true, description: "Options", hidden: true },
-      "server-port": { type: "string", short: "p", description: "Pinggy server port. Default: 443" },
-      v4: { type: "boolean", short: "4", description: "IPv4 only", hidden: true },
-      v6: { type: "boolean", short: "6", description: "IPv6 only", hidden: true },
-      // These options appear in the ssh command, but we ignore it in CLI
-      t: { type: "boolean", description: "hidden", hidden: true },
-      T: { type: "boolean", description: "hidden", hidden: true },
-      n: { type: "boolean", description: "hidden", hidden: true },
-      N: { type: "boolean", description: "hidden", hidden: true },
-      // Better options
-      type: { type: "string", description: "Type of the connection. Eg. --type tcp" },
-      localport: { type: "string", short: "l", description: "Takes input as [protocol:][host:]port. Eg. --localport https://localhost:8000 OR -l 3000" },
-      debugger: { type: "string", short: "d", description: "Port for web debugger. Eg. --debugger 4300 OR -d 4300" },
-      token: { type: "string", description: "Token for authentication. Eg. --token TOKEN_VALUE" },
-      // Logging options (CLI overrides env)
-      loglevel: { type: "string", description: "Logging level: ERROR, INFO, DEBUG. Overrides PINGGY_LOG_LEVEL environment variable" },
-      logfile: { type: "string", description: "Path to log file. Overrides PINGGY_LOG_FILE environment variable" },
-      v: { type: "boolean", description: "Print logs to stdout for Cli. Overrides PINGGY_LOG_STDOUT environment variable" },
-      vv: { type: "boolean", description: "Enable detailed logging for the Node.js SDK and Libpinggy, including both info and debug level logs." },
-      vvv: { type: "boolean", description: "Enable all logs from Cli, SDK and internal components." },
-      autoreconnect: { type: "boolean", short: "a", description: "Automatically reconnect tunnel on failure." },
-      // Save and load config
-      saveconf: { type: "string", description: "Create the configuration file based on the options provided here" },
-      conf: { type: "string", description: "Use the configuration file as base. Other options will be used to override this file" },
-      // File server
-      serve: { type: "string", description: "Start a webserver to serve files from the specified path. Eg --serve /path/to/files" },
-      // Remote Control
-      "remote-management": { type: "string", description: "Enable remote management of tunnels with token. Eg. --remote-management API_KEY" },
-      manage: { type: "string", description: "Provide a server address to manage tunnels. Eg --manage dashboard.pinggy.io" },
-      notui: { type: "boolean", description: "Disable TUI in remote management mode" },
-      // Misc
-      version: { type: "boolean", description: "Print version" },
-      // Help
-      help: { type: "boolean", short: "h", description: "Show this help message" }
-    };
-  }
-});
-// src/cli/help.ts
-function printHelpMessage() {
-  console.log("\nPinggy CLI Tool - Create secure tunnels to your localhost.");
-  console.log("\nUsage:");
-  console.log("   pinggy [options] -l <port>\n");
-  console.log("Options:");
-  for (const [key, value] of Object.entries(cliOptions)) {
-    if (value.hidden) continue;
-    const short = "short" in value && value.short ? `-${value.short}, ` : "    ";
-    const optType = value.type === "boolean" ? "" : "<value>";
-    console.log(`  ${short}--${key.padEnd(17)} ${optType.padEnd(8)} ${value.description}`);
-  }
-  console.log("\nExtended options :");
-  console.log("  x:https                 Enforce HTTPS only (redirect HTTP to HTTPS)");
-  console.log("  x:noreverseproxy        Disable built-in reverse-proxy header injection");
-  console.log("  x:localservertls:host   Connect to local HTTPS server with SNI");
-  console.log("  x:passpreflight         Pass CORS preflight requests unchanged");
-  console.log("  a:Key:Val               Add header");
-  console.log("  u:Key:Val               Update header");
-  console.log("  r:Key                   Remove header");
-  console.log("  b:user:pass             Basic auth");
-  console.log("  k:BEARER                Bearer token");
-  console.log("  w:192.168.1.0/24        IP whitelist (CIDR)");
-  console.log("\nExamples (User-friendly):");
-  console.log("  pinggy -l 3000                           # HTTP(S) tunnel to localhost port 3000");
-  console.log("  pinggy --type tcp -l 22                  # TCP tunnel for SSH (port 22)");
-  console.log("  pinggy -l 8080 -d 4300                   # HTTP tunnel to port 8080 with debugger running at localhost:4300");
-  console.log("  pinggy --token mytoken -l 3000           # Authenticated tunnel");
-  console.log("  pinggy x:https x:xff -l https://localhost:8443  # HTTPS-only + XFF");
-  console.log("  pinggy w:192.168.1.0/24 -l 8080          # IP whitelist restriction");
-  console.log("\nExamples (SSH-style):");
-  console.log("  pinggy -R0:localhost:3000                        # Basic HTTP tunnel");
-  console.log("  pinggy --type tcp -R0:localhost:22               # TCP tunnel for SSH");
-  console.log("  pinggy -R0:localhost:8080 -L4300:localhost:4300  # HTTP tunnel with debugger");
-  console.log("  pinggy tcp@ap.example.com -R0:localhost:22       # TCP tunnel to region\n");
+// src/types.ts
+function isErrorResponse(obj) {
+  return typeof obj === "object" && obj !== null && "code" in obj && "message" in obj && typeof obj.message === "string" && Object.values(ErrorCode).includes(obj.code);
 }
-var init_help = __esm({
-  "src/cli/help.ts"() {
-    "use strict";
-    init_cjs_shims();
-    init_options();
-  }
-});
-// src/cli/defaults.ts
-var defaultOptions;
-var init_defaults = __esm({
-  "src/cli/defaults.ts"() {
-    "use strict";
-    init_cjs_shims();
-    defaultOptions = {
-      token: void 0,
-      // No default token
-      serverAddress: "a.pinggy.io",
-      forwarding: "localhost:8000",
-      webDebugger: "",
-      ipWhitelist: [],
-      basicAuth: [],
-      bearerTokenAuth: [],
-      headerModification: [],
-      force: false,
-      xForwardedFor: false,
-      httpsOnly: false,
-      originalRequestUrl: false,
-      allowPreflight: false,
-      reverseProxy: false,
-      autoReconnect: false
-    };
-  }
-});
-// src/cli/extendedOptions.ts
-function parseExtendedOptions(options, config) {
-  if (!options) return;
-  for (const opt of options) {
-    const [key, value] = opt.replace(/^"|"$/g, "").split(/:(.+)/).filter(Boolean);
-    switch (key) {
-      case "x":
-        switch (value) {
-          case "https":
-          case "httpsonly":
-            config.httpsOnly = true;
-            break;
-          case "passpreflight":
-          case "allowpreflight":
-            config.allowPreflight = true;
-            break;
-          case "reverseproxy":
-            config.reverseProxy = false;
-            break;
-          case "xff":
-            config.xForwardedFor = true;
-            break;
-          case "fullurl":
-          case "fullrequesturl":
-            config.originalRequestUrl = true;
-            break;
-          default:
-            printer_default.warn(`Unknown extended option "${key}"`);
-            logger.warn(`Warning: Unknown extended option "${key}"`);
-            break;
-        }
-        break;
-      case "w":
-        if (value) {
-          const ips = value.split(",").map((ip) => ip.trim()).filter(Boolean);
-          const invalidIps = ips.filter((ip) => !(isValidIpV4Cidr(ip) || isValidIpV6Cidr(ip)));
-          if (invalidIps.length > 0) {
-            printer_default.warn(`Invalid IP/CIDR(s) in whitelist: ${invalidIps.join(", ")}`);
-            logger.warn(`Warning: Invalid IP/CIDR(s) in whitelist: ${invalidIps.join(", ")}`);
-          }
-          if (!(invalidIps.length > 0)) {
-            config.ipWhitelist = ips;
-          }
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'w' requires IP(s)`);
-          logger.warn(`Warning: Extended option "${opt}" for 'w' requires IP(s)`);
-        }
-        break;
-      case "k":
-        if (!config.bearerTokenAuth) config.bearerTokenAuth = [];
-        if (value) {
-          config.bearerTokenAuth.push(value);
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'k' requires a value`);
-          logger.warn(`Warning: Extended option "${opt}" for 'k' requires a value`);
-        }
-        break;
-      case "b":
-        if (value && value.includes(":")) {
-          const [username, password] = value.split(/:(.+)/);
-          if (!config.basicAuth) config.basicAuth = [];
-          config.basicAuth.push({ username, password });
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'b' requires value in format username:password`);
-          logger.warn(`Warning: Extended option "${opt}" for 'b' requires value in format username:password`);
-        }
-        break;
-      case "a":
-        if (value && value.includes(":")) {
-          const [key2, val] = value.split(/:(.+)/);
-          if (!config.headerModification) config.headerModification = [];
-          config.headerModification.push({ type: "add", key: key2, value: [val] });
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'a' requires key:value`);
-          logger.warn(`Warning: Extended option "${opt}" for 'a' requires key:value`);
-        }
-        break;
-      case "u":
-        if (value && value.includes(":")) {
-          const [key2, val] = value.split(/:(.+)/);
-          if (!config.headerModification) config.headerModification = [];
-          config.headerModification.push({ type: "update", key: key2, value: [val] });
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'u' requires key:value`);
-          logger.warn(`Warning: Extended option "${opt}" for 'u' requires key:value`);
-        }
-        break;
-      case "r":
-        if (value) {
-          if (!config.headerModification) config.headerModification = [];
-          config.headerModification.push({ type: "remove", key: value });
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'r' requires a key`);
-        }
-        break;
-      default:
-        printer_default.warn(`Unknown extended option "${key}"`);
-        break;
-    }
+function newErrorResponse(codeOrError, message) {
+  if (typeof codeOrError === "object") {
+    return codeOrError;
   }
+  return {
+    code: codeOrError,
+    message
+  };
 }
-function isValidIpV4Cidr(input) {
-  if (input.includes("/")) {
-    const [ip, mask] = input.split("/");
-    if (!ip || !mask) return false;
-    const isIp4 = (0, import_net.isIP)(ip) === 4;
-    const maskNum = parseInt(mask, 10);
-    const isMaskValid = !isNaN(maskNum) && maskNum >= 0 && maskNum <= 32;
-    return isIp4 && isMaskValid;
-  }
-  return false;
+function NewResponseObject(data) {
+  const encoder = new TextEncoder();
+  const bytes = encoder.encode(JSON.stringify(data));
+  return {
+    response: bytes,
+    requestid: "",
+    command: "",
+    error: false,
+    errorresponse: {}
+  };
 }
-function isValidIpV6Cidr(input) {
-  if (input.includes("/")) {
-    const [rawIp, mask] = input.split("/");
-    if (!rawIp || !mask) return false;
-    const ip = rawIp.split("%")[0].replace(/^\[|\]$/g, "");
-    const isIp6 = (0, import_net.isIP)(ip) === 6;
-    const maskNum = parseInt(mask, 10);
-    const isMaskValid = !isNaN(maskNum) && maskNum >= 0 && maskNum <= 128;
-    return isIp6 && isMaskValid;
+function NewErrorResponseObject(errorResponse) {
+  return {
+    response: new Uint8Array(),
+    requestid: "",
+    command: "",
+    error: true,
+    errorresponse: errorResponse
+  };
+}
+function newStatus(tunnelState, errorCode, errorMsg) {
+  let assignedState = tunnelState;
+  if (tunnelState === "live" /* Live */) {
+    assignedState = "running" /* Running */;
+  } else if (tunnelState === "idle" /* New */) {
+    assignedState = "idle" /* New */;
+  } else if (tunnelState === "closed" /* Closed */) {
+    assignedState = "exited" /* Exited */;
   }
-  return false;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    state: assignedState,
+    errorcode: errorCode,
+    errormsg: errorMsg,
+    createdtimestamp: now,
+    starttimestamp: now,
+    endtimestamp: now,
+    warnings: []
+  };
 }
-var import_net;
-var init_extendedOptions = __esm({
-  "src/cli/extendedOptions.ts"() {
+function newStats() {
+  return {
+    numLiveConnections: 0,
+    numTotalConnections: 0,
+    numTotalReqBytes: 0,
+    numTotalResBytes: 0,
+    numTotalTxBytes: 0,
+    elapsedTime: 0
+  };
+}
+var TunnelStateType, TunnelErrorCodeType, TunnelWarningCode, ErrorCode, RemoteManagementStatus;
+var init_types = __esm({
+  "src/types.ts"() {
     "use strict";
     init_cjs_shims();
-    import_net = require("net");
-    init_logger();
-    init_printer();
+    TunnelStateType = /* @__PURE__ */ ((TunnelStateType2) => {
+      TunnelStateType2["New"] = "idle";
+      TunnelStateType2["Starting"] = "starting";
+      TunnelStateType2["Running"] = "running";
+      TunnelStateType2["Live"] = "live";
+      TunnelStateType2["Closed"] = "closed";
+      TunnelStateType2["Exited"] = "exited";
+      return TunnelStateType2;
+    })(TunnelStateType || {});
+    TunnelErrorCodeType = /* @__PURE__ */ ((TunnelErrorCodeType2) => {
+      TunnelErrorCodeType2["NonResponsive"] = "non_responsive";
+      TunnelErrorCodeType2["FailedToConnect"] = "failed_to_connect";
+      TunnelErrorCodeType2["ErrorInAdditionalForwarding"] = "additional_forwarding_error";
+      TunnelErrorCodeType2["WebdebuggerError"] = "webdebugger_error";
+      TunnelErrorCodeType2["NoError"] = "";
+      return TunnelErrorCodeType2;
+    })(TunnelErrorCodeType || {});
+    TunnelWarningCode = /* @__PURE__ */ ((TunnelWarningCode2) => {
+      TunnelWarningCode2["InvalidTunnelServePath"] = "INVALID_TUNNEL_SERVE_PATH";
+      TunnelWarningCode2["UnknownWarning"] = "UNKNOWN_WARNING";
+      return TunnelWarningCode2;
+    })(TunnelWarningCode || {});
+    ErrorCode = {
+      InvalidRequestMethodError: "INVALID_REQUEST_METHOD",
+      InvalidRequestBodyError: "COULD_NOT_READ_BODY",
+      InternalServerError: "INTERNAL_SERVER_ERROR",
+      InvalidBodyFormatError: "INVALID_DATA_FORMAT",
+      ErrorStartingTunnel: "ERROR_STARTING_TUNNEL",
+      TunnelNotFound: "TUNNEL_WITH_ID_OR_CONFIG_ID_NOT_FOUND",
+      TunnelAlreadyRunningError: "TUNNEL_WITH_ID_OR_CONFIG_ID_ALREADY_RUNNING",
+      WebsocketUpgradeFailError: "WEBSOCKET_UPGRADE_FAILED",
+      RemoteManagementAlreadyRunning: "REMOTE_MANAGEMENT_ALREADY_RUNNING",
+      RemoteManagementNotRunning: "REMOTE_MANAGEMENT_NOT_RUNNING",
+      RemoteManagementDeserializationFailed: "REMOTE_MANAGEMENT_DESERIALIZATION_FAILED"
+    };
+    RemoteManagementStatus = {
+      Connecting: "CONNECTING",
+      Disconnecting: "DISCONNECTING",
+      Reconnecting: "RECONNECTING",
+      Running: "RUNNING",
+      NotRunning: "NOT_RUNNING",
+      Error: "ERROR"
+    };
   }
 });
-// src/cli/buildConfig.ts
-function parseUserAndDomain(str) {
-  let token;
-  let type;
-  let server;
-  let qrCode;
-  if (!str) return { token, type, server, qrCode };
-  if (str.includes("@")) {
-    const [user, domain] = str.split("@", 2);
-    if (domainRegex.test(domain)) {
-      server = domain;
-      const parts = user.split("+");
-      for (const part of parts) {
-        if ([import_pinggy3.TunnelType.Http, import_pinggy3.TunnelType.Tcp, import_pinggy3.TunnelType.Tls, import_pinggy3.TunnelType.Udp, import_pinggy3.TunnelType.TlsTcp].includes(part.toLowerCase())) {
-          type = part;
-        } else if (part === "force") {
-          token = (token ? token + "+" : "") + part;
-        } else if (part === "qr") {
-          qrCode = true;
-        } else {
-          token = (token ? token + "+" : "") + part;
-        }
-      }
+// src/remote_management/remote_schema.ts
+function tunnelConfigToPinggyOptions(config) {
+  return {
+    token: config.token || "",
+    serverAddress: config.serveraddress || "free.pinggy.io",
+    forwarding: `${config.forwardedhost || "localhost"}:${config.localport}`,
+    webDebugger: config.webdebuggerport ? `localhost:${config.webdebuggerport}` : "",
+    ipWhitelist: config.ipwhitelist || [],
+    basicAuth: config.basicauth ? config.basicauth : [],
+    bearerTokenAuth: config.bearerauth ? [config.bearerauth] : [],
+    headerModification: config.headermodification,
+    xForwardedFor: !!config.xff,
+    httpsOnly: config.httpsOnly,
+    originalRequestUrl: config.fullRequestUrl,
+    allowPreflight: config.allowPreflight,
+    reverseProxy: config.noReverseProxy,
+    force: config.force,
+    autoReconnect: config.autoreconnect,
+    optional: {
+      sniServerName: config.localservertlssni || ""
     }
-  } else if (domainRegex.test(str)) {
-    server = str;
-  }
-  return { token, type, server, qrCode };
+  };
 }
-function parseUsers(positionalArgs, explicitToken) {
-  let token;
-  let server;
-  let type;
-  let forceFlag = false;
-  let qrCode = false;
-  let remaining = [...positionalArgs];
-  if (typeof explicitToken === "string") {
-    const parsed = parseUserAndDomain(explicitToken);
-    if (parsed.server) server = parsed.server;
-    if (parsed.type) type = parsed.type;
-    if (parsed.token) token = parsed.token;
+function pinggyOptionsToTunnelConfig(opts, configid, configName, localserverTls, greetMsg, additionalForwarding, serve) {
+  const forwarding = Array.isArray(opts.forwarding) ? String(opts.forwarding[0].address).replace("//", "").replace(/\/$/, "") : String(opts.forwarding).replace("//", "").replace(/\/$/, "");
+  const parsedForwardedHost = forwarding.split(":").length == 3 ? forwarding.split(":")[1] : forwarding.split(":")[0];
+  const parsedLocalPort = forwarding.split(":").length == 3 ? parseInt(forwarding.split(":")[2], 10) : parseInt(forwarding.split(":")[1], 10);
+  const tunnelType = (Array.isArray(opts.forwarding) ? opts.forwarding[0]?.type : void 0) ?? import_pinggy3.TunnelType.Http;
+  const parsedTokens = opts.bearerTokenAuth ? Array.isArray(opts.bearerTokenAuth) ? opts.bearerTokenAuth : JSON.parse(opts.bearerTokenAuth) : [];
+  return {
+    allowPreflight: opts.allowPreflight ?? false,
+    allowpreflight: opts.allowPreflight ?? false,
+    autoreconnect: opts.autoReconnect ?? false,
+    basicauth: opts.basicAuth && Object.keys(opts.basicAuth).length ? opts.basicAuth : null,
+    bearerauth: parsedTokens.length ? parsedTokens.join(",") : null,
+    configid,
+    configname: configName,
+    greetmsg: greetMsg || "",
+    force: opts.force ?? false,
+    forwardedhost: parsedForwardedHost || "localhost",
+    fullRequestUrl: opts.originalRequestUrl ?? false,
+    headermodification: opts.headerModification || [],
+    //structured list
+    httpsOnly: opts.httpsOnly ?? false,
+    internalwebdebuggerport: 0,
+    ipwhitelist: opts.ipWhitelist ? Array.isArray(opts.ipWhitelist) ? opts.ipWhitelist : JSON.parse(opts.ipWhitelist) : null,
+    localport: parsedLocalPort || 0,
+    localservertlssni: null,
+    regioncode: "",
+    noReverseProxy: opts.reverseProxy ?? false,
+    serveraddress: opts.serverAddress || "free.pinggy.io",
+    serverport: 0,
+    statusCheckInterval: 0,
+    token: opts.token || "",
+    tunnelTimeout: 0,
+    type: tunnelType,
+    webdebuggerport: Number(opts.webDebugger?.split(":")[0]) || 0,
+    xff: opts.xForwardedFor ? "1" : "",
+    localsservertls: localserverTls || false,
+    additionalForwarding: additionalForwarding || [],
+    serve: serve || ""
+  };
+}
+var import_pinggy3, import_zod, HeaderModificationSchema, AdditionalForwardingSchema, TunnelConfigSchema, StartSchema, StopSchema, GetSchema, RestartSchema, UpdateConfigSchema;
+var init_remote_schema = __esm({
+  "src/remote_management/remote_schema.ts"() {
+    "use strict";
+    init_cjs_shims();
+    import_pinggy3 = require("@pinggy/pinggy");
+    import_zod = require("zod");
+    HeaderModificationSchema = import_zod.z.object({
+      key: import_zod.z.string(),
+      value: import_zod.z.array(import_zod.z.string()).optional(),
+      type: import_zod.z.enum(["add", "remove", "update"])
+    });
+    AdditionalForwardingSchema = import_zod.z.object({
+      remoteDomain: import_zod.z.string().optional(),
+      remotePort: import_zod.z.number().optional(),
+      localDomain: import_zod.z.string(),
+      localPort: import_zod.z.number()
+    });
+    TunnelConfigSchema = import_zod.z.object({
+      allowPreflight: import_zod.z.boolean().optional(),
+      // primary key
+      allowpreflight: import_zod.z.boolean().optional(),
+      // legacy key
+      autoreconnect: import_zod.z.boolean(),
+      basicauth: import_zod.z.array(import_zod.z.object({ username: import_zod.z.string(), password: import_zod.z.string() })).nullable(),
+      bearerauth: import_zod.z.string().nullable(),
+      configid: import_zod.z.string(),
+      configname: import_zod.z.string(),
+      greetmsg: import_zod.z.string().optional(),
+      force: import_zod.z.boolean(),
+      forwardedhost: import_zod.z.string(),
+      fullRequestUrl: import_zod.z.boolean(),
+      headermodification: import_zod.z.array(HeaderModificationSchema),
+      httpsOnly: import_zod.z.boolean(),
+      internalwebdebuggerport: import_zod.z.number(),
+      ipwhitelist: import_zod.z.array(import_zod.z.string()).nullable(),
+      localport: import_zod.z.number(),
+      localsservertls: import_zod.z.union([import_zod.z.boolean(), import_zod.z.string()]),
+      localservertlssni: import_zod.z.string().nullable(),
+      regioncode: import_zod.z.string(),
+      noReverseProxy: import_zod.z.boolean(),
+      serveraddress: import_zod.z.string(),
+      serverport: import_zod.z.number(),
+      statusCheckInterval: import_zod.z.number(),
+      token: import_zod.z.string(),
+      tunnelTimeout: import_zod.z.number(),
+      type: import_zod.z.enum([
+        import_pinggy3.TunnelType.Http,
+        import_pinggy3.TunnelType.Tcp,
+        import_pinggy3.TunnelType.Udp,
+        import_pinggy3.TunnelType.Tls,
+        import_pinggy3.TunnelType.TlsTcp
+      ]),
+      webdebuggerport: import_zod.z.number(),
+      xff: import_zod.z.string(),
+      additionalForwarding: import_zod.z.array(AdditionalForwardingSchema).optional(),
+      serve: import_zod.z.string().optional()
+    }).superRefine((data, ctx) => {
+      if (data.allowPreflight === void 0 && data.allowpreflight === void 0) {
+        ctx.addIssue({
+          code: "custom",
+          message: "Either allowPreflight or allowpreflight is required",
+          path: ["allowPreflight"]
+        });
+      }
+    }).transform((data) => ({
+      ...data,
+      allowPreflight: data.allowPreflight ?? data.allowpreflight,
+      allowpreflight: data.allowPreflight ?? data.allowpreflight
+    }));
+    StartSchema = import_zod.z.object({
+      tunnelID: import_zod.z.string().nullable().optional(),
+      tunnelConfig: TunnelConfigSchema
+    });
+    StopSchema = import_zod.z.object({
+      tunnelID: import_zod.z.string().min(1)
+    });
+    GetSchema = StopSchema;
+    RestartSchema = StopSchema;
+    UpdateConfigSchema = import_zod.z.object({
+      tunnelConfig: TunnelConfigSchema
+    });
   }
-  if (remaining.length > 0) {
-    const first = remaining[0];
-    const parsed = parseUserAndDomain(first);
-    if (parsed.server) {
-      server = parsed.server;
-      if (parsed.type) type = parsed.type;
-      if (parsed.token) {
-        if (parsed.token.includes("+")) {
-          const parts = parsed.token.split("+");
-          const tOnly = parts.filter((p) => p !== "force").join("+");
-          if (tOnly) token = tOnly;
-          if (parts.includes("force")) forceFlag = true;
-        } else {
-          token = parsed.token;
+});
+// src/remote_management/handler.ts
+var import_pinggy4, TunnelOperations;
+var init_handler = __esm({
+  "src/remote_management/handler.ts"() {
+    "use strict";
+    init_cjs_shims();
+    init_types();
+    init_TunnelManager();
+    init_remote_schema();
+    import_pinggy4 = require("@pinggy/pinggy");
+    TunnelOperations = class {
+      constructor() {
+        this.tunnelManager = TunnelManager.getInstance();
+      }
+      buildStatus(tunnelId, state, errorCode) {
+        const status = newStatus(state, errorCode, "");
+        try {
+          const managed = this.tunnelManager.getManagedTunnel("", tunnelId);
+          if (managed) {
+            status.createdtimestamp = managed.createdAt || "";
+            status.starttimestamp = managed.startedAt || "";
+            status.endtimestamp = managed.stoppedAt || "";
+          }
+        } catch (e) {
         }
+        return status;
       }
-      if (parsed.qrCode) {
-        qrCode = true;
+      // --- Helper to construct TunnelResponse ---
+      async buildTunnelResponse(tunnelid, tunnelConfig, configid, tunnelName, additionalForwarding, serve) {
+        const [status, stats, tlsInfo, greetMsg, remoteurls] = await Promise.all([
+          this.tunnelManager.getTunnelStatus(tunnelid),
+          this.tunnelManager.getLatestTunnelStats(tunnelid) || newStats(),
+          this.tunnelManager.getLocalserverTlsInfo(tunnelid),
+          this.tunnelManager.getTunnelGreetMessage(tunnelid),
+          this.tunnelManager.getTunnelUrls(tunnelid)
+        ]);
+        return {
+          tunnelid,
+          remoteurls,
+          tunnelconfig: pinggyOptionsToTunnelConfig(tunnelConfig, configid, tunnelName, tlsInfo, greetMsg, additionalForwarding),
+          status: this.buildStatus(tunnelid, status, "" /* NoError */),
+          stats
+        };
       }
-      remaining = remaining.slice(1);
-    }
-  }
-  return { token, server, type, forceFlag, qrCode, remaining };
-}
-function parseType(finalConfig, values, inferredType) {
-  const t = inferredType || values.type || finalConfig.tunnelType;
-  if (t === import_pinggy3.TunnelType.Http || t === import_pinggy3.TunnelType.Tcp || t === import_pinggy3.TunnelType.Tls || t === import_pinggy3.TunnelType.Udp || t === import_pinggy3.TunnelType.TlsTcp) {
-    finalConfig.tunnelType = [t];
-  }
-}
-function parseLocalPort(finalConfig, values) {
-  if (typeof values.localport !== "string") return null;
-  let lp = values.localport.trim();
-  let isHttps = false;
-  if (lp.startsWith("https://")) {
-    isHttps = true;
-    lp = lp.replace(/^https:\/\//, "");
-  } else if (lp.startsWith("http://")) {
-    lp = lp.replace(/^http:\/\//, "");
-  }
-  const parts = lp.split(":");
-  if (parts.length === 1) {
-    const port = parseInt(parts[0], 10);
-    if (!Number.isNaN(port) && isValidPort(port)) {
-      finalConfig.forwarding = `localhost:${port}`;
-    } else {
-      return new Error("Invalid local port");
-    }
-  } else if (parts.length === 2) {
-    const host = parts[0] || "localhost";
-    const port = parseInt(parts[1], 10);
-    if (!Number.isNaN(port) && isValidPort(port)) {
-      finalConfig.forwarding = `${host}:${port}`;
-    } else {
-      return new Error("Invalid local port. Please use -h option for help.");
-    }
-  } else {
-    return new Error("Invalid --localport format. Please use -h option for help.");
-  }
-  return null;
-}
-function removeIPv6Brackets(ip) {
-  if (ip.startsWith("[") && ip.endsWith("]")) {
-    return ip.slice(1, -1);
-  }
-  return ip;
-}
-function ipv6SafeSplitColon(s) {
-  const result = [];
-  let buf = "";
-  const stack = [];
-  for (let i = 0; i < s.length; i++) {
-    const c = s[i];
-    if (c === "[") {
-      stack.push(c);
-    } else if (c === "]" && stack.length > 0) {
-      stack.pop();
-    }
-    if (c === ":" && stack.length === 0) {
-      result.push(buf);
-      buf = "";
-    } else {
-      buf += c;
-    }
-  }
-  result.push(buf);
-  return result;
-}
-function parseDefaultForwarding(forwarding) {
-  const parts = ipv6SafeSplitColon(forwarding);
-  if (parts.length === 3) {
-    const remotePort = parseInt(parts[0], 10);
-    const localDomain = removeIPv6Brackets(parts[1] || "localhost");
-    const localPort = parseInt(parts[2], 10);
-    return { remotePort, localDomain, localPort };
-  }
-  if (parts.length === 4) {
-    const remoteDomain = removeIPv6Brackets(parts[0]);
-    const remotePort = parseInt(parts[1], 10);
-    const localDomain = removeIPv6Brackets(parts[2] || "localhost");
-    const localPort = parseInt(parts[3], 10);
-    return { remoteDomain, remotePort, localDomain, localPort };
-  }
-  return new Error("forwarding address incorrect");
-}
-function parseAdditionalForwarding(forwarding) {
-  const toPort = (v) => {
-    if (!v) return null;
-    const n = parseInt(v, 10);
-    return Number.isNaN(n) ? null : n;
-  };
-  const parsed = ipv6SafeSplitColon(forwarding);
-  if (parsed.length !== 4) {
-    return new Error(
-      "forwarding must be in format: [schema//]hostname[/port][@forwardingId]:<placeholder>:<forwardingAddress>:<forwardingPort>"
-    );
-  }
-  const firstPart = parsed[0];
-  const [hostPart] = firstPart.split("@");
-  let protocol = "http";
-  let remoteDomainRaw;
-  let remotePort = 0;
-  if (hostPart.includes("//")) {
-    const [schema, rest] = hostPart.split("//");
-    if (!schema || !VALID_PROTOCOLS.includes(schema)) {
-      return new Error(`invalid protocol: ${schema}`);
-    }
-    protocol = schema;
-    const domainAndPort = rest.split("/");
-    if (domainAndPort.length > 2) {
-      return new Error("invalid forwarding address format");
-    }
-    remoteDomainRaw = domainAndPort[0];
-    if (!remoteDomainRaw || !domainRegex.test(remoteDomainRaw)) {
-      return new Error("invalid remote domain");
-    }
-    const parsedRemotePort = toPort(domainAndPort[1]);
-    if (protocol === "http") {
-      remotePort = 0;
-    } else {
-      if (parsedRemotePort === null || !isValidPort(parsedRemotePort)) {
-        return new Error(
-          `${protocol} forwarding requires port in format ${protocol}//domain/remotePort`
-        );
+      error(code, err, fallback) {
+        return newErrorResponse({
+          code,
+          message: err instanceof Error ? err.message : fallback
+        });
       }
-      remotePort = parsedRemotePort;
-    }
-  } else {
-    remoteDomainRaw = hostPart;
-    if (!domainRegex.test(remoteDomainRaw)) {
-      return new Error("invalid remote domain");
-    }
-    protocol = "http";
-    remotePort = 0;
-  }
-  const localDomain = removeIPv6Brackets(parsed[2] || "localhost");
-  const localPort = toPort(parsed[3]);
-  if (localPort === null || !isValidPort(localPort)) {
-    return new Error("forwarding address incorrect: invalid local port");
-  }
-  return {
-    protocol,
-    remoteDomain: remoteDomainRaw,
-    remotePort,
-    localDomain,
-    localPort
-  };
-}
-function parseReverseTunnelAddr(finalConfig, values) {
-  const reverseTunnel = values.R;
-  if ((!Array.isArray(reverseTunnel) || reverseTunnel.length === 0) && !values.localport && !finalConfig.forwarding) {
-    return new Error("local port not specified. Please use '-h' option for help.");
-  }
-  if (!Array.isArray(reverseTunnel) || reverseTunnel.length === 0) {
-    return null;
-  }
-  for (const forwarding of reverseTunnel) {
-    const slicedForwarding = ipv6SafeSplitColon(forwarding);
-    if (slicedForwarding.length === 3) {
-      const parsed = parseDefaultForwarding(forwarding);
-      if (parsed instanceof Error) return parsed;
-      finalConfig.forwarding = `${parsed.localDomain}:${parsed.localPort}`;
-    } else if (slicedForwarding.length === 4) {
-      finalConfig.additionalForwarding ?? (finalConfig.additionalForwarding = []);
-      const parsed = parseAdditionalForwarding(forwarding);
-      if (parsed instanceof Error) return parsed;
-      finalConfig.additionalForwarding.push(parsed);
-    } else {
-      return new Error(
-        "Incorrect command line arguments: reverse tunnel address incorrect. Please use '-h' option for help."
-      );
-    }
-  }
-  return null;
-}
-function parseLocalTunnelAddr(finalConfig, values) {
-  if (!Array.isArray(values.L) || values.L.length === 0) return null;
-  const firstL = values.L[0];
-  const parts = firstL.split(":");
-  if (parts.length === 3) {
-    const lp = parseInt(parts[2], 10);
-    if (!Number.isNaN(lp) && isValidPort(lp)) {
-      finalConfig.webDebugger = `localhost:${lp}`;
-    } else {
-      return new Error(`Invalid debugger port ${lp}`);
-    }
-  } else {
-    return new Error("Incorrect command line arguments: web debugger address incorrect. Please use '-h' option for help.");
-  }
-}
-function parseDebugger(finalConfig, values) {
-  let dbg = values.debugger;
-  if (typeof dbg !== "string") return;
-  dbg = dbg.startsWith(":") ? dbg.slice(1) : dbg;
-  const d = parseInt(dbg, 10);
-  if (!Number.isNaN(d) && isValidPort(d)) {
-    finalConfig.webDebugger = `localhost:${d}`;
-  } else {
-    logger.error("Invalid debugger port:", dbg);
-    return new Error(`Invalid debugger port ${dbg}. Please use '-h' option for help.`);
-  }
-}
-function parseToken(finalConfig, explicitToken) {
-  if (typeof explicitToken === "string" && explicitToken) {
-    finalConfig.token = explicitToken;
-  }
-}
-function parseArgs(finalConfig, remainingPositionals) {
-  parseExtendedOptions(remainingPositionals, finalConfig);
-}
-function storeJson(config, saveconf) {
-  if (saveconf) {
-    const path5 = saveconf;
-    try {
-      import_fs3.default.writeFileSync(path5, JSON.stringify(config, null, 2), { encoding: "utf-8", flag: "w" });
-      logger.info(`Configuration saved to ${path5}`);
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      logger.error("Error loading configuration:", msg);
-    }
+      // --- Operations ---
+      async handleStart(config) {
+        try {
+          const opts = tunnelConfigToPinggyOptions(config);
+          const additionalForwardingParsed = config.additionalForwarding || [];
+          const { tunnelid, instance, tunnelName, additionalForwarding, serve } = await this.tunnelManager.createTunnel({
+            ...opts,
+            tunnelType: Array.isArray(config.type) ? config.type : config.type ? [config.type] : [import_pinggy4.TunnelType.Http],
+            // Temporary fix in future we will not use this field.
+            configid: config.configid,
+            tunnelName: config.configname,
+            additionalForwarding: additionalForwardingParsed,
+            serve: config.serve
+          });
+          this.tunnelManager.startTunnel(tunnelid);
+          const tunnelPconfig = await this.tunnelManager.getTunnelConfig("", tunnelid);
+          const resp = this.buildTunnelResponse(tunnelid, tunnelPconfig, config.configid, tunnelName, additionalForwarding, serve);
+          return resp;
+        } catch (err) {
+          return this.error(ErrorCode.ErrorStartingTunnel, err, "Unknown error occurred while starting tunnel");
+        }
+      }
+      async handleUpdateConfig(config) {
+        try {
+          const opts = tunnelConfigToPinggyOptions(config);
+          const tunnel = await this.tunnelManager.updateConfig({
+            ...opts,
+            tunnelType: Array.isArray(config.type) ? config.type : config.type ? [config.type] : [import_pinggy4.TunnelType.Http],
+            // // Temporary fix in future we will not use this field.
+            configid: config.configid,
+            tunnelName: config.configname,
+            additionalForwarding: config.additionalForwarding || [],
+            serve: config.serve
+          });
+          if (!tunnel.instance || !tunnel.tunnelConfig)
+            throw new Error("Invalid tunnel state after configuration update");
+          return this.buildTunnelResponse(tunnel.tunnelid, tunnel.tunnelConfig, config.configid, tunnel.tunnelName, tunnel.additionalForwarding, tunnel.serve);
+        } catch (err) {
+          return this.error(ErrorCode.InternalServerError, err, "Failed to update tunnel configuration");
+        }
+      }
+      async handleList() {
+        try {
+          const tunnels = await this.tunnelManager.getAllTunnels();
+          if (tunnels.length === 0) {
+            return [];
+          }
+          return Promise.all(
+            tunnels.map(async (t) => {
+              const rawStats = this.tunnelManager.getLatestTunnelStats(t.tunnelid) || newStats();
+              const [status, tlsInfo, greetMsg] = await Promise.all([
+                this.tunnelManager.getTunnelStatus(t.tunnelid),
+                this.tunnelManager.getLocalserverTlsInfo(t.tunnelid),
+                this.tunnelManager.getTunnelGreetMessage(t.tunnelid)
+              ]);
+              const pinggyOptions = status !== "closed" /* Closed */ && status !== "exited" /* Exited */ ? await this.tunnelManager.getTunnelConfig("", t.tunnelid) : t.tunnelConfig;
+              const tunnelConfig = pinggyOptionsToTunnelConfig(pinggyOptions, t.configid, t.tunnelName, tlsInfo, greetMsg, t.additionalForwarding, t.serve);
+              return {
+                tunnelid: t.tunnelid,
+                remoteurls: t.remoteurls,
+                status: this.buildStatus(t.tunnelid, status, "" /* NoError */),
+                stats: rawStats,
+                tunnelconfig: tunnelConfig
+              };
+            })
+          );
+        } catch (err) {
+          return this.error(ErrorCode.InternalServerError, err, "Failed to list tunnels");
+        }
+      }
+      async handleStop(tunnelid) {
+        try {
+          const { configid } = this.tunnelManager.stopTunnel(tunnelid);
+          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
+          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
+          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
+        } catch (err) {
+          return this.error(ErrorCode.TunnelNotFound, err, "Failed to stop tunnel");
+        }
+      }
+      async handleGet(tunnelid) {
+        try {
+          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
+          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
+          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, managed.configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
+        } catch (err) {
+          return this.error(ErrorCode.TunnelNotFound, err, "Failed to get tunnel information");
+        }
+      }
+      async handleRestart(tunnelid) {
+        try {
+          await this.tunnelManager.restartTunnel(tunnelid);
+          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
+          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
+          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, managed.configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
+        } catch (err) {
+          return this.error(ErrorCode.TunnelNotFound, err, "Failed to restart tunnel");
+        }
+      }
+      handleRegisterStatsListener(tunnelid, listener) {
+        this.tunnelManager.registerStatsListener(tunnelid, listener);
+      }
+      handleUnregisterStatsListener(tunnelid, listnerId) {
+        this.tunnelManager.deregisterStatsListener(tunnelid, listnerId);
+      }
+      handleGetTunnelStats(tunnelid) {
+        try {
+          const stats = this.tunnelManager.getTunnelStats(tunnelid);
+          if (!stats) {
+            return [newStats()];
+          }
+          return stats;
+        } catch (err) {
+          return this.error(ErrorCode.TunnelNotFound, err, "Failed to get tunnel stats");
+        }
+      }
+      handleRegisterDisconnectListener(tunnelid, listener) {
+        this.tunnelManager.registerDisconnectListener(tunnelid, listener);
+      }
+      handleRemoveStoppedTunnelByConfigId(configId) {
+        try {
+          return this.tunnelManager.removeStoppedTunnelByConfigId(configId);
+        } catch (err) {
+          return this.error(ErrorCode.InternalServerError, err, "Failed to remove stopped tunnel by configId");
+        }
+      }
+      handleRemoveStoppedTunnelByTunnelId(tunnelId) {
+        try {
+          return this.tunnelManager.removeStoppedTunnelByTunnelId(tunnelId);
+        } catch (err) {
+          return this.error(ErrorCode.InternalServerError, err, "Failed to remove stopped tunnel by tunnelId");
+        }
+      }
+    };
   }
-}
-function loadJsonConfig(config) {
-  const configpath = config["conf"];
-  if (typeof configpath === "string" && configpath.trim().length > 0) {
-    const filepath = import_path3.default.resolve(configpath);
-    try {
-      const data = import_fs3.default.readFileSync(filepath, { encoding: "utf-8" });
-      const json = JSON.parse(data);
-      return json;
-    } catch (err) {
-      logger.error("Error loading configuration:", err);
+});
+// src/remote_management/websocket_handlers.ts
+function handleConnectionStatusMessage(firstMessage) {
+  try {
+    const text = typeof firstMessage === "string" ? firstMessage : firstMessage.toString();
+    const cs = JSON.parse(text);
+    if (!cs.success) {
+      const msg = cs.error_msg || "Connection failed";
+      printer_default.warn(`Connection failed: ${msg}`);
+      logger.warn("Remote management connection failed", { error_code: cs.error_code, error_msg: msg });
+      return false;
     }
+    return true;
+  } catch (e) {
+    logger.warn("Failed to parse connection status message", { error: String(e) });
+    return true;
   }
-  return null;
-}
-function isSaveConfOption(values) {
-  const saveconf = values["saveconf"];
-  if (typeof saveconf === "string" && saveconf.trim().length > 0) {
-    return saveconf;
-  }
-  return null;
-}
-function parseServe(finalConfig, values) {
-  const sv = values.serve;
-  if (typeof sv !== "string" || sv.trim().length === 0) return null;
-  finalConfig.serve = sv;
-  return null;
-}
-async function buildFinalConfig(values, positionals) {
-  let token;
-  let server;
-  let type;
-  let forceFlag = false;
-  let qrCode = false;
-  let finalConfig = new Object();
-  let saveconf = isSaveConfOption(values);
-  const configFromFile = loadJsonConfig(values);
-  const userParse = parseUsers(positionals, values.token);
-  token = userParse.token;
-  server = userParse.server;
-  type = userParse.type;
-  forceFlag = userParse.forceFlag;
-  qrCode = userParse.qrCode;
-  const remainingPositionals = userParse.remaining;
-  const initialTunnel = type || values.type;
-  finalConfig = {
-    ...defaultOptions,
-    ...configFromFile || {},
-    // Apply loaded config on top of defaults
-    configid: getRandomId(),
-    token: token || (configFromFile?.token || (typeof values.token === "string" ? values.token : "")),
-    serverAddress: server || (configFromFile?.serverAddress || defaultOptions.serverAddress),
-    tunnelType: initialTunnel ? [initialTunnel] : configFromFile?.tunnelType || [import_pinggy3.TunnelType.Http],
-    NoTUI: values.notui || (configFromFile?.NoTUI || false),
-    qrCode: qrCode || (configFromFile?.qrCode || false),
-    autoReconnect: values.autoreconnect || (configFromFile?.autoReconnect || false)
-  };
-  parseType(finalConfig, values, type);
-  parseToken(finalConfig, token || values.token);
-  const dbgErr = parseDebugger(finalConfig, values);
-  if (dbgErr instanceof Error) throw dbgErr;
-  const lpErr = parseLocalPort(finalConfig, values);
-  if (lpErr instanceof Error) throw lpErr;
-  const rErr = parseReverseTunnelAddr(finalConfig, values);
-  if (rErr instanceof Error) throw rErr;
-  const lErr = parseLocalTunnelAddr(finalConfig, values);
-  if (lErr instanceof Error) throw lErr;
-  const serveErr = parseServe(finalConfig, values);
-  if (serveErr instanceof Error) throw serveErr;
-  if (forceFlag) finalConfig.force = true;
-  parseArgs(finalConfig, remainingPositionals);
-  storeJson(finalConfig, saveconf);
-  return finalConfig;
 }
-var import_pinggy3, import_fs3, import_path3, domainRegex, VALID_PROTOCOLS;
-var init_buildConfig = __esm({
-  "src/cli/buildConfig.ts"() {
+var import_zod2, WebSocketCommandHandler;
+var init_websocket_handlers = __esm({
+  "src/remote_management/websocket_handlers.ts"() {
     "use strict";
     init_cjs_shims();
-    init_defaults();
-    init_extendedOptions();
     init_logger();
-    init_util();
-    import_pinggy3 = require("@pinggy/pinggy");
-    import_fs3 = __toESM(require("fs"), 1);
-    import_path3 = __toESM(require("path"), 1);
-    domainRegex = /^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/;
-    VALID_PROTOCOLS = ["http", "tcp", "udp", "tls"];
+    init_types();
+    init_handler();
+    init_remote_schema();
+    import_zod2 = __toESM(require("zod"), 1);
+    init_printer();
+    WebSocketCommandHandler = class {
+      constructor() {
+        this.tunnelHandler = new TunnelOperations();
+      }
+      safeParse(text) {
+        if (!text) return void 0;
+        try {
+          return JSON.parse(text);
+        } catch (e) {
+          logger.warn("Invalid JSON payload", { error: String(e), text });
+          return void 0;
+        }
+      }
+      sendResponse(ws, resp) {
+        const payload = {
+          ...resp,
+          response: Buffer.from(resp.response || []).toString("base64")
+        };
+        ws.send(JSON.stringify(payload));
+      }
+      sendError(ws, req, message, code = ErrorCode.InternalServerError) {
+        const resp = NewErrorResponseObject({ code, message });
+        resp.command = req.command || "";
+        resp.requestid = req.requestid || "";
+        this.sendResponse(ws, resp);
+      }
+      async handleStartReq(req, raw) {
+        const dc = StartSchema.parse(raw);
+        printer_default.info("Starting tunnel with config name: " + dc.tunnelConfig.configname);
+        const result = await this.tunnelHandler.handleStart(dc.tunnelConfig);
+        return this.wrapResponse(result, req);
+      }
+      async handleStopReq(req, raw) {
+        const dc = StopSchema.parse(raw);
+        printer_default.info("Stopping tunnel with ID: " + dc.tunnelID);
+        const result = await this.tunnelHandler.handleStop(dc.tunnelID);
+        return this.wrapResponse(result, req);
+      }
+      async handleGetReq(req, raw) {
+        const dc = GetSchema.parse(raw);
+        const result = await this.tunnelHandler.handleGet(dc.tunnelID);
+        return this.wrapResponse(result, req);
+      }
+      async handleRestartReq(req, raw) {
+        const dc = RestartSchema.parse(raw);
+        const result = await this.tunnelHandler.handleRestart(dc.tunnelID);
+        return this.wrapResponse(result, req);
+      }
+      async handleUpdateConfigReq(req, raw) {
+        const dc = UpdateConfigSchema.parse(raw);
+        const result = await this.tunnelHandler.handleUpdateConfig(dc.tunnelConfig);
+        return this.wrapResponse(result, req);
+      }
+      async handleListReq(req) {
+        const result = await this.tunnelHandler.handleList();
+        return this.wrapResponse(result, req);
+      }
+      wrapResponse(result, req) {
+        if (isErrorResponse(result)) {
+          const errResp = NewErrorResponseObject(result);
+          errResp.command = req.command;
+          errResp.requestid = req.requestid;
+          return errResp;
+        }
+        const finalResult = JSON.parse(JSON.stringify(result));
+        if (Array.isArray(finalResult)) {
+          finalResult.forEach((item) => {
+            if (item?.tunnelconfig) {
+              delete item.tunnelconfig.allowPreflight;
+            }
+          });
+        } else if (finalResult?.tunnelconfig) {
+          delete finalResult.tunnelconfig.allowPreflight;
+        }
+        const respObj = NewResponseObject(finalResult);
+        respObj.command = req.command;
+        respObj.requestid = req.requestid;
+        return respObj;
+      }
+      async handle(ws, req) {
+        const cmd = (req.command || "").toLowerCase();
+        const raw = this.safeParse(req.data);
+        try {
+          let response;
+          switch (cmd) {
+            case "start": {
+              response = await this.handleStartReq(req, raw);
+              break;
+            }
+            case "stop": {
+              response = await this.handleStopReq(req, raw);
+              break;
+            }
+            case "get": {
+              response = await this.handleGetReq(req, raw);
+              break;
+            }
+            case "restart": {
+              response = await this.handleRestartReq(req, raw);
+              break;
+            }
+            case "updateconfig": {
+              response = await this.handleUpdateConfigReq(req, raw);
+              break;
+            }
+            case "list": {
+              response = await this.handleListReq(req);
+              break;
+            }
+            default:
+              if (typeof req.command === "string") {
+                logger.warn("Unknown command", { command: req.command });
+              }
+              return this.sendError(ws, req, "Invalid command");
+          }
+          logger.debug("Sending response", { command: response.command, requestid: response.requestid });
+          this.sendResponse(ws, response);
+        } catch (e) {
+          if (e instanceof import_zod2.default.ZodError) {
+            logger.warn("Validation failed", { cmd, issues: e.issues });
+            return this.sendError(ws, req, "Invalid request data", ErrorCode.InvalidBodyFormatError);
+          }
+          logger.error("Error handling command", { cmd, error: String(e) });
+          return this.sendError(ws, req, e?.message || "Internal error");
+        }
+      }
+    };
   }
 });
-// src/types.ts
-function isErrorResponse(obj) {
-  return typeof obj === "object" && obj !== null && "code" in obj && "message" in obj && typeof obj.message === "string" && Object.values(ErrorCode).includes(obj.code);
-}
-function newErrorResponse(codeOrError, message) {
-  if (typeof codeOrError === "object") {
-    return codeOrError;
+// src/remote_management/remoteManagement.ts
+function buildRemoteManagementWsUrl(manage) {
+  let baseUrl = (manage || "dashboard.pinggy.io").trim();
+  if (!(baseUrl.startsWith("ws://") || baseUrl.startsWith("wss://"))) {
+    baseUrl = "wss://" + baseUrl;
   }
-  return {
-    code: codeOrError,
-    message
-  };
+  const trimmed = baseUrl.replace(/\/$/, "");
+  return `${trimmed}/backend/api/v1/remote-management/connect`;
 }
-function NewResponseObject(data) {
-  const encoder = new TextEncoder();
-  const bytes = encoder.encode(JSON.stringify(data));
-  return {
-    response: bytes,
-    requestid: "",
-    command: "",
-    error: false,
-    errorresponse: {}
-  };
+function extractHostname(u) {
+  try {
+    const url = new URL(u);
+    return url.host;
+  } catch {
+    return u;
+  }
 }
-function NewErrorResponseObject(errorResponse) {
-  return {
-    response: new Uint8Array(),
-    requestid: "",
-    command: "",
-    error: true,
-    errorresponse: errorResponse
-  };
+function sleep(ms) {
+  return new Promise((res) => setTimeout(res, ms));
 }
-function newStatus(tunnelState, errorCode, errorMsg) {
-  let assignedState = tunnelState;
-  if (tunnelState === "live" /* Live */) {
-    assignedState = "running" /* Running */;
-  } else if (tunnelState === "idle" /* New */) {
-    assignedState = "idle" /* New */;
-  } else if (tunnelState === "closed" /* Closed */) {
-    assignedState = "exited" /* Exited */;
+async function parseRemoteManagement(values) {
+  const rmToken = values["remote-management"];
+  if (typeof rmToken === "string" && rmToken.trim().length > 0) {
+    const manageHost = values["manage"];
+    try {
+      await initiateRemoteManagement(rmToken, manageHost);
+      return { ok: true };
+    } catch (e) {
+      logger.error("Failed to initiate remote management:", e);
+      return { ok: false, error: e };
+    }
   }
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  return {
-    state: assignedState,
-    errorcode: errorCode,
-    errormsg: errorMsg,
-    createdtimestamp: now,
-    starttimestamp: now,
-    endtimestamp: now,
-    warnings: []
-  };
-}
-function newStats() {
-  return {
-    numLiveConnections: 0,
-    numTotalConnections: 0,
-    numTotalReqBytes: 0,
-    numTotalResBytes: 0,
-    numTotalTxBytes: 0,
-    elapsedTime: 0
-  };
 }
-var ErrorCode, RemoteManagementStatus;
-var init_types = __esm({
-  "src/types.ts"() {
-    "use strict";
-    init_cjs_shims();
-    ErrorCode = {
-      InvalidRequestMethodError: "INVALID_REQUEST_METHOD",
-      InvalidRequestBodyError: "COULD_NOT_READ_BODY",
-      InternalServerError: "INTERNAL_SERVER_ERROR",
-      InvalidBodyFormatError: "INVALID_DATA_FORMAT",
-      ErrorStartingTunnel: "ERROR_STARTING_TUNNEL",
-      TunnelNotFound: "TUNNEL_WITH_ID_OR_CONFIG_ID_NOT_FOUND",
-      TunnelAlreadyRunningError: "TUNNEL_WITH_ID_OR_CONFIG_ID_ALREADY_RUNNING",
-      WebsocketUpgradeFailError: "WEBSOCKET_UPGRADE_FAILED",
-      RemoteManagementAlreadyRunning: "REMOTE_MANAGEMENT_ALREADY_RUNNING",
-      RemoteManagementNotRunning: "REMOTE_MANAGEMENT_NOT_RUNNING",
-      RemoteManagementDeserializationFailed: "REMOTE_MANAGEMENT_DESERIALIZATION_FAILED"
-    };
-    RemoteManagementStatus = {
-      Connecting: "CONNECTING",
-      Disconnecting: "DISCONNECTING",
-      Reconnecting: "RECONNECTING",
-      Running: "RUNNING",
-      NotRunning: "NOT_RUNNING",
-      Error: "ERROR"
-    };
+async function initiateRemoteManagement(token, manage) {
+  if (!token || token.trim().length === 0) {
+    throw new Error("Remote management token is required (use --remote-management <TOKEN>)");
   }
-});
-// src/remote_management/remote_schema.ts
-function tunnelConfigToPinggyOptions(config) {
-  return {
-    token: config.token || "",
-    serverAddress: config.serveraddress || "free.pinggy.io",
-    forwarding: `${config.forwardedhost || "localhost"}:${config.localport}`,
-    webDebugger: config.webdebuggerport ? `localhost:${config.webdebuggerport}` : "",
-    ipWhitelist: config.ipwhitelist || [],
-    basicAuth: config.basicauth ? config.basicauth : [],
-    bearerTokenAuth: config.bearerauth ? [config.bearerauth] : [],
-    headerModification: config.headermodification,
-    xForwardedFor: !!config.xff,
-    httpsOnly: config.httpsOnly,
-    originalRequestUrl: config.fullRequestUrl,
-    allowPreflight: config.allowPreflight,
-    reverseProxy: config.noReverseProxy,
-    force: config.force,
-    autoReconnect: config.autoreconnect,
-    optional: {
-      sniServerName: config.localservertlssni || ""
-    }
+  const wsUrl = buildRemoteManagementWsUrl(manage);
+  const wsHost = extractHostname(wsUrl);
+  logger.info("Remote management mode enabled.");
+  _stopRequested = false;
+  const sigintHandler = () => {
+    _stopRequested = true;
   };
-}
-function pinggyOptionsToTunnelConfig(opts, configid, configName, localserverTls, greetMsg, additionalForwarding, serve) {
-  const forwarding = Array.isArray(opts.forwarding) ? String(opts.forwarding[0].address).replace("//", "").replace(/\/$/, "") : String(opts.forwarding).replace("//", "").replace(/\/$/, "");
-  const parsedForwardedHost = forwarding.split(":").length == 3 ? forwarding.split(":")[1] : forwarding.split(":")[0];
-  const parsedLocalPort = forwarding.split(":").length == 3 ? parseInt(forwarding.split(":")[2], 10) : parseInt(forwarding.split(":")[1], 10);
-  const tunnelType = (Array.isArray(opts.forwarding) ? opts.forwarding[0]?.type : void 0) ?? import_pinggy4.TunnelType.Http;
-  const parsedTokens = opts.bearerTokenAuth ? Array.isArray(opts.bearerTokenAuth) ? opts.bearerTokenAuth : JSON.parse(opts.bearerTokenAuth) : [];
-  return {
-    allowPreflight: opts.allowPreflight ?? false,
-    allowpreflight: opts.allowPreflight ?? false,
-    autoreconnect: opts.autoReconnect ?? false,
-    basicauth: opts.basicAuth && Object.keys(opts.basicAuth).length ? opts.basicAuth : null,
-    bearerauth: parsedTokens.length ? parsedTokens.join(",") : null,
-    configid,
-    configname: configName,
-    greetmsg: greetMsg || "",
-    force: opts.force ?? false,
-    forwardedhost: parsedForwardedHost || "localhost",
-    fullRequestUrl: opts.originalRequestUrl ?? false,
-    headermodification: opts.headerModification || [],
-    //structured list
-    httpsOnly: opts.httpsOnly ?? false,
-    internalwebdebuggerport: 0,
-    ipwhitelist: opts.ipWhitelist ? Array.isArray(opts.ipWhitelist) ? opts.ipWhitelist : JSON.parse(opts.ipWhitelist) : null,
-    localport: parsedLocalPort || 0,
-    localservertlssni: null,
-    regioncode: "",
-    noReverseProxy: opts.reverseProxy ?? false,
-    serveraddress: opts.serverAddress || "free.pinggy.io",
-    serverport: 0,
-    statusCheckInterval: 0,
-    token: opts.token || "",
-    tunnelTimeout: 0,
-    type: tunnelType,
-    webdebuggerport: Number(opts.webDebugger?.split(":")[0]) || 0,
-    xff: opts.xForwardedFor ? "1" : "",
-    localsservertls: localserverTls || false,
-    additionalForwarding: additionalForwarding || [],
-    serve: serve || ""
+  process.once("SIGINT", sigintHandler);
+  const logConnecting = () => {
+    printer_default.print(`Connecting to ${wsHost}`);
+    logger.info("Connecting to remote management", { wsUrl });
   };
+  while (!_stopRequested) {
+    logConnecting();
+    setRemoteManagementState({ status: RemoteManagementStatus.Connecting, errorMessage: "" });
+    try {
+      await handleWebSocketConnection(wsUrl, wsHost, token);
+    } catch (error) {
+      logger.warn("Remote management connection error", { error: String(error) });
+    }
+    if (_stopRequested) break;
+    printer_default.warn(`Remote management disconnected. Reconnecting in ${RECONNECT_SLEEP_MS / 1e3} seconds...`);
+    logger.info("Reconnecting to remote management after disconnect");
+    await sleep(RECONNECT_SLEEP_MS);
+  }
+  process.removeListener("SIGINT", sigintHandler);
+  logger.info("Remote management stopped.");
+  return getRemoteManagementState();
 }
-var import_pinggy4, import_zod, HeaderModificationSchema, AdditionalForwardingSchema, TunnelConfigSchema, StartSchema, StopSchema, GetSchema, RestartSchema, UpdateConfigSchema;
-var init_remote_schema = __esm({
-  "src/remote_management/remote_schema.ts"() {
-    "use strict";
-    init_cjs_shims();
-    import_pinggy4 = require("@pinggy/pinggy");
-    import_zod = require("zod");
-    HeaderModificationSchema = import_zod.z.object({
-      key: import_zod.z.string(),
-      value: import_zod.z.array(import_zod.z.string()).optional(),
-      type: import_zod.z.enum(["add", "remove", "update"])
+async function handleWebSocketConnection(wsUrl, wsHost, token) {
+  return new Promise((resolve) => {
+    const ws = new import_ws.default(wsUrl, {
+      headers: { Authorization: `Bearer ${token}` }
     });
-    AdditionalForwardingSchema = import_zod.z.object({
-      remoteDomain: import_zod.z.string().optional(),
-      remotePort: import_zod.z.number().optional(),
-      localDomain: import_zod.z.string(),
-      localPort: import_zod.z.number()
+    currentWs = ws;
+    let heartbeat = null;
+    let firstMessage = true;
+    const cleanup = () => {
+      if (heartbeat) clearInterval(heartbeat);
+      currentWs = null;
+      resolve();
+    };
+    ws.once("open", () => {
+      printer_default.success(`Connected to ${wsHost}`);
+      heartbeat = setInterval(() => {
+        if (ws.readyState === import_ws.default.OPEN) ws.ping();
+      }, PING_INTERVAL_MS);
+    });
+    ws.on("ping", () => ws.pong());
+    ws.on("message", async (data) => {
+      try {
+        if (firstMessage) {
+          firstMessage = false;
+          const ok = handleConnectionStatusMessage(data);
+          if (!ok) ws.close();
+          return;
+        }
+        setRemoteManagementState({ status: RemoteManagementStatus.Running, errorMessage: "" });
+        const req = JSON.parse(data.toString("utf8"));
+        await new WebSocketCommandHandler().handle(ws, req);
+      } catch (e) {
+        logger.warn("Failed handling websocket message", { error: String(e) });
+      }
     });
-    TunnelConfigSchema = import_zod.z.object({
-      allowPreflight: import_zod.z.boolean().optional(),
-      // primary key
-      allowpreflight: import_zod.z.boolean().optional(),
-      // legacy key
-      autoreconnect: import_zod.z.boolean(),
-      basicauth: import_zod.z.array(import_zod.z.object({ username: import_zod.z.string(), password: import_zod.z.string() })).nullable(),
-      bearerauth: import_zod.z.string().nullable(),
-      configid: import_zod.z.string(),
-      configname: import_zod.z.string(),
-      greetmsg: import_zod.z.string().optional(),
-      force: import_zod.z.boolean(),
-      forwardedhost: import_zod.z.string(),
-      fullRequestUrl: import_zod.z.boolean(),
-      headermodification: import_zod.z.array(HeaderModificationSchema),
-      httpsOnly: import_zod.z.boolean(),
-      internalwebdebuggerport: import_zod.z.number(),
-      ipwhitelist: import_zod.z.array(import_zod.z.string()).nullable(),
-      localport: import_zod.z.number(),
-      localsservertls: import_zod.z.union([import_zod.z.boolean(), import_zod.z.string()]),
-      localservertlssni: import_zod.z.string().nullable(),
-      regioncode: import_zod.z.string(),
-      noReverseProxy: import_zod.z.boolean(),
-      serveraddress: import_zod.z.string(),
-      serverport: import_zod.z.number(),
-      statusCheckInterval: import_zod.z.number(),
-      token: import_zod.z.string(),
-      tunnelTimeout: import_zod.z.number(),
-      type: import_zod.z.enum([
-        import_pinggy4.TunnelType.Http,
-        import_pinggy4.TunnelType.Tcp,
-        import_pinggy4.TunnelType.Udp,
-        import_pinggy4.TunnelType.Tls,
-        import_pinggy4.TunnelType.TlsTcp
-      ]),
-      webdebuggerport: import_zod.z.number(),
-      xff: import_zod.z.string(),
-      additionalForwarding: import_zod.z.array(AdditionalForwardingSchema).optional(),
-      serve: import_zod.z.string().optional()
-    }).superRefine((data, ctx) => {
-      if (data.allowPreflight === void 0 && data.allowpreflight === void 0) {
-        ctx.addIssue({
-          code: "custom",
-          message: "Either allowPreflight or allowpreflight is required",
-          path: ["allowPreflight"]
-        });
+    ws.on("unexpected-response", (_, res) => {
+      setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: `HTTP ${res.statusCode}` });
+      if (res.statusCode === 401) {
+        printer_default.error("Unauthorized. Please enter a valid token.");
+        logger.error("Unauthorized (401) on remote management connect");
+      } else {
+        printer_default.warn(`Unexpected HTTP ${res.statusCode}. Retrying...`);
+        logger.warn("Unexpected HTTP response", { statusCode: res.statusCode });
       }
-    }).transform((data) => ({
-      ...data,
-      allowPreflight: data.allowPreflight ?? data.allowpreflight,
-      allowpreflight: data.allowPreflight ?? data.allowpreflight
-    }));
-    StartSchema = import_zod.z.object({
-      tunnelID: import_zod.z.string().nullable().optional(),
-      tunnelConfig: TunnelConfigSchema
+      ws.close();
     });
-    StopSchema = import_zod.z.object({
-      tunnelID: import_zod.z.string().min(1)
+    ws.on("close", (code, reason) => {
+      setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: "" });
+      logger.info("WebSocket closed", { code, reason: reason.toString() });
+      printer_default.warn(`Disconnected (code: ${code}). Retrying...`);
+      cleanup();
     });
-    GetSchema = StopSchema;
-    RestartSchema = StopSchema;
-    UpdateConfigSchema = import_zod.z.object({
-      tunnelConfig: TunnelConfigSchema
+    ws.on("error", (err) => {
+      setRemoteManagementState({ status: RemoteManagementStatus.Error, errorMessage: err.message });
+      logger.warn("WebSocket error", { error: err.message });
+      printer_default.error(err);
+      cleanup();
     });
+  });
+}
+async function closeRemoteManagement(timeoutMs = 1e4) {
+  _stopRequested = true;
+  try {
+    if (currentWs) {
+      try {
+        setRemoteManagementState({ status: RemoteManagementStatus.Disconnecting, errorMessage: "" });
+        currentWs.close();
+      } catch (e) {
+        logger.warn("Error while closing current remote management websocket", { error: String(e) });
+      }
+    }
+    const start = Date.now();
+    while (_remoteManagementState.status === "RUNNING") {
+      if (Date.now() - start > timeoutMs) {
+        logger.warn("Timed out waiting for remote management to stop");
+        break;
+      }
+      await sleep(200);
+    }
+  } finally {
+    currentWs = null;
+    setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: "" });
+    return getRemoteManagementState();
+  }
+}
+function getRemoteManagementState() {
+  return _remoteManagementState;
+}
+function setRemoteManagementState(state, errorMessage) {
+  _remoteManagementState = {
+    status: state.status,
+    errorMessage: errorMessage || ""
+  };
+}
+var import_ws, RECONNECT_SLEEP_MS, PING_INTERVAL_MS, _remoteManagementState, _stopRequested, currentWs;
+var init_remoteManagement = __esm({
+  "src/remote_management/remoteManagement.ts"() {
+    "use strict";
+    init_cjs_shims();
+    import_ws = __toESM(require("ws"), 1);
+    init_logger();
+    init_websocket_handlers();
+    init_printer();
+    init_types();
+    RECONNECT_SLEEP_MS = 5e3;
+    PING_INTERVAL_MS = 3e4;
+    _remoteManagementState = {
+      status: "NOT_RUNNING",
+      errorMessage: ""
+    };
+    _stopRequested = false;
+    currentWs = null;
   }
 });
-// src/remote_management/handler.ts
-var import_pinggy5, TunnelOperations;
-var init_handler = __esm({
-  "src/remote_management/handler.ts"() {
+// src/cli/options.ts
+var cliOptions;
+var init_options = __esm({
+  "src/cli/options.ts"() {
     "use strict";
     init_cjs_shims();
-    init_types();
-    init_TunnelManager();
-    init_remote_schema();
-    import_pinggy5 = require("@pinggy/pinggy");
-    TunnelOperations = class {
-      constructor() {
-        this.tunnelManager = TunnelManager.getInstance();
-      }
-      buildStatus(tunnelId, state, errorCode) {
-        const status = newStatus(state, errorCode, "");
-        try {
-          const managed = this.tunnelManager.getManagedTunnel("", tunnelId);
-          if (managed) {
-            status.createdtimestamp = managed.createdAt || "";
-            status.starttimestamp = managed.startedAt || "";
-            status.endtimestamp = managed.stoppedAt || "";
-          }
-        } catch (e) {
-        }
-        return status;
-      }
-      // --- Helper to construct TunnelResponse ---
-      async buildTunnelResponse(tunnelid, tunnelConfig, configid, tunnelName, additionalForwarding, serve) {
-        const [status, stats, tlsInfo, greetMsg, remoteurls] = await Promise.all([
-          this.tunnelManager.getTunnelStatus(tunnelid),
-          this.tunnelManager.getLatestTunnelStats(tunnelid) || newStats(),
-          this.tunnelManager.getLocalserverTlsInfo(tunnelid),
-          this.tunnelManager.getTunnelGreetMessage(tunnelid),
-          this.tunnelManager.getTunnelUrls(tunnelid)
-        ]);
-        return {
-          tunnelid,
-          remoteurls,
-          tunnelconfig: pinggyOptionsToTunnelConfig(tunnelConfig, configid, tunnelName, tlsInfo, greetMsg, additionalForwarding),
-          status: this.buildStatus(tunnelid, status, "" /* NoError */),
-          stats
-        };
-      }
-      error(code, err, fallback) {
-        return newErrorResponse({
-          code,
-          message: err instanceof Error ? err.message : fallback
-        });
-      }
-      // --- Operations ---
-      async handleStart(config) {
-        try {
-          const opts = tunnelConfigToPinggyOptions(config);
-          const additionalForwardingParsed = config.additionalForwarding || [];
-          const { tunnelid, instance, tunnelName, additionalForwarding, serve } = await this.tunnelManager.createTunnel({
-            ...opts,
-            tunnelType: Array.isArray(config.type) ? config.type : config.type ? [config.type] : [import_pinggy5.TunnelType.Http],
-            // Temporary fix in future we will not use this field.
-            configid: config.configid,
-            tunnelName: config.configname,
-            additionalForwarding: additionalForwardingParsed,
-            serve: config.serve
-          });
-          this.tunnelManager.startTunnel(tunnelid);
-          const tunnelPconfig = await this.tunnelManager.getTunnelConfig("", tunnelid);
-          const resp = this.buildTunnelResponse(tunnelid, tunnelPconfig, config.configid, tunnelName, additionalForwarding, serve);
-          return resp;
-        } catch (err) {
-          return this.error(ErrorCode.ErrorStartingTunnel, err, "Unknown error occurred while starting tunnel");
-        }
-      }
-      async handleUpdateConfig(config) {
-        try {
-          const opts = tunnelConfigToPinggyOptions(config);
-          const tunnel = await this.tunnelManager.updateConfig({
-            ...opts,
-            tunnelType: Array.isArray(config.type) ? config.type : config.type ? [config.type] : [import_pinggy5.TunnelType.Http],
-            // // Temporary fix in future we will not use this field.
-            configid: config.configid,
-            tunnelName: config.configname,
-            additionalForwarding: config.additionalForwarding || [],
-            serve: config.serve
-          });
-          if (!tunnel.instance || !tunnel.tunnelConfig)
-            throw new Error("Invalid tunnel state after configuration update");
-          return this.buildTunnelResponse(tunnel.tunnelid, tunnel.tunnelConfig, config.configid, tunnel.tunnelName, tunnel.additionalForwarding, tunnel.serve);
-        } catch (err) {
-          return this.error(ErrorCode.InternalServerError, err, "Failed to update tunnel configuration");
+    cliOptions = {
+      // SSH-like options
+      R: { type: "string", multiple: true, description: "Local port. Eg. -R0:localhost:3000 will forward tunnel connections to local port 3000." },
+      L: { type: "string", multiple: true, description: "Web Debugger address. Eg. -L4300:localhost:4300 will start web debugger on port 4300." },
+      o: { type: "string", multiple: true, description: "Options", hidden: true },
+      "server-port": { type: "string", short: "p", description: "Pinggy server port. Default: 443" },
+      v4: { type: "boolean", short: "4", description: "IPv4 only", hidden: true },
+      v6: { type: "boolean", short: "6", description: "IPv6 only", hidden: true },
+      // These options appear in the ssh command, but we ignore it in CLI
+      t: { type: "boolean", description: "hidden", hidden: true },
+      T: { type: "boolean", description: "hidden", hidden: true },
+      n: { type: "boolean", description: "hidden", hidden: true },
+      N: { type: "boolean", description: "hidden", hidden: true },
+      // Better options
+      type: { type: "string", description: "Type of the connection. Eg. --type tcp" },
+      localport: { type: "string", short: "l", description: "Takes input as [protocol:][host:]port. Eg. --localport https://localhost:8000 OR -l 3000" },
+      debugger: { type: "string", short: "d", description: "Port for web debugger. Eg. --debugger 4300 OR -d 4300" },
+      token: { type: "string", description: "Token for authentication. Eg. --token TOKEN_VALUE" },
+      // Logging options (CLI overrides env)
+      loglevel: { type: "string", description: "Logging level: ERROR, INFO, DEBUG. Overrides PINGGY_LOG_LEVEL environment variable" },
+      logfile: { type: "string", description: "Path to log file. Overrides PINGGY_LOG_FILE environment variable" },
+      v: { type: "boolean", description: "Print logs to stdout for Cli. Overrides PINGGY_LOG_STDOUT environment variable" },
+      vv: { type: "boolean", description: "Enable detailed logging for the Node.js SDK and Libpinggy, including both info and debug level logs." },
+      vvv: { type: "boolean", description: "Enable all logs from Cli, SDK and internal components." },
+      autoreconnect: { type: "string", short: "a", description: "Automatically reconnect tunnel on failure (enabled by default). Use -a false to disable." },
+      // Save and load config
+      saveconf: { type: "string", description: "Create the configuration file based on the options provided here" },
+      conf: { type: "string", description: "Use the configuration file as base. Other options will be used to override this file" },
+      // File server
+      serve: { type: "string", description: "Start a webserver to serve files from the specified path. Eg --serve /path/to/files" },
+      // Remote Control
+      "remote-management": { type: "string", description: "Enable remote management of tunnels with token. Eg. --remote-management API_KEY" },
+      manage: { type: "string", description: "Provide a server address to manage tunnels. Eg --manage dashboard.pinggy.io" },
+      notui: { type: "boolean", description: "Disable TUI in remote management mode" },
+      // Misc
+      version: { type: "boolean", description: "Print version" },
+      // Help
+      help: { type: "boolean", short: "h", description: "Show this help message" }
+    };
+  }
+});
+// src/cli/help.ts
+function printHelpMessage() {
+  console.log("\nPinggy CLI Tool - Create secure tunnels to your localhost.");
+  console.log("\nUsage:");
+  console.log("   pinggy [options] -l <port>\n");
+  console.log("Options:");
+  for (const [key, value] of Object.entries(cliOptions)) {
+    if (value.hidden) continue;
+    const short = "short" in value && value.short ? `-${value.short}, ` : "    ";
+    const optType = value.type === "boolean" ? "" : "<value>";
+    console.log(`  ${short}--${key.padEnd(17)} ${optType.padEnd(8)} ${value.description}`);
+  }
+  console.log("\nExtended options :");
+  console.log("  x:https                 Enforce HTTPS only (redirect HTTP to HTTPS)");
+  console.log("  x:noreverseproxy        Disable built-in reverse-proxy header injection");
+  console.log("  x:localservertls:host   Connect to local HTTPS server with SNI");
+  console.log("  x:passpreflight         Pass CORS preflight requests unchanged");
+  console.log("  a:Key:Val               Add header");
+  console.log("  u:Key:Val               Update header");
+  console.log("  r:Key                   Remove header");
+  console.log("  b:user:pass             Basic auth");
+  console.log("  k:BEARER                Bearer token");
+  console.log("  w:192.168.1.0/24        IP whitelist (CIDR)");
+  console.log("\nExamples (User-friendly):");
+  console.log("  pinggy -l 3000                           # HTTP(S) tunnel to localhost port 3000");
+  console.log("  pinggy --type tcp -l 22                  # TCP tunnel for SSH (port 22)");
+  console.log("  pinggy -l 8080 -d 4300                   # HTTP tunnel to port 8080 with debugger running at localhost:4300");
+  console.log("  pinggy --token mytoken -l 3000           # Authenticated tunnel");
+  console.log("  pinggy x:https x:xff -l https://localhost:8443  # HTTPS-only + XFF");
+  console.log("  pinggy w:192.168.1.0/24 -l 8080          # IP whitelist restriction");
+  console.log("\nExamples (SSH-style):");
+  console.log("  pinggy -R0:localhost:3000                        # Basic HTTP tunnel");
+  console.log("  pinggy --type tcp -R0:localhost:22               # TCP tunnel for SSH");
+  console.log("  pinggy -R0:localhost:8080 -L4300:localhost:4300  # HTTP tunnel with debugger");
+  console.log("  pinggy tcp@ap.example.com -R0:localhost:22       # TCP tunnel to region\n");
+}
+var init_help = __esm({
+  "src/cli/help.ts"() {
+    "use strict";
+    init_cjs_shims();
+    init_options();
+  }
+});
+// src/cli/defaults.ts
+var defaultOptions;
+var init_defaults = __esm({
+  "src/cli/defaults.ts"() {
+    "use strict";
+    init_cjs_shims();
+    defaultOptions = {
+      token: void 0,
+      // No default token
+      serverAddress: "a.pinggy.io",
+      forwarding: "localhost:8000",
+      webDebugger: "",
+      ipWhitelist: [],
+      basicAuth: [],
+      bearerTokenAuth: [],
+      headerModification: [],
+      force: false,
+      xForwardedFor: false,
+      httpsOnly: false,
+      originalRequestUrl: false,
+      allowPreflight: false,
+      reverseProxy: false,
+      autoReconnect: true
+    };
+  }
+});
+// src/cli/extendedOptions.ts
+function parseExtendedOptions(options, config) {
+  if (!options) return;
+  for (const opt of options) {
+    const [key, value] = opt.replace(/^"|"$/g, "").split(/:(.+)/).filter(Boolean);
+    switch (key) {
+      case "x":
+        switch (value) {
+          case "https":
+          case "httpsonly":
+            config.httpsOnly = true;
+            break;
+          case "passpreflight":
+          case "allowpreflight":
+            config.allowPreflight = true;
+            break;
+          case "reverseproxy":
+            config.reverseProxy = false;
+            break;
+          case "xff":
+            config.xForwardedFor = true;
+            break;
+          case "fullurl":
+          case "fullrequesturl":
+            config.originalRequestUrl = true;
+            break;
+          default:
+            printer_default.warn(`Unknown extended option "${key}"`);
+            logger.warn(`Warning: Unknown extended option "${key}"`);
+            break;
         }
-      }
-      async handleList() {
-        try {
-          const tunnels = await this.tunnelManager.getAllTunnels();
-          if (tunnels.length === 0) {
-            return [];
+        break;
+      case "w":
+        if (value) {
+          const ips = value.split(",").map((ip) => ip.trim()).filter(Boolean);
+          const invalidIps = ips.filter((ip) => !(isValidIpV4Cidr(ip) || isValidIpV6Cidr(ip)));
+          if (invalidIps.length > 0) {
+            printer_default.warn(`Invalid IP/CIDR(s) in whitelist: ${invalidIps.join(", ")}`);
+            logger.warn(`Warning: Invalid IP/CIDR(s) in whitelist: ${invalidIps.join(", ")}`);
           }
-          return Promise.all(
-            tunnels.map(async (t) => {
-              const rawStats = this.tunnelManager.getLatestTunnelStats(t.tunnelid) || newStats();
-              const [status, tlsInfo, greetMsg] = await Promise.all([
-                this.tunnelManager.getTunnelStatus(t.tunnelid),
-                this.tunnelManager.getLocalserverTlsInfo(t.tunnelid),
-                this.tunnelManager.getTunnelGreetMessage(t.tunnelid)
-              ]);
-              const pinggyOptions = status !== "closed" /* Closed */ && status !== "exited" /* Exited */ ? await this.tunnelManager.getTunnelConfig("", t.tunnelid) : t.tunnelConfig;
-              const tunnelConfig = pinggyOptionsToTunnelConfig(pinggyOptions, t.configid, t.tunnelName, tlsInfo, greetMsg, t.additionalForwarding, t.serve);
-              return {
-                tunnelid: t.tunnelid,
-                remoteurls: t.remoteurls,
-                status: this.buildStatus(t.tunnelid, status, "" /* NoError */),
-                stats: rawStats,
-                tunnelconfig: tunnelConfig
-              };
-            })
-          );
-        } catch (err) {
-          return this.error(ErrorCode.InternalServerError, err, "Failed to list tunnels");
-        }
-      }
-      async handleStop(tunnelid) {
-        try {
-          const { configid } = this.tunnelManager.stopTunnel(tunnelid);
-          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
-          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
-          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
-        } catch (err) {
-          return this.error(ErrorCode.TunnelNotFound, err, "Failed to stop tunnel");
-        }
-      }
-      async handleGet(tunnelid) {
-        try {
-          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
-          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
-          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, managed.configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
-        } catch (err) {
-          return this.error(ErrorCode.TunnelNotFound, err, "Failed to get tunnel information");
+          if (!(invalidIps.length > 0)) {
+            config.ipWhitelist = ips;
+          }
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'w' requires IP(s)`);
+          logger.warn(`Warning: Extended option "${opt}" for 'w' requires IP(s)`);
         }
-      }
-      async handleRestart(tunnelid) {
-        try {
-          await this.tunnelManager.restartTunnel(tunnelid);
-          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
-          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
-          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, managed.configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
-        } catch (err) {
-          return this.error(ErrorCode.TunnelNotFound, err, "Failed to restart tunnel");
+        break;
+      case "k":
+        if (!config.bearerTokenAuth) config.bearerTokenAuth = [];
+        if (value) {
+          config.bearerTokenAuth.push(value);
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'k' requires a value`);
+          logger.warn(`Warning: Extended option "${opt}" for 'k' requires a value`);
         }
-      }
-      handleRegisterStatsListener(tunnelid, listener) {
-        this.tunnelManager.registerStatsListener(tunnelid, listener);
-      }
-      handleUnregisterStatsListener(tunnelid, listnerId) {
-        this.tunnelManager.deregisterStatsListener(tunnelid, listnerId);
-      }
-      handleGetTunnelStats(tunnelid) {
-        try {
-          const stats = this.tunnelManager.getTunnelStats(tunnelid);
-          if (!stats) {
-            return [newStats()];
-          }
-          return stats;
-        } catch (err) {
-          return this.error(ErrorCode.TunnelNotFound, err, "Failed to get tunnel stats");
+        break;
+      case "b":
+        if (value && value.includes(":")) {
+          const [username, password] = value.split(/:(.+)/);
+          if (!config.basicAuth) config.basicAuth = [];
+          config.basicAuth.push({ username, password });
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'b' requires value in format username:password`);
+          logger.warn(`Warning: Extended option "${opt}" for 'b' requires value in format username:password`);
         }
-      }
-      handleRegisterDisconnectListener(tunnelid, listener) {
-        this.tunnelManager.registerDisconnectListener(tunnelid, listener);
-      }
-      handleRemoveStoppedTunnelByConfigId(configId) {
-        try {
-          return this.tunnelManager.removeStoppedTunnelByConfigId(configId);
-        } catch (err) {
-          return this.error(ErrorCode.InternalServerError, err, "Failed to remove stopped tunnel by configId");
+        break;
+      case "a":
+        if (value && value.includes(":")) {
+          const [key2, val] = value.split(/:(.+)/);
+          if (!config.headerModification) config.headerModification = [];
+          config.headerModification.push({ type: "add", key: key2, value: [val] });
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'a' requires key:value`);
+          logger.warn(`Warning: Extended option "${opt}" for 'a' requires key:value`);
         }
-      }
-      handleRemoveStoppedTunnelByTunnelId(tunnelId) {
-        try {
-          return this.tunnelManager.removeStoppedTunnelByTunnelId(tunnelId);
-        } catch (err) {
-          return this.error(ErrorCode.InternalServerError, err, "Failed to remove stopped tunnel by tunnelId");
+        break;
+      case "u":
+        if (value && value.includes(":")) {
+          const [key2, val] = value.split(/:(.+)/);
+          if (!config.headerModification) config.headerModification = [];
+          config.headerModification.push({ type: "update", key: key2, value: [val] });
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'u' requires key:value`);
+          logger.warn(`Warning: Extended option "${opt}" for 'u' requires key:value`);
         }
-      }
-    };
-  }
-});
-// src/remote_management/websocket_handlers.ts
-function handleConnectionStatusMessage(firstMessage) {
-  try {
-    const text = typeof firstMessage === "string" ? firstMessage : firstMessage.toString();
-    const cs = JSON.parse(text);
-    if (!cs.success) {
-      const msg = cs.error_msg || "Connection failed";
-      printer_default.warn(`Connection failed: ${msg}`);
-      logger.warn("Remote management connection failed", { error_code: cs.error_code, error_msg: msg });
-      return false;
+        break;
+      case "r":
+        if (value) {
+          if (!config.headerModification) config.headerModification = [];
+          config.headerModification.push({ type: "remove", key: value });
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'r' requires a key`);
+        }
+        break;
+      default:
+        printer_default.warn(`Unknown extended option "${key}"`);
+        break;
     }
-    return true;
-  } catch (e) {
-    logger.warn("Failed to parse connection status message", { error: String(e) });
-    return true;
   }
 }
-var import_zod2, WebSocketCommandHandler;
-var init_websocket_handlers = __esm({
-  "src/remote_management/websocket_handlers.ts"() {
+function isValidIpV4Cidr(input) {
+  if (input.includes("/")) {
+    const [ip, mask] = input.split("/");
+    if (!ip || !mask) return false;
+    const isIp4 = (0, import_net.isIP)(ip) === 4;
+    const maskNum = parseInt(mask, 10);
+    const isMaskValid = !isNaN(maskNum) && maskNum >= 0 && maskNum <= 32;
+    return isIp4 && isMaskValid;
+  }
+  return false;
+}
+function isValidIpV6Cidr(input) {
+  if (input.includes("/")) {
+    const [rawIp, mask] = input.split("/");
+    if (!rawIp || !mask) return false;
+    const ip = rawIp.split("%")[0].replace(/^\[|\]$/g, "");
+    const isIp6 = (0, import_net.isIP)(ip) === 6;
+    const maskNum = parseInt(mask, 10);
+    const isMaskValid = !isNaN(maskNum) && maskNum >= 0 && maskNum <= 128;
+    return isIp6 && isMaskValid;
+  }
+  return false;
+}
+var import_net;
+var init_extendedOptions = __esm({
+  "src/cli/extendedOptions.ts"() {
     "use strict";
     init_cjs_shims();
+    import_net = require("net");
     init_logger();
-    init_types();
-    init_handler();
-    init_remote_schema();
-    import_zod2 = __toESM(require("zod"), 1);
     init_printer();
-    WebSocketCommandHandler = class {
-      constructor() {
-        this.tunnelHandler = new TunnelOperations();
-      }
-      safeParse(text) {
-        if (!text) return void 0;
-        try {
-          return JSON.parse(text);
-        } catch (e) {
-          logger.warn("Invalid JSON payload", { error: String(e), text });
-          return void 0;
-        }
-      }
-      sendResponse(ws, resp) {
-        const payload = {
-          ...resp,
-          response: Buffer.from(resp.response || []).toString("base64")
-        };
-        ws.send(JSON.stringify(payload));
-      }
-      sendError(ws, req, message, code = ErrorCode.InternalServerError) {
-        const resp = NewErrorResponseObject({ code, message });
-        resp.command = req.command || "";
-        resp.requestid = req.requestid || "";
-        this.sendResponse(ws, resp);
-      }
-      async handleStartReq(req, raw) {
-        const dc = StartSchema.parse(raw);
-        printer_default.info("Starting tunnel with config name: " + dc.tunnelConfig.configname);
-        const result = await this.tunnelHandler.handleStart(dc.tunnelConfig);
-        return this.wrapResponse(result, req);
-      }
-      async handleStopReq(req, raw) {
-        const dc = StopSchema.parse(raw);
-        printer_default.info("Stopping tunnel with ID: " + dc.tunnelID);
-        const result = await this.tunnelHandler.handleStop(dc.tunnelID);
-        return this.wrapResponse(result, req);
-      }
-      async handleGetReq(req, raw) {
-        const dc = GetSchema.parse(raw);
-        const result = await this.tunnelHandler.handleGet(dc.tunnelID);
-        return this.wrapResponse(result, req);
-      }
-      async handleRestartReq(req, raw) {
-        const dc = RestartSchema.parse(raw);
-        const result = await this.tunnelHandler.handleRestart(dc.tunnelID);
-        return this.wrapResponse(result, req);
-      }
-      async handleUpdateConfigReq(req, raw) {
-        const dc = UpdateConfigSchema.parse(raw);
-        const result = await this.tunnelHandler.handleUpdateConfig(dc.tunnelConfig);
-        return this.wrapResponse(result, req);
-      }
-      async handleListReq(req) {
-        const result = await this.tunnelHandler.handleList();
-        return this.wrapResponse(result, req);
-      }
-      wrapResponse(result, req) {
-        if (isErrorResponse(result)) {
-          const errResp = NewErrorResponseObject(result);
-          errResp.command = req.command;
-          errResp.requestid = req.requestid;
-          return errResp;
-        }
-        const finalResult = JSON.parse(JSON.stringify(result));
-        if (Array.isArray(finalResult)) {
-          finalResult.forEach((item) => {
-            if (item?.tunnelconfig) {
-              delete item.tunnelconfig.allowPreflight;
-            }
-          });
-        } else if (finalResult?.tunnelconfig) {
-          delete finalResult.tunnelconfig.allowPreflight;
+  }
+});
+// src/cli/buildConfig.ts
+function isKeyword(str) {
+  return KEYWORDS.has(str.toLowerCase());
+}
+function parseUserAndDomain(str) {
+  let token;
+  let type;
+  let server;
+  let qrCode;
+  let forceFlag;
+  if (!str) return { token, type, server, qrCode, forceFlag };
+  if (str.includes("@")) {
+    const [user, domain] = str.split("@", 2);
+    if (domainRegex.test(domain)) {
+      let processKeyword2 = function(keyword) {
+        if ([import_pinggy5.TunnelType.Http, import_pinggy5.TunnelType.Tcp, import_pinggy5.TunnelType.Tls, import_pinggy5.TunnelType.Udp, import_pinggy5.TunnelType.TlsTcp].includes(keyword)) {
+          type = keyword;
+        } else if (keyword === "force") {
+          forceFlag = true;
+        } else if (keyword === "qr") {
+          qrCode = true;
         }
-        const respObj = NewResponseObject(finalResult);
-        respObj.command = req.command;
-        respObj.requestid = req.requestid;
-        return respObj;
-      }
-      async handle(ws, req) {
-        const cmd = (req.command || "").toLowerCase();
-        const raw = this.safeParse(req.data);
-        try {
-          let response;
-          switch (cmd) {
-            case "start": {
-              response = await this.handleStartReq(req, raw);
-              break;
-            }
-            case "stop": {
-              response = await this.handleStopReq(req, raw);
-              break;
-            }
-            case "get": {
-              response = await this.handleGetReq(req, raw);
-              break;
-            }
-            case "restart": {
-              response = await this.handleRestartReq(req, raw);
-              break;
-            }
-            case "updateconfig": {
-              response = await this.handleUpdateConfigReq(req, raw);
-              break;
-            }
-            case "list": {
-              response = await this.handleListReq(req);
-              break;
-            }
-            default:
-              if (typeof req.command === "string") {
-                logger.warn("Unknown command", { command: req.command });
-              }
-              return this.sendError(ws, req, "Invalid command");
+      };
+      var processKeyword = processKeyword2;
+      server = domain;
+      const parts = user.split("+");
+      if (parts.length === 0) {
+        return { token, type, server, qrCode, forceFlag };
+      }
+      const firstPart = parts[0];
+      if (!isKeyword(firstPart)) {
+        token = firstPart;
+        for (let i = 1; i < parts.length; i++) {
+          const part = parts[i].toLowerCase();
+          if (!isKeyword(part)) {
+            throw new Error(`Invalid user format: unexpected token '${part}' when keywords are expected.`);
           }
-          logger.debug("Sending response", { command: response.command, requestid: response.requestid });
-          this.sendResponse(ws, response);
-        } catch (e) {
-          if (e instanceof import_zod2.default.ZodError) {
-            logger.warn("Validation failed", { cmd, issues: e.issues });
-            return this.sendError(ws, req, "Invalid request data", ErrorCode.InvalidBodyFormatError);
+          processKeyword2(part);
+        }
+      } else {
+        for (const part of parts) {
+          const lowerPart = part.toLowerCase();
+          if (!isKeyword(lowerPart)) {
+            throw new Error(`Invalid user format: unexpected token '${lowerPart}' when keywords are expected.`);
           }
-          logger.error("Error handling command", { cmd, error: String(e) });
-          return this.sendError(ws, req, e?.message || "Internal error");
+          processKeyword2(lowerPart);
         }
       }
-    };
+    }
+  } else if (domainRegex.test(str)) {
+    server = str;
   }
-});
-// src/remote_management/remoteManagement.ts
-function buildRemoteManagementWsUrl(manage) {
-  let baseUrl = (manage || "dashboard.pinggy.io").trim();
-  if (!(baseUrl.startsWith("ws://") || baseUrl.startsWith("wss://"))) {
-    baseUrl = "wss://" + baseUrl;
+  return { token, type, server, qrCode, forceFlag };
+}
+function parseUsers(positionalArgs, explicitToken) {
+  let token;
+  let server;
+  let type;
+  let forceFlag = false;
+  let qrCode = false;
+  let remaining = [...positionalArgs];
+  if (typeof explicitToken === "string") {
+    const parsed = parseUserAndDomain(explicitToken);
+    if (parsed.server) server = parsed.server;
+    if (parsed.type) type = parsed.type;
+    if (parsed.token) token = parsed.token;
+    if (parsed.forceFlag) forceFlag = true;
+    if (parsed.qrCode) qrCode = true;
+  }
+  if (remaining.length > 0) {
+    const first = remaining[0];
+    const parsed = parseUserAndDomain(first);
+    if (parsed.server) {
+      server = parsed.server;
+      if (parsed.type) type = parsed.type;
+      if (parsed.token) token = parsed.token;
+      if (parsed.forceFlag) forceFlag = true;
+      if (parsed.qrCode) qrCode = true;
+      remaining = remaining.slice(1);
+    }
+  }
+  return { token, server, type, forceFlag, qrCode, remaining };
+}
+function parseType(finalConfig, values, inferredType) {
+  const t = inferredType || values.type || finalConfig.tunnelType;
+  if (t === import_pinggy5.TunnelType.Http || t === import_pinggy5.TunnelType.Tcp || t === import_pinggy5.TunnelType.Tls || t === import_pinggy5.TunnelType.Udp || t === import_pinggy5.TunnelType.TlsTcp) {
+    finalConfig.tunnelType = [t];
+  }
+}
+function parseLocalPort(finalConfig, values) {
+  if (typeof values.localport !== "string") return null;
+  let lp = values.localport.trim();
+  let isHttps = false;
+  if (lp.startsWith("https://")) {
+    isHttps = true;
+    lp = lp.replace(/^https:\/\//, "");
+  } else if (lp.startsWith("http://")) {
+    lp = lp.replace(/^http:\/\//, "");
+  }
+  const parts = lp.split(":");
+  if (parts.length === 1) {
+    const port = parseInt(parts[0], 10);
+    if (!Number.isNaN(port) && isValidPort(port)) {
+      finalConfig.forwarding = `localhost:${port}`;
+    } else {
+      return new Error("Invalid local port");
+    }
+  } else if (parts.length === 2) {
+    const host = parts[0] || "localhost";
+    const port = parseInt(parts[1], 10);
+    if (!Number.isNaN(port) && isValidPort(port)) {
+      finalConfig.forwarding = `${host}:${port}`;
+    } else {
+      return new Error("Invalid local port. Please use -h option for help.");
+    }
+  } else {
+    return new Error("Invalid --localport format. Please use -h option for help.");
   }
-  const trimmed = baseUrl.replace(/\/$/, "");
-  return `${trimmed}/backend/api/v1/remote-management/connect`;
+  return null;
 }
-function extractHostname(u) {
-  try {
-    const url = new URL(u);
-    return url.host;
-  } catch {
-    return u;
+function removeIPv6Brackets(ip) {
+  if (ip.startsWith("[") && ip.endsWith("]")) {
+    return ip.slice(1, -1);
   }
+  return ip;
 }
-function sleep(ms) {
-  return new Promise((res) => setTimeout(res, ms));
-}
-async function parseRemoteManagement(values) {
-  const rmToken = values["remote-management"];
-  if (typeof rmToken === "string" && rmToken.trim().length > 0) {
-    const manageHost = values["manage"];
-    try {
-      await initiateRemoteManagement(rmToken, manageHost);
-      return { ok: true };
-    } catch (e) {
-      logger.error("Failed to initiate remote management:", e);
-      return { ok: false, error: e };
+function ipv6SafeSplitColon(s) {
+  const result = [];
+  let buf = "";
+  const stack = [];
+  for (let i = 0; i < s.length; i++) {
+    const c = s[i];
+    if (c === "[") {
+      stack.push(c);
+    } else if (c === "]" && stack.length > 0) {
+      stack.pop();
+    }
+    if (c === ":" && stack.length === 0) {
+      result.push(buf);
+      buf = "";
+    } else {
+      buf += c;
     }
   }
+  result.push(buf);
+  return result;
 }
-async function initiateRemoteManagement(token, manage) {
-  if (!token || token.trim().length === 0) {
-    throw new Error("Remote management token is required (use --remote-management <TOKEN>)");
+function parseDefaultForwarding(forwarding) {
+  const parts = ipv6SafeSplitColon(forwarding);
+  if (parts.length === 3) {
+    const remotePort = parseInt(parts[0], 10);
+    const localDomain = removeIPv6Brackets(parts[1] || "localhost");
+    const localPort = parseInt(parts[2], 10);
+    return { remotePort, localDomain, localPort };
   }
-  const wsUrl = buildRemoteManagementWsUrl(manage);
-  const wsHost = extractHostname(wsUrl);
-  logger.info("Remote management mode enabled.");
-  _stopRequested = false;
-  const sigintHandler = () => {
-    _stopRequested = true;
+  if (parts.length === 4) {
+    const remoteDomain = removeIPv6Brackets(parts[0]);
+    const remotePort = parseInt(parts[1], 10);
+    const localDomain = removeIPv6Brackets(parts[2] || "localhost");
+    const localPort = parseInt(parts[3], 10);
+    return { remoteDomain, remotePort, localDomain, localPort };
+  }
+  return new Error("forwarding address incorrect");
+}
+function parseAdditionalForwarding(forwarding) {
+  const toPort = (v) => {
+    if (!v) return null;
+    const n = parseInt(v, 10);
+    return Number.isNaN(n) ? null : n;
   };
-  process.once("SIGINT", sigintHandler);
-  const logConnecting = () => {
-    printer_default.print(`Connecting to ${wsHost}`);
-    logger.info("Connecting to remote management", { wsUrl });
+  const parsed = ipv6SafeSplitColon(forwarding);
+  if (parsed.length !== 4) {
+    return new Error(
+      "forwarding must be in format: [schema//]hostname[/port][@forwardingId]:<placeholder>:<forwardingAddress>:<forwardingPort>"
+    );
+  }
+  const firstPart = parsed[0];
+  const [hostPart] = firstPart.split("@");
+  let protocol = "http";
+  let remoteDomainRaw;
+  let remotePort = 0;
+  if (hostPart.includes("//")) {
+    const [schema, rest] = hostPart.split("//");
+    if (!schema || !VALID_PROTOCOLS.includes(schema)) {
+      return new Error(`invalid protocol: ${schema}`);
+    }
+    protocol = schema;
+    const domainAndPort = rest.split("/");
+    if (domainAndPort.length > 2) {
+      return new Error("invalid forwarding address format");
+    }
+    remoteDomainRaw = domainAndPort[0];
+    if (!remoteDomainRaw || !domainRegex.test(remoteDomainRaw)) {
+      return new Error("invalid remote domain");
+    }
+    const parsedRemotePort = toPort(domainAndPort[1]);
+    if (protocol === "http") {
+      remotePort = 0;
+    } else {
+      if (parsedRemotePort === null || !isValidPort(parsedRemotePort)) {
+        return new Error(
+          `${protocol} forwarding requires port in format ${protocol}//domain/remotePort`
+        );
+      }
+      remotePort = parsedRemotePort;
+    }
+  } else {
+    remoteDomainRaw = hostPart;
+    if (!domainRegex.test(remoteDomainRaw)) {
+      return new Error("invalid remote domain");
+    }
+    protocol = "http";
+    remotePort = 0;
+  }
+  const localDomain = removeIPv6Brackets(parsed[2] || "localhost");
+  const localPort = toPort(parsed[3]);
+  if (localPort === null || !isValidPort(localPort)) {
+    return new Error("forwarding address incorrect: invalid local port");
+  }
+  return {
+    protocol,
+    remoteDomain: remoteDomainRaw,
+    remotePort,
+    localDomain,
+    localPort
   };
-  while (!_stopRequested) {
-    logConnecting();
-    setRemoteManagementState({ status: RemoteManagementStatus.Connecting, errorMessage: "" });
-    try {
-      await handleWebSocketConnection(wsUrl, wsHost, token);
-    } catch (error) {
-      logger.warn("Remote management connection error", { error: String(error) });
+}
+function parseReverseTunnelAddr(finalConfig, values) {
+  const reverseTunnel = values.R;
+  if ((!Array.isArray(reverseTunnel) || reverseTunnel.length === 0) && !values.localport && !finalConfig.forwarding) {
+    return new Error("local port not specified. Please use '-h' option for help.");
+  }
+  if (!Array.isArray(reverseTunnel) || reverseTunnel.length === 0) {
+    return null;
+  }
+  for (const forwarding of reverseTunnel) {
+    const slicedForwarding = ipv6SafeSplitColon(forwarding);
+    if (slicedForwarding.length === 3) {
+      const parsed = parseDefaultForwarding(forwarding);
+      if (parsed instanceof Error) return parsed;
+      finalConfig.forwarding = `${parsed.localDomain}:${parsed.localPort}`;
+    } else if (slicedForwarding.length === 4) {
+      finalConfig.additionalForwarding ?? (finalConfig.additionalForwarding = []);
+      const parsed = parseAdditionalForwarding(forwarding);
+      if (parsed instanceof Error) return parsed;
+      finalConfig.additionalForwarding.push(parsed);
+    } else {
+      return new Error(
+        "Incorrect command line arguments: reverse tunnel address incorrect. Please use '-h' option for help."
+      );
     }
-    if (_stopRequested) break;
-    printer_default.warn(`Remote management disconnected. Reconnecting in ${RECONNECT_SLEEP_MS / 1e3} seconds...`);
-    logger.info("Reconnecting to remote management after disconnect");
-    await sleep(RECONNECT_SLEEP_MS);
   }
-  process.removeListener("SIGINT", sigintHandler);
-  logger.info("Remote management stopped.");
-  return getRemoteManagementState();
+  return null;
 }
-async function handleWebSocketConnection(wsUrl, wsHost, token) {
-  return new Promise((resolve) => {
-    const ws = new import_ws.default(wsUrl, {
-      headers: { Authorization: `Bearer ${token}` }
-    });
-    currentWs = ws;
-    let heartbeat = null;
-    let firstMessage = true;
-    const cleanup = () => {
-      if (heartbeat) clearInterval(heartbeat);
-      currentWs = null;
-      resolve();
-    };
-    ws.once("open", () => {
-      printer_default.success(`Connected to ${wsHost}`);
-      heartbeat = setInterval(() => {
-        if (ws.readyState === import_ws.default.OPEN) ws.ping();
-      }, PING_INTERVAL_MS);
-    });
-    ws.on("ping", () => ws.pong());
-    ws.on("message", async (data) => {
-      try {
-        if (firstMessage) {
-          firstMessage = false;
-          const ok = handleConnectionStatusMessage(data);
-          if (!ok) ws.close();
-          return;
-        }
-        setRemoteManagementState({ status: RemoteManagementStatus.Running, errorMessage: "" });
-        const req = JSON.parse(data.toString("utf8"));
-        await new WebSocketCommandHandler().handle(ws, req);
-      } catch (e) {
-        logger.warn("Failed handling websocket message", { error: String(e) });
-      }
-    });
-    ws.on("unexpected-response", (_, res) => {
-      setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: `HTTP ${res.statusCode}` });
-      if (res.statusCode === 401) {
-        printer_default.error("Unauthorized. Please enter a valid token.");
-        logger.error("Unauthorized (401) on remote management connect");
-      } else {
-        printer_default.warn(`Unexpected HTTP ${res.statusCode}. Retrying...`);
-        logger.warn("Unexpected HTTP response", { statusCode: res.statusCode });
-      }
-      ws.close();
-    });
-    ws.on("close", (code, reason) => {
-      setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: "" });
-      logger.info("WebSocket closed", { code, reason: reason.toString() });
-      printer_default.warn(`Disconnected (code: ${code}). Retrying...`);
-      cleanup();
-    });
-    ws.on("error", (err) => {
-      setRemoteManagementState({ status: RemoteManagementStatus.Error, errorMessage: err.message });
-      logger.warn("WebSocket error", { error: err.message });
-      printer_default.error(err);
-      cleanup();
-    });
-  });
+function parseLocalTunnelAddr(finalConfig, values) {
+  if (!Array.isArray(values.L) || values.L.length === 0) return null;
+  const firstL = values.L[0];
+  const parts = firstL.split(":");
+  if (parts.length === 3) {
+    const lp = parseInt(parts[0], 10);
+    if (!Number.isNaN(lp) && isValidPort(lp)) {
+      finalConfig.webDebugger = `localhost:${lp}`;
+    } else {
+      return new Error(`Invalid debugger port ${lp}`);
+    }
+  } else {
+    return new Error("Incorrect command line arguments: web debugger address incorrect. Please use '-h' option for help.");
+  }
+}
+function parseDebugger(finalConfig, values) {
+  let dbg = values.debugger;
+  if (typeof dbg !== "string") return;
+  dbg = dbg.startsWith(":") ? dbg.slice(1) : dbg;
+  const d = parseInt(dbg, 10);
+  if (!Number.isNaN(d) && isValidPort(d)) {
+    finalConfig.webDebugger = `localhost:${d}`;
+  } else {
+    logger.error("Invalid debugger port:", dbg);
+    return new Error(`Invalid debugger port ${dbg}. Please use '-h' option for help.`);
+  }
 }
-async function closeRemoteManagement(timeoutMs = 1e4) {
-  _stopRequested = true;
-  try {
-    if (currentWs) {
-      try {
-        setRemoteManagementState({ status: RemoteManagementStatus.Disconnecting, errorMessage: "" });
-        currentWs.close();
-      } catch (e) {
-        logger.warn("Error while closing current remote management websocket", { error: String(e) });
-      }
+function parseToken(finalConfig, explicitToken) {
+  if (typeof explicitToken === "string" && explicitToken) {
+    finalConfig.token = explicitToken;
+  }
+}
+function parseArgs(finalConfig, remainingPositionals) {
+  parseExtendedOptions(remainingPositionals, finalConfig);
+}
+function storeJson(config, saveconf) {
+  if (saveconf) {
+    const path5 = saveconf;
+    try {
+      import_fs3.default.writeFileSync(path5, JSON.stringify(config, null, 2), { encoding: "utf-8", flag: "w" });
+      logger.info(`Configuration saved to ${path5}`);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      logger.error("Error loading configuration:", msg);
     }
-    const start = Date.now();
-    while (_remoteManagementState.status === "RUNNING") {
-      if (Date.now() - start > timeoutMs) {
-        logger.warn("Timed out waiting for remote management to stop");
-        break;
-      }
-      await sleep(200);
+  }
+}
+function loadJsonConfig(config) {
+  const configpath = config["conf"];
+  if (typeof configpath === "string" && configpath.trim().length > 0) {
+    const filepath = import_path3.default.resolve(configpath);
+    try {
+      const data = import_fs3.default.readFileSync(filepath, { encoding: "utf-8" });
+      const json = JSON.parse(data);
+      return json;
+    } catch (err) {
+      logger.error("Error loading configuration:", err);
     }
-  } finally {
-    currentWs = null;
-    setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: "" });
-    return getRemoteManagementState();
   }
+  return null;
 }
-function getRemoteManagementState() {
-  return _remoteManagementState;
+function isSaveConfOption(values) {
+  const saveconf = values["saveconf"];
+  if (typeof saveconf === "string" && saveconf.trim().length > 0) {
+    return saveconf;
+  }
+  return null;
 }
-function setRemoteManagementState(state, errorMessage) {
-  _remoteManagementState = {
-    status: state.status,
-    errorMessage: errorMessage || ""
+function parseServe(finalConfig, values) {
+  const sv = values.serve;
+  if (typeof sv !== "string" || sv.trim().length === 0) return null;
+  finalConfig.serve = sv;
+  return null;
+}
+function parseAutoReconnect(finalConfig, values) {
+  const autoReconnectValue = values.autoreconnect;
+  if (typeof autoReconnectValue === "string") {
+    const trimmed = autoReconnectValue.trim().toLowerCase();
+    if (trimmed === "true" || trimmed === "") {
+      finalConfig.autoReconnect = true;
+    } else if (trimmed === "false") {
+      finalConfig.autoReconnect = false;
+    } else {
+      return new Error(`Invalid autoreconnect value: ${autoReconnectValue}. Use true or false.`);
+    }
+  }
+  return null;
+}
+async function buildFinalConfig(values, positionals) {
+  let token;
+  let server;
+  let type;
+  let forceFlag = false;
+  let qrCode = false;
+  let finalConfig = new Object();
+  let saveconf = isSaveConfOption(values);
+  const configFromFile = loadJsonConfig(values);
+  const userParse = parseUsers(positionals, values.token);
+  token = userParse.token;
+  server = userParse.server;
+  type = userParse.type;
+  forceFlag = userParse.forceFlag;
+  qrCode = userParse.qrCode;
+  const remainingPositionals = userParse.remaining;
+  const initialTunnel = type || values.type;
+  finalConfig = {
+    ...defaultOptions,
+    ...configFromFile || {},
+    // Apply loaded config on top of defaults
+    configid: getRandomId(),
+    token: token || (configFromFile?.token || (typeof values.token === "string" ? values.token : "")),
+    serverAddress: server || (configFromFile?.serverAddress || defaultOptions.serverAddress),
+    tunnelType: initialTunnel ? [initialTunnel] : configFromFile?.tunnelType || [import_pinggy5.TunnelType.Http],
+    NoTUI: values.notui || (configFromFile?.NoTUI || false),
+    qrCode: qrCode || (configFromFile?.qrCode || false),
+    autoReconnect: configFromFile?.autoReconnect ? configFromFile.autoReconnect : defaultOptions.autoReconnect
   };
+  parseType(finalConfig, values, type);
+  parseToken(finalConfig, token || values.token);
+  const dbgErr = parseDebugger(finalConfig, values);
+  if (dbgErr instanceof Error) throw dbgErr;
+  const lpErr = parseLocalPort(finalConfig, values);
+  if (lpErr instanceof Error) throw lpErr;
+  const rErr = parseReverseTunnelAddr(finalConfig, values);
+  if (rErr instanceof Error) throw rErr;
+  const lErr = parseLocalTunnelAddr(finalConfig, values);
+  if (lErr instanceof Error) throw lErr;
+  const serveErr = parseServe(finalConfig, values);
+  if (serveErr instanceof Error) throw serveErr;
+  const autoReconnectErr = parseAutoReconnect(finalConfig, values);
+  if (autoReconnectErr instanceof Error) throw autoReconnectErr;
+  if (forceFlag) finalConfig.force = true;
+  parseArgs(finalConfig, remainingPositionals);
+  storeJson(finalConfig, saveconf);
+  return finalConfig;
 }
-var import_ws, RECONNECT_SLEEP_MS, PING_INTERVAL_MS, _remoteManagementState, _stopRequested, currentWs;
-var init_remoteManagement = __esm({
-  "src/remote_management/remoteManagement.ts"() {
+var import_pinggy5, import_fs3, import_path3, domainRegex, KEYWORDS, VALID_PROTOCOLS;
+var init_buildConfig = __esm({
+  "src/cli/buildConfig.ts"() {
     "use strict";
     init_cjs_shims();
-    import_ws = __toESM(require("ws"), 1);
+    init_defaults();
+    init_extendedOptions();
     init_logger();
-    init_websocket_handlers();
-    init_printer();
-    init_types();
-    RECONNECT_SLEEP_MS = 5e3;
-    PING_INTERVAL_MS = 3e4;
-    _remoteManagementState = {
-      status: "NOT_RUNNING",
-      errorMessage: ""
-    };
-    _stopRequested = false;
-    currentWs = null;
+    init_util();
+    import_pinggy5 = require("@pinggy/pinggy");
+    import_fs3 = __toESM(require("fs"), 1);
+    import_path3 = __toESM(require("path"), 1);
+    domainRegex = /^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/;
+    KEYWORDS = /* @__PURE__ */ new Set([
+      import_pinggy5.TunnelType.Http,
+      import_pinggy5.TunnelType.Tcp,
+      import_pinggy5.TunnelType.Tls,
+      import_pinggy5.TunnelType.Udp,
+      import_pinggy5.TunnelType.TlsTcp,
+      "force",
+      "qr"
+    ]);
+    VALID_PROTOCOLS = ["http", "tcp", "udp", "tls"];
   }
 });
@@ -3444,6 +3770,91 @@ function closeDisconnectModal(screen, manager) {
   manager.inDisconnectView = false;
   screen.render();
 }
+function showReconnectingModal(screen, manager, retryCnt, message) {
+  if (manager.reconnectModal) {
+    manager.reconnectModal.destroy();
+    manager.reconnectModal = null;
+  }
+  manager.inReconnectView = true;
+  manager.reconnectModal = import_blessed2.default.box({
+    parent: screen,
+    top: "center",
+    left: "center",
+    width: "50%",
+    height: "20%",
+    border: {
+      type: "line"
+    },
+    style: {
+      border: {
+        fg: "yellow"
+      }
+    },
+    padding: { left: 2, right: 2, top: 1, bottom: 1 },
+    tags: true,
+    align: "center",
+    valign: "middle"
+  });
+  const content = `{yellow-fg}{bold}Reconnecting...{/bold}{/yellow-fg}
+${message || `Attempt #${retryCnt} \u2014 trying to re-establish tunnel...`}
+{gray-fg}Please wait{/gray-fg}`;
+  manager.reconnectModal.setContent(content);
+  manager.reconnectModal.focus();
+  screen.render();
+}
+function closeReconnectingModal(screen, manager) {
+  if (manager.reconnectModal) {
+    manager.reconnectModal.destroy();
+    manager.reconnectModal = null;
+  }
+  manager.inReconnectView = false;
+  screen.render();
+}
+function showReconnectionFailedModal(screen, manager, retryCnt, onClose) {
+  closeReconnectingModal(screen, manager);
+  manager.inReconnectView = true;
+  manager.reconnectModal = import_blessed2.default.box({
+    parent: screen,
+    top: "center",
+    left: "center",
+    width: "50%",
+    height: "20%",
+    border: {
+      type: "line"
+    },
+    style: {
+      border: {
+        fg: "red"
+      }
+    },
+    padding: { left: 2, right: 2, top: 1, bottom: 1 },
+    tags: true,
+    align: "center",
+    valign: "middle"
+  });
+  const content = `{red-fg}{bold}Reconnection Failed{/bold}{/red-fg}
+Failed to reconnect after ${retryCnt} attempts.
+Tunnel will be closed.
+{white-bg}{black-fg}Closing in 5 seconds...{/black-fg}{/white-bg}`;
+  manager.reconnectModal.setContent(content);
+  manager.reconnectModal.focus();
+  screen.render();
+  const timeout = setTimeout(() => {
+    closeReconnectingModal(screen, manager);
+    if (onClose) onClose();
+  }, 5e3);
+  const keyHandler = () => {
+    clearTimeout(timeout);
+    closeReconnectingModal(screen, manager);
+    if (onClose) onClose();
+  };
+  manager.reconnectModal.key(["escape", "enter", "space"], keyHandler);
+  screen.key(["escape", "enter", "space"], keyHandler);
+}
 function showLoadingModal(screen, modalManager, message = "Loading...") {
   if (modalManager.loadingView) return;
   modalManager.loadingBox = import_blessed2.default.box({
@@ -3751,9 +4162,11 @@ var init_TunnelTui = __esm({
           detailModal: null,
           keyBindingsModal: null,
           disconnectModal: null,
+          reconnectModal: null,
           inDetailView: false,
           keyBindingView: false,
           inDisconnectView: false,
+          inReconnectView: false,
           loadingBox: null,
           loadingView: false,
           fetchAbortController: null
@@ -3954,6 +4367,25 @@ Tunnel will be closed.` : info.messages?.join("\n") || "Disconnect request recei
           );
         }
       }
+      updateReconnectingInfo(retryCnt, message) {
+        showReconnectingModal(
+          this.screen,
+          this.modalManager,
+          retryCnt,
+          message
+        );
+      }
+      closeReconnectingInfo() {
+        closeReconnectingModal(this.screen, this.modalManager);
+      }
+      updateReconnectionFailed(retryCnt) {
+        showReconnectionFailedModal(
+          this.screen,
+          this.modalManager,
+          retryCnt,
+          () => this.destroy()
+        );
+      }
       start() {
         this.screen.render();
       }
@@ -4054,6 +4486,35 @@ async function startCli(finalConfig, manager) {
     }
     printer_default.print(import_picocolors3.default.gray("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
     printer_default.print(import_picocolors3.default.gray("\nPress Ctrl+C to stop the tunnel.\n"));
+    manager2.registerWillReconnectListener(tunnel.tunnelid, (tunnelId, error, messages) => {
+      if (activeTui) {
+        const msg = messages?.join("\n") || error || "Tunnel disconnected, reconnecting...";
+        activeTui.updateReconnectingInfo(0, msg);
+      } else if (finalConfig.autoReconnect) {
+        printer_default.warn(error || "Tunnel connection reset");
+        printer_default.startSpinner(messages?.join("\n"));
+      }
+    });
+    manager2.registerReconnectingListener(tunnel.tunnelid, (tunnelId, retryCnt) => {
+      if (activeTui) {
+        activeTui.updateReconnectingInfo(retryCnt);
+      } else if (finalConfig.autoReconnect) {
+        printer_default.startSpinner(`Reconnecting to Pinggy (attempt #${retryCnt})`);
+      }
+    });
+    manager2.registerReconnectionCompletedListener(tunnel.tunnelid, (tunnelId, urls) => {
+      if (activeTui) {
+        activeTui.closeReconnectingInfo();
+      }
+    });
+    manager2.registerReconnectionFailedListener(tunnel.tunnelid, (tunnelId, retryCnt) => {
+      if (activeTui) {
+        activeTui.updateReconnectionFailed(retryCnt);
+      } else {
+        printer_default.stopSpinnerFail(`Reconnection failed after ${retryCnt} attempts`);
+        process.exit(1);
+      }
+    });
     manager2.registerDisconnectListener(tunnel.tunnelid, async (tunnelId, error, messages) => {
       if (activeTui) {
         disconnectState = {
@@ -4231,6 +4692,19 @@ var init_main = __esm({
 });
 // src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  TunnelErrorCodeType: () => TunnelErrorCodeType,
+  TunnelManager: () => TunnelManager,
+  TunnelOperations: () => TunnelOperations,
+  TunnelStateType: () => TunnelStateType,
+  TunnelWarningCode: () => TunnelWarningCode,
+  closeRemoteManagement: () => closeRemoteManagement,
+  enablePackageLogging: () => enablePackageLogging,
+  getRemoteManagementState: () => getRemoteManagementState,
+  initiateRemoteManagement: () => initiateRemoteManagement
+});
+module.exports = __toCommonJS(index_exports);
 init_cjs_shims();
 // src/utils/detect_vc_redist_on_windows.ts
@@ -4275,52 +4749,21 @@ function checkRegistry() {
   }
   return false;
 }
-function getVCRedistVersion() {
-  if (import_os.default.platform() !== "win32") return null;
-  try {
-    for (const key of REGISTRY_KEYS) {
-      const cmd = `reg query "${key}" /v Version 2>nul`;
-      const result = (0, import_child_process.execSync)(cmd, { encoding: "utf8" });
-      const match = result.match(/Version\s+REG_SZ\s+(\S+)/);
-      if (match) {
-        return match[1];
-      }
-    }
-  } catch {
-  }
-  return null;
-}
-function hasVCRedist() {
-  if (import_os.default.platform() !== "win32") {
-    return true;
-  }
-  if (checkRegistry()) {
-    return true;
-  }
-  if (checkDLLs()) {
-    return true;
-  }
-  return false;
-}
-function getVCRedistStatus() {
+function checkVCRedist() {
   if (import_os.default.platform() !== "win32") {
     return {
       required: false,
       installed: true,
-      version: null,
-      method: "non-windows"
+      message: null
     };
   }
   const registryInstalled = checkRegistry();
   const dllsPresent = checkDLLs();
-  const version = getVCRedistVersion();
+  const installed = registryInstalled || dllsPresent;
   return {
     required: true,
-    installed: registryInstalled || dllsPresent,
-    version,
-    registryCheck: registryInstalled,
-    dllCheck: dllsPresent,
-    method: registryInstalled ? "registry" : dllsPresent ? "dll" : "none"
+    installed,
+    message: installed ? null : "Missing Microsoft Visual C++ Runtime. This application requires the Microsoft Visual C++ Runtime to run on Windows.\n"
   };
 }
 async function openDownloadPage() {
@@ -4343,27 +4786,24 @@ async function openDownloadPage() {
     printer_default.info(url + "\n");
   }
 }
-function getVCRedistMessage() {
-  const status = getVCRedistStatus();
-  if (!status.required || status.installed) {
-    return null;
-  }
-  return {
-    error: true,
-    message: "Missing Microsoft Visual C++ Runtime. This application requires the Microsoft Visual C++ Runtime to run on Windows.\nPlease download and install it using the link below, then restart this application.\n"
-  };
-}
 // src/index.ts
 init_printer();
+init_TunnelManager();
+init_handler();
+init_logger();
+init_remoteManagement();
+init_types();
 async function verifyAndLoad() {
-  if (process.platform === "win32" && !hasVCRedist()) {
-    const msg = getVCRedistMessage();
-    printer_default.warn(
-      msg?.message ?? "This application requires the Microsoft Visual C++ Runtime on Windows."
-    );
-    await openDownloadPage();
-    process.exit(1);
+  if (process.platform === "win32") {
+    const vcRedist = checkVCRedist();
+    if (!vcRedist.installed) {
+      printer_default.warn(
+        vcRedist.message ?? "This application requires the Microsoft Visual C++ Runtime on Windows."
+      );
+      await openDownloadPage();
+      process.exit(1);
+    }
   }
   await Promise.resolve().then(() => (init_main(), main_exports));
 }
@@ -4371,3 +4811,15 @@ verifyAndLoad().catch((err) => {
   printer_default.error(`Failed to start CLI:, ${err}`);
   process.exit(1);
 });
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  TunnelErrorCodeType,
+  TunnelManager,
+  TunnelOperations,
+  TunnelStateType,
+  TunnelWarningCode,
+  closeRemoteManagement,
+  enablePackageLogging,
+  getRemoteManagementState,
+  initiateRemoteManagement
+});