pinggy 0.3.5 → 0.3.7

package/dist/index.cjs

@@ -29,6 +29,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
   mod
 ));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // node_modules/tsup/assets/cjs_shims.js
 var getImportMetaUrl, importMetaUrl;
@@ -321,6 +322,10 @@ var init_TunnelManager = __esm({
         this.tunnelDisconnectListeners = /* @__PURE__ */ new Map();
         this.tunnelWorkerErrorListeners = /* @__PURE__ */ new Map();
         this.tunnelStartListeners = /* @__PURE__ */ new Map();
+        this.tunnelWillReconnectListeners = /* @__PURE__ */ new Map();
+        this.tunnelReconnectingListeners = /* @__PURE__ */ new Map();
+        this.tunnelReconnectionCompletedListeners = /* @__PURE__ */ new Map();
+        this.tunnelReconnectionFailedListeners = /* @__PURE__ */ new Map();
       }
       static getInstance() {
         if (!_TunnelManager.instance) {
@@ -403,6 +408,10 @@ var init_TunnelManager = __esm({
         this.setupStatsCallback(params.tunnelid, managed);
         this.setupErrorCallback(params.tunnelid, managed);
         this.setupDisconnectCallback(params.tunnelid, managed);
+        this.setupWillReconnectCallback(params.tunnelid, managed);
+        this.setupReconnectingCallback(params.tunnelid, managed);
+        this.setupReconnectionCompletedCallback(params.tunnelid, managed);
+        this.setupReconnectionFailedCallback(params.tunnelid, managed);
         this.setUpTunnelWorkerErrorCallback(params.tunnelid, managed);
         this.tunnelsByTunnelId.set(params.tunnelid, managed);
         this.tunnelsByConfigId.set(params.configid, managed);
@@ -505,6 +514,10 @@ var init_TunnelManager = __esm({
           this.tunnelDisconnectListeners.delete(tunnelId);
           this.tunnelWorkerErrorListeners.delete(tunnelId);
           this.tunnelStartListeners.delete(tunnelId);
+          this.tunnelWillReconnectListeners.delete(tunnelId);
+          this.tunnelReconnectingListeners.delete(tunnelId);
+          this.tunnelReconnectionCompletedListeners.delete(tunnelId);
+          this.tunnelReconnectionFailedListeners.delete(tunnelId);
           managed.serveWorker = null;
           managed.warnings = managed.warnings ?? [];
           managed.isStopped = true;
@@ -638,6 +651,10 @@ var init_TunnelManager = __esm({
           this.tunnelDisconnectListeners.delete(managed.tunnelid);
           this.tunnelWorkerErrorListeners.delete(managed.tunnelid);
           this.tunnelStartListeners.delete(managed.tunnelid);
+          this.tunnelWillReconnectListeners.delete(managed.tunnelid);
+          this.tunnelReconnectingListeners.delete(managed.tunnelid);
+          this.tunnelReconnectionCompletedListeners.delete(managed.tunnelid);
+          this.tunnelReconnectionFailedListeners.delete(managed.tunnelid);
           this.tunnelsByTunnelId.delete(managed.tunnelid);
           this.tunnelsByConfigId.delete(managed.configid);
         } catch (e) {
@@ -718,6 +735,10 @@ var init_TunnelManager = __esm({
           this.tunnelDisconnectListeners.delete(tunnelid);
           this.tunnelWorkerErrorListeners.delete(tunnelid);
           this.tunnelStartListeners.delete(tunnelid);
+          this.tunnelWillReconnectListeners.delete(tunnelid);
+          this.tunnelReconnectingListeners.delete(tunnelid);
+          this.tunnelReconnectionCompletedListeners.delete(tunnelid);
+          this.tunnelReconnectionFailedListeners.delete(tunnelid);
           const newTunnel = await this._createTunnelWithProcessedConfig({
             configid: currentConfigId,
             tunnelid,
@@ -974,6 +995,58 @@ var init_TunnelManager = __esm({
         logger.info("Start listener registered for tunnel", { tunnelId, listenerId });
         return listenerId;
       }
+      async registerWillReconnectListener(tunnelId, listener) {
+        const managed = this.tunnelsByTunnelId.get(tunnelId);
+        if (!managed) {
+          throw new Error(`Tunnel "${tunnelId}" not found`);
+        }
+        if (!this.tunnelWillReconnectListeners.has(tunnelId)) {
+          this.tunnelWillReconnectListeners.set(tunnelId, /* @__PURE__ */ new Map());
+        }
+        const listenerId = getRandomId();
+        this.tunnelWillReconnectListeners.get(tunnelId).set(listenerId, listener);
+        logger.info("WillReconnect listener registered for tunnel", { tunnelId, listenerId });
+        return listenerId;
+      }
+      async registerReconnectingListener(tunnelId, listener) {
+        const managed = this.tunnelsByTunnelId.get(tunnelId);
+        if (!managed) {
+          throw new Error(`Tunnel "${tunnelId}" not found`);
+        }
+        if (!this.tunnelReconnectingListeners.has(tunnelId)) {
+          this.tunnelReconnectingListeners.set(tunnelId, /* @__PURE__ */ new Map());
+        }
+        const listenerId = getRandomId();
+        this.tunnelReconnectingListeners.get(tunnelId).set(listenerId, listener);
+        logger.info("Reconnecting listener registered for tunnel", { tunnelId, listenerId });
+        return listenerId;
+      }
+      async registerReconnectionCompletedListener(tunnelId, listener) {
+        const managed = this.tunnelsByTunnelId.get(tunnelId);
+        if (!managed) {
+          throw new Error(`Tunnel "${tunnelId}" not found`);
+        }
+        if (!this.tunnelReconnectionCompletedListeners.has(tunnelId)) {
+          this.tunnelReconnectionCompletedListeners.set(tunnelId, /* @__PURE__ */ new Map());
+        }
+        const listenerId = getRandomId();
+        this.tunnelReconnectionCompletedListeners.get(tunnelId).set(listenerId, listener);
+        logger.info("ReconnectionCompleted listener registered for tunnel", { tunnelId, listenerId });
+        return listenerId;
+      }
+      async registerReconnectionFailedListener(tunnelId, listener) {
+        const managed = this.tunnelsByTunnelId.get(tunnelId);
+        if (!managed) {
+          throw new Error(`Tunnel "${tunnelId}" not found`);
+        }
+        if (!this.tunnelReconnectionFailedListeners.has(tunnelId)) {
+          this.tunnelReconnectionFailedListeners.set(tunnelId, /* @__PURE__ */ new Map());
+        }
+        const listenerId = getRandomId();
+        this.tunnelReconnectionFailedListeners.get(tunnelId).set(listenerId, listener);
+        logger.info("ReconnectionFailed listener registered for tunnel", { tunnelId, listenerId });
+        return listenerId;
+      }
       /**
        * Removes a previously registered stats listener.
        * 
@@ -1028,6 +1101,72 @@ var init_TunnelManager = __esm({
           logger.warn("Attempted to deregister non-existent disconnect listener", { tunnelId, listenerId });
         }
       }
+      deregisterWillReconnectListener(tunnelId, listenerId) {
+        const listeners = this.tunnelWillReconnectListeners.get(tunnelId);
+        if (!listeners) {
+          logger.warn("No will-reconnect listeners found for tunnel", { tunnelId });
+          return;
+        }
+        ;
+        const removed = listeners.delete(listenerId);
+        if (removed) {
+          logger.info("WillReconnect listener deregistered", { tunnelId, listenerId });
+          if (listeners.size === 0) {
+            this.tunnelWillReconnectListeners.delete(tunnelId);
+          }
+        } else {
+          logger.warn("Attempted to deregister non-existent will-reconnect listener", { tunnelId, listenerId });
+        }
+      }
+      deregisterReconnectingListener(tunnelId, listenerId) {
+        const listeners = this.tunnelReconnectingListeners.get(tunnelId);
+        if (!listeners) {
+          logger.warn("No reconnecting listeners found for tunnel", { tunnelId });
+          return;
+        }
+        ;
+        const removed = listeners.delete(listenerId);
+        if (removed) {
+          logger.info("Reconnecting listener deregistered", { tunnelId, listenerId });
+          if (listeners.size === 0) {
+            this.tunnelReconnectingListeners.delete(tunnelId);
+          }
+        } else {
+          logger.warn("Attempted to deregister non-existent reconnecting listener", { tunnelId, listenerId });
+        }
+      }
+      deregisterReconnectionCompletedListener(tunnelId, listenerId) {
+        const listeners = this.tunnelReconnectionCompletedListeners.get(tunnelId);
+        if (!listeners) {
+          logger.warn("No reconnection completed listeners found for tunnel", { tunnelId });
+          return;
+        }
+        const removed = listeners.delete(listenerId);
+        if (removed) {
+          logger.info("Reconnection completed listener deregistered", { tunnelId, listenerId });
+          if (listeners.size === 0) {
+            this.tunnelReconnectionCompletedListeners.delete(tunnelId);
+          }
+        } else {
+          logger.warn("Attempted to deregister non-existent reconnection completed listener", { tunnelId, listenerId });
+        }
+      }
+      deregisterReconnectionFailedListener(tunnelId, listenerId) {
+        const listeners = this.tunnelReconnectionFailedListeners.get(tunnelId);
+        if (!listeners) {
+          logger.warn("No reconnection failed listeners found for tunnel", { tunnelId });
+          return;
+        }
+        const removed = listeners.delete(listenerId);
+        if (removed) {
+          logger.info("Reconnection failed listener deregistered", { tunnelId, listenerId });
+          if (listeners.size === 0) {
+            this.tunnelReconnectionFailedListeners.delete(tunnelId);
+          }
+        } else {
+          logger.warn("Attempted to deregister non-existent reconnection failed listener", { tunnelId, listenerId });
+        }
+      }
       async getLocalserverTlsInfo(tunnelId) {
         const managed = this.tunnelsByTunnelId.get(tunnelId);
         if (!managed) {
@@ -1106,17 +1245,6 @@ var init_TunnelManager = __esm({
                 managedTunnel.isStopped = true;
                 managedTunnel.stoppedAt = (/* @__PURE__ */ new Date()).toISOString();
               }
-              if (managedTunnel && managedTunnel.autoReconnect) {
-                logger.info("Auto-reconnecting tunnel", { tunnelId });
-                setTimeout(async () => {
-                  try {
-                    await this.restartTunnel(tunnelId);
-                    logger.info("Tunnel auto-reconnected successfully", { tunnelId });
-                  } catch (e) {
-                    logger.error("Failed to auto-reconnect tunnel", { tunnelId, e });
-                  }
-                }, 1e4);
-              }
               const listeners = this.tunnelDisconnectListeners.get(tunnelId);
               if (!listeners) return;
               for (const [id, listener] of listeners) {
@@ -1136,6 +1264,140 @@ var init_TunnelManager = __esm({
           logger.warn("Failed to set up disconnect callback", { tunnelId, error });
         }
       }
+      /**
+       * Called when the tunnel disconnects and the SDK is about to start reconnecting.
+       * Notifies registered will-reconnect listeners.
+       */
+      setupWillReconnectCallback(tunnelId, managed) {
+        try {
+          const callback = ({ error, messages }) => {
+            try {
+              logger.info("Tunnel will reconnect", { tunnelId, error, messages });
+              const listeners = this.tunnelWillReconnectListeners.get(tunnelId);
+              if (!listeners) return;
+              for (const [id, listener] of listeners) {
+                try {
+                  listener(tunnelId, error, messages);
+                } catch (err) {
+                  logger.debug("Error in will-reconnect-listener callback", { listenerId: id, tunnelId, err });
+                }
+              }
+            } catch (e) {
+              logger.warn("Error handling will-reconnect callback", { tunnelId, e });
+            }
+          };
+          managed.instance.setWillReconnectCallback(callback);
+          logger.debug("WillReconnect callback set up for tunnel", { tunnelId });
+        } catch (error) {
+          logger.warn("Failed to set up will-reconnect callback", { tunnelId, error });
+        }
+      }
+      /**
+       * Called for each reconnection attempt with the current retry count.
+       * Notifies registered reconnecting listeners.
+       */
+      setupReconnectingCallback(tunnelId, managed) {
+        try {
+          const callback = ({ retryCnt }) => {
+            try {
+              logger.info("Tunnel reconnecting", { tunnelId, retryCnt });
+              const listeners = this.tunnelReconnectingListeners.get(tunnelId);
+              if (!listeners) return;
+              for (const [id, listener] of listeners) {
+                try {
+                  listener(tunnelId, retryCnt);
+                } catch (err) {
+                  logger.debug("Error in reconnecting-listener callback", { listenerId: id, tunnelId, err });
+                }
+              }
+            } catch (e) {
+              logger.warn("Error handling reconnecting callback", { tunnelId, e });
+            }
+          };
+          managed.instance.setReconnectingCallback(callback);
+          logger.debug("Reconnecting callback set up for tunnel", { tunnelId });
+        } catch (error) {
+          logger.warn("Failed to set up reconnecting callback", { tunnelId, error });
+        }
+      }
+      /**
+       * Called when reconnection succeeds. Updates tunnel state back to active,
+       * and notifies registered reconnection-completed and start listeners with new URLs.
+       */
+      setupReconnectionCompletedCallback(tunnelId, managed) {
+        try {
+          const callback = ({ urls }) => {
+            try {
+              logger.info("Tunnel reconnection completed", { tunnelId, urls });
+              const managedTunnel = this.tunnelsByTunnelId.get(tunnelId);
+              if (managedTunnel) {
+                managedTunnel.isStopped = false;
+                managedTunnel.startedAt = (/* @__PURE__ */ new Date()).toISOString();
+                managedTunnel.stoppedAt = null;
+              }
+              const listeners = this.tunnelReconnectionCompletedListeners.get(tunnelId);
+              if (listeners) {
+                for (const [id, listener] of listeners) {
+                  try {
+                    listener(tunnelId, urls);
+                  } catch (err) {
+                    logger.debug("Error in reconnection-completed-listener callback", { listenerId: id, tunnelId, err });
+                  }
+                }
+              }
+              const startListeners = this.tunnelStartListeners.get(tunnelId);
+              if (startListeners) {
+                for (const [id, listener] of startListeners) {
+                  try {
+                    listener(tunnelId, urls);
+                  } catch (err) {
+                    logger.debug("Error in start-listener callback on reconnection", { listenerId: id, tunnelId, err });
+                  }
+                }
+              }
+            } catch (e) {
+              logger.warn("Error handling reconnection-completed callback", { tunnelId, e });
+            }
+          };
+          managed.instance.setReconnectionCompletedCallback(callback);
+          logger.debug("ReconnectionCompleted callback set up for tunnel", { tunnelId });
+        } catch (error) {
+          logger.warn("Failed to set up reconnection-completed callback", { tunnelId, error });
+        }
+      }
+      /**
+       * Called when all reconnection attempts are exhausted.
+       * Marks the tunnel as stopped and notifies registered reconnection-failed listeners.
+       */
+      setupReconnectionFailedCallback(tunnelId, managed) {
+        try {
+          const callback = ({ retryCnt }) => {
+            try {
+              logger.error("Tunnel reconnection failed", { tunnelId, retryCnt });
+              const managedTunnel = this.tunnelsByTunnelId.get(tunnelId);
+              if (managedTunnel) {
+                managedTunnel.isStopped = true;
+                managedTunnel.stoppedAt = (/* @__PURE__ */ new Date()).toISOString();
+              }
+              const listeners = this.tunnelReconnectionFailedListeners.get(tunnelId);
+              if (!listeners) return;
+              for (const [id, listener] of listeners) {
+                try {
+                  listener(tunnelId, retryCnt);
+                } catch (err) {
+                  logger.debug("Error in reconnection-failed-listener callback", { listenerId: id, tunnelId, err });
+                }
+              }
+            } catch (e) {
+              logger.warn("Error handling reconnection-failed callback", { tunnelId, e });
+            }
+          };
+          managed.instance.setReconnectionFailedCallback(callback);
+          logger.debug("ReconnectionFailed callback set up for tunnel", { tunnelId });
+        } catch (error) {
+          logger.warn("Failed to set up reconnection-failed callback", { tunnelId, error });
+        }
+      }
       setUpTunnelWorkerErrorCallback(tunnelId, managed) {
         try {
           const callback = (error) => {
@@ -1251,1439 +1513,1461 @@ var init_TunnelManager = __esm({
   }
 });
 
-// src/cli/options.ts
-var cliOptions;
-var init_options = __esm({
-  "src/cli/options.ts"() {
-    "use strict";
-    init_cjs_shims();
-    cliOptions = {
-      // SSH-like options
-      R: { type: "string", multiple: true, description: "Local port. Eg. -R0:localhost:3000 will forward tunnel connections to local port 3000." },
-      L: { type: "string", multiple: true, description: "Web Debugger address. Eg. -L4300:localhost:4300 will start web debugger on port 4300." },
-      o: { type: "string", multiple: true, description: "Options", hidden: true },
-      "server-port": { type: "string", short: "p", description: "Pinggy server port. Default: 443" },
-      v4: { type: "boolean", short: "4", description: "IPv4 only", hidden: true },
-      v6: { type: "boolean", short: "6", description: "IPv6 only", hidden: true },
-      // These options appear in the ssh command, but we ignore it in CLI
-      t: { type: "boolean", description: "hidden", hidden: true },
-      T: { type: "boolean", description: "hidden", hidden: true },
-      n: { type: "boolean", description: "hidden", hidden: true },
-      N: { type: "boolean", description: "hidden", hidden: true },
-      // Better options
-      type: { type: "string", description: "Type of the connection. Eg. --type tcp" },
-      localport: { type: "string", short: "l", description: "Takes input as [protocol:][host:]port. Eg. --localport https://localhost:8000 OR -l 3000" },
-      debugger: { type: "string", short: "d", description: "Port for web debugger. Eg. --debugger 4300 OR -d 4300" },
-      token: { type: "string", description: "Token for authentication. Eg. --token TOKEN_VALUE" },
-      // Logging options (CLI overrides env)
-      loglevel: { type: "string", description: "Logging level: ERROR, INFO, DEBUG. Overrides PINGGY_LOG_LEVEL environment variable" },
-      logfile: { type: "string", description: "Path to log file. Overrides PINGGY_LOG_FILE environment variable" },
-      v: { type: "boolean", description: "Print logs to stdout for Cli. Overrides PINGGY_LOG_STDOUT environment variable" },
-      vv: { type: "boolean", description: "Enable detailed logging for the Node.js SDK and Libpinggy, including both info and debug level logs." },
-      vvv: { type: "boolean", description: "Enable all logs from Cli, SDK and internal components." },
-      autoreconnect: { type: "string", short: "a", description: "Automatically reconnect tunnel on failure. Use -a (defaults to true), -a true, or -a false." },
-      // Save and load config
-      saveconf: { type: "string", description: "Create the configuration file based on the options provided here" },
-      conf: { type: "string", description: "Use the configuration file as base. Other options will be used to override this file" },
-      // File server
-      serve: { type: "string", description: "Start a webserver to serve files from the specified path. Eg --serve /path/to/files" },
-      // Remote Control
-      "remote-management": { type: "string", description: "Enable remote management of tunnels with token. Eg. --remote-management API_KEY" },
-      manage: { type: "string", description: "Provide a server address to manage tunnels. Eg --manage dashboard.pinggy.io" },
-      notui: { type: "boolean", description: "Disable TUI in remote management mode" },
-      // Misc
-      version: { type: "boolean", description: "Print version" },
-      // Help
-      help: { type: "boolean", short: "h", description: "Show this help message" }
-    };
-  }
-});
-
-// src/cli/help.ts
-function printHelpMessage() {
-  console.log("\nPinggy CLI Tool - Create secure tunnels to your localhost.");
-  console.log("\nUsage:");
-  console.log("   pinggy [options] -l <port>\n");
-  console.log("Options:");
-  for (const [key, value] of Object.entries(cliOptions)) {
-    if (value.hidden) continue;
-    const short = "short" in value && value.short ? `-${value.short}, ` : "    ";
-    const optType = value.type === "boolean" ? "" : "<value>";
-    console.log(`  ${short}--${key.padEnd(17)} ${optType.padEnd(8)} ${value.description}`);
-  }
-  console.log("\nExtended options :");
-  console.log("  x:https                 Enforce HTTPS only (redirect HTTP to HTTPS)");
-  console.log("  x:noreverseproxy        Disable built-in reverse-proxy header injection");
-  console.log("  x:localservertls:host   Connect to local HTTPS server with SNI");
-  console.log("  x:passpreflight         Pass CORS preflight requests unchanged");
-  console.log("  a:Key:Val               Add header");
-  console.log("  u:Key:Val               Update header");
-  console.log("  r:Key                   Remove header");
-  console.log("  b:user:pass             Basic auth");
-  console.log("  k:BEARER                Bearer token");
-  console.log("  w:192.168.1.0/24        IP whitelist (CIDR)");
-  console.log("\nExamples (User-friendly):");
-  console.log("  pinggy -l 3000                           # HTTP(S) tunnel to localhost port 3000");
-  console.log("  pinggy --type tcp -l 22                  # TCP tunnel for SSH (port 22)");
-  console.log("  pinggy -l 8080 -d 4300                   # HTTP tunnel to port 8080 with debugger running at localhost:4300");
-  console.log("  pinggy --token mytoken -l 3000           # Authenticated tunnel");
-  console.log("  pinggy x:https x:xff -l https://localhost:8443  # HTTPS-only + XFF");
-  console.log("  pinggy w:192.168.1.0/24 -l 8080          # IP whitelist restriction");
-  console.log("\nExamples (SSH-style):");
-  console.log("  pinggy -R0:localhost:3000                        # Basic HTTP tunnel");
-  console.log("  pinggy --type tcp -R0:localhost:22               # TCP tunnel for SSH");
-  console.log("  pinggy -R0:localhost:8080 -L4300:localhost:4300  # HTTP tunnel with debugger");
-  console.log("  pinggy tcp@ap.example.com -R0:localhost:22       # TCP tunnel to region\n");
+// src/types.ts
+function isErrorResponse(obj) {
+  return typeof obj === "object" && obj !== null && "code" in obj && "message" in obj && typeof obj.message === "string" && Object.values(ErrorCode).includes(obj.code);
 }
-var init_help = __esm({
-  "src/cli/help.ts"() {
-    "use strict";
-    init_cjs_shims();
-    init_options();
-  }
-});
-
-// src/cli/defaults.ts
-var defaultOptions;
-var init_defaults = __esm({
-  "src/cli/defaults.ts"() {
-    "use strict";
-    init_cjs_shims();
-    defaultOptions = {
-      token: void 0,
-      // No default token
-      serverAddress: "a.pinggy.io",
-      forwarding: "localhost:8000",
-      webDebugger: "",
-      ipWhitelist: [],
-      basicAuth: [],
-      bearerTokenAuth: [],
-      headerModification: [],
-      force: false,
-      xForwardedFor: false,
-      httpsOnly: false,
-      originalRequestUrl: false,
-      allowPreflight: false,
-      reverseProxy: false,
-      autoReconnect: true
-    };
-  }
-});
-
-// src/cli/extendedOptions.ts
-function parseExtendedOptions(options, config) {
-  if (!options) return;
-  for (const opt of options) {
-    const [key, value] = opt.replace(/^"|"$/g, "").split(/:(.+)/).filter(Boolean);
-    switch (key) {
-      case "x":
-        switch (value) {
-          case "https":
-          case "httpsonly":
-            config.httpsOnly = true;
-            break;
-          case "passpreflight":
-          case "allowpreflight":
-            config.allowPreflight = true;
-            break;
-          case "reverseproxy":
-            config.reverseProxy = false;
-            break;
-          case "xff":
-            config.xForwardedFor = true;
-            break;
-          case "fullurl":
-          case "fullrequesturl":
-            config.originalRequestUrl = true;
-            break;
-          default:
-            printer_default.warn(`Unknown extended option "${key}"`);
-            logger.warn(`Warning: Unknown extended option "${key}"`);
-            break;
-        }
-        break;
-      case "w":
-        if (value) {
-          const ips = value.split(",").map((ip) => ip.trim()).filter(Boolean);
-          const invalidIps = ips.filter((ip) => !(isValidIpV4Cidr(ip) || isValidIpV6Cidr(ip)));
-          if (invalidIps.length > 0) {
-            printer_default.warn(`Invalid IP/CIDR(s) in whitelist: ${invalidIps.join(", ")}`);
-            logger.warn(`Warning: Invalid IP/CIDR(s) in whitelist: ${invalidIps.join(", ")}`);
-          }
-          if (!(invalidIps.length > 0)) {
-            config.ipWhitelist = ips;
-          }
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'w' requires IP(s)`);
-          logger.warn(`Warning: Extended option "${opt}" for 'w' requires IP(s)`);
-        }
-        break;
-      case "k":
-        if (!config.bearerTokenAuth) config.bearerTokenAuth = [];
-        if (value) {
-          config.bearerTokenAuth.push(value);
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'k' requires a value`);
-          logger.warn(`Warning: Extended option "${opt}" for 'k' requires a value`);
-        }
-        break;
-      case "b":
-        if (value && value.includes(":")) {
-          const [username, password] = value.split(/:(.+)/);
-          if (!config.basicAuth) config.basicAuth = [];
-          config.basicAuth.push({ username, password });
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'b' requires value in format username:password`);
-          logger.warn(`Warning: Extended option "${opt}" for 'b' requires value in format username:password`);
-        }
-        break;
-      case "a":
-        if (value && value.includes(":")) {
-          const [key2, val] = value.split(/:(.+)/);
-          if (!config.headerModification) config.headerModification = [];
-          config.headerModification.push({ type: "add", key: key2, value: [val] });
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'a' requires key:value`);
-          logger.warn(`Warning: Extended option "${opt}" for 'a' requires key:value`);
-        }
-        break;
-      case "u":
-        if (value && value.includes(":")) {
-          const [key2, val] = value.split(/:(.+)/);
-          if (!config.headerModification) config.headerModification = [];
-          config.headerModification.push({ type: "update", key: key2, value: [val] });
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'u' requires key:value`);
-          logger.warn(`Warning: Extended option "${opt}" for 'u' requires key:value`);
-        }
-        break;
-      case "r":
-        if (value) {
-          if (!config.headerModification) config.headerModification = [];
-          config.headerModification.push({ type: "remove", key: value });
-        } else {
-          printer_default.warn(`Extended option "${opt}" for 'r' requires a key`);
-        }
-        break;
-      default:
-        printer_default.warn(`Unknown extended option "${key}"`);
-        break;
-    }
+function newErrorResponse(codeOrError, message) {
+  if (typeof codeOrError === "object") {
+    return codeOrError;
   }
+  return {
+    code: codeOrError,
+    message
+  };
 }
-function isValidIpV4Cidr(input) {
-  if (input.includes("/")) {
-    const [ip, mask] = input.split("/");
-    if (!ip || !mask) return false;
-    const isIp4 = (0, import_net.isIP)(ip) === 4;
-    const maskNum = parseInt(mask, 10);
-    const isMaskValid = !isNaN(maskNum) && maskNum >= 0 && maskNum <= 32;
-    return isIp4 && isMaskValid;
-  }
-  return false;
+function NewResponseObject(data) {
+  const encoder = new TextEncoder();
+  const bytes = encoder.encode(JSON.stringify(data));
+  return {
+    response: bytes,
+    requestid: "",
+    command: "",
+    error: false,
+    errorresponse: {}
+  };
 }
-function isValidIpV6Cidr(input) {
-  if (input.includes("/")) {
-    const [rawIp, mask] = input.split("/");
-    if (!rawIp || !mask) return false;
-    const ip = rawIp.split("%")[0].replace(/^\[|\]$/g, "");
-    const isIp6 = (0, import_net.isIP)(ip) === 6;
-    const maskNum = parseInt(mask, 10);
-    const isMaskValid = !isNaN(maskNum) && maskNum >= 0 && maskNum <= 128;
-    return isIp6 && isMaskValid;
+function NewErrorResponseObject(errorResponse) {
+  return {
+    response: new Uint8Array(),
+    requestid: "",
+    command: "",
+    error: true,
+    errorresponse: errorResponse
+  };
+}
+function newStatus(tunnelState, errorCode, errorMsg) {
+  let assignedState = tunnelState;
+  if (tunnelState === "live" /* Live */) {
+    assignedState = "running" /* Running */;
+  } else if (tunnelState === "idle" /* New */) {
+    assignedState = "idle" /* New */;
+  } else if (tunnelState === "closed" /* Closed */) {
+    assignedState = "exited" /* Exited */;
   }
-  return false;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    state: assignedState,
+    errorcode: errorCode,
+    errormsg: errorMsg,
+    createdtimestamp: now,
+    starttimestamp: now,
+    endtimestamp: now,
+    warnings: []
+  };
 }
-var import_net;
-var init_extendedOptions = __esm({
-  "src/cli/extendedOptions.ts"() {
+function newStats() {
+  return {
+    numLiveConnections: 0,
+    numTotalConnections: 0,
+    numTotalReqBytes: 0,
+    numTotalResBytes: 0,
+    numTotalTxBytes: 0,
+    elapsedTime: 0
+  };
+}
+var TunnelStateType, TunnelErrorCodeType, TunnelWarningCode, ErrorCode, RemoteManagementStatus;
+var init_types = __esm({
+  "src/types.ts"() {
     "use strict";
     init_cjs_shims();
-    import_net = require("net");
-    init_logger();
-    init_printer();
+    TunnelStateType = /* @__PURE__ */ ((TunnelStateType2) => {
+      TunnelStateType2["New"] = "idle";
+      TunnelStateType2["Starting"] = "starting";
+      TunnelStateType2["Running"] = "running";
+      TunnelStateType2["Live"] = "live";
+      TunnelStateType2["Closed"] = "closed";
+      TunnelStateType2["Exited"] = "exited";
+      return TunnelStateType2;
+    })(TunnelStateType || {});
+    TunnelErrorCodeType = /* @__PURE__ */ ((TunnelErrorCodeType2) => {
+      TunnelErrorCodeType2["NonResponsive"] = "non_responsive";
+      TunnelErrorCodeType2["FailedToConnect"] = "failed_to_connect";
+      TunnelErrorCodeType2["ErrorInAdditionalForwarding"] = "additional_forwarding_error";
+      TunnelErrorCodeType2["WebdebuggerError"] = "webdebugger_error";
+      TunnelErrorCodeType2["NoError"] = "";
+      return TunnelErrorCodeType2;
+    })(TunnelErrorCodeType || {});
+    TunnelWarningCode = /* @__PURE__ */ ((TunnelWarningCode2) => {
+      TunnelWarningCode2["InvalidTunnelServePath"] = "INVALID_TUNNEL_SERVE_PATH";
+      TunnelWarningCode2["UnknownWarning"] = "UNKNOWN_WARNING";
+      return TunnelWarningCode2;
+    })(TunnelWarningCode || {});
+    ErrorCode = {
+      InvalidRequestMethodError: "INVALID_REQUEST_METHOD",
+      InvalidRequestBodyError: "COULD_NOT_READ_BODY",
+      InternalServerError: "INTERNAL_SERVER_ERROR",
+      InvalidBodyFormatError: "INVALID_DATA_FORMAT",
+      ErrorStartingTunnel: "ERROR_STARTING_TUNNEL",
+      TunnelNotFound: "TUNNEL_WITH_ID_OR_CONFIG_ID_NOT_FOUND",
+      TunnelAlreadyRunningError: "TUNNEL_WITH_ID_OR_CONFIG_ID_ALREADY_RUNNING",
+      WebsocketUpgradeFailError: "WEBSOCKET_UPGRADE_FAILED",
+      RemoteManagementAlreadyRunning: "REMOTE_MANAGEMENT_ALREADY_RUNNING",
+      RemoteManagementNotRunning: "REMOTE_MANAGEMENT_NOT_RUNNING",
+      RemoteManagementDeserializationFailed: "REMOTE_MANAGEMENT_DESERIALIZATION_FAILED"
+    };
+    RemoteManagementStatus = {
+      Connecting: "CONNECTING",
+      Disconnecting: "DISCONNECTING",
+      Reconnecting: "RECONNECTING",
+      Running: "RUNNING",
+      NotRunning: "NOT_RUNNING",
+      Error: "ERROR"
+    };
   }
 });
 
-// src/cli/buildConfig.ts
-function isKeyword(str) {
-  return KEYWORDS.has(str.toLowerCase());
+// src/remote_management/remote_schema.ts
+function tunnelConfigToPinggyOptions(config) {
+  return {
+    token: config.token || "",
+    serverAddress: config.serveraddress || "free.pinggy.io",
+    forwarding: `${config.forwardedhost || "localhost"}:${config.localport}`,
+    webDebugger: config.webdebuggerport ? `localhost:${config.webdebuggerport}` : "",
+    ipWhitelist: config.ipwhitelist || [],
+    basicAuth: config.basicauth ? config.basicauth : [],
+    bearerTokenAuth: config.bearerauth ? [config.bearerauth] : [],
+    headerModification: config.headermodification,
+    xForwardedFor: !!config.xff,
+    httpsOnly: config.httpsOnly,
+    originalRequestUrl: config.fullRequestUrl,
+    allowPreflight: config.allowPreflight,
+    reverseProxy: config.noReverseProxy,
+    force: config.force,
+    autoReconnect: config.autoreconnect,
+    optional: {
+      sniServerName: config.localservertlssni || ""
+    }
+  };
 }
-function parseUserAndDomain(str) {
-  let token;
-  let type;
-  let server;
-  let qrCode;
-  let forceFlag;
-  if (!str) return { token, type, server, qrCode, forceFlag };
-  if (str.includes("@")) {
-    const [user, domain] = str.split("@", 2);
-    if (domainRegex.test(domain)) {
-      let processKeyword2 = function(keyword) {
-        if ([import_pinggy3.TunnelType.Http, import_pinggy3.TunnelType.Tcp, import_pinggy3.TunnelType.Tls, import_pinggy3.TunnelType.Udp, import_pinggy3.TunnelType.TlsTcp].includes(keyword)) {
-          type = keyword;
-        } else if (keyword === "force") {
-          forceFlag = true;
-        } else if (keyword === "qr") {
-          qrCode = true;
-        }
-      };
-      var processKeyword = processKeyword2;
-      server = domain;
-      const parts = user.split("+");
-      if (parts.length === 0) {
-        return { token, type, server, qrCode, forceFlag };
+function pinggyOptionsToTunnelConfig(opts, configid, configName, localserverTls, greetMsg, additionalForwarding, serve) {
+  const forwarding = Array.isArray(opts.forwarding) ? String(opts.forwarding[0].address).replace("//", "").replace(/\/$/, "") : String(opts.forwarding).replace("//", "").replace(/\/$/, "");
+  const parsedForwardedHost = forwarding.split(":").length == 3 ? forwarding.split(":")[1] : forwarding.split(":")[0];
+  const parsedLocalPort = forwarding.split(":").length == 3 ? parseInt(forwarding.split(":")[2], 10) : parseInt(forwarding.split(":")[1], 10);
+  const tunnelType = (Array.isArray(opts.forwarding) ? opts.forwarding[0]?.type : void 0) ?? import_pinggy3.TunnelType.Http;
+  const parsedTokens = opts.bearerTokenAuth ? Array.isArray(opts.bearerTokenAuth) ? opts.bearerTokenAuth : JSON.parse(opts.bearerTokenAuth) : [];
+  return {
+    allowPreflight: opts.allowPreflight ?? false,
+    allowpreflight: opts.allowPreflight ?? false,
+    autoreconnect: opts.autoReconnect ?? false,
+    basicauth: opts.basicAuth && Object.keys(opts.basicAuth).length ? opts.basicAuth : null,
+    bearerauth: parsedTokens.length ? parsedTokens.join(",") : null,
+    configid,
+    configname: configName,
+    greetmsg: greetMsg || "",
+    force: opts.force ?? false,
+    forwardedhost: parsedForwardedHost || "localhost",
+    fullRequestUrl: opts.originalRequestUrl ?? false,
+    headermodification: opts.headerModification || [],
+    //structured list
+    httpsOnly: opts.httpsOnly ?? false,
+    internalwebdebuggerport: 0,
+    ipwhitelist: opts.ipWhitelist ? Array.isArray(opts.ipWhitelist) ? opts.ipWhitelist : JSON.parse(opts.ipWhitelist) : null,
+    localport: parsedLocalPort || 0,
+    localservertlssni: null,
+    regioncode: "",
+    noReverseProxy: opts.reverseProxy ?? false,
+    serveraddress: opts.serverAddress || "free.pinggy.io",
+    serverport: 0,
+    statusCheckInterval: 0,
+    token: opts.token || "",
+    tunnelTimeout: 0,
+    type: tunnelType,
+    webdebuggerport: Number(opts.webDebugger?.split(":")[0]) || 0,
+    xff: opts.xForwardedFor ? "1" : "",
+    localsservertls: localserverTls || false,
+    additionalForwarding: additionalForwarding || [],
+    serve: serve || ""
+  };
+}
+var import_pinggy3, import_zod, HeaderModificationSchema, AdditionalForwardingSchema, TunnelConfigSchema, StartSchema, StopSchema, GetSchema, RestartSchema, UpdateConfigSchema;
+var init_remote_schema = __esm({
+  "src/remote_management/remote_schema.ts"() {
+    "use strict";
+    init_cjs_shims();
+    import_pinggy3 = require("@pinggy/pinggy");
+    import_zod = require("zod");
+    HeaderModificationSchema = import_zod.z.object({
+      key: import_zod.z.string(),
+      value: import_zod.z.array(import_zod.z.string()).optional(),
+      type: import_zod.z.enum(["add", "remove", "update"])
+    });
+    AdditionalForwardingSchema = import_zod.z.object({
+      remoteDomain: import_zod.z.string().optional(),
+      remotePort: import_zod.z.number().optional(),
+      localDomain: import_zod.z.string(),
+      localPort: import_zod.z.number()
+    });
+    TunnelConfigSchema = import_zod.z.object({
+      allowPreflight: import_zod.z.boolean().optional(),
+      // primary key
+      allowpreflight: import_zod.z.boolean().optional(),
+      // legacy key
+      autoreconnect: import_zod.z.boolean(),
+      basicauth: import_zod.z.array(import_zod.z.object({ username: import_zod.z.string(), password: import_zod.z.string() })).nullable(),
+      bearerauth: import_zod.z.string().nullable(),
+      configid: import_zod.z.string(),
+      configname: import_zod.z.string(),
+      greetmsg: import_zod.z.string().optional(),
+      force: import_zod.z.boolean(),
+      forwardedhost: import_zod.z.string(),
+      fullRequestUrl: import_zod.z.boolean(),
+      headermodification: import_zod.z.array(HeaderModificationSchema),
+      httpsOnly: import_zod.z.boolean(),
+      internalwebdebuggerport: import_zod.z.number(),
+      ipwhitelist: import_zod.z.array(import_zod.z.string()).nullable(),
+      localport: import_zod.z.number(),
+      localsservertls: import_zod.z.union([import_zod.z.boolean(), import_zod.z.string()]),
+      localservertlssni: import_zod.z.string().nullable(),
+      regioncode: import_zod.z.string(),
+      noReverseProxy: import_zod.z.boolean(),
+      serveraddress: import_zod.z.string(),
+      serverport: import_zod.z.number(),
+      statusCheckInterval: import_zod.z.number(),
+      token: import_zod.z.string(),
+      tunnelTimeout: import_zod.z.number(),
+      type: import_zod.z.enum([
+        import_pinggy3.TunnelType.Http,
+        import_pinggy3.TunnelType.Tcp,
+        import_pinggy3.TunnelType.Udp,
+        import_pinggy3.TunnelType.Tls,
+        import_pinggy3.TunnelType.TlsTcp
+      ]),
+      webdebuggerport: import_zod.z.number(),
+      xff: import_zod.z.string(),
+      additionalForwarding: import_zod.z.array(AdditionalForwardingSchema).optional(),
+      serve: import_zod.z.string().optional()
+    }).superRefine((data, ctx) => {
+      if (data.allowPreflight === void 0 && data.allowpreflight === void 0) {
+        ctx.addIssue({
+          code: "custom",
+          message: "Either allowPreflight or allowpreflight is required",
+          path: ["allowPreflight"]
+        });
       }
-      const firstPart = parts[0];
-      if (!isKeyword(firstPart)) {
-        token = firstPart;
-        for (let i = 1; i < parts.length; i++) {
-          const part = parts[i].toLowerCase();
-          if (!isKeyword(part)) {
-            throw new Error(`Invalid user format: unexpected token '${part}' when keywords are expected.`);
+    }).transform((data) => ({
+      ...data,
+      allowPreflight: data.allowPreflight ?? data.allowpreflight,
+      allowpreflight: data.allowPreflight ?? data.allowpreflight
+    }));
+    StartSchema = import_zod.z.object({
+      tunnelID: import_zod.z.string().nullable().optional(),
+      tunnelConfig: TunnelConfigSchema
+    });
+    StopSchema = import_zod.z.object({
+      tunnelID: import_zod.z.string().min(1)
+    });
+    GetSchema = StopSchema;
+    RestartSchema = StopSchema;
+    UpdateConfigSchema = import_zod.z.object({
+      tunnelConfig: TunnelConfigSchema
+    });
+  }
+});
+
+// src/remote_management/handler.ts
+var import_pinggy4, TunnelOperations;
+var init_handler = __esm({
+  "src/remote_management/handler.ts"() {
+    "use strict";
+    init_cjs_shims();
+    init_types();
+    init_TunnelManager();
+    init_remote_schema();
+    import_pinggy4 = require("@pinggy/pinggy");
+    TunnelOperations = class {
+      constructor() {
+        this.tunnelManager = TunnelManager.getInstance();
+      }
+      buildStatus(tunnelId, state, errorCode) {
+        const status = newStatus(state, errorCode, "");
+        try {
+          const managed = this.tunnelManager.getManagedTunnel("", tunnelId);
+          if (managed) {
+            status.createdtimestamp = managed.createdAt || "";
+            status.starttimestamp = managed.startedAt || "";
+            status.endtimestamp = managed.stoppedAt || "";
           }
-          processKeyword2(part);
+        } catch (e) {
         }
-      } else {
-        for (const part of parts) {
-          const lowerPart = part.toLowerCase();
-          if (!isKeyword(lowerPart)) {
-            throw new Error(`Invalid user format: unexpected token '${lowerPart}' when keywords are expected.`);
+        return status;
+      }
+      // --- Helper to construct TunnelResponse ---
+      async buildTunnelResponse(tunnelid, tunnelConfig, configid, tunnelName, additionalForwarding, serve) {
+        const [status, stats, tlsInfo, greetMsg, remoteurls] = await Promise.all([
+          this.tunnelManager.getTunnelStatus(tunnelid),
+          this.tunnelManager.getLatestTunnelStats(tunnelid) || newStats(),
+          this.tunnelManager.getLocalserverTlsInfo(tunnelid),
+          this.tunnelManager.getTunnelGreetMessage(tunnelid),
+          this.tunnelManager.getTunnelUrls(tunnelid)
+        ]);
+        return {
+          tunnelid,
+          remoteurls,
+          tunnelconfig: pinggyOptionsToTunnelConfig(tunnelConfig, configid, tunnelName, tlsInfo, greetMsg, additionalForwarding),
+          status: this.buildStatus(tunnelid, status, "" /* NoError */),
+          stats
+        };
+      }
+      error(code, err, fallback) {
+        return newErrorResponse({
+          code,
+          message: err instanceof Error ? err.message : fallback
+        });
+      }
+      // --- Operations ---
+      async handleStart(config) {
+        try {
+          const opts = tunnelConfigToPinggyOptions(config);
+          const additionalForwardingParsed = config.additionalForwarding || [];
+          const { tunnelid, instance, tunnelName, additionalForwarding, serve } = await this.tunnelManager.createTunnel({
+            ...opts,
+            tunnelType: Array.isArray(config.type) ? config.type : config.type ? [config.type] : [import_pinggy4.TunnelType.Http],
+            // Temporary fix in future we will not use this field.
+            configid: config.configid,
+            tunnelName: config.configname,
+            additionalForwarding: additionalForwardingParsed,
+            serve: config.serve
+          });
+          this.tunnelManager.startTunnel(tunnelid);
+          const tunnelPconfig = await this.tunnelManager.getTunnelConfig("", tunnelid);
+          const resp = this.buildTunnelResponse(tunnelid, tunnelPconfig, config.configid, tunnelName, additionalForwarding, serve);
+          return resp;
+        } catch (err) {
+          return this.error(ErrorCode.ErrorStartingTunnel, err, "Unknown error occurred while starting tunnel");
+        }
+      }
+      async handleUpdateConfig(config) {
+        try {
+          const opts = tunnelConfigToPinggyOptions(config);
+          const tunnel = await this.tunnelManager.updateConfig({
+            ...opts,
+            tunnelType: Array.isArray(config.type) ? config.type : config.type ? [config.type] : [import_pinggy4.TunnelType.Http],
+            // // Temporary fix in future we will not use this field.
+            configid: config.configid,
+            tunnelName: config.configname,
+            additionalForwarding: config.additionalForwarding || [],
+            serve: config.serve
+          });
+          if (!tunnel.instance || !tunnel.tunnelConfig)
+            throw new Error("Invalid tunnel state after configuration update");
+          return this.buildTunnelResponse(tunnel.tunnelid, tunnel.tunnelConfig, config.configid, tunnel.tunnelName, tunnel.additionalForwarding, tunnel.serve);
+        } catch (err) {
+          return this.error(ErrorCode.InternalServerError, err, "Failed to update tunnel configuration");
+        }
+      }
+      async handleList() {
+        try {
+          const tunnels = await this.tunnelManager.getAllTunnels();
+          if (tunnels.length === 0) {
+            return [];
           }
-          processKeyword2(lowerPart);
+          return Promise.all(
+            tunnels.map(async (t) => {
+              const rawStats = this.tunnelManager.getLatestTunnelStats(t.tunnelid) || newStats();
+              const [status, tlsInfo, greetMsg] = await Promise.all([
+                this.tunnelManager.getTunnelStatus(t.tunnelid),
+                this.tunnelManager.getLocalserverTlsInfo(t.tunnelid),
+                this.tunnelManager.getTunnelGreetMessage(t.tunnelid)
+              ]);
+              const pinggyOptions = status !== "closed" /* Closed */ && status !== "exited" /* Exited */ ? await this.tunnelManager.getTunnelConfig("", t.tunnelid) : t.tunnelConfig;
+              const tunnelConfig = pinggyOptionsToTunnelConfig(pinggyOptions, t.configid, t.tunnelName, tlsInfo, greetMsg, t.additionalForwarding, t.serve);
+              return {
+                tunnelid: t.tunnelid,
+                remoteurls: t.remoteurls,
+                status: this.buildStatus(t.tunnelid, status, "" /* NoError */),
+                stats: rawStats,
+                tunnelconfig: tunnelConfig
+              };
+            })
+          );
+        } catch (err) {
+          return this.error(ErrorCode.InternalServerError, err, "Failed to list tunnels");
         }
       }
-    }
-  } else if (domainRegex.test(str)) {
-    server = str;
-  }
-  return { token, type, server, qrCode, forceFlag };
-}
-function parseUsers(positionalArgs, explicitToken) {
-  let token;
-  let server;
-  let type;
-  let forceFlag = false;
-  let qrCode = false;
-  let remaining = [...positionalArgs];
-  if (typeof explicitToken === "string") {
-    const parsed = parseUserAndDomain(explicitToken);
-    if (parsed.server) server = parsed.server;
-    if (parsed.type) type = parsed.type;
-    if (parsed.token) token = parsed.token;
-    if (parsed.forceFlag) forceFlag = true;
-    if (parsed.qrCode) qrCode = true;
-  }
-  if (remaining.length > 0) {
-    const first = remaining[0];
-    const parsed = parseUserAndDomain(first);
-    if (parsed.server) {
-      server = parsed.server;
-      if (parsed.type) type = parsed.type;
-      if (parsed.token) token = parsed.token;
-      if (parsed.forceFlag) forceFlag = true;
-      if (parsed.qrCode) qrCode = true;
-      remaining = remaining.slice(1);
-    }
-  }
-  return { token, server, type, forceFlag, qrCode, remaining };
-}
-function parseType(finalConfig, values, inferredType) {
-  const t = inferredType || values.type || finalConfig.tunnelType;
-  if (t === import_pinggy3.TunnelType.Http || t === import_pinggy3.TunnelType.Tcp || t === import_pinggy3.TunnelType.Tls || t === import_pinggy3.TunnelType.Udp || t === import_pinggy3.TunnelType.TlsTcp) {
-    finalConfig.tunnelType = [t];
-  }
-}
-function parseLocalPort(finalConfig, values) {
-  if (typeof values.localport !== "string") return null;
-  let lp = values.localport.trim();
-  let isHttps = false;
-  if (lp.startsWith("https://")) {
-    isHttps = true;
-    lp = lp.replace(/^https:\/\//, "");
-  } else if (lp.startsWith("http://")) {
-    lp = lp.replace(/^http:\/\//, "");
-  }
-  const parts = lp.split(":");
-  if (parts.length === 1) {
-    const port = parseInt(parts[0], 10);
-    if (!Number.isNaN(port) && isValidPort(port)) {
-      finalConfig.forwarding = `localhost:${port}`;
-    } else {
-      return new Error("Invalid local port");
-    }
-  } else if (parts.length === 2) {
-    const host = parts[0] || "localhost";
-    const port = parseInt(parts[1], 10);
-    if (!Number.isNaN(port) && isValidPort(port)) {
-      finalConfig.forwarding = `${host}:${port}`;
-    } else {
-      return new Error("Invalid local port. Please use -h option for help.");
-    }
-  } else {
-    return new Error("Invalid --localport format. Please use -h option for help.");
-  }
-  return null;
-}
-function removeIPv6Brackets(ip) {
-  if (ip.startsWith("[") && ip.endsWith("]")) {
-    return ip.slice(1, -1);
-  }
-  return ip;
-}
-function ipv6SafeSplitColon(s) {
-  const result = [];
-  let buf = "";
-  const stack = [];
-  for (let i = 0; i < s.length; i++) {
-    const c = s[i];
-    if (c === "[") {
-      stack.push(c);
-    } else if (c === "]" && stack.length > 0) {
-      stack.pop();
-    }
-    if (c === ":" && stack.length === 0) {
-      result.push(buf);
-      buf = "";
-    } else {
-      buf += c;
-    }
-  }
-  result.push(buf);
-  return result;
-}
-function parseDefaultForwarding(forwarding) {
-  const parts = ipv6SafeSplitColon(forwarding);
-  if (parts.length === 3) {
-    const remotePort = parseInt(parts[0], 10);
-    const localDomain = removeIPv6Brackets(parts[1] || "localhost");
-    const localPort = parseInt(parts[2], 10);
-    return { remotePort, localDomain, localPort };
-  }
-  if (parts.length === 4) {
-    const remoteDomain = removeIPv6Brackets(parts[0]);
-    const remotePort = parseInt(parts[1], 10);
-    const localDomain = removeIPv6Brackets(parts[2] || "localhost");
-    const localPort = parseInt(parts[3], 10);
-    return { remoteDomain, remotePort, localDomain, localPort };
-  }
-  return new Error("forwarding address incorrect");
-}
-function parseAdditionalForwarding(forwarding) {
-  const toPort = (v) => {
-    if (!v) return null;
-    const n = parseInt(v, 10);
-    return Number.isNaN(n) ? null : n;
-  };
-  const parsed = ipv6SafeSplitColon(forwarding);
-  if (parsed.length !== 4) {
-    return new Error(
-      "forwarding must be in format: [schema//]hostname[/port][@forwardingId]:<placeholder>:<forwardingAddress>:<forwardingPort>"
-    );
-  }
-  const firstPart = parsed[0];
-  const [hostPart] = firstPart.split("@");
-  let protocol = "http";
-  let remoteDomainRaw;
-  let remotePort = 0;
-  if (hostPart.includes("//")) {
-    const [schema, rest] = hostPart.split("//");
-    if (!schema || !VALID_PROTOCOLS.includes(schema)) {
-      return new Error(`invalid protocol: ${schema}`);
-    }
-    protocol = schema;
-    const domainAndPort = rest.split("/");
-    if (domainAndPort.length > 2) {
-      return new Error("invalid forwarding address format");
-    }
-    remoteDomainRaw = domainAndPort[0];
-    if (!remoteDomainRaw || !domainRegex.test(remoteDomainRaw)) {
-      return new Error("invalid remote domain");
-    }
-    const parsedRemotePort = toPort(domainAndPort[1]);
-    if (protocol === "http") {
-      remotePort = 0;
-    } else {
-      if (parsedRemotePort === null || !isValidPort(parsedRemotePort)) {
-        return new Error(
-          `${protocol} forwarding requires port in format ${protocol}//domain/remotePort`
-        );
+      async handleStop(tunnelid) {
+        try {
+          const { configid } = this.tunnelManager.stopTunnel(tunnelid);
+          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
+          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
+          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
+        } catch (err) {
+          return this.error(ErrorCode.TunnelNotFound, err, "Failed to stop tunnel");
+        }
       }
-      remotePort = parsedRemotePort;
-    }
-  } else {
-    remoteDomainRaw = hostPart;
-    if (!domainRegex.test(remoteDomainRaw)) {
-      return new Error("invalid remote domain");
-    }
-    protocol = "http";
-    remotePort = 0;
-  }
-  const localDomain = removeIPv6Brackets(parsed[2] || "localhost");
-  const localPort = toPort(parsed[3]);
-  if (localPort === null || !isValidPort(localPort)) {
-    return new Error("forwarding address incorrect: invalid local port");
-  }
-  return {
-    protocol,
-    remoteDomain: remoteDomainRaw,
-    remotePort,
-    localDomain,
-    localPort
-  };
-}
-function parseReverseTunnelAddr(finalConfig, values) {
-  const reverseTunnel = values.R;
-  if ((!Array.isArray(reverseTunnel) || reverseTunnel.length === 0) && !values.localport && !finalConfig.forwarding) {
-    return new Error("local port not specified. Please use '-h' option for help.");
-  }
-  if (!Array.isArray(reverseTunnel) || reverseTunnel.length === 0) {
-    return null;
-  }
-  for (const forwarding of reverseTunnel) {
-    const slicedForwarding = ipv6SafeSplitColon(forwarding);
-    if (slicedForwarding.length === 3) {
-      const parsed = parseDefaultForwarding(forwarding);
-      if (parsed instanceof Error) return parsed;
-      finalConfig.forwarding = `${parsed.localDomain}:${parsed.localPort}`;
-    } else if (slicedForwarding.length === 4) {
-      finalConfig.additionalForwarding ?? (finalConfig.additionalForwarding = []);
-      const parsed = parseAdditionalForwarding(forwarding);
-      if (parsed instanceof Error) return parsed;
-      finalConfig.additionalForwarding.push(parsed);
-    } else {
-      return new Error(
-        "Incorrect command line arguments: reverse tunnel address incorrect. Please use '-h' option for help."
-      );
-    }
-  }
-  return null;
-}
-function parseLocalTunnelAddr(finalConfig, values) {
-  if (!Array.isArray(values.L) || values.L.length === 0) return null;
-  const firstL = values.L[0];
-  const parts = firstL.split(":");
-  if (parts.length === 3) {
-    const lp = parseInt(parts[0], 10);
-    if (!Number.isNaN(lp) && isValidPort(lp)) {
-      finalConfig.webDebugger = `localhost:${lp}`;
-    } else {
-      return new Error(`Invalid debugger port ${lp}`);
-    }
-  } else {
-    return new Error("Incorrect command line arguments: web debugger address incorrect. Please use '-h' option for help.");
-  }
-}
-function parseDebugger(finalConfig, values) {
-  let dbg = values.debugger;
-  if (typeof dbg !== "string") return;
-  dbg = dbg.startsWith(":") ? dbg.slice(1) : dbg;
-  const d = parseInt(dbg, 10);
-  if (!Number.isNaN(d) && isValidPort(d)) {
-    finalConfig.webDebugger = `localhost:${d}`;
-  } else {
-    logger.error("Invalid debugger port:", dbg);
-    return new Error(`Invalid debugger port ${dbg}. Please use '-h' option for help.`);
-  }
-}
-function parseToken(finalConfig, explicitToken) {
-  if (typeof explicitToken === "string" && explicitToken) {
-    finalConfig.token = explicitToken;
-  }
-}
-function parseArgs(finalConfig, remainingPositionals) {
-  parseExtendedOptions(remainingPositionals, finalConfig);
-}
-function storeJson(config, saveconf) {
-  if (saveconf) {
-    const path5 = saveconf;
-    try {
-      import_fs3.default.writeFileSync(path5, JSON.stringify(config, null, 2), { encoding: "utf-8", flag: "w" });
-      logger.info(`Configuration saved to ${path5}`);
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      logger.error("Error loading configuration:", msg);
-    }
-  }
-}
-function loadJsonConfig(config) {
-  const configpath = config["conf"];
-  if (typeof configpath === "string" && configpath.trim().length > 0) {
-    const filepath = import_path3.default.resolve(configpath);
-    try {
-      const data = import_fs3.default.readFileSync(filepath, { encoding: "utf-8" });
-      const json = JSON.parse(data);
-      return json;
-    } catch (err) {
-      logger.error("Error loading configuration:", err);
-    }
-  }
-  return null;
-}
-function isSaveConfOption(values) {
-  const saveconf = values["saveconf"];
-  if (typeof saveconf === "string" && saveconf.trim().length > 0) {
-    return saveconf;
+      async handleGet(tunnelid) {
+        try {
+          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
+          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
+          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, managed.configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
+        } catch (err) {
+          return this.error(ErrorCode.TunnelNotFound, err, "Failed to get tunnel information");
+        }
+      }
+      async handleRestart(tunnelid) {
+        try {
+          await this.tunnelManager.restartTunnel(tunnelid);
+          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
+          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
+          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, managed.configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
+        } catch (err) {
+          return this.error(ErrorCode.TunnelNotFound, err, "Failed to restart tunnel");
+        }
+      }
+      handleRegisterStatsListener(tunnelid, listener) {
+        this.tunnelManager.registerStatsListener(tunnelid, listener);
+      }
+      handleUnregisterStatsListener(tunnelid, listnerId) {
+        this.tunnelManager.deregisterStatsListener(tunnelid, listnerId);
+      }
+      handleGetTunnelStats(tunnelid) {
+        try {
+          const stats = this.tunnelManager.getTunnelStats(tunnelid);
+          if (!stats) {
+            return [newStats()];
+          }
+          return stats;
+        } catch (err) {
+          return this.error(ErrorCode.TunnelNotFound, err, "Failed to get tunnel stats");
+        }
+      }
+      handleRegisterDisconnectListener(tunnelid, listener) {
+        this.tunnelManager.registerDisconnectListener(tunnelid, listener);
+      }
+      handleRemoveStoppedTunnelByConfigId(configId) {
+        try {
+          return this.tunnelManager.removeStoppedTunnelByConfigId(configId);
+        } catch (err) {
+          return this.error(ErrorCode.InternalServerError, err, "Failed to remove stopped tunnel by configId");
+        }
+      }
+      handleRemoveStoppedTunnelByTunnelId(tunnelId) {
+        try {
+          return this.tunnelManager.removeStoppedTunnelByTunnelId(tunnelId);
+        } catch (err) {
+          return this.error(ErrorCode.InternalServerError, err, "Failed to remove stopped tunnel by tunnelId");
+        }
+      }
+    };
   }
-  return null;
-}
-function parseServe(finalConfig, values) {
-  const sv = values.serve;
-  if (typeof sv !== "string" || sv.trim().length === 0) return null;
-  finalConfig.serve = sv;
-  return null;
-}
-function parseAutoReconnect(finalConfig, values) {
-  const autoReconnectValue = values.autoreconnect;
-  if (typeof autoReconnectValue === "string") {
-    const trimmed = autoReconnectValue.trim().toLowerCase();
-    if (trimmed === "true" || trimmed === "") {
-      finalConfig.autoReconnect = true;
-    } else if (trimmed === "false") {
-      finalConfig.autoReconnect = false;
-    } else {
-      return new Error(`Invalid autoreconnect value: ${autoReconnectValue}. Use true or false.`);
+});
+
+// src/remote_management/websocket_handlers.ts
+function handleConnectionStatusMessage(firstMessage) {
+  try {
+    const text = typeof firstMessage === "string" ? firstMessage : firstMessage.toString();
+    const cs = JSON.parse(text);
+    if (!cs.success) {
+      const msg = cs.error_msg || "Connection failed";
+      printer_default.warn(`Connection failed: ${msg}`);
+      logger.warn("Remote management connection failed", { error_code: cs.error_code, error_msg: msg });
+      return false;
     }
+    return true;
+  } catch (e) {
+    logger.warn("Failed to parse connection status message", { error: String(e) });
+    return true;
   }
-  return null;
-}
-async function buildFinalConfig(values, positionals) {
-  let token;
-  let server;
-  let type;
-  let forceFlag = false;
-  let qrCode = false;
-  let finalConfig = new Object();
-  let saveconf = isSaveConfOption(values);
-  const configFromFile = loadJsonConfig(values);
-  const userParse = parseUsers(positionals, values.token);
-  token = userParse.token;
-  server = userParse.server;
-  type = userParse.type;
-  forceFlag = userParse.forceFlag;
-  qrCode = userParse.qrCode;
-  const remainingPositionals = userParse.remaining;
-  const initialTunnel = type || values.type;
-  finalConfig = {
-    ...defaultOptions,
-    ...configFromFile || {},
-    // Apply loaded config on top of defaults
-    configid: getRandomId(),
-    token: token || (configFromFile?.token || (typeof values.token === "string" ? values.token : "")),
-    serverAddress: server || (configFromFile?.serverAddress || defaultOptions.serverAddress),
-    tunnelType: initialTunnel ? [initialTunnel] : configFromFile?.tunnelType || [import_pinggy3.TunnelType.Http],
-    NoTUI: values.notui || (configFromFile?.NoTUI || false),
-    qrCode: qrCode || (configFromFile?.qrCode || false),
-    autoReconnect: configFromFile?.autoReconnect ? configFromFile.autoReconnect : defaultOptions.autoReconnect
-  };
-  parseType(finalConfig, values, type);
-  parseToken(finalConfig, token || values.token);
-  const dbgErr = parseDebugger(finalConfig, values);
-  if (dbgErr instanceof Error) throw dbgErr;
-  const lpErr = parseLocalPort(finalConfig, values);
-  if (lpErr instanceof Error) throw lpErr;
-  const rErr = parseReverseTunnelAddr(finalConfig, values);
-  if (rErr instanceof Error) throw rErr;
-  const lErr = parseLocalTunnelAddr(finalConfig, values);
-  if (lErr instanceof Error) throw lErr;
-  const serveErr = parseServe(finalConfig, values);
-  if (serveErr instanceof Error) throw serveErr;
-  const autoReconnectErr = parseAutoReconnect(finalConfig, values);
-  if (autoReconnectErr instanceof Error) throw autoReconnectErr;
-  if (forceFlag) finalConfig.force = true;
-  parseArgs(finalConfig, remainingPositionals);
-  storeJson(finalConfig, saveconf);
-  return finalConfig;
 }
-var import_pinggy3, import_fs3, import_path3, domainRegex, KEYWORDS, VALID_PROTOCOLS;
-var init_buildConfig = __esm({
-  "src/cli/buildConfig.ts"() {
+var import_zod2, WebSocketCommandHandler;
+var init_websocket_handlers = __esm({
+  "src/remote_management/websocket_handlers.ts"() {
     "use strict";
     init_cjs_shims();
-    init_defaults();
-    init_extendedOptions();
     init_logger();
-    init_util();
-    import_pinggy3 = require("@pinggy/pinggy");
-    import_fs3 = __toESM(require("fs"), 1);
-    import_path3 = __toESM(require("path"), 1);
-    domainRegex = /^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/;
-    KEYWORDS = /* @__PURE__ */ new Set([
-      import_pinggy3.TunnelType.Http,
-      import_pinggy3.TunnelType.Tcp,
-      import_pinggy3.TunnelType.Tls,
-      import_pinggy3.TunnelType.Udp,
-      import_pinggy3.TunnelType.TlsTcp,
-      "force",
-      "qr"
-    ]);
-    VALID_PROTOCOLS = ["http", "tcp", "udp", "tls"];
+    init_types();
+    init_handler();
+    init_remote_schema();
+    import_zod2 = __toESM(require("zod"), 1);
+    init_printer();
+    WebSocketCommandHandler = class {
+      constructor() {
+        this.tunnelHandler = new TunnelOperations();
+      }
+      safeParse(text) {
+        if (!text) return void 0;
+        try {
+          return JSON.parse(text);
+        } catch (e) {
+          logger.warn("Invalid JSON payload", { error: String(e), text });
+          return void 0;
+        }
+      }
+      sendResponse(ws, resp) {
+        const payload = {
+          ...resp,
+          response: Buffer.from(resp.response || []).toString("base64")
+        };
+        ws.send(JSON.stringify(payload));
+      }
+      sendError(ws, req, message, code = ErrorCode.InternalServerError) {
+        const resp = NewErrorResponseObject({ code, message });
+        resp.command = req.command || "";
+        resp.requestid = req.requestid || "";
+        this.sendResponse(ws, resp);
+      }
+      async handleStartReq(req, raw) {
+        const dc = StartSchema.parse(raw);
+        printer_default.info("Starting tunnel with config name: " + dc.tunnelConfig.configname);
+        const result = await this.tunnelHandler.handleStart(dc.tunnelConfig);
+        return this.wrapResponse(result, req);
+      }
+      async handleStopReq(req, raw) {
+        const dc = StopSchema.parse(raw);
+        printer_default.info("Stopping tunnel with ID: " + dc.tunnelID);
+        const result = await this.tunnelHandler.handleStop(dc.tunnelID);
+        return this.wrapResponse(result, req);
+      }
+      async handleGetReq(req, raw) {
+        const dc = GetSchema.parse(raw);
+        const result = await this.tunnelHandler.handleGet(dc.tunnelID);
+        return this.wrapResponse(result, req);
+      }
+      async handleRestartReq(req, raw) {
+        const dc = RestartSchema.parse(raw);
+        const result = await this.tunnelHandler.handleRestart(dc.tunnelID);
+        return this.wrapResponse(result, req);
+      }
+      async handleUpdateConfigReq(req, raw) {
+        const dc = UpdateConfigSchema.parse(raw);
+        const result = await this.tunnelHandler.handleUpdateConfig(dc.tunnelConfig);
+        return this.wrapResponse(result, req);
+      }
+      async handleListReq(req) {
+        const result = await this.tunnelHandler.handleList();
+        return this.wrapResponse(result, req);
+      }
+      wrapResponse(result, req) {
+        if (isErrorResponse(result)) {
+          const errResp = NewErrorResponseObject(result);
+          errResp.command = req.command;
+          errResp.requestid = req.requestid;
+          return errResp;
+        }
+        const finalResult = JSON.parse(JSON.stringify(result));
+        if (Array.isArray(finalResult)) {
+          finalResult.forEach((item) => {
+            if (item?.tunnelconfig) {
+              delete item.tunnelconfig.allowPreflight;
+            }
+          });
+        } else if (finalResult?.tunnelconfig) {
+          delete finalResult.tunnelconfig.allowPreflight;
+        }
+        const respObj = NewResponseObject(finalResult);
+        respObj.command = req.command;
+        respObj.requestid = req.requestid;
+        return respObj;
+      }
+      async handle(ws, req) {
+        const cmd = (req.command || "").toLowerCase();
+        const raw = this.safeParse(req.data);
+        try {
+          let response;
+          switch (cmd) {
+            case "start": {
+              response = await this.handleStartReq(req, raw);
+              break;
+            }
+            case "stop": {
+              response = await this.handleStopReq(req, raw);
+              break;
+            }
+            case "get": {
+              response = await this.handleGetReq(req, raw);
+              break;
+            }
+            case "restart": {
+              response = await this.handleRestartReq(req, raw);
+              break;
+            }
+            case "updateconfig": {
+              response = await this.handleUpdateConfigReq(req, raw);
+              break;
+            }
+            case "list": {
+              response = await this.handleListReq(req);
+              break;
+            }
+            default:
+              if (typeof req.command === "string") {
+                logger.warn("Unknown command", { command: req.command });
+              }
+              return this.sendError(ws, req, "Invalid command");
+          }
+          logger.debug("Sending response", { command: response.command, requestid: response.requestid });
+          this.sendResponse(ws, response);
+        } catch (e) {
+          if (e instanceof import_zod2.default.ZodError) {
+            logger.warn("Validation failed", { cmd, issues: e.issues });
+            return this.sendError(ws, req, "Invalid request data", ErrorCode.InvalidBodyFormatError);
+          }
+          logger.error("Error handling command", { cmd, error: String(e) });
+          return this.sendError(ws, req, e?.message || "Internal error");
+        }
+      }
+    };
   }
 });
 
-// src/types.ts
-function isErrorResponse(obj) {
-  return typeof obj === "object" && obj !== null && "code" in obj && "message" in obj && typeof obj.message === "string" && Object.values(ErrorCode).includes(obj.code);
-}
-function newErrorResponse(codeOrError, message) {
-  if (typeof codeOrError === "object") {
-    return codeOrError;
+// src/remote_management/remoteManagement.ts
+function buildRemoteManagementWsUrl(manage) {
+  let baseUrl = (manage || "dashboard.pinggy.io").trim();
+  if (!(baseUrl.startsWith("ws://") || baseUrl.startsWith("wss://"))) {
+    baseUrl = "wss://" + baseUrl;
   }
-  return {
-    code: codeOrError,
-    message
-  };
+  const trimmed = baseUrl.replace(/\/$/, "");
+  return `${trimmed}/backend/api/v1/remote-management/connect`;
 }
-function NewResponseObject(data) {
-  const encoder = new TextEncoder();
-  const bytes = encoder.encode(JSON.stringify(data));
-  return {
-    response: bytes,
-    requestid: "",
-    command: "",
-    error: false,
-    errorresponse: {}
-  };
+function extractHostname(u) {
+  try {
+    const url = new URL(u);
+    return url.host;
+  } catch {
+    return u;
+  }
 }
-function NewErrorResponseObject(errorResponse) {
-  return {
-    response: new Uint8Array(),
-    requestid: "",
-    command: "",
-    error: true,
-    errorresponse: errorResponse
-  };
+function sleep(ms) {
+  return new Promise((res) => setTimeout(res, ms));
 }
-function newStatus(tunnelState, errorCode, errorMsg) {
-  let assignedState = tunnelState;
-  if (tunnelState === "live" /* Live */) {
-    assignedState = "running" /* Running */;
-  } else if (tunnelState === "idle" /* New */) {
-    assignedState = "idle" /* New */;
-  } else if (tunnelState === "closed" /* Closed */) {
-    assignedState = "exited" /* Exited */;
+async function parseRemoteManagement(values) {
+  const rmToken = values["remote-management"];
+  if (typeof rmToken === "string" && rmToken.trim().length > 0) {
+    const manageHost = values["manage"];
+    try {
+      await initiateRemoteManagement(rmToken, manageHost);
+      return { ok: true };
+    } catch (e) {
+      logger.error("Failed to initiate remote management:", e);
+      return { ok: false, error: e };
+    }
   }
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  return {
-    state: assignedState,
-    errorcode: errorCode,
-    errormsg: errorMsg,
-    createdtimestamp: now,
-    starttimestamp: now,
-    endtimestamp: now,
-    warnings: []
-  };
-}
-function newStats() {
-  return {
-    numLiveConnections: 0,
-    numTotalConnections: 0,
-    numTotalReqBytes: 0,
-    numTotalResBytes: 0,
-    numTotalTxBytes: 0,
-    elapsedTime: 0
-  };
 }
-var ErrorCode, RemoteManagementStatus;
-var init_types = __esm({
-  "src/types.ts"() {
-    "use strict";
-    init_cjs_shims();
-    ErrorCode = {
-      InvalidRequestMethodError: "INVALID_REQUEST_METHOD",
-      InvalidRequestBodyError: "COULD_NOT_READ_BODY",
-      InternalServerError: "INTERNAL_SERVER_ERROR",
-      InvalidBodyFormatError: "INVALID_DATA_FORMAT",
-      ErrorStartingTunnel: "ERROR_STARTING_TUNNEL",
-      TunnelNotFound: "TUNNEL_WITH_ID_OR_CONFIG_ID_NOT_FOUND",
-      TunnelAlreadyRunningError: "TUNNEL_WITH_ID_OR_CONFIG_ID_ALREADY_RUNNING",
-      WebsocketUpgradeFailError: "WEBSOCKET_UPGRADE_FAILED",
-      RemoteManagementAlreadyRunning: "REMOTE_MANAGEMENT_ALREADY_RUNNING",
-      RemoteManagementNotRunning: "REMOTE_MANAGEMENT_NOT_RUNNING",
-      RemoteManagementDeserializationFailed: "REMOTE_MANAGEMENT_DESERIALIZATION_FAILED"
-    };
-    RemoteManagementStatus = {
-      Connecting: "CONNECTING",
-      Disconnecting: "DISCONNECTING",
-      Reconnecting: "RECONNECTING",
-      Running: "RUNNING",
-      NotRunning: "NOT_RUNNING",
-      Error: "ERROR"
-    };
+async function initiateRemoteManagement(token, manage) {
+  if (!token || token.trim().length === 0) {
+    throw new Error("Remote management token is required (use --remote-management <TOKEN>)");
   }
-});
-
-// src/remote_management/remote_schema.ts
-function tunnelConfigToPinggyOptions(config) {
-  return {
-    token: config.token || "",
-    serverAddress: config.serveraddress || "free.pinggy.io",
-    forwarding: `${config.forwardedhost || "localhost"}:${config.localport}`,
-    webDebugger: config.webdebuggerport ? `localhost:${config.webdebuggerport}` : "",
-    ipWhitelist: config.ipwhitelist || [],
-    basicAuth: config.basicauth ? config.basicauth : [],
-    bearerTokenAuth: config.bearerauth ? [config.bearerauth] : [],
-    headerModification: config.headermodification,
-    xForwardedFor: !!config.xff,
-    httpsOnly: config.httpsOnly,
-    originalRequestUrl: config.fullRequestUrl,
-    allowPreflight: config.allowPreflight,
-    reverseProxy: config.noReverseProxy,
-    force: config.force,
-    autoReconnect: config.autoreconnect,
-    optional: {
-      sniServerName: config.localservertlssni || ""
-    }
+  const wsUrl = buildRemoteManagementWsUrl(manage);
+  const wsHost = extractHostname(wsUrl);
+  logger.info("Remote management mode enabled.");
+  _stopRequested = false;
+  const sigintHandler = () => {
+    _stopRequested = true;
   };
-}
-function pinggyOptionsToTunnelConfig(opts, configid, configName, localserverTls, greetMsg, additionalForwarding, serve) {
-  const forwarding = Array.isArray(opts.forwarding) ? String(opts.forwarding[0].address).replace("//", "").replace(/\/$/, "") : String(opts.forwarding).replace("//", "").replace(/\/$/, "");
-  const parsedForwardedHost = forwarding.split(":").length == 3 ? forwarding.split(":")[1] : forwarding.split(":")[0];
-  const parsedLocalPort = forwarding.split(":").length == 3 ? parseInt(forwarding.split(":")[2], 10) : parseInt(forwarding.split(":")[1], 10);
-  const tunnelType = (Array.isArray(opts.forwarding) ? opts.forwarding[0]?.type : void 0) ?? import_pinggy4.TunnelType.Http;
-  const parsedTokens = opts.bearerTokenAuth ? Array.isArray(opts.bearerTokenAuth) ? opts.bearerTokenAuth : JSON.parse(opts.bearerTokenAuth) : [];
-  return {
-    allowPreflight: opts.allowPreflight ?? false,
-    allowpreflight: opts.allowPreflight ?? false,
-    autoreconnect: opts.autoReconnect ?? false,
-    basicauth: opts.basicAuth && Object.keys(opts.basicAuth).length ? opts.basicAuth : null,
-    bearerauth: parsedTokens.length ? parsedTokens.join(",") : null,
-    configid,
-    configname: configName,
-    greetmsg: greetMsg || "",
-    force: opts.force ?? false,
-    forwardedhost: parsedForwardedHost || "localhost",
-    fullRequestUrl: opts.originalRequestUrl ?? false,
-    headermodification: opts.headerModification || [],
-    //structured list
-    httpsOnly: opts.httpsOnly ?? false,
-    internalwebdebuggerport: 0,
-    ipwhitelist: opts.ipWhitelist ? Array.isArray(opts.ipWhitelist) ? opts.ipWhitelist : JSON.parse(opts.ipWhitelist) : null,
-    localport: parsedLocalPort || 0,
-    localservertlssni: null,
-    regioncode: "",
-    noReverseProxy: opts.reverseProxy ?? false,
-    serveraddress: opts.serverAddress || "free.pinggy.io",
-    serverport: 0,
-    statusCheckInterval: 0,
-    token: opts.token || "",
-    tunnelTimeout: 0,
-    type: tunnelType,
-    webdebuggerport: Number(opts.webDebugger?.split(":")[0]) || 0,
-    xff: opts.xForwardedFor ? "1" : "",
-    localsservertls: localserverTls || false,
-    additionalForwarding: additionalForwarding || [],
-    serve: serve || ""
+  process.once("SIGINT", sigintHandler);
+  const logConnecting = () => {
+    printer_default.print(`Connecting to ${wsHost}`);
+    logger.info("Connecting to remote management", { wsUrl });
   };
+  while (!_stopRequested) {
+    logConnecting();
+    setRemoteManagementState({ status: RemoteManagementStatus.Connecting, errorMessage: "" });
+    try {
+      await handleWebSocketConnection(wsUrl, wsHost, token);
+    } catch (error) {
+      logger.warn("Remote management connection error", { error: String(error) });
+    }
+    if (_stopRequested) break;
+    printer_default.warn(`Remote management disconnected. Reconnecting in ${RECONNECT_SLEEP_MS / 1e3} seconds...`);
+    logger.info("Reconnecting to remote management after disconnect");
+    await sleep(RECONNECT_SLEEP_MS);
+  }
+  process.removeListener("SIGINT", sigintHandler);
+  logger.info("Remote management stopped.");
+  return getRemoteManagementState();
 }
-var import_pinggy4, import_zod, HeaderModificationSchema, AdditionalForwardingSchema, TunnelConfigSchema, StartSchema, StopSchema, GetSchema, RestartSchema, UpdateConfigSchema;
-var init_remote_schema = __esm({
-  "src/remote_management/remote_schema.ts"() {
-    "use strict";
-    init_cjs_shims();
-    import_pinggy4 = require("@pinggy/pinggy");
-    import_zod = require("zod");
-    HeaderModificationSchema = import_zod.z.object({
-      key: import_zod.z.string(),
-      value: import_zod.z.array(import_zod.z.string()).optional(),
-      type: import_zod.z.enum(["add", "remove", "update"])
-    });
-    AdditionalForwardingSchema = import_zod.z.object({
-      remoteDomain: import_zod.z.string().optional(),
-      remotePort: import_zod.z.number().optional(),
-      localDomain: import_zod.z.string(),
-      localPort: import_zod.z.number()
+async function handleWebSocketConnection(wsUrl, wsHost, token) {
+  return new Promise((resolve) => {
+    const ws = new import_ws.default(wsUrl, {
+      headers: { Authorization: `Bearer ${token}` }
     });
-    TunnelConfigSchema = import_zod.z.object({
-      allowPreflight: import_zod.z.boolean().optional(),
-      // primary key
-      allowpreflight: import_zod.z.boolean().optional(),
-      // legacy key
-      autoreconnect: import_zod.z.boolean(),
-      basicauth: import_zod.z.array(import_zod.z.object({ username: import_zod.z.string(), password: import_zod.z.string() })).nullable(),
-      bearerauth: import_zod.z.string().nullable(),
-      configid: import_zod.z.string(),
-      configname: import_zod.z.string(),
-      greetmsg: import_zod.z.string().optional(),
-      force: import_zod.z.boolean(),
-      forwardedhost: import_zod.z.string(),
-      fullRequestUrl: import_zod.z.boolean(),
-      headermodification: import_zod.z.array(HeaderModificationSchema),
-      httpsOnly: import_zod.z.boolean(),
-      internalwebdebuggerport: import_zod.z.number(),
-      ipwhitelist: import_zod.z.array(import_zod.z.string()).nullable(),
-      localport: import_zod.z.number(),
-      localsservertls: import_zod.z.union([import_zod.z.boolean(), import_zod.z.string()]),
-      localservertlssni: import_zod.z.string().nullable(),
-      regioncode: import_zod.z.string(),
-      noReverseProxy: import_zod.z.boolean(),
-      serveraddress: import_zod.z.string(),
-      serverport: import_zod.z.number(),
-      statusCheckInterval: import_zod.z.number(),
-      token: import_zod.z.string(),
-      tunnelTimeout: import_zod.z.number(),
-      type: import_zod.z.enum([
-        import_pinggy4.TunnelType.Http,
-        import_pinggy4.TunnelType.Tcp,
-        import_pinggy4.TunnelType.Udp,
-        import_pinggy4.TunnelType.Tls,
-        import_pinggy4.TunnelType.TlsTcp
-      ]),
-      webdebuggerport: import_zod.z.number(),
-      xff: import_zod.z.string(),
-      additionalForwarding: import_zod.z.array(AdditionalForwardingSchema).optional(),
-      serve: import_zod.z.string().optional()
-    }).superRefine((data, ctx) => {
-      if (data.allowPreflight === void 0 && data.allowpreflight === void 0) {
-        ctx.addIssue({
-          code: "custom",
-          message: "Either allowPreflight or allowpreflight is required",
-          path: ["allowPreflight"]
-        });
+    currentWs = ws;
+    let heartbeat = null;
+    let firstMessage = true;
+    const cleanup = () => {
+      if (heartbeat) clearInterval(heartbeat);
+      currentWs = null;
+      resolve();
+    };
+    ws.once("open", () => {
+      printer_default.success(`Connected to ${wsHost}`);
+      heartbeat = setInterval(() => {
+        if (ws.readyState === import_ws.default.OPEN) ws.ping();
+      }, PING_INTERVAL_MS);
+    });
+    ws.on("ping", () => ws.pong());
+    ws.on("message", async (data) => {
+      try {
+        if (firstMessage) {
+          firstMessage = false;
+          const ok = handleConnectionStatusMessage(data);
+          if (!ok) ws.close();
+          return;
+        }
+        setRemoteManagementState({ status: RemoteManagementStatus.Running, errorMessage: "" });
+        const req = JSON.parse(data.toString("utf8"));
+        await new WebSocketCommandHandler().handle(ws, req);
+      } catch (e) {
+        logger.warn("Failed handling websocket message", { error: String(e) });
       }
-    }).transform((data) => ({
-      ...data,
-      allowPreflight: data.allowPreflight ?? data.allowpreflight,
-      allowpreflight: data.allowPreflight ?? data.allowpreflight
-    }));
-    StartSchema = import_zod.z.object({
-      tunnelID: import_zod.z.string().nullable().optional(),
-      tunnelConfig: TunnelConfigSchema
     });
-    StopSchema = import_zod.z.object({
-      tunnelID: import_zod.z.string().min(1)
+    ws.on("unexpected-response", (_, res) => {
+      setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: `HTTP ${res.statusCode}` });
+      if (res.statusCode === 401) {
+        printer_default.error("Unauthorized. Please enter a valid token.");
+        logger.error("Unauthorized (401) on remote management connect");
+      } else {
+        printer_default.warn(`Unexpected HTTP ${res.statusCode}. Retrying...`);
+        logger.warn("Unexpected HTTP response", { statusCode: res.statusCode });
+      }
+      ws.close();
     });
-    GetSchema = StopSchema;
-    RestartSchema = StopSchema;
-    UpdateConfigSchema = import_zod.z.object({
-      tunnelConfig: TunnelConfigSchema
+    ws.on("close", (code, reason) => {
+      setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: "" });
+      logger.info("WebSocket closed", { code, reason: reason.toString() });
+      printer_default.warn(`Disconnected (code: ${code}). Retrying...`);
+      cleanup();
+    });
+    ws.on("error", (err) => {
+      setRemoteManagementState({ status: RemoteManagementStatus.Error, errorMessage: err.message });
+      logger.warn("WebSocket error", { error: err.message });
+      printer_default.error(err);
+      cleanup();
     });
+  });
+}
+async function closeRemoteManagement(timeoutMs = 1e4) {
+  _stopRequested = true;
+  try {
+    if (currentWs) {
+      try {
+        setRemoteManagementState({ status: RemoteManagementStatus.Disconnecting, errorMessage: "" });
+        currentWs.close();
+      } catch (e) {
+        logger.warn("Error while closing current remote management websocket", { error: String(e) });
+      }
+    }
+    const start = Date.now();
+    while (_remoteManagementState.status === "RUNNING") {
+      if (Date.now() - start > timeoutMs) {
+        logger.warn("Timed out waiting for remote management to stop");
+        break;
+      }
+      await sleep(200);
+    }
+  } finally {
+    currentWs = null;
+    setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: "" });
+    return getRemoteManagementState();
+  }
+}
+function getRemoteManagementState() {
+  return _remoteManagementState;
+}
+function setRemoteManagementState(state, errorMessage) {
+  _remoteManagementState = {
+    status: state.status,
+    errorMessage: errorMessage || ""
+  };
+}
+var import_ws, RECONNECT_SLEEP_MS, PING_INTERVAL_MS, _remoteManagementState, _stopRequested, currentWs;
+var init_remoteManagement = __esm({
+  "src/remote_management/remoteManagement.ts"() {
+    "use strict";
+    init_cjs_shims();
+    import_ws = __toESM(require("ws"), 1);
+    init_logger();
+    init_websocket_handlers();
+    init_printer();
+    init_types();
+    RECONNECT_SLEEP_MS = 5e3;
+    PING_INTERVAL_MS = 3e4;
+    _remoteManagementState = {
+      status: "NOT_RUNNING",
+      errorMessage: ""
+    };
+    _stopRequested = false;
+    currentWs = null;
   }
 });
 
-// src/remote_management/handler.ts
-var import_pinggy5, TunnelOperations;
-var init_handler = __esm({
-  "src/remote_management/handler.ts"() {
+// src/cli/options.ts
+var cliOptions;
+var init_options = __esm({
+  "src/cli/options.ts"() {
     "use strict";
     init_cjs_shims();
-    init_types();
-    init_TunnelManager();
-    init_remote_schema();
-    import_pinggy5 = require("@pinggy/pinggy");
-    TunnelOperations = class {
-      constructor() {
-        this.tunnelManager = TunnelManager.getInstance();
-      }
-      buildStatus(tunnelId, state, errorCode) {
-        const status = newStatus(state, errorCode, "");
-        try {
-          const managed = this.tunnelManager.getManagedTunnel("", tunnelId);
-          if (managed) {
-            status.createdtimestamp = managed.createdAt || "";
-            status.starttimestamp = managed.startedAt || "";
-            status.endtimestamp = managed.stoppedAt || "";
-          }
-        } catch (e) {
-        }
-        return status;
-      }
-      // --- Helper to construct TunnelResponse ---
-      async buildTunnelResponse(tunnelid, tunnelConfig, configid, tunnelName, additionalForwarding, serve) {
-        const [status, stats, tlsInfo, greetMsg, remoteurls] = await Promise.all([
-          this.tunnelManager.getTunnelStatus(tunnelid),
-          this.tunnelManager.getLatestTunnelStats(tunnelid) || newStats(),
-          this.tunnelManager.getLocalserverTlsInfo(tunnelid),
-          this.tunnelManager.getTunnelGreetMessage(tunnelid),
-          this.tunnelManager.getTunnelUrls(tunnelid)
-        ]);
-        return {
-          tunnelid,
-          remoteurls,
-          tunnelconfig: pinggyOptionsToTunnelConfig(tunnelConfig, configid, tunnelName, tlsInfo, greetMsg, additionalForwarding),
-          status: this.buildStatus(tunnelid, status, "" /* NoError */),
-          stats
-        };
-      }
-      error(code, err, fallback) {
-        return newErrorResponse({
-          code,
-          message: err instanceof Error ? err.message : fallback
-        });
-      }
-      // --- Operations ---
-      async handleStart(config) {
-        try {
-          const opts = tunnelConfigToPinggyOptions(config);
-          const additionalForwardingParsed = config.additionalForwarding || [];
-          const { tunnelid, instance, tunnelName, additionalForwarding, serve } = await this.tunnelManager.createTunnel({
-            ...opts,
-            tunnelType: Array.isArray(config.type) ? config.type : config.type ? [config.type] : [import_pinggy5.TunnelType.Http],
-            // Temporary fix in future we will not use this field.
-            configid: config.configid,
-            tunnelName: config.configname,
-            additionalForwarding: additionalForwardingParsed,
-            serve: config.serve
-          });
-          this.tunnelManager.startTunnel(tunnelid);
-          const tunnelPconfig = await this.tunnelManager.getTunnelConfig("", tunnelid);
-          const resp = this.buildTunnelResponse(tunnelid, tunnelPconfig, config.configid, tunnelName, additionalForwarding, serve);
-          return resp;
-        } catch (err) {
-          return this.error(ErrorCode.ErrorStartingTunnel, err, "Unknown error occurred while starting tunnel");
-        }
-      }
-      async handleUpdateConfig(config) {
-        try {
-          const opts = tunnelConfigToPinggyOptions(config);
-          const tunnel = await this.tunnelManager.updateConfig({
-            ...opts,
-            tunnelType: Array.isArray(config.type) ? config.type : config.type ? [config.type] : [import_pinggy5.TunnelType.Http],
-            // // Temporary fix in future we will not use this field.
-            configid: config.configid,
-            tunnelName: config.configname,
-            additionalForwarding: config.additionalForwarding || [],
-            serve: config.serve
-          });
-          if (!tunnel.instance || !tunnel.tunnelConfig)
-            throw new Error("Invalid tunnel state after configuration update");
-          return this.buildTunnelResponse(tunnel.tunnelid, tunnel.tunnelConfig, config.configid, tunnel.tunnelName, tunnel.additionalForwarding, tunnel.serve);
-        } catch (err) {
-          return this.error(ErrorCode.InternalServerError, err, "Failed to update tunnel configuration");
+    cliOptions = {
+      // SSH-like options
+      R: { type: "string", multiple: true, description: "Local port. Eg. -R0:localhost:3000 will forward tunnel connections to local port 3000." },
+      L: { type: "string", multiple: true, description: "Web Debugger address. Eg. -L4300:localhost:4300 will start web debugger on port 4300." },
+      o: { type: "string", multiple: true, description: "Options", hidden: true },
+      "server-port": { type: "string", short: "p", description: "Pinggy server port. Default: 443" },
+      v4: { type: "boolean", short: "4", description: "IPv4 only", hidden: true },
+      v6: { type: "boolean", short: "6", description: "IPv6 only", hidden: true },
+      // These options appear in the ssh command, but we ignore it in CLI
+      t: { type: "boolean", description: "hidden", hidden: true },
+      T: { type: "boolean", description: "hidden", hidden: true },
+      n: { type: "boolean", description: "hidden", hidden: true },
+      N: { type: "boolean", description: "hidden", hidden: true },
+      // Better options
+      type: { type: "string", description: "Type of the connection. Eg. --type tcp" },
+      localport: { type: "string", short: "l", description: "Takes input as [protocol:][host:]port. Eg. --localport https://localhost:8000 OR -l 3000" },
+      debugger: { type: "string", short: "d", description: "Port for web debugger. Eg. --debugger 4300 OR -d 4300" },
+      token: { type: "string", description: "Token for authentication. Eg. --token TOKEN_VALUE" },
+      // Logging options (CLI overrides env)
+      loglevel: { type: "string", description: "Logging level: ERROR, INFO, DEBUG. Overrides PINGGY_LOG_LEVEL environment variable" },
+      logfile: { type: "string", description: "Path to log file. Overrides PINGGY_LOG_FILE environment variable" },
+      v: { type: "boolean", description: "Print logs to stdout for Cli. Overrides PINGGY_LOG_STDOUT environment variable" },
+      vv: { type: "boolean", description: "Enable detailed logging for the Node.js SDK and Libpinggy, including both info and debug level logs." },
+      vvv: { type: "boolean", description: "Enable all logs from Cli, SDK and internal components." },
+      autoreconnect: { type: "string", short: "a", description: "Automatically reconnect tunnel on failure (enabled by default). Use -a false to disable." },
+      // Save and load config
+      saveconf: { type: "string", description: "Create the configuration file based on the options provided here" },
+      conf: { type: "string", description: "Use the configuration file as base. Other options will be used to override this file" },
+      // File server
+      serve: { type: "string", description: "Start a webserver to serve files from the specified path. Eg --serve /path/to/files" },
+      // Remote Control
+      "remote-management": { type: "string", description: "Enable remote management of tunnels with token. Eg. --remote-management API_KEY" },
+      manage: { type: "string", description: "Provide a server address to manage tunnels. Eg --manage dashboard.pinggy.io" },
+      notui: { type: "boolean", description: "Disable TUI in remote management mode" },
+      // Misc
+      version: { type: "boolean", description: "Print version" },
+      // Help
+      help: { type: "boolean", short: "h", description: "Show this help message" }
+    };
+  }
+});
+
+// src/cli/help.ts
+function printHelpMessage() {
+  console.log("\nPinggy CLI Tool - Create secure tunnels to your localhost.");
+  console.log("\nUsage:");
+  console.log("   pinggy [options] -l <port>\n");
+  console.log("Options:");
+  for (const [key, value] of Object.entries(cliOptions)) {
+    if (value.hidden) continue;
+    const short = "short" in value && value.short ? `-${value.short}, ` : "    ";
+    const optType = value.type === "boolean" ? "" : "<value>";
+    console.log(`  ${short}--${key.padEnd(17)} ${optType.padEnd(8)} ${value.description}`);
+  }
+  console.log("\nExtended options :");
+  console.log("  x:https                 Enforce HTTPS only (redirect HTTP to HTTPS)");
+  console.log("  x:noreverseproxy        Disable built-in reverse-proxy header injection");
+  console.log("  x:localservertls:host   Connect to local HTTPS server with SNI");
+  console.log("  x:passpreflight         Pass CORS preflight requests unchanged");
+  console.log("  a:Key:Val               Add header");
+  console.log("  u:Key:Val               Update header");
+  console.log("  r:Key                   Remove header");
+  console.log("  b:user:pass             Basic auth");
+  console.log("  k:BEARER                Bearer token");
+  console.log("  w:192.168.1.0/24        IP whitelist (CIDR)");
+  console.log("\nExamples (User-friendly):");
+  console.log("  pinggy -l 3000                           # HTTP(S) tunnel to localhost port 3000");
+  console.log("  pinggy --type tcp -l 22                  # TCP tunnel for SSH (port 22)");
+  console.log("  pinggy -l 8080 -d 4300                   # HTTP tunnel to port 8080 with debugger running at localhost:4300");
+  console.log("  pinggy --token mytoken -l 3000           # Authenticated tunnel");
+  console.log("  pinggy x:https x:xff -l https://localhost:8443  # HTTPS-only + XFF");
+  console.log("  pinggy w:192.168.1.0/24 -l 8080          # IP whitelist restriction");
+  console.log("\nExamples (SSH-style):");
+  console.log("  pinggy -R0:localhost:3000                        # Basic HTTP tunnel");
+  console.log("  pinggy --type tcp -R0:localhost:22               # TCP tunnel for SSH");
+  console.log("  pinggy -R0:localhost:8080 -L4300:localhost:4300  # HTTP tunnel with debugger");
+  console.log("  pinggy tcp@ap.example.com -R0:localhost:22       # TCP tunnel to region\n");
+}
+var init_help = __esm({
+  "src/cli/help.ts"() {
+    "use strict";
+    init_cjs_shims();
+    init_options();
+  }
+});
+
+// src/cli/defaults.ts
+var defaultOptions;
+var init_defaults = __esm({
+  "src/cli/defaults.ts"() {
+    "use strict";
+    init_cjs_shims();
+    defaultOptions = {
+      token: void 0,
+      // No default token
+      serverAddress: "a.pinggy.io",
+      forwarding: "localhost:8000",
+      webDebugger: "",
+      ipWhitelist: [],
+      basicAuth: [],
+      bearerTokenAuth: [],
+      headerModification: [],
+      force: false,
+      xForwardedFor: false,
+      httpsOnly: false,
+      originalRequestUrl: false,
+      allowPreflight: false,
+      reverseProxy: false,
+      autoReconnect: true
+    };
+  }
+});
+
+// src/cli/extendedOptions.ts
+function parseExtendedOptions(options, config) {
+  if (!options) return;
+  for (const opt of options) {
+    const [key, value] = opt.replace(/^"|"$/g, "").split(/:(.+)/).filter(Boolean);
+    switch (key) {
+      case "x":
+        switch (value) {
+          case "https":
+          case "httpsonly":
+            config.httpsOnly = true;
+            break;
+          case "passpreflight":
+          case "allowpreflight":
+            config.allowPreflight = true;
+            break;
+          case "reverseproxy":
+            config.reverseProxy = false;
+            break;
+          case "xff":
+            config.xForwardedFor = true;
+            break;
+          case "fullurl":
+          case "fullrequesturl":
+            config.originalRequestUrl = true;
+            break;
+          default:
+            printer_default.warn(`Unknown extended option "${key}"`);
+            logger.warn(`Warning: Unknown extended option "${key}"`);
+            break;
         }
-      }
-      async handleList() {
-        try {
-          const tunnels = await this.tunnelManager.getAllTunnels();
-          if (tunnels.length === 0) {
-            return [];
+        break;
+      case "w":
+        if (value) {
+          const ips = value.split(",").map((ip) => ip.trim()).filter(Boolean);
+          const invalidIps = ips.filter((ip) => !(isValidIpV4Cidr(ip) || isValidIpV6Cidr(ip)));
+          if (invalidIps.length > 0) {
+            printer_default.warn(`Invalid IP/CIDR(s) in whitelist: ${invalidIps.join(", ")}`);
+            logger.warn(`Warning: Invalid IP/CIDR(s) in whitelist: ${invalidIps.join(", ")}`);
           }
-          return Promise.all(
-            tunnels.map(async (t) => {
-              const rawStats = this.tunnelManager.getLatestTunnelStats(t.tunnelid) || newStats();
-              const [status, tlsInfo, greetMsg] = await Promise.all([
-                this.tunnelManager.getTunnelStatus(t.tunnelid),
-                this.tunnelManager.getLocalserverTlsInfo(t.tunnelid),
-                this.tunnelManager.getTunnelGreetMessage(t.tunnelid)
-              ]);
-              const pinggyOptions = status !== "closed" /* Closed */ && status !== "exited" /* Exited */ ? await this.tunnelManager.getTunnelConfig("", t.tunnelid) : t.tunnelConfig;
-              const tunnelConfig = pinggyOptionsToTunnelConfig(pinggyOptions, t.configid, t.tunnelName, tlsInfo, greetMsg, t.additionalForwarding, t.serve);
-              return {
-                tunnelid: t.tunnelid,
-                remoteurls: t.remoteurls,
-                status: this.buildStatus(t.tunnelid, status, "" /* NoError */),
-                stats: rawStats,
-                tunnelconfig: tunnelConfig
-              };
-            })
-          );
-        } catch (err) {
-          return this.error(ErrorCode.InternalServerError, err, "Failed to list tunnels");
-        }
-      }
-      async handleStop(tunnelid) {
-        try {
-          const { configid } = this.tunnelManager.stopTunnel(tunnelid);
-          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
-          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
-          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
-        } catch (err) {
-          return this.error(ErrorCode.TunnelNotFound, err, "Failed to stop tunnel");
+          if (!(invalidIps.length > 0)) {
+            config.ipWhitelist = ips;
+          }
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'w' requires IP(s)`);
+          logger.warn(`Warning: Extended option "${opt}" for 'w' requires IP(s)`);
         }
-      }
-      async handleGet(tunnelid) {
-        try {
-          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
-          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
-          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, managed.configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
-        } catch (err) {
-          return this.error(ErrorCode.TunnelNotFound, err, "Failed to get tunnel information");
+        break;
+      case "k":
+        if (!config.bearerTokenAuth) config.bearerTokenAuth = [];
+        if (value) {
+          config.bearerTokenAuth.push(value);
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'k' requires a value`);
+          logger.warn(`Warning: Extended option "${opt}" for 'k' requires a value`);
         }
-      }
-      async handleRestart(tunnelid) {
-        try {
-          await this.tunnelManager.restartTunnel(tunnelid);
-          const managed = this.tunnelManager.getManagedTunnel("", tunnelid);
-          if (!managed?.tunnelConfig) throw new Error(`Tunnel config for ID "${tunnelid}" not found`);
-          return this.buildTunnelResponse(tunnelid, managed.tunnelConfig, managed.configid, managed.tunnelName, managed.additionalForwarding, managed.serve);
-        } catch (err) {
-          return this.error(ErrorCode.TunnelNotFound, err, "Failed to restart tunnel");
+        break;
+      case "b":
+        if (value && value.includes(":")) {
+          const [username, password] = value.split(/:(.+)/);
+          if (!config.basicAuth) config.basicAuth = [];
+          config.basicAuth.push({ username, password });
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'b' requires value in format username:password`);
+          logger.warn(`Warning: Extended option "${opt}" for 'b' requires value in format username:password`);
         }
-      }
-      handleRegisterStatsListener(tunnelid, listener) {
-        this.tunnelManager.registerStatsListener(tunnelid, listener);
-      }
-      handleUnregisterStatsListener(tunnelid, listnerId) {
-        this.tunnelManager.deregisterStatsListener(tunnelid, listnerId);
-      }
-      handleGetTunnelStats(tunnelid) {
-        try {
-          const stats = this.tunnelManager.getTunnelStats(tunnelid);
-          if (!stats) {
-            return [newStats()];
-          }
-          return stats;
-        } catch (err) {
-          return this.error(ErrorCode.TunnelNotFound, err, "Failed to get tunnel stats");
+        break;
+      case "a":
+        if (value && value.includes(":")) {
+          const [key2, val] = value.split(/:(.+)/);
+          if (!config.headerModification) config.headerModification = [];
+          config.headerModification.push({ type: "add", key: key2, value: [val] });
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'a' requires key:value`);
+          logger.warn(`Warning: Extended option "${opt}" for 'a' requires key:value`);
         }
-      }
-      handleRegisterDisconnectListener(tunnelid, listener) {
-        this.tunnelManager.registerDisconnectListener(tunnelid, listener);
-      }
-      handleRemoveStoppedTunnelByConfigId(configId) {
-        try {
-          return this.tunnelManager.removeStoppedTunnelByConfigId(configId);
-        } catch (err) {
-          return this.error(ErrorCode.InternalServerError, err, "Failed to remove stopped tunnel by configId");
+        break;
+      case "u":
+        if (value && value.includes(":")) {
+          const [key2, val] = value.split(/:(.+)/);
+          if (!config.headerModification) config.headerModification = [];
+          config.headerModification.push({ type: "update", key: key2, value: [val] });
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'u' requires key:value`);
+          logger.warn(`Warning: Extended option "${opt}" for 'u' requires key:value`);
         }
-      }
-      handleRemoveStoppedTunnelByTunnelId(tunnelId) {
-        try {
-          return this.tunnelManager.removeStoppedTunnelByTunnelId(tunnelId);
-        } catch (err) {
-          return this.error(ErrorCode.InternalServerError, err, "Failed to remove stopped tunnel by tunnelId");
+        break;
+      case "r":
+        if (value) {
+          if (!config.headerModification) config.headerModification = [];
+          config.headerModification.push({ type: "remove", key: value });
+        } else {
+          printer_default.warn(`Extended option "${opt}" for 'r' requires a key`);
         }
-      }
-    };
-  }
-});
-
-// src/remote_management/websocket_handlers.ts
-function handleConnectionStatusMessage(firstMessage) {
-  try {
-    const text = typeof firstMessage === "string" ? firstMessage : firstMessage.toString();
-    const cs = JSON.parse(text);
-    if (!cs.success) {
-      const msg = cs.error_msg || "Connection failed";
-      printer_default.warn(`Connection failed: ${msg}`);
-      logger.warn("Remote management connection failed", { error_code: cs.error_code, error_msg: msg });
-      return false;
+        break;
+      default:
+        printer_default.warn(`Unknown extended option "${key}"`);
+        break;
     }
-    return true;
-  } catch (e) {
-    logger.warn("Failed to parse connection status message", { error: String(e) });
-    return true;
   }
 }
-var import_zod2, WebSocketCommandHandler;
-var init_websocket_handlers = __esm({
-  "src/remote_management/websocket_handlers.ts"() {
+function isValidIpV4Cidr(input) {
+  if (input.includes("/")) {
+    const [ip, mask] = input.split("/");
+    if (!ip || !mask) return false;
+    const isIp4 = (0, import_net.isIP)(ip) === 4;
+    const maskNum = parseInt(mask, 10);
+    const isMaskValid = !isNaN(maskNum) && maskNum >= 0 && maskNum <= 32;
+    return isIp4 && isMaskValid;
+  }
+  return false;
+}
+function isValidIpV6Cidr(input) {
+  if (input.includes("/")) {
+    const [rawIp, mask] = input.split("/");
+    if (!rawIp || !mask) return false;
+    const ip = rawIp.split("%")[0].replace(/^\[|\]$/g, "");
+    const isIp6 = (0, import_net.isIP)(ip) === 6;
+    const maskNum = parseInt(mask, 10);
+    const isMaskValid = !isNaN(maskNum) && maskNum >= 0 && maskNum <= 128;
+    return isIp6 && isMaskValid;
+  }
+  return false;
+}
+var import_net;
+var init_extendedOptions = __esm({
+  "src/cli/extendedOptions.ts"() {
     "use strict";
     init_cjs_shims();
+    import_net = require("net");
     init_logger();
-    init_types();
-    init_handler();
-    init_remote_schema();
-    import_zod2 = __toESM(require("zod"), 1);
     init_printer();
-    WebSocketCommandHandler = class {
-      constructor() {
-        this.tunnelHandler = new TunnelOperations();
-      }
-      safeParse(text) {
-        if (!text) return void 0;
-        try {
-          return JSON.parse(text);
-        } catch (e) {
-          logger.warn("Invalid JSON payload", { error: String(e), text });
-          return void 0;
-        }
-      }
-      sendResponse(ws, resp) {
-        const payload = {
-          ...resp,
-          response: Buffer.from(resp.response || []).toString("base64")
-        };
-        ws.send(JSON.stringify(payload));
-      }
-      sendError(ws, req, message, code = ErrorCode.InternalServerError) {
-        const resp = NewErrorResponseObject({ code, message });
-        resp.command = req.command || "";
-        resp.requestid = req.requestid || "";
-        this.sendResponse(ws, resp);
-      }
-      async handleStartReq(req, raw) {
-        const dc = StartSchema.parse(raw);
-        printer_default.info("Starting tunnel with config name: " + dc.tunnelConfig.configname);
-        const result = await this.tunnelHandler.handleStart(dc.tunnelConfig);
-        return this.wrapResponse(result, req);
-      }
-      async handleStopReq(req, raw) {
-        const dc = StopSchema.parse(raw);
-        printer_default.info("Stopping tunnel with ID: " + dc.tunnelID);
-        const result = await this.tunnelHandler.handleStop(dc.tunnelID);
-        return this.wrapResponse(result, req);
-      }
-      async handleGetReq(req, raw) {
-        const dc = GetSchema.parse(raw);
-        const result = await this.tunnelHandler.handleGet(dc.tunnelID);
-        return this.wrapResponse(result, req);
-      }
-      async handleRestartReq(req, raw) {
-        const dc = RestartSchema.parse(raw);
-        const result = await this.tunnelHandler.handleRestart(dc.tunnelID);
-        return this.wrapResponse(result, req);
-      }
-      async handleUpdateConfigReq(req, raw) {
-        const dc = UpdateConfigSchema.parse(raw);
-        const result = await this.tunnelHandler.handleUpdateConfig(dc.tunnelConfig);
-        return this.wrapResponse(result, req);
-      }
-      async handleListReq(req) {
-        const result = await this.tunnelHandler.handleList();
-        return this.wrapResponse(result, req);
-      }
-      wrapResponse(result, req) {
-        if (isErrorResponse(result)) {
-          const errResp = NewErrorResponseObject(result);
-          errResp.command = req.command;
-          errResp.requestid = req.requestid;
-          return errResp;
-        }
-        const finalResult = JSON.parse(JSON.stringify(result));
-        if (Array.isArray(finalResult)) {
-          finalResult.forEach((item) => {
-            if (item?.tunnelconfig) {
-              delete item.tunnelconfig.allowPreflight;
-            }
-          });
-        } else if (finalResult?.tunnelconfig) {
-          delete finalResult.tunnelconfig.allowPreflight;
+  }
+});
+
+// src/cli/buildConfig.ts
+function isKeyword(str) {
+  return KEYWORDS.has(str.toLowerCase());
+}
+function parseUserAndDomain(str) {
+  let token;
+  let type;
+  let server;
+  let qrCode;
+  let forceFlag;
+  if (!str) return { token, type, server, qrCode, forceFlag };
+  if (str.includes("@")) {
+    const [user, domain] = str.split("@", 2);
+    if (domainRegex.test(domain)) {
+      let processKeyword2 = function(keyword) {
+        if ([import_pinggy5.TunnelType.Http, import_pinggy5.TunnelType.Tcp, import_pinggy5.TunnelType.Tls, import_pinggy5.TunnelType.Udp, import_pinggy5.TunnelType.TlsTcp].includes(keyword)) {
+          type = keyword;
+        } else if (keyword === "force") {
+          forceFlag = true;
+        } else if (keyword === "qr") {
+          qrCode = true;
         }
-        const respObj = NewResponseObject(finalResult);
-        respObj.command = req.command;
-        respObj.requestid = req.requestid;
-        return respObj;
+      };
+      var processKeyword = processKeyword2;
+      server = domain;
+      const parts = user.split("+");
+      if (parts.length === 0) {
+        return { token, type, server, qrCode, forceFlag };
       }
-      async handle(ws, req) {
-        const cmd = (req.command || "").toLowerCase();
-        const raw = this.safeParse(req.data);
-        try {
-          let response;
-          switch (cmd) {
-            case "start": {
-              response = await this.handleStartReq(req, raw);
-              break;
-            }
-            case "stop": {
-              response = await this.handleStopReq(req, raw);
-              break;
-            }
-            case "get": {
-              response = await this.handleGetReq(req, raw);
-              break;
-            }
-            case "restart": {
-              response = await this.handleRestartReq(req, raw);
-              break;
-            }
-            case "updateconfig": {
-              response = await this.handleUpdateConfigReq(req, raw);
-              break;
-            }
-            case "list": {
-              response = await this.handleListReq(req);
-              break;
-            }
-            default:
-              if (typeof req.command === "string") {
-                logger.warn("Unknown command", { command: req.command });
-              }
-              return this.sendError(ws, req, "Invalid command");
+      const firstPart = parts[0];
+      if (!isKeyword(firstPart)) {
+        token = firstPart;
+        for (let i = 1; i < parts.length; i++) {
+          const part = parts[i].toLowerCase();
+          if (!isKeyword(part)) {
+            throw new Error(`Invalid user format: unexpected token '${part}' when keywords are expected.`);
           }
-          logger.debug("Sending response", { command: response.command, requestid: response.requestid });
-          this.sendResponse(ws, response);
-        } catch (e) {
-          if (e instanceof import_zod2.default.ZodError) {
-            logger.warn("Validation failed", { cmd, issues: e.issues });
-            return this.sendError(ws, req, "Invalid request data", ErrorCode.InvalidBodyFormatError);
+          processKeyword2(part);
+        }
+      } else {
+        for (const part of parts) {
+          const lowerPart = part.toLowerCase();
+          if (!isKeyword(lowerPart)) {
+            throw new Error(`Invalid user format: unexpected token '${lowerPart}' when keywords are expected.`);
           }
-          logger.error("Error handling command", { cmd, error: String(e) });
-          return this.sendError(ws, req, e?.message || "Internal error");
+          processKeyword2(lowerPart);
         }
       }
-    };
+    }
+  } else if (domainRegex.test(str)) {
+    server = str;
   }
-});
-
-// src/remote_management/remoteManagement.ts
-function buildRemoteManagementWsUrl(manage) {
-  let baseUrl = (manage || "dashboard.pinggy.io").trim();
-  if (!(baseUrl.startsWith("ws://") || baseUrl.startsWith("wss://"))) {
-    baseUrl = "wss://" + baseUrl;
+  return { token, type, server, qrCode, forceFlag };
+}
+function parseUsers(positionalArgs, explicitToken) {
+  let token;
+  let server;
+  let type;
+  let forceFlag = false;
+  let qrCode = false;
+  let remaining = [...positionalArgs];
+  if (typeof explicitToken === "string") {
+    const parsed = parseUserAndDomain(explicitToken);
+    if (parsed.server) server = parsed.server;
+    if (parsed.type) type = parsed.type;
+    if (parsed.token) token = parsed.token;
+    if (parsed.forceFlag) forceFlag = true;
+    if (parsed.qrCode) qrCode = true;
+  }
+  if (remaining.length > 0) {
+    const first = remaining[0];
+    const parsed = parseUserAndDomain(first);
+    if (parsed.server) {
+      server = parsed.server;
+      if (parsed.type) type = parsed.type;
+      if (parsed.token) token = parsed.token;
+      if (parsed.forceFlag) forceFlag = true;
+      if (parsed.qrCode) qrCode = true;
+      remaining = remaining.slice(1);
+    }
+  }
+  return { token, server, type, forceFlag, qrCode, remaining };
+}
+function parseType(finalConfig, values, inferredType) {
+  const t = inferredType || values.type || finalConfig.tunnelType;
+  if (t === import_pinggy5.TunnelType.Http || t === import_pinggy5.TunnelType.Tcp || t === import_pinggy5.TunnelType.Tls || t === import_pinggy5.TunnelType.Udp || t === import_pinggy5.TunnelType.TlsTcp) {
+    finalConfig.tunnelType = [t];
+  }
+}
+function parseLocalPort(finalConfig, values) {
+  if (typeof values.localport !== "string") return null;
+  let lp = values.localport.trim();
+  let isHttps = false;
+  if (lp.startsWith("https://")) {
+    isHttps = true;
+    lp = lp.replace(/^https:\/\//, "");
+  } else if (lp.startsWith("http://")) {
+    lp = lp.replace(/^http:\/\//, "");
+  }
+  const parts = lp.split(":");
+  if (parts.length === 1) {
+    const port = parseInt(parts[0], 10);
+    if (!Number.isNaN(port) && isValidPort(port)) {
+      finalConfig.forwarding = `localhost:${port}`;
+    } else {
+      return new Error("Invalid local port");
+    }
+  } else if (parts.length === 2) {
+    const host = parts[0] || "localhost";
+    const port = parseInt(parts[1], 10);
+    if (!Number.isNaN(port) && isValidPort(port)) {
+      finalConfig.forwarding = `${host}:${port}`;
+    } else {
+      return new Error("Invalid local port. Please use -h option for help.");
+    }
+  } else {
+    return new Error("Invalid --localport format. Please use -h option for help.");
   }
-  const trimmed = baseUrl.replace(/\/$/, "");
-  return `${trimmed}/backend/api/v1/remote-management/connect`;
+  return null;
 }
-function extractHostname(u) {
-  try {
-    const url = new URL(u);
-    return url.host;
-  } catch {
-    return u;
+function removeIPv6Brackets(ip) {
+  if (ip.startsWith("[") && ip.endsWith("]")) {
+    return ip.slice(1, -1);
   }
+  return ip;
 }
-function sleep(ms) {
-  return new Promise((res) => setTimeout(res, ms));
-}
-async function parseRemoteManagement(values) {
-  const rmToken = values["remote-management"];
-  if (typeof rmToken === "string" && rmToken.trim().length > 0) {
-    const manageHost = values["manage"];
-    try {
-      await initiateRemoteManagement(rmToken, manageHost);
-      return { ok: true };
-    } catch (e) {
-      logger.error("Failed to initiate remote management:", e);
-      return { ok: false, error: e };
+function ipv6SafeSplitColon(s) {
+  const result = [];
+  let buf = "";
+  const stack = [];
+  for (let i = 0; i < s.length; i++) {
+    const c = s[i];
+    if (c === "[") {
+      stack.push(c);
+    } else if (c === "]" && stack.length > 0) {
+      stack.pop();
+    }
+    if (c === ":" && stack.length === 0) {
+      result.push(buf);
+      buf = "";
+    } else {
+      buf += c;
     }
   }
+  result.push(buf);
+  return result;
 }
-async function initiateRemoteManagement(token, manage) {
-  if (!token || token.trim().length === 0) {
-    throw new Error("Remote management token is required (use --remote-management <TOKEN>)");
+function parseDefaultForwarding(forwarding) {
+  const parts = ipv6SafeSplitColon(forwarding);
+  if (parts.length === 3) {
+    const remotePort = parseInt(parts[0], 10);
+    const localDomain = removeIPv6Brackets(parts[1] || "localhost");
+    const localPort = parseInt(parts[2], 10);
+    return { remotePort, localDomain, localPort };
   }
-  const wsUrl = buildRemoteManagementWsUrl(manage);
-  const wsHost = extractHostname(wsUrl);
-  logger.info("Remote management mode enabled.");
-  _stopRequested = false;
-  const sigintHandler = () => {
-    _stopRequested = true;
+  if (parts.length === 4) {
+    const remoteDomain = removeIPv6Brackets(parts[0]);
+    const remotePort = parseInt(parts[1], 10);
+    const localDomain = removeIPv6Brackets(parts[2] || "localhost");
+    const localPort = parseInt(parts[3], 10);
+    return { remoteDomain, remotePort, localDomain, localPort };
+  }
+  return new Error("forwarding address incorrect");
+}
+function parseAdditionalForwarding(forwarding) {
+  const toPort = (v) => {
+    if (!v) return null;
+    const n = parseInt(v, 10);
+    return Number.isNaN(n) ? null : n;
   };
-  process.once("SIGINT", sigintHandler);
-  const logConnecting = () => {
-    printer_default.print(`Connecting to ${wsHost}`);
-    logger.info("Connecting to remote management", { wsUrl });
+  const parsed = ipv6SafeSplitColon(forwarding);
+  if (parsed.length !== 4) {
+    return new Error(
+      "forwarding must be in format: [schema//]hostname[/port][@forwardingId]:<placeholder>:<forwardingAddress>:<forwardingPort>"
+    );
+  }
+  const firstPart = parsed[0];
+  const [hostPart] = firstPart.split("@");
+  let protocol = "http";
+  let remoteDomainRaw;
+  let remotePort = 0;
+  if (hostPart.includes("//")) {
+    const [schema, rest] = hostPart.split("//");
+    if (!schema || !VALID_PROTOCOLS.includes(schema)) {
+      return new Error(`invalid protocol: ${schema}`);
+    }
+    protocol = schema;
+    const domainAndPort = rest.split("/");
+    if (domainAndPort.length > 2) {
+      return new Error("invalid forwarding address format");
+    }
+    remoteDomainRaw = domainAndPort[0];
+    if (!remoteDomainRaw || !domainRegex.test(remoteDomainRaw)) {
+      return new Error("invalid remote domain");
+    }
+    const parsedRemotePort = toPort(domainAndPort[1]);
+    if (protocol === "http") {
+      remotePort = 0;
+    } else {
+      if (parsedRemotePort === null || !isValidPort(parsedRemotePort)) {
+        return new Error(
+          `${protocol} forwarding requires port in format ${protocol}//domain/remotePort`
+        );
+      }
+      remotePort = parsedRemotePort;
+    }
+  } else {
+    remoteDomainRaw = hostPart;
+    if (!domainRegex.test(remoteDomainRaw)) {
+      return new Error("invalid remote domain");
+    }
+    protocol = "http";
+    remotePort = 0;
+  }
+  const localDomain = removeIPv6Brackets(parsed[2] || "localhost");
+  const localPort = toPort(parsed[3]);
+  if (localPort === null || !isValidPort(localPort)) {
+    return new Error("forwarding address incorrect: invalid local port");
+  }
+  return {
+    protocol,
+    remoteDomain: remoteDomainRaw,
+    remotePort,
+    localDomain,
+    localPort
   };
-  while (!_stopRequested) {
-    logConnecting();
-    setRemoteManagementState({ status: RemoteManagementStatus.Connecting, errorMessage: "" });
-    try {
-      await handleWebSocketConnection(wsUrl, wsHost, token);
-    } catch (error) {
-      logger.warn("Remote management connection error", { error: String(error) });
+}
+function parseReverseTunnelAddr(finalConfig, values) {
+  const reverseTunnel = values.R;
+  if ((!Array.isArray(reverseTunnel) || reverseTunnel.length === 0) && !values.localport && !finalConfig.forwarding) {
+    return new Error("local port not specified. Please use '-h' option for help.");
+  }
+  if (!Array.isArray(reverseTunnel) || reverseTunnel.length === 0) {
+    return null;
+  }
+  for (const forwarding of reverseTunnel) {
+    const slicedForwarding = ipv6SafeSplitColon(forwarding);
+    if (slicedForwarding.length === 3) {
+      const parsed = parseDefaultForwarding(forwarding);
+      if (parsed instanceof Error) return parsed;
+      finalConfig.forwarding = `${parsed.localDomain}:${parsed.localPort}`;
+    } else if (slicedForwarding.length === 4) {
+      finalConfig.additionalForwarding ?? (finalConfig.additionalForwarding = []);
+      const parsed = parseAdditionalForwarding(forwarding);
+      if (parsed instanceof Error) return parsed;
+      finalConfig.additionalForwarding.push(parsed);
+    } else {
+      return new Error(
+        "Incorrect command line arguments: reverse tunnel address incorrect. Please use '-h' option for help."
+      );
     }
-    if (_stopRequested) break;
-    printer_default.warn(`Remote management disconnected. Reconnecting in ${RECONNECT_SLEEP_MS / 1e3} seconds...`);
-    logger.info("Reconnecting to remote management after disconnect");
-    await sleep(RECONNECT_SLEEP_MS);
   }
-  process.removeListener("SIGINT", sigintHandler);
-  logger.info("Remote management stopped.");
-  return getRemoteManagementState();
+  return null;
 }
-async function handleWebSocketConnection(wsUrl, wsHost, token) {
-  return new Promise((resolve) => {
-    const ws = new import_ws.default(wsUrl, {
-      headers: { Authorization: `Bearer ${token}` }
-    });
-    currentWs = ws;
-    let heartbeat = null;
-    let firstMessage = true;
-    const cleanup = () => {
-      if (heartbeat) clearInterval(heartbeat);
-      currentWs = null;
-      resolve();
-    };
-    ws.once("open", () => {
-      printer_default.success(`Connected to ${wsHost}`);
-      heartbeat = setInterval(() => {
-        if (ws.readyState === import_ws.default.OPEN) ws.ping();
-      }, PING_INTERVAL_MS);
-    });
-    ws.on("ping", () => ws.pong());
-    ws.on("message", async (data) => {
-      try {
-        if (firstMessage) {
-          firstMessage = false;
-          const ok = handleConnectionStatusMessage(data);
-          if (!ok) ws.close();
-          return;
-        }
-        setRemoteManagementState({ status: RemoteManagementStatus.Running, errorMessage: "" });
-        const req = JSON.parse(data.toString("utf8"));
-        await new WebSocketCommandHandler().handle(ws, req);
-      } catch (e) {
-        logger.warn("Failed handling websocket message", { error: String(e) });
-      }
-    });
-    ws.on("unexpected-response", (_, res) => {
-      setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: `HTTP ${res.statusCode}` });
-      if (res.statusCode === 401) {
-        printer_default.error("Unauthorized. Please enter a valid token.");
-        logger.error("Unauthorized (401) on remote management connect");
-      } else {
-        printer_default.warn(`Unexpected HTTP ${res.statusCode}. Retrying...`);
-        logger.warn("Unexpected HTTP response", { statusCode: res.statusCode });
-      }
-      ws.close();
-    });
-    ws.on("close", (code, reason) => {
-      setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: "" });
-      logger.info("WebSocket closed", { code, reason: reason.toString() });
-      printer_default.warn(`Disconnected (code: ${code}). Retrying...`);
-      cleanup();
-    });
-    ws.on("error", (err) => {
-      setRemoteManagementState({ status: RemoteManagementStatus.Error, errorMessage: err.message });
-      logger.warn("WebSocket error", { error: err.message });
-      printer_default.error(err);
-      cleanup();
-    });
-  });
+function parseLocalTunnelAddr(finalConfig, values) {
+  if (!Array.isArray(values.L) || values.L.length === 0) return null;
+  const firstL = values.L[0];
+  const parts = firstL.split(":");
+  if (parts.length === 3) {
+    const lp = parseInt(parts[0], 10);
+    if (!Number.isNaN(lp) && isValidPort(lp)) {
+      finalConfig.webDebugger = `localhost:${lp}`;
+    } else {
+      return new Error(`Invalid debugger port ${lp}`);
+    }
+  } else {
+    return new Error("Incorrect command line arguments: web debugger address incorrect. Please use '-h' option for help.");
+  }
 }
-async function closeRemoteManagement(timeoutMs = 1e4) {
-  _stopRequested = true;
-  try {
-    if (currentWs) {
-      try {
-        setRemoteManagementState({ status: RemoteManagementStatus.Disconnecting, errorMessage: "" });
-        currentWs.close();
-      } catch (e) {
-        logger.warn("Error while closing current remote management websocket", { error: String(e) });
-      }
+function parseDebugger(finalConfig, values) {
+  let dbg = values.debugger;
+  if (typeof dbg !== "string") return;
+  dbg = dbg.startsWith(":") ? dbg.slice(1) : dbg;
+  const d = parseInt(dbg, 10);
+  if (!Number.isNaN(d) && isValidPort(d)) {
+    finalConfig.webDebugger = `localhost:${d}`;
+  } else {
+    logger.error("Invalid debugger port:", dbg);
+    return new Error(`Invalid debugger port ${dbg}. Please use '-h' option for help.`);
+  }
+}
+function parseToken(finalConfig, explicitToken) {
+  if (typeof explicitToken === "string" && explicitToken) {
+    finalConfig.token = explicitToken;
+  }
+}
+function parseArgs(finalConfig, remainingPositionals) {
+  parseExtendedOptions(remainingPositionals, finalConfig);
+}
+function storeJson(config, saveconf) {
+  if (saveconf) {
+    const path5 = saveconf;
+    try {
+      import_fs3.default.writeFileSync(path5, JSON.stringify(config, null, 2), { encoding: "utf-8", flag: "w" });
+      logger.info(`Configuration saved to ${path5}`);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      logger.error("Error loading configuration:", msg);
     }
-    const start = Date.now();
-    while (_remoteManagementState.status === "RUNNING") {
-      if (Date.now() - start > timeoutMs) {
-        logger.warn("Timed out waiting for remote management to stop");
-        break;
-      }
-      await sleep(200);
+  }
+}
+function loadJsonConfig(config) {
+  const configpath = config["conf"];
+  if (typeof configpath === "string" && configpath.trim().length > 0) {
+    const filepath = import_path3.default.resolve(configpath);
+    try {
+      const data = import_fs3.default.readFileSync(filepath, { encoding: "utf-8" });
+      const json = JSON.parse(data);
+      return json;
+    } catch (err) {
+      logger.error("Error loading configuration:", err);
     }
-  } finally {
-    currentWs = null;
-    setRemoteManagementState({ status: RemoteManagementStatus.NotRunning, errorMessage: "" });
-    return getRemoteManagementState();
   }
+  return null;
+}
+function isSaveConfOption(values) {
+  const saveconf = values["saveconf"];
+  if (typeof saveconf === "string" && saveconf.trim().length > 0) {
+    return saveconf;
+  }
+  return null;
 }
-function getRemoteManagementState() {
-  return _remoteManagementState;
+function parseServe(finalConfig, values) {
+  const sv = values.serve;
+  if (typeof sv !== "string" || sv.trim().length === 0) return null;
+  finalConfig.serve = sv;
+  return null;
 }
-function setRemoteManagementState(state, errorMessage) {
-  _remoteManagementState = {
-    status: state.status,
-    errorMessage: errorMessage || ""
+function parseAutoReconnect(finalConfig, values) {
+  const autoReconnectValue = values.autoreconnect;
+  if (typeof autoReconnectValue === "string") {
+    const trimmed = autoReconnectValue.trim().toLowerCase();
+    if (trimmed === "true" || trimmed === "") {
+      finalConfig.autoReconnect = true;
+    } else if (trimmed === "false") {
+      finalConfig.autoReconnect = false;
+    } else {
+      return new Error(`Invalid autoreconnect value: ${autoReconnectValue}. Use true or false.`);
+    }
+  }
+  return null;
+}
+async function buildFinalConfig(values, positionals) {
+  let token;
+  let server;
+  let type;
+  let forceFlag = false;
+  let qrCode = false;
+  let finalConfig = new Object();
+  let saveconf = isSaveConfOption(values);
+  const configFromFile = loadJsonConfig(values);
+  const userParse = parseUsers(positionals, values.token);
+  token = userParse.token;
+  server = userParse.server;
+  type = userParse.type;
+  forceFlag = userParse.forceFlag;
+  qrCode = userParse.qrCode;
+  const remainingPositionals = userParse.remaining;
+  const initialTunnel = type || values.type;
+  finalConfig = {
+    ...defaultOptions,
+    ...configFromFile || {},
+    // Apply loaded config on top of defaults
+    configid: getRandomId(),
+    token: token || (configFromFile?.token || (typeof values.token === "string" ? values.token : "")),
+    serverAddress: server || (configFromFile?.serverAddress || defaultOptions.serverAddress),
+    tunnelType: initialTunnel ? [initialTunnel] : configFromFile?.tunnelType || [import_pinggy5.TunnelType.Http],
+    NoTUI: values.notui || (configFromFile?.NoTUI || false),
+    qrCode: qrCode || (configFromFile?.qrCode || false),
+    autoReconnect: configFromFile?.autoReconnect ? configFromFile.autoReconnect : defaultOptions.autoReconnect
   };
+  parseType(finalConfig, values, type);
+  parseToken(finalConfig, token || values.token);
+  const dbgErr = parseDebugger(finalConfig, values);
+  if (dbgErr instanceof Error) throw dbgErr;
+  const lpErr = parseLocalPort(finalConfig, values);
+  if (lpErr instanceof Error) throw lpErr;
+  const rErr = parseReverseTunnelAddr(finalConfig, values);
+  if (rErr instanceof Error) throw rErr;
+  const lErr = parseLocalTunnelAddr(finalConfig, values);
+  if (lErr instanceof Error) throw lErr;
+  const serveErr = parseServe(finalConfig, values);
+  if (serveErr instanceof Error) throw serveErr;
+  const autoReconnectErr = parseAutoReconnect(finalConfig, values);
+  if (autoReconnectErr instanceof Error) throw autoReconnectErr;
+  if (forceFlag) finalConfig.force = true;
+  parseArgs(finalConfig, remainingPositionals);
+  storeJson(finalConfig, saveconf);
+  return finalConfig;
 }
-var import_ws, RECONNECT_SLEEP_MS, PING_INTERVAL_MS, _remoteManagementState, _stopRequested, currentWs;
-var init_remoteManagement = __esm({
-  "src/remote_management/remoteManagement.ts"() {
+var import_pinggy5, import_fs3, import_path3, domainRegex, KEYWORDS, VALID_PROTOCOLS;
+var init_buildConfig = __esm({
+  "src/cli/buildConfig.ts"() {
     "use strict";
     init_cjs_shims();
-    import_ws = __toESM(require("ws"), 1);
+    init_defaults();
+    init_extendedOptions();
     init_logger();
-    init_websocket_handlers();
-    init_printer();
-    init_types();
-    RECONNECT_SLEEP_MS = 5e3;
-    PING_INTERVAL_MS = 3e4;
-    _remoteManagementState = {
-      status: "NOT_RUNNING",
-      errorMessage: ""
-    };
-    _stopRequested = false;
-    currentWs = null;
+    init_util();
+    import_pinggy5 = require("@pinggy/pinggy");
+    import_fs3 = __toESM(require("fs"), 1);
+    import_path3 = __toESM(require("path"), 1);
+    domainRegex = /^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/;
+    KEYWORDS = /* @__PURE__ */ new Set([
+      import_pinggy5.TunnelType.Http,
+      import_pinggy5.TunnelType.Tcp,
+      import_pinggy5.TunnelType.Tls,
+      import_pinggy5.TunnelType.Udp,
+      import_pinggy5.TunnelType.TlsTcp,
+      "force",
+      "qr"
+    ]);
+    VALID_PROTOCOLS = ["http", "tcp", "udp", "tls"];
   }
 });
 
@@ -3486,6 +3770,91 @@ function closeDisconnectModal(screen, manager) {
   manager.inDisconnectView = false;
   screen.render();
 }
+function showReconnectingModal(screen, manager, retryCnt, message) {
+  if (manager.reconnectModal) {
+    manager.reconnectModal.destroy();
+    manager.reconnectModal = null;
+  }
+  manager.inReconnectView = true;
+  manager.reconnectModal = import_blessed2.default.box({
+    parent: screen,
+    top: "center",
+    left: "center",
+    width: "50%",
+    height: "20%",
+    border: {
+      type: "line"
+    },
+    style: {
+      border: {
+        fg: "yellow"
+      }
+    },
+    padding: { left: 2, right: 2, top: 1, bottom: 1 },
+    tags: true,
+    align: "center",
+    valign: "middle"
+  });
+  const content = `{yellow-fg}{bold}Reconnecting...{/bold}{/yellow-fg}
+
+${message || `Attempt #${retryCnt} \u2014 trying to re-establish tunnel...`}
+
+{gray-fg}Please wait{/gray-fg}`;
+  manager.reconnectModal.setContent(content);
+  manager.reconnectModal.focus();
+  screen.render();
+}
+function closeReconnectingModal(screen, manager) {
+  if (manager.reconnectModal) {
+    manager.reconnectModal.destroy();
+    manager.reconnectModal = null;
+  }
+  manager.inReconnectView = false;
+  screen.render();
+}
+function showReconnectionFailedModal(screen, manager, retryCnt, onClose) {
+  closeReconnectingModal(screen, manager);
+  manager.inReconnectView = true;
+  manager.reconnectModal = import_blessed2.default.box({
+    parent: screen,
+    top: "center",
+    left: "center",
+    width: "50%",
+    height: "20%",
+    border: {
+      type: "line"
+    },
+    style: {
+      border: {
+        fg: "red"
+      }
+    },
+    padding: { left: 2, right: 2, top: 1, bottom: 1 },
+    tags: true,
+    align: "center",
+    valign: "middle"
+  });
+  const content = `{red-fg}{bold}Reconnection Failed{/bold}{/red-fg}
+
+Failed to reconnect after ${retryCnt} attempts.
+Tunnel will be closed.
+
+{white-bg}{black-fg}Closing in 5 seconds...{/black-fg}{/white-bg}`;
+  manager.reconnectModal.setContent(content);
+  manager.reconnectModal.focus();
+  screen.render();
+  const timeout = setTimeout(() => {
+    closeReconnectingModal(screen, manager);
+    if (onClose) onClose();
+  }, 5e3);
+  const keyHandler = () => {
+    clearTimeout(timeout);
+    closeReconnectingModal(screen, manager);
+    if (onClose) onClose();
+  };
+  manager.reconnectModal.key(["escape", "enter", "space"], keyHandler);
+  screen.key(["escape", "enter", "space"], keyHandler);
+}
 function showLoadingModal(screen, modalManager, message = "Loading...") {
   if (modalManager.loadingView) return;
   modalManager.loadingBox = import_blessed2.default.box({
@@ -3793,9 +4162,11 @@ var init_TunnelTui = __esm({
           detailModal: null,
           keyBindingsModal: null,
           disconnectModal: null,
+          reconnectModal: null,
           inDetailView: false,
           keyBindingView: false,
           inDisconnectView: false,
+          inReconnectView: false,
           loadingBox: null,
           loadingView: false,
           fetchAbortController: null
@@ -3996,6 +4367,25 @@ Tunnel will be closed.` : info.messages?.join("\n") || "Disconnect request recei
           );
         }
       }
+      updateReconnectingInfo(retryCnt, message) {
+        showReconnectingModal(
+          this.screen,
+          this.modalManager,
+          retryCnt,
+          message
+        );
+      }
+      closeReconnectingInfo() {
+        closeReconnectingModal(this.screen, this.modalManager);
+      }
+      updateReconnectionFailed(retryCnt) {
+        showReconnectionFailedModal(
+          this.screen,
+          this.modalManager,
+          retryCnt,
+          () => this.destroy()
+        );
+      }
       start() {
         this.screen.render();
       }
@@ -4096,6 +4486,35 @@ async function startCli(finalConfig, manager) {
     }
     printer_default.print(import_picocolors3.default.gray("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
     printer_default.print(import_picocolors3.default.gray("\nPress Ctrl+C to stop the tunnel.\n"));
+    manager2.registerWillReconnectListener(tunnel.tunnelid, (tunnelId, error, messages) => {
+      if (activeTui) {
+        const msg = messages?.join("\n") || error || "Tunnel disconnected, reconnecting...";
+        activeTui.updateReconnectingInfo(0, msg);
+      } else if (finalConfig.autoReconnect) {
+        printer_default.warn(error || "Tunnel connection reset");
+        printer_default.startSpinner(messages?.join("\n"));
+      }
+    });
+    manager2.registerReconnectingListener(tunnel.tunnelid, (tunnelId, retryCnt) => {
+      if (activeTui) {
+        activeTui.updateReconnectingInfo(retryCnt);
+      } else if (finalConfig.autoReconnect) {
+        printer_default.startSpinner(`Reconnecting to Pinggy (attempt #${retryCnt})`);
+      }
+    });
+    manager2.registerReconnectionCompletedListener(tunnel.tunnelid, (tunnelId, urls) => {
+      if (activeTui) {
+        activeTui.closeReconnectingInfo();
+      }
+    });
+    manager2.registerReconnectionFailedListener(tunnel.tunnelid, (tunnelId, retryCnt) => {
+      if (activeTui) {
+        activeTui.updateReconnectionFailed(retryCnt);
+      } else {
+        printer_default.stopSpinnerFail(`Reconnection failed after ${retryCnt} attempts`);
+        process.exit(1);
+      }
+    });
     manager2.registerDisconnectListener(tunnel.tunnelid, async (tunnelId, error, messages) => {
       if (activeTui) {
         disconnectState = {
@@ -4273,6 +4692,19 @@ var init_main = __esm({
 });
 
 // src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  TunnelErrorCodeType: () => TunnelErrorCodeType,
+  TunnelManager: () => TunnelManager,
+  TunnelOperations: () => TunnelOperations,
+  TunnelStateType: () => TunnelStateType,
+  TunnelWarningCode: () => TunnelWarningCode,
+  closeRemoteManagement: () => closeRemoteManagement,
+  enablePackageLogging: () => enablePackageLogging,
+  getRemoteManagementState: () => getRemoteManagementState,
+  initiateRemoteManagement: () => initiateRemoteManagement
+});
+module.exports = __toCommonJS(index_exports);
 init_cjs_shims();
 
 // src/utils/detect_vc_redist_on_windows.ts
@@ -4357,6 +4789,11 @@ async function openDownloadPage() {
 
 // src/index.ts
 init_printer();
+init_TunnelManager();
+init_handler();
+init_logger();
+init_remoteManagement();
+init_types();
 async function verifyAndLoad() {
   if (process.platform === "win32") {
     const vcRedist = checkVCRedist();
@@ -4374,3 +4811,15 @@ verifyAndLoad().catch((err) => {
   printer_default.error(`Failed to start CLI:, ${err}`);
   process.exit(1);
 });
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  TunnelErrorCodeType,
+  TunnelManager,
+  TunnelOperations,
+  TunnelStateType,
+  TunnelWarningCode,
+  closeRemoteManagement,
+  enablePackageLogging,
+  getRemoteManagementState,
+  initiateRemoteManagement
+});