npm - wyxrouter - Versions diffs - 0.4.71 - Mend

wyxrouter 0.4.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (763) hide show

package/CHANGELOG.md +222 -0
package/LICENSE +21 -0
package/README.md +96 -0
package/README.zh-CN.md +1311 -0
package/assets/pixel-router-2d.png +0 -0
package/cli/LICENSE +42 -0
package/cli/README.md +125 -0
package/cli/app/package.json +58 -0
package/cli/cli.js +806 -0
package/cli/package.json +48 -0
package/i18n/README.ja-JP.md +1209 -0
package/i18n/README.ru.md +1311 -0
package/i18n/README.vi.md +1310 -0
package/i18n/README.zh-CN.md +1306 -0
package/images/9router.png +0 -0
package/jsconfig.json +12 -0
package/next.config.mjs +71 -0
package/open-sse/config/appConstants.js +203 -0
package/open-sse/config/codexInstructions.js +119 -0
package/open-sse/config/constants.js +4 -0
package/open-sse/config/defaultThinkingSignature.js +12 -0
package/open-sse/config/errorConfig.js +85 -0
package/open-sse/config/googleTtsLanguages.js +62 -0
package/open-sse/config/kiroConstants.js +322 -0
package/open-sse/config/models.js +13 -0
package/open-sse/config/ollamaModels.js +19 -0
package/open-sse/config/providerModels.js +944 -0
package/open-sse/config/providers.js +458 -0
package/open-sse/config/runtimeConfig.js +72 -0
package/open-sse/config/ttsModels.js +129 -0
package/open-sse/executors/antigravity.js +504 -0
package/open-sse/executors/azure.js +57 -0
package/open-sse/executors/base.js +185 -0
package/open-sse/executors/codex.js +469 -0
package/open-sse/executors/commandcode.js +88 -0
package/open-sse/executors/cursor.js +795 -0
package/open-sse/executors/default.js +497 -0
package/open-sse/executors/gemini-cli.js +89 -0
package/open-sse/executors/github.js +379 -0
package/open-sse/executors/grok-web.js +345 -0
package/open-sse/executors/iflow.js +108 -0
package/open-sse/executors/index.js +75 -0
package/open-sse/executors/kiro.js +508 -0
package/open-sse/executors/ollama-local.js +14 -0
package/open-sse/executors/opencode-go.js +41 -0
package/open-sse/executors/opencode.js +32 -0
package/open-sse/executors/perplexity-web.js +507 -0
package/open-sse/executors/qoder.js +450 -0
package/open-sse/executors/qwen.js +129 -0
package/open-sse/executors/vertex.js +131 -0
package/open-sse/executors/xiaomi-tokenplan.js +19 -0
package/open-sse/handlers/chatCore/nonStreamingHandler.js +230 -0
package/open-sse/handlers/chatCore/requestDetail.js +102 -0
package/open-sse/handlers/chatCore/sseToJsonHandler.js +231 -0
package/open-sse/handlers/chatCore/streamingHandler.js +103 -0
package/open-sse/handlers/chatCore.js +287 -0
package/open-sse/handlers/embeddingProviders/_base.js +4 -0
package/open-sse/handlers/embeddingProviders/gemini.js +54 -0
package/open-sse/handlers/embeddingProviders/index.js +23 -0
package/open-sse/handlers/embeddingProviders/openai.js +39 -0
package/open-sse/handlers/embeddingProviders/openaiCompatNode.js +13 -0
package/open-sse/handlers/embeddingsCore.js +126 -0
package/open-sse/handlers/fetch/index.js +237 -0
package/open-sse/handlers/imageGenerationCore.js +189 -0
package/open-sse/handlers/imageProviders/_base.js +31 -0
package/open-sse/handlers/imageProviders/blackForestLabs.js +43 -0
package/open-sse/handlers/imageProviders/cloudflareAi.js +178 -0
package/open-sse/handlers/imageProviders/codex.js +198 -0
package/open-sse/handlers/imageProviders/comfyui.js +8 -0
package/open-sse/handlers/imageProviders/falAi.js +41 -0
package/open-sse/handlers/imageProviders/gemini.js +25 -0
package/open-sse/handlers/imageProviders/huggingface.js +22 -0
package/open-sse/handlers/imageProviders/index.js +40 -0
package/open-sse/handlers/imageProviders/nanobanana.js +58 -0
package/open-sse/handlers/imageProviders/openai.js +40 -0
package/open-sse/handlers/imageProviders/runwayml.js +47 -0
package/open-sse/handlers/imageProviders/sdwebui.js +17 -0
package/open-sse/handlers/imageProviders/stabilityAi.js +34 -0
package/open-sse/handlers/responsesHandler.js +103 -0
package/open-sse/handlers/search/callers.js +371 -0
package/open-sse/handlers/search/chatSearch.js +409 -0
package/open-sse/handlers/search/index.js +201 -0
package/open-sse/handlers/search/normalizers.js +223 -0
package/open-sse/handlers/sttCore.js +194 -0
package/open-sse/handlers/ttsCore.js +74 -0
package/open-sse/handlers/ttsProviders/_base.js +39 -0
package/open-sse/handlers/ttsProviders/edgeTts.js +89 -0
package/open-sse/handlers/ttsProviders/elevenlabs.js +48 -0
package/open-sse/handlers/ttsProviders/gemini.js +117 -0
package/open-sse/handlers/ttsProviders/genericFormats.js +169 -0
package/open-sse/handlers/ttsProviders/googleTts.js +54 -0
package/open-sse/handlers/ttsProviders/index.js +50 -0
package/open-sse/handlers/ttsProviders/localDevice.js +87 -0
package/open-sse/handlers/ttsProviders/minimax.js +59 -0
package/open-sse/handlers/ttsProviders/openai.js +30 -0
package/open-sse/handlers/ttsProviders/openrouter.js +70 -0
package/open-sse/index.js +82 -0
package/open-sse/rtk/applyFilter.js +15 -0
package/open-sse/rtk/autodetect.js +111 -0
package/open-sse/rtk/caveman.js +100 -0
package/open-sse/rtk/cavemanPrompts.js +78 -0
package/open-sse/rtk/constants.js +55 -0
package/open-sse/rtk/filters/buildOutput.js +127 -0
package/open-sse/rtk/filters/dedupLog.js +44 -0
package/open-sse/rtk/filters/find.js +49 -0
package/open-sse/rtk/filters/gitDiff.js +92 -0
package/open-sse/rtk/filters/gitStatus.js +117 -0
package/open-sse/rtk/filters/grep.js +48 -0
package/open-sse/rtk/filters/ls.js +79 -0
package/open-sse/rtk/filters/readNumbered.js +27 -0
package/open-sse/rtk/filters/searchList.js +52 -0
package/open-sse/rtk/filters/smartTruncate.js +15 -0
package/open-sse/rtk/filters/tree.js +32 -0
package/open-sse/rtk/index.js +155 -0
package/open-sse/rtk/registry.js +38 -0
package/open-sse/services/accountFallback.js +238 -0
package/open-sse/services/combo.js +198 -0
package/open-sse/services/compact.js +71 -0
package/open-sse/services/kiroModels.js +332 -0
package/open-sse/services/model.js +261 -0
package/open-sse/services/oauthCredentialManager.js +151 -0
package/open-sse/services/projectId.js +306 -0
package/open-sse/services/provider.js +356 -0
package/open-sse/services/qoderModels.js +214 -0
package/open-sse/services/tokenRefresh.js +939 -0
package/open-sse/services/usage.js +1496 -0
package/open-sse/transformer/responsesTransformer.js +439 -0
package/open-sse/transformer/streamToJsonConverter.js +103 -0
package/open-sse/translator/formats.js +36 -0
package/open-sse/translator/helpers/claudeHelper.js +216 -0
package/open-sse/translator/helpers/geminiHelper.js +372 -0
package/open-sse/translator/helpers/imageHelper.js +34 -0
package/open-sse/translator/helpers/maxTokensHelper.js +27 -0
package/open-sse/translator/helpers/openaiHelper.js +130 -0
package/open-sse/translator/helpers/responsesApiHelper.js +139 -0
package/open-sse/translator/helpers/toolCallHelper.js +148 -0
package/open-sse/translator/index.js +251 -0
package/open-sse/translator/request/antigravity-to-openai.js +229 -0
package/open-sse/translator/request/claude-to-openai.js +232 -0
package/open-sse/translator/request/gemini-to-openai.js +147 -0
package/open-sse/translator/request/openai-responses.js +318 -0
package/open-sse/translator/request/openai-to-claude.js +401 -0
package/open-sse/translator/request/openai-to-commandcode.js +170 -0
package/open-sse/translator/request/openai-to-cursor.js +183 -0
package/open-sse/translator/request/openai-to-gemini.js +470 -0
package/open-sse/translator/request/openai-to-kiro.js +629 -0
package/open-sse/translator/request/openai-to-kiro.old.js +278 -0
package/open-sse/translator/request/openai-to-ollama.js +192 -0
package/open-sse/translator/request/openai-to-vertex.js +42 -0
package/open-sse/translator/response/claude-to-openai.js +206 -0
package/open-sse/translator/response/commandcode-to-openai.js +197 -0
package/open-sse/translator/response/cursor-to-openai.js +30 -0
package/open-sse/translator/response/gemini-to-openai.js +245 -0
package/open-sse/translator/response/kiro-to-openai.js +195 -0
package/open-sse/translator/response/ollama-to-openai.js +152 -0
package/open-sse/translator/response/openai-responses.js +590 -0
package/open-sse/translator/response/openai-to-antigravity.js +122 -0
package/open-sse/translator/response/openai-to-claude.js +266 -0
package/open-sse/utils/bypassHandler.js +298 -0
package/open-sse/utils/claudeCloaking.js +155 -0
package/open-sse/utils/claudeHeaderCache.js +70 -0
package/open-sse/utils/clientDetector.js +63 -0
package/open-sse/utils/cursorChecksum.js +149 -0
package/open-sse/utils/cursorProtobuf.js +904 -0
package/open-sse/utils/debugLog.js +14 -0
package/open-sse/utils/error.js +147 -0
package/open-sse/utils/ollamaTransform.js +85 -0
package/open-sse/utils/proxyFetch.js +368 -0
package/open-sse/utils/reasoningContentInjector.js +79 -0
package/open-sse/utils/requestLogger.js +260 -0
package/open-sse/utils/responsesStreamHelpers.js +49 -0
package/open-sse/utils/sessionManager.js +82 -0
package/open-sse/utils/stream.js +462 -0
package/open-sse/utils/streamHandler.js +250 -0
package/open-sse/utils/streamHelpers.js +122 -0
package/open-sse/utils/toolDeduper.js +49 -0
package/open-sse/utils/usageTracking.js +347 -0
package/package.json +100 -0
package/postcss.config.mjs +12 -0
package/public/favicon.svg +11 -0
package/public/file.svg +1 -0
package/public/globe.svg +1 -0
package/public/i18n/literals/ar.json +195 -0
package/public/i18n/literals/bn.json +195 -0
package/public/i18n/literals/cs.json +195 -0
package/public/i18n/literals/da.json +195 -0
package/public/i18n/literals/de.json +195 -0
package/public/i18n/literals/el.json +195 -0
package/public/i18n/literals/es.json +195 -0
package/public/i18n/literals/fi.json +195 -0
package/public/i18n/literals/fr.json +195 -0
package/public/i18n/literals/he.json +195 -0
package/public/i18n/literals/hi.json +195 -0
package/public/i18n/literals/hu.json +195 -0
package/public/i18n/literals/id.json +195 -0
package/public/i18n/literals/it.json +195 -0
package/public/i18n/literals/ja.json +195 -0
package/public/i18n/literals/ko.json +195 -0
package/public/i18n/literals/nl.json +195 -0
package/public/i18n/literals/no.json +195 -0
package/public/i18n/literals/pl.json +195 -0
package/public/i18n/literals/pt-BR.json +195 -0
package/public/i18n/literals/pt-PT.json +195 -0
package/public/i18n/literals/ro.json +195 -0
package/public/i18n/literals/ru.json +195 -0
package/public/i18n/literals/sv.json +195 -0
package/public/i18n/literals/th.json +195 -0
package/public/i18n/literals/tl.json +195 -0
package/public/i18n/literals/tr.json +195 -0
package/public/i18n/literals/uk.json +195 -0
package/public/i18n/literals/ur.json +195 -0
package/public/i18n/literals/vi.json +195 -0
package/public/i18n/literals/zh-CN.json +772 -0
package/public/i18n/literals/zh-TW.json +195 -0
package/public/icons/discord.svg +4 -0
package/public/icons/icon-192.svg +4 -0
package/public/icons/icon-512.svg +4 -0
package/public/next.svg +1 -0
package/public/providers/alicode-intl.png +0 -0
package/public/providers/alicode.png +0 -0
package/public/providers/amp.png +0 -0
package/public/providers/anthropic-m.png +0 -0
package/public/providers/anthropic.png +0 -0
package/public/providers/antigravity.png +0 -0
package/public/providers/assemblyai.png +0 -0
package/public/providers/aws-polly.png +0 -0
package/public/providers/azure.png +0 -0
package/public/providers/black-forest-labs.png +0 -0
package/public/providers/blackbox.png +0 -0
package/public/providers/brave-search.png +0 -0
package/public/providers/byteplus.png +0 -0
package/public/providers/cartesia.png +0 -0
package/public/providers/cerebras.png +0 -0
package/public/providers/chutes.png +0 -0
package/public/providers/claude.png +0 -0
package/public/providers/cline.png +0 -0
package/public/providers/cloudflare-ai.png +0 -0
package/public/providers/codebuddy.svg +37 -0
package/public/providers/codex.png +0 -0
package/public/providers/cohere.png +0 -0
package/public/providers/comfyui.png +0 -0
package/public/providers/commandcode.png +0 -0
package/public/providers/continue.png +0 -0
package/public/providers/copilot.png +0 -0
package/public/providers/coqui.png +0 -0
package/public/providers/cursor.png +0 -0
package/public/providers/deepgram.png +0 -0
package/public/providers/deepseek-tui.png +0 -0
package/public/providers/deepseek.png +0 -0
package/public/providers/droid.png +0 -0
package/public/providers/edge-tts.png +0 -0
package/public/providers/elevenlabs.png +0 -0
package/public/providers/exa.png +0 -0
package/public/providers/fal-ai.png +0 -0
package/public/providers/firecrawl.png +0 -0
package/public/providers/fireworks.png +0 -0
package/public/providers/gemini-cli.png +0 -0
package/public/providers/gemini.png +0 -0
package/public/providers/github.png +0 -0
package/public/providers/glm-cn.png +0 -0
package/public/providers/glm.png +0 -0
package/public/providers/google-pse.png +0 -0
package/public/providers/google-tts.png +0 -0
package/public/providers/grok-web.png +0 -0
package/public/providers/groq.png +0 -0
package/public/providers/hermes.png +0 -0
package/public/providers/huggingface.png +0 -0
package/public/providers/hyperbolic.png +0 -0
package/public/providers/iflow.png +0 -0
package/public/providers/inworld.png +0 -0
package/public/providers/jcode.png +0 -0
package/public/providers/jina-ai.png +0 -0
package/public/providers/jina-reader.png +0 -0
package/public/providers/kilocode.png +0 -0
package/public/providers/kimi-coding.png +0 -0
package/public/providers/kimi.png +0 -0
package/public/providers/kiro.png +0 -0
package/public/providers/linkup.png +0 -0
package/public/providers/local-device.png +0 -0
package/public/providers/minimax-cn.png +0 -0
package/public/providers/minimax.png +0 -0
package/public/providers/mistral.png +0 -0
package/public/providers/nanobanana.png +0 -0
package/public/providers/nebius.png +0 -0
package/public/providers/nvidia.png +0 -0
package/public/providers/oai-cc.png +0 -0
package/public/providers/oai-r.png +0 -0
package/public/providers/ollama-local.png +0 -0
package/public/providers/ollama.png +0 -0
package/public/providers/openai.png +0 -0
package/public/providers/openclaw.png +0 -0
package/public/providers/opencode-go.png +0 -0
package/public/providers/opencode.png +0 -0
package/public/providers/openrouter.png +0 -0
package/public/providers/perplexity-web.png +0 -0
package/public/providers/perplexity.png +0 -0
package/public/providers/playht.png +0 -0
package/public/providers/qoder.png +0 -0
package/public/providers/qwen.png +0 -0
package/public/providers/recraft.png +0 -0
package/public/providers/roo.png +0 -0
package/public/providers/runwayml.png +0 -0
package/public/providers/sdwebui.png +0 -0
package/public/providers/searchapi.png +0 -0
package/public/providers/searxng.png +0 -0
package/public/providers/serper.png +0 -0
package/public/providers/siliconflow.png +0 -0
package/public/providers/stability-ai.png +0 -0
package/public/providers/tavily.png +0 -0
package/public/providers/together.png +0 -0
package/public/providers/topaz.png +0 -0
package/public/providers/tortoise.png +0 -0
package/public/providers/vertex-partner.png +0 -0
package/public/providers/vertex.png +0 -0
package/public/providers/volcengine-ark.png +0 -0
package/public/providers/voyage-ai.png +0 -0
package/public/providers/xai.png +0 -0
package/public/providers/xiaomi-mimo.png +0 -0
package/public/providers/xiaomi-tokenplan.png +0 -0
package/public/providers/youcom.png +0 -0
package/public/sw.js +22 -0
package/public/vercel.svg +1 -0
package/public/window.svg +1 -0
package/scripts/compact-request-details.mjs +71 -0
package/scripts/import-codex-gptjson.mjs +342 -0
package/scripts/start-standalone.mjs +25 -0
package/scripts/translate-readme.js +201 -0
package/src/app/(dashboard)/dashboard/automation/page.js +294 -0
package/src/app/(dashboard)/dashboard/basic-chat/BasicChatPageClient.js +967 -0
package/src/app/(dashboard)/dashboard/basic-chat/page.js +5 -0
package/src/app/(dashboard)/dashboard/cli-tools/CLIToolsPageClient.js +66 -0
package/src/app/(dashboard)/dashboard/cli-tools/[toolId]/ToolDetailClient.js +173 -0
package/src/app/(dashboard)/dashboard/cli-tools/[toolId]/page.js +11 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/AntigravityToolCard.js +481 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/ApiKeySelect.js +66 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/BaseUrlSelect.js +174 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/ClaudeToolCard.js +390 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/ClineToolCard.js +301 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/CodexToolCard.js +458 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/CopilotToolCard.js +323 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/CoworkToolCard.js +640 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/DeepSeekTuiToolCard.js +338 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/DefaultToolCard.js +271 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/DroidToolCard.js +410 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/EndpointPresetControl.js +128 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/HermesToolCard.js +317 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/JcodeToolCard.js +380 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/KiloToolCard.js +275 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/MitmLinkCard.js +40 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/MitmServerCard.js +329 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/MitmToolCard.js +318 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/OpenClawToolCard.js +388 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/OpenCodeToolCard.js +500 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/ToolSummaryCard.js +39 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/cliEndpointMatch.js +13 -0
package/src/app/(dashboard)/dashboard/cli-tools/components/index.js +19 -0
package/src/app/(dashboard)/dashboard/cli-tools/page.js +7 -0
package/src/app/(dashboard)/dashboard/combos/page.js +612 -0
package/src/app/(dashboard)/dashboard/console-log/ConsoleLogClient.js +91 -0
package/src/app/(dashboard)/dashboard/console-log/page.js +8 -0
package/src/app/(dashboard)/dashboard/endpoint/EndpointPageClient.js +1555 -0
package/src/app/(dashboard)/dashboard/endpoint/page.js +7 -0
package/src/app/(dashboard)/dashboard/media-providers/[kind]/[id]/page.js +1903 -0
package/src/app/(dashboard)/dashboard/media-providers/[kind]/page.js +289 -0
package/src/app/(dashboard)/dashboard/media-providers/combo/[id]/page.js +410 -0
package/src/app/(dashboard)/dashboard/media-providers/web/page.js +209 -0
package/src/app/(dashboard)/dashboard/mitm/MitmPageClient.js +117 -0
package/src/app/(dashboard)/dashboard/mitm/page.js +5 -0
package/src/app/(dashboard)/dashboard/page.js +7 -0
package/src/app/(dashboard)/dashboard/profile/page.js +1140 -0
package/src/app/(dashboard)/dashboard/providers/[id]/AddApiKeyModal.js +389 -0
package/src/app/(dashboard)/dashboard/providers/[id]/AddCustomModelModal.js +125 -0
package/src/app/(dashboard)/dashboard/providers/[id]/CompatibleModelsSection.js +250 -0
package/src/app/(dashboard)/dashboard/providers/[id]/ConnectionRow.js +299 -0
package/src/app/(dashboard)/dashboard/providers/[id]/CooldownTimer.js +42 -0
package/src/app/(dashboard)/dashboard/providers/[id]/EditCompatibleNodeModal.js +161 -0
package/src/app/(dashboard)/dashboard/providers/[id]/ModelRow.js +95 -0
package/src/app/(dashboard)/dashboard/providers/[id]/PassthroughModelsSection.js +183 -0
package/src/app/(dashboard)/dashboard/providers/[id]/page.js +2053 -0
package/src/app/(dashboard)/dashboard/providers/[id]/page.new.js +1724 -0
package/src/app/(dashboard)/dashboard/providers/components/ConnectionsCard.js +497 -0
package/src/app/(dashboard)/dashboard/providers/components/ModelAvailabilityBadge.js +185 -0
package/src/app/(dashboard)/dashboard/providers/components/ModelsCard.js +294 -0
package/src/app/(dashboard)/dashboard/providers/new/page.js +220 -0
package/src/app/(dashboard)/dashboard/providers/page.js +1365 -0
package/src/app/(dashboard)/dashboard/proxy-pools/page.js +1092 -0
package/src/app/(dashboard)/dashboard/quota/page.js +11 -0
package/src/app/(dashboard)/dashboard/skills/page.js +112 -0
package/src/app/(dashboard)/dashboard/translator/page.js +303 -0
package/src/app/(dashboard)/dashboard/usage/components/OverviewCards.js +35 -0
package/src/app/(dashboard)/dashboard/usage/components/ProviderLimits/ProviderLimitCard.js +185 -0
package/src/app/(dashboard)/dashboard/usage/components/ProviderLimits/QuotaProgressBar.js +127 -0
package/src/app/(dashboard)/dashboard/usage/components/ProviderLimits/QuotaTable.js +259 -0
package/src/app/(dashboard)/dashboard/usage/components/ProviderLimits/index.js +1394 -0
package/src/app/(dashboard)/dashboard/usage/components/ProviderLimits/utils.js +244 -0
package/src/app/(dashboard)/dashboard/usage/components/ProviderTopology.js +327 -0
package/src/app/(dashboard)/dashboard/usage/components/RequestDetailsTab.js +433 -0
package/src/app/(dashboard)/dashboard/usage/components/UsageChart.js +141 -0
package/src/app/(dashboard)/dashboard/usage/components/UsageTable.js +247 -0
package/src/app/(dashboard)/dashboard/usage/page.js +75 -0
package/src/app/(dashboard)/layout.js +6 -0
package/src/app/api/auth/login/route.js +76 -0
package/src/app/api/auth/logout/route.js +12 -0
package/src/app/api/auth/oidc/callback/route.js +87 -0
package/src/app/api/auth/oidc/start/route.js +52 -0
package/src/app/api/auth/oidc/test/route.js +84 -0
package/src/app/api/auth/status/route.js +45 -0
package/src/app/api/cli-tools/all-statuses/route.js +46 -0
package/src/app/api/cli-tools/antigravity-mitm/alias/route.js +53 -0
package/src/app/api/cli-tools/antigravity-mitm/route.js +202 -0
package/src/app/api/cli-tools/claude-settings/route.js +203 -0
package/src/app/api/cli-tools/cline-settings/route.js +133 -0
package/src/app/api/cli-tools/codex-gateway/accounts/route.js +16 -0
package/src/app/api/cli-tools/codex-settings/route.js +239 -0
package/src/app/api/cli-tools/copilot-settings/route.js +148 -0
package/src/app/api/cli-tools/cowork-mcp-registry/route.js +77 -0
package/src/app/api/cli-tools/cowork-mcp-tools/route.js +95 -0
package/src/app/api/cli-tools/cowork-settings/route.js +412 -0
package/src/app/api/cli-tools/deepseek-tui-settings/route.js +164 -0
package/src/app/api/cli-tools/droid-settings/route.js +213 -0
package/src/app/api/cli-tools/hermes-settings/route.js +175 -0
package/src/app/api/cli-tools/jcode-settings/route.js +216 -0
package/src/app/api/cli-tools/kilo-settings/route.js +131 -0
package/src/app/api/cli-tools/openclaw-settings/route.js +292 -0
package/src/app/api/cli-tools/opencode-settings/route.js +259 -0
package/src/app/api/combos/[id]/route.js +81 -0
package/src/app/api/combos/route.js +48 -0
package/src/app/api/health/route.js +15 -0
package/src/app/api/init/route.js +4 -0
package/src/app/api/keys/[id]/route.js +58 -0
package/src/app/api/keys/route.js +42 -0
package/src/app/api/locale/route.js +30 -0
package/src/app/api/mcp/[plugin]/message/route.js +21 -0
package/src/app/api/mcp/[plugin]/sse/route.js +37 -0
package/src/app/api/media-providers/tts/deepgram/voices/route.js +65 -0
package/src/app/api/media-providers/tts/elevenlabs/voices/route.js +71 -0
package/src/app/api/media-providers/tts/inworld/voices/route.js +61 -0
package/src/app/api/media-providers/tts/minimax/voices/route.js +113 -0
package/src/app/api/media-providers/tts/voices/route.js +99 -0
package/src/app/api/models/alias/route.js +53 -0
package/src/app/api/models/availability/route.js +103 -0
package/src/app/api/models/custom/route.js +48 -0
package/src/app/api/models/disabled/route.js +50 -0
package/src/app/api/models/route.js +64 -0
package/src/app/api/models/test/ping.js +191 -0
package/src/app/api/models/test/route.js +14 -0
package/src/app/api/oauth/[provider]/[action]/route.js +343 -0
package/src/app/api/oauth/codebuddy/bulk-import/[jobId]/cancel/route.js +19 -0
package/src/app/api/oauth/codebuddy/bulk-import/[jobId]/manual/[workerId]/route.js +30 -0
package/src/app/api/oauth/codebuddy/bulk-import/[jobId]/route.js +23 -0
package/src/app/api/oauth/codebuddy/bulk-import/latest/route.js +25 -0
package/src/app/api/oauth/codebuddy/bulk-import/route.js +49 -0
package/src/app/api/oauth/codebuddy/quota-cookie/route.js +133 -0
package/src/app/api/oauth/codex/import-token/route.js +96 -0
package/src/app/api/oauth/cursor/auto-import/route.js +258 -0
package/src/app/api/oauth/cursor/import/route.js +100 -0
package/src/app/api/oauth/gitlab/pat/route.js +62 -0
package/src/app/api/oauth/iflow/cookie/route.js +137 -0
package/src/app/api/oauth/kiro/auto-import/route.js +85 -0
package/src/app/api/oauth/kiro/bulk-import/[jobId]/cancel/route.js +18 -0
package/src/app/api/oauth/kiro/bulk-import/[jobId]/manual/[workerId]/route.js +29 -0
package/src/app/api/oauth/kiro/bulk-import/[jobId]/route.js +22 -0
package/src/app/api/oauth/kiro/bulk-import/latest/route.js +25 -0
package/src/app/api/oauth/kiro/bulk-import/route.js +49 -0
package/src/app/api/oauth/kiro/import/route.js +110 -0
package/src/app/api/oauth/kiro/social-authorize/route.js +27 -0
package/src/app/api/oauth/kiro/social-exchange/route.js +41 -0
package/src/app/api/pricing/route.js +134 -0
package/src/app/api/provider-nodes/[id]/route.js +101 -0
package/src/app/api/provider-nodes/route.js +104 -0
package/src/app/api/provider-nodes/validate/route.js +201 -0
package/src/app/api/providers/[id]/models/route.js +526 -0
package/src/app/api/providers/[id]/route.js +189 -0
package/src/app/api/providers/[id]/test/route.js +23 -0
package/src/app/api/providers/[id]/test/testUtils.js +714 -0
package/src/app/api/providers/[id]/test-models/route.js +66 -0
package/src/app/api/providers/client/route.js +126 -0
package/src/app/api/providers/kilo/free-models/route.js +55 -0
package/src/app/api/providers/route.js +206 -0
package/src/app/api/providers/suggested-models/filters.js +20 -0
package/src/app/api/providers/suggested-models/route.js +32 -0
package/src/app/api/providers/test-batch/route.js +131 -0
package/src/app/api/providers/validate/route.js +637 -0
package/src/app/api/proxy-pools/[id]/route.js +123 -0
package/src/app/api/proxy-pools/[id]/test/route.js +70 -0
package/src/app/api/proxy-pools/cloudflare-deploy/route.js +145 -0
package/src/app/api/proxy-pools/deno-deploy/route.js +175 -0
package/src/app/api/proxy-pools/route.js +93 -0
package/src/app/api/proxy-pools/vercel-deploy/route.js +142 -0
package/src/app/api/settings/database/route.js +36 -0
package/src/app/api/settings/proxy-test/route.js +23 -0
package/src/app/api/settings/require-login/route.js +15 -0
package/src/app/api/settings/route.js +100 -0
package/src/app/api/shutdown/route.js +24 -0
package/src/app/api/tags/route.js +18 -0
package/src/app/api/translator/console-logs/route.js +24 -0
package/src/app/api/translator/console-logs/stream/route.js +79 -0
package/src/app/api/translator/load/route.js +45 -0
package/src/app/api/translator/save/route.js +44 -0
package/src/app/api/translator/send/route.js +94 -0
package/src/app/api/translator/translate/route.js +90 -0
package/src/app/api/tunnel/disable/route.js +12 -0
package/src/app/api/tunnel/enable/route.js +16 -0
package/src/app/api/tunnel/status/route.js +13 -0
package/src/app/api/tunnel/tailscale-check/route.js +50 -0
package/src/app/api/tunnel/tailscale-disable/route.js +12 -0
package/src/app/api/tunnel/tailscale-enable/route.js +12 -0
package/src/app/api/tunnel/tailscale-install/route.js +72 -0
package/src/app/api/usage/[connectionId]/route.js +188 -0
package/src/app/api/usage/chart/route.js +21 -0
package/src/app/api/usage/history/route.js +12 -0
package/src/app/api/usage/logs/route.js +12 -0
package/src/app/api/usage/providers/route.js +42 -0
package/src/app/api/usage/request-details/route.js +57 -0
package/src/app/api/usage/request-logs/route.js +13 -0
package/src/app/api/usage/stats/route.js +23 -0
package/src/app/api/usage/stream/route.js +79 -0
package/src/app/api/v1/api/chat/route.js +37 -0
package/src/app/api/v1/audio/speech/route.js +16 -0
package/src/app/api/v1/audio/transcriptions/route.js +19 -0
package/src/app/api/v1/audio/voices/route.js +68 -0
package/src/app/api/v1/chat/completions/route.js +35 -0
package/src/app/api/v1/embeddings/route.js +21 -0
package/src/app/api/v1/images/generations/route.js +16 -0
package/src/app/api/v1/messages/count_tokens/route.js +52 -0
package/src/app/api/v1/messages/route.js +36 -0
package/src/app/api/v1/models/[kind]/route.js +55 -0
package/src/app/api/v1/models/info/route.js +110 -0
package/src/app/api/v1/models/route.js +451 -0
package/src/app/api/v1/responses/compact/route.js +37 -0
package/src/app/api/v1/responses/route.js +30 -0
package/src/app/api/v1/route.js +1 -0
package/src/app/api/v1/search/route.js +21 -0
package/src/app/api/v1/web/fetch/route.js +21 -0
package/src/app/api/v1beta/models/[...path]/route.js +328 -0
package/src/app/api/v1beta/models/route.js +44 -0
package/src/app/api/version/route.js +45 -0
package/src/app/api/version/shutdown/route.js +15 -0
package/src/app/api/version/update/route.js +21 -0
package/src/app/callback/page.js +148 -0
package/src/app/dashboard/settings/pricing/page.js +173 -0
package/src/app/favicon.ico +0 -0
package/src/app/globals.css +496 -0
package/src/app/landing/components/AnimatedBackground.js +57 -0
package/src/app/landing/components/Features.js +133 -0
package/src/app/landing/components/FlowAnimation.js +175 -0
package/src/app/landing/components/Footer.js +61 -0
package/src/app/landing/components/GetStarted.js +97 -0
package/src/app/landing/components/HeroSection.js +47 -0
package/src/app/landing/components/HowItWorks.js +66 -0
package/src/app/landing/components/Navigation.js +72 -0
package/src/app/landing/page.js +106 -0
package/src/app/layout.js +49 -0
package/src/app/login/page.js +197 -0
package/src/app/manifest.js +30 -0
package/src/app/page.js +5 -0
package/src/dashboardGuard.js +242 -0
package/src/i18n/RuntimeI18nProvider.js +27 -0
package/src/i18n/config.js +146 -0
package/src/i18n/runtime.js +162 -0
package/src/lib/appUpdater.js +200 -0
package/src/lib/auth/dashboardSession.js +68 -0
package/src/lib/auth/loginLimiter.js +52 -0
package/src/lib/auth/oidc.js +234 -0
package/src/lib/consoleLogBuffer.js +79 -0
package/src/lib/dataDir.js +29 -0
package/src/lib/db/adapters/betterSqliteAdapter.js +55 -0
package/src/lib/db/adapters/bunSqliteAdapter.js +63 -0
package/src/lib/db/adapters/nodeSqliteAdapter.js +84 -0
package/src/lib/db/adapters/sqljsAdapter.js +115 -0
package/src/lib/db/backup.js +35 -0
package/src/lib/db/driver.js +85 -0
package/src/lib/db/helpers/jsonCol.js +9 -0
package/src/lib/db/helpers/kvStore.js +39 -0
package/src/lib/db/helpers/metaStore.js +22 -0
package/src/lib/db/index.js +171 -0
package/src/lib/db/migrate.js +286 -0
package/src/lib/db/migrations/001-initial.js +14 -0
package/src/lib/db/migrations/index.js +10 -0
package/src/lib/db/paths.js +18 -0
package/src/lib/db/repos/aliasRepo.js +62 -0
package/src/lib/db/repos/apiKeysRepo.js +75 -0
package/src/lib/db/repos/combosRepo.js +73 -0
package/src/lib/db/repos/connectionsRepo.js +226 -0
package/src/lib/db/repos/disabledModelsRepo.js +56 -0
package/src/lib/db/repos/nodesRepo.js +95 -0
package/src/lib/db/repos/pricingRepo.js +108 -0
package/src/lib/db/repos/proxyPoolsRepo.js +103 -0
package/src/lib/db/repos/requestDetailsRepo.js +259 -0
package/src/lib/db/repos/settingsRepo.js +104 -0
package/src/lib/db/repos/usageRepo.js +731 -0
package/src/lib/db/schema.js +157 -0
package/src/lib/db/version.js +21 -0
package/src/lib/disabledModelsDb.js +4 -0
package/src/lib/localDb.js +21 -0
package/src/lib/mcp/stdioSseBridge.js +198 -0
package/src/lib/mitmAliasCache.js +46 -0
package/src/lib/network/connectionProxy.js +160 -0
package/src/lib/network/initOutboundProxy.js +25 -0
package/src/lib/network/outboundProxy.js +68 -0
package/src/lib/network/proxyTest.js +91 -0
package/src/lib/oauth/constants/oauth.js +284 -0
package/src/lib/oauth/constants/xai.js +61 -0
package/src/lib/oauth/providers.js +1506 -0
package/src/lib/oauth/services/antigravity.js +321 -0
package/src/lib/oauth/services/claude.js +136 -0
package/src/lib/oauth/services/codebuddyBulkImportManager.js +454 -0
package/src/lib/oauth/services/codex.js +144 -0
package/src/lib/oauth/services/cursor.js +179 -0
package/src/lib/oauth/services/gemini.js +240 -0
package/src/lib/oauth/services/github.js +225 -0
package/src/lib/oauth/services/iflow.js +202 -0
package/src/lib/oauth/services/index.js +17 -0
package/src/lib/oauth/services/kiro.js +334 -0
package/src/lib/oauth/services/kiroBulkImportManager.js +778 -0
package/src/lib/oauth/services/kiroConnections.js +93 -0
package/src/lib/oauth/services/kiroGoogleAutomation.js +1136 -0
package/src/lib/oauth/services/oauth.js +157 -0
package/src/lib/oauth/services/openai.js +123 -0
package/src/lib/oauth/services/qoder.js +216 -0
package/src/lib/oauth/services/qwen.js +170 -0
package/src/lib/oauth/services/xai.js +238 -0
package/src/lib/oauth/utils/banner.js +63 -0
package/src/lib/oauth/utils/pkce.js +39 -0
package/src/lib/oauth/utils/server.js +415 -0
package/src/lib/oauth/utils/ui.js +48 -0
package/src/lib/providerNormalization.js +45 -0
package/src/lib/qoder/constants.js +64 -0
package/src/lib/qoder/cosy.js +175 -0
package/src/lib/qoder/encoding.js +55 -0
package/src/lib/requestDetailsDb.js +4 -0
package/src/lib/tunnel/cloudflare/cloudflared.js +449 -0
package/src/lib/tunnel/cloudflare/config.js +9 -0
package/src/lib/tunnel/cloudflare/healthCheck.js +29 -0
package/src/lib/tunnel/cloudflare/manager.js +151 -0
package/src/lib/tunnel/cloudflare/pid.js +23 -0
package/src/lib/tunnel/index.js +48 -0
package/src/lib/tunnel/shared/dnsResolver.js +17 -0
package/src/lib/tunnel/shared/internetCheck.js +26 -0
package/src/lib/tunnel/shared/state.js +41 -0
package/src/lib/tunnel/shared/watchdogConfig.js +8 -0
package/src/lib/tunnel/tailscale/config.js +7 -0
package/src/lib/tunnel/tailscale/healthCheck.js +29 -0
package/src/lib/tunnel/tailscale/manager.js +129 -0
package/src/lib/tunnel/tailscale/tailscale.js +790 -0
package/src/lib/updater/updater.js +235 -0
package/src/lib/usage/fetcher.js +208 -0
package/src/lib/usageDb.js +7 -0
package/src/mitm/antigravityIdeVersion.js +50 -0
package/src/mitm/cert/generate.js +32 -0
package/src/mitm/cert/install.js +269 -0
package/src/mitm/cert/rootCA.js +173 -0
package/src/mitm/config.js +87 -0
package/src/mitm/dbReader.js +22 -0
package/src/mitm/dns/dnsConfig.js +266 -0
package/src/mitm/handlers/antigravity.js +33 -0
package/src/mitm/handlers/base.js +226 -0
package/src/mitm/handlers/copilot.js +35 -0
package/src/mitm/handlers/cursor.js +15 -0
package/src/mitm/handlers/kiro.js +526 -0
package/src/mitm/logger.js +106 -0
package/src/mitm/manager.js +851 -0
package/src/mitm/paths.js +32 -0
package/src/mitm/server.js +435 -0
package/src/mitm/winElevated.js +81 -0
package/src/models/index.js +38 -0
package/src/proxy.js +5 -0
package/src/shared/components/AddCustomEmbeddingModal.js +183 -0
package/src/shared/components/Avatar.js +88 -0
package/src/shared/components/Badge.js +54 -0
package/src/shared/components/BulkAccountAutomationModal.js +508 -0
package/src/shared/components/Button.js +56 -0
package/src/shared/components/Card.js +116 -0
package/src/shared/components/ChangelogModal.js +97 -0
package/src/shared/components/CodeBuddyQuotaCookieModal.js +109 -0
package/src/shared/components/ComboFormModal.js +176 -0
package/src/shared/components/CursorAuthModal.js +212 -0
package/src/shared/components/DonateModal.js +136 -0
package/src/shared/components/Drawer.js +82 -0
package/src/shared/components/EditConnectionModal.js +286 -0
package/src/shared/components/Footer.js +132 -0
package/src/shared/components/GitLabAuthModal.js +194 -0
package/src/shared/components/Header.js +380 -0
package/src/shared/components/HeaderLanguage.js +46 -0
package/src/shared/components/HeaderMenu.js +126 -0
package/src/shared/components/IFlowCookieModal.js +132 -0
package/src/shared/components/Input.js +65 -0
package/src/shared/components/KiroAuthModal.js +1171 -0
package/src/shared/components/KiroOAuthWrapper.js +149 -0
package/src/shared/components/KiroSocialOAuthModal.js +205 -0
package/src/shared/components/LanguageSwitcher.js +190 -0
package/src/shared/components/Loading.js +75 -0
package/src/shared/components/ManualConfigModal.js +44 -0
package/src/shared/components/McpMarketplaceModal.js +255 -0
package/src/shared/components/Modal.js +146 -0
package/src/shared/components/ModelSelectModal.js +537 -0
package/src/shared/components/NineRemoteButton.js +23 -0
package/src/shared/components/NineRemotePromoModal.js +99 -0
package/src/shared/components/NoAuthProxyCard.js +86 -0
package/src/shared/components/OAuthModal.js +682 -0
package/src/shared/components/Pagination.js +150 -0
package/src/shared/components/PricingModal.js +208 -0
package/src/shared/components/ProviderIcon.js +63 -0
package/src/shared/components/ProviderInfoCard.js +82 -0
package/src/shared/components/RequestLogger.js +121 -0
package/src/shared/components/SegmentedControl.js +48 -0
package/src/shared/components/Select.js +67 -0
package/src/shared/components/Sidebar.js +441 -0
package/src/shared/components/ThemeProvider.js +15 -0
package/src/shared/components/ThemeToggle.js +42 -0
package/src/shared/components/Toggle.js +69 -0
package/src/shared/components/Tooltip.js +25 -0
package/src/shared/components/UsageStats.js +505 -0
package/src/shared/components/index.js +46 -0
package/src/shared/components/layouts/AuthLayout.js +29 -0
package/src/shared/components/layouts/DashboardLayout.js +104 -0
package/src/shared/components/layouts/index.js +4 -0
package/src/shared/constants/cliTools.js +397 -0
package/src/shared/constants/colors.js +77 -0
package/src/shared/constants/config.js +99 -0
package/src/shared/constants/coworkPlugins.js +75 -0
package/src/shared/constants/index.js +4 -0
package/src/shared/constants/locales.js +36 -0
package/src/shared/constants/mitmToolHosts.js +12 -0
package/src/shared/constants/models.js +38 -0
package/src/shared/constants/pricing.js +303 -0
package/src/shared/constants/providers.js +289 -0
package/src/shared/constants/skills.js +78 -0
package/src/shared/constants/ttsProviders.js +138 -0
package/src/shared/hooks/index.js +2 -0
package/src/shared/hooks/useCopyToClipboard.js +43 -0
package/src/shared/hooks/useTheme.js +60 -0
package/src/shared/services/bootstrap.js +12 -0
package/src/shared/services/initializeApp.js +268 -0
package/src/shared/utils/api.js +93 -0
package/src/shared/utils/apiKey.js +98 -0
package/src/shared/utils/clineAuth.js +37 -0
package/src/shared/utils/cn.js +11 -0
package/src/shared/utils/connectionStatus.js +162 -0
package/src/shared/utils/index.js +40 -0
package/src/shared/utils/machine.js +6 -0
package/src/shared/utils/machineId.js +66 -0
package/src/shared/utils/providerModelsFetcher.js +30 -0
package/src/sse/handlers/chat.js +261 -0
package/src/sse/handlers/embeddings.js +141 -0
package/src/sse/handlers/fetch.js +213 -0
package/src/sse/handlers/imageGeneration.js +142 -0
package/src/sse/handlers/search.js +206 -0
package/src/sse/handlers/stt.js +88 -0
package/src/sse/handlers/tts.js +114 -0
package/src/sse/services/auth.js +346 -0
package/src/sse/services/codexGateway.js +215 -0
package/src/sse/services/model.js +99 -0
package/src/sse/services/tokenRefresh.js +319 -0
package/src/sse/utils/logger.js +75 -0
package/src/store/headerSearchStore.js +19 -0
package/src/store/index.js +6 -0
package/src/store/notificationStore.js +45 -0
package/src/store/providerStore.js +55 -0
package/src/store/settingsStore.js +51 -0
package/src/store/themeStore.js +54 -0
package/src/store/userStore.js +20 -0
package/start.sh +4 -0

package/src/mitm/manager.js ADDED Viewed

@@ -0,0 +1,851 @@
+const { exec, spawn, execSync } = require("child_process");
+const path = require("path");
+const fs = require("fs");
+const os = require("os");
+const net = require("net");
+const https = require("https");
+const crypto = require("crypto");
+const { addDNSEntry, removeDNSEntry, removeAllDNSEntries, removeAllDNSEntriesSync, checkAllDNSStatus, TOOL_HOSTS, isSudoAvailable, isSudoPasswordRequired } = require("./dns/dnsConfig");
+const { isAdmin } = require("./winElevated.js");
+const IS_WIN = process.platform === "win32";
+const IS_MAC = process.platform === "darwin";
+const { generateCert } = require("./cert/generate");
+const { installCert, uninstallCert } = require("./cert/install");
+const { isCertExpired } = require("./cert/rootCA");
+const { DATA_DIR, MITM_DIR } = require("./paths");
+const { log, err } = require("./logger");
+const { LSOF_BIN } = require("./config");
+const DEFAULT_MITM_ROUTER_BASE = "http://localhost:20128";
+function shellQuoteSingle(str) {
+  if (str == null || str === "") return "''";
+  return `'${String(str).replace(/'/g, "'\\''")}'`;
+}
+async function resolveMitmRouterBaseUrl() {
+  if (!_getSettings) return DEFAULT_MITM_ROUTER_BASE;
+  try {
+    const s = await _getSettings();
+    const raw = s && s.mitmRouterBaseUrl != null ? String(s.mitmRouterBaseUrl).trim() : "";
+    if (!raw) return DEFAULT_MITM_ROUTER_BASE;
+    const u = new URL(raw);
+    if (u.protocol !== "http:" && u.protocol !== "https:") return DEFAULT_MITM_ROUTER_BASE;
+    return raw.replace(/\/+$/, "");
+  } catch {
+    return DEFAULT_MITM_ROUTER_BASE;
+  }
+}
+const MITM_PORT = 443;
+const MITM_WIN_NODE_PORT = 8443;
+const PID_FILE = path.join(MITM_DIR, ".mitm.pid");
+const MITM_MAX_RESTARTS = 5;
+const MITM_RESTART_DELAYS_MS = [5000, 10000, 20000, 30000, 60000];
+const MITM_RESTART_RESET_MS = 60000;
+let mitmRestartCount = 0;
+let mitmLastStartTime = 0;
+let mitmIsRestarting = false;
+function resolveBundledServerPath() {
+  if (process.env.MITM_SERVER_PATH) return process.env.MITM_SERVER_PATH;
+  const sibling = path.join(__dirname, "server.js");
+  if (fs.existsSync(sibling)) return sibling;
+  const fromCwd = path.join(process.cwd(), "src", "mitm", "server.js");
+  if (fs.existsSync(fromCwd)) return fromCwd;
+  const fromNext = path.join(process.cwd(), "..", "src", "mitm", "server.js");
+  if (fs.existsSync(fromNext)) return fromNext;
+  return fromCwd;
+}
+// Copy bundled server.js into DATA_DIR so MITM doesn't lock node_modules
+// (prevents EBUSY on `npm i -g 9router@latest` while MITM is running).
+function ensureRuntimeServer(bundledPath) {
+  try {
+    if (!bundledPath || !fs.existsSync(bundledPath)) return bundledPath;
+    // Dev mode: source file has relative requires (./logger, ./config...),
+    // only the bundled file inside node_modules is self-contained + safe to copy.
+    if (!bundledPath.includes(`${path.sep}node_modules${path.sep}`)) {
+      return bundledPath;
+    }
+    const runtimeDir = path.join(DATA_DIR, "runtime", "mitm");
+    const runtimeServer = path.join(runtimeDir, "server.js");
+    // Skip copy if sizes match (bundle unchanged since last run)
+    if (fs.existsSync(runtimeServer)) {
+      try {
+        if (fs.statSync(bundledPath).size === fs.statSync(runtimeServer).size) return runtimeServer;
+      } catch { /* recopy */ }
+    }
+    fs.mkdirSync(runtimeDir, { recursive: true });
+    fs.copyFileSync(bundledPath, runtimeServer);
+    return runtimeServer;
+  } catch (e) {
+    try { log(`[MITM] runtime copy failed: ${e.message}`); } catch { /* ignore */ }
+    return bundledPath;
+  }
+}
+const SERVER_PATH = ensureRuntimeServer(resolveBundledServerPath());
+const ENCRYPT_ALGO = "aes-256-gcm";
+const ENCRYPT_SALT = "9router-mitm-pwd";
+function getProcessUsingPort443() {
+  try {
+    if (IS_WIN) {
+      const psCmd = `powershell -NonInteractive -WindowStyle Hidden -Command ` +
+        `"$c = Get-NetTCPConnection -LocalPort 443 -State Listen -ErrorAction SilentlyContinue | Select-Object -First 1; if ($c) { $c.OwningProcess } else { 0 }"`;
+      const pidStr = execSync(psCmd, { encoding: "utf8", windowsHide: true }).trim();
+      const pid = parseInt(pidStr, 10);
+      if (pid && pid > 4) {
+        const tasklistResult = execSync(`tasklist /FI "PID eq ${pid}" /FO CSV /NH`, { encoding: "utf8", windowsHide: true });
+        const processMatch = tasklistResult.match(/"([^"]+)"/);
+        if (processMatch) return processMatch[1].replace(".exe", "");
+      }
+    } else {
+      const result = execSync(`${LSOF_BIN} -i :443`, { encoding: "utf8", windowsHide: true });
+      const lines = result.trim().split("\n");
+      if (lines.length > 1) return lines[1].split(/\s+/)[0];
+    }
+  } catch {
+    return null;
+  }
+  return null;
+}
+let serverProcess = null;
+let serverPid = null;
+function getCachedPassword() { return globalThis.__mitmSudoPassword || null; }
+function setCachedPassword(pwd) { globalThis.__mitmSudoPassword = pwd; }
+function isProcessAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (err) {
+    return err.code === "EACCES";
+  }
+}
+function killProcess(pid, force = false, sudoPassword = null) {
+  if (IS_WIN) {
+    const flag = force ? "/F " : "";
+    exec(`taskkill ${flag}/PID ${pid}`, { windowsHide: true }, () => { });
+  } else {
+    const sig = force ? "SIGKILL" : "SIGTERM";
+    const cmd = `pkill -${sig} -P ${pid} 2>/dev/null; kill -${sig} ${pid} 2>/dev/null`;
+    if (sudoPassword || isSudoAvailable()) {
+      const { execWithPassword } = require("./dns/dnsConfig");
+      execWithPassword(cmd, sudoPassword || "").catch(() => exec(cmd, { windowsHide: true }, () => { }));
+    } else {
+      exec(cmd, { windowsHide: true }, () => { });
+    }
+  }
+}
+function deriveKey() {
+  try {
+    const { machineIdSync } = require("node-machine-id");
+    const raw = machineIdSync();
+    return crypto.createHash("sha256").update(raw + ENCRYPT_SALT).digest();
+  } catch {
+    return crypto.createHash("sha256").update(ENCRYPT_SALT).digest();
+  }
+}
+function encryptPassword(plaintext) {
+  const key = deriveKey();
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv(ENCRYPT_ALGO, key, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return `${iv.toString("hex")}:${tag.toString("hex")}:${encrypted.toString("hex")}`;
+}
+function decryptPassword(stored) {
+  try {
+    const [ivHex, tagHex, dataHex] = stored.split(":");
+    if (!ivHex || !tagHex || !dataHex) return null;
+    const key = deriveKey();
+    const decipher = crypto.createDecipheriv(ENCRYPT_ALGO, key, Buffer.from(ivHex, "hex"));
+    decipher.setAuthTag(Buffer.from(tagHex, "hex"));
+    return decipher.update(Buffer.from(dataHex, "hex")) + decipher.final("utf8");
+  } catch {
+    return null;
+  }
+}
+let _getSettings = null;
+let _updateSettings = null;
+function initDbHooks(getSettingsFn, updateSettingsFn) {
+  _getSettings = getSettingsFn;
+  _updateSettings = updateSettingsFn;
+}
+async function saveMitmSettings(enabled, password) {
+  if (!_updateSettings) return;
+  try {
+    const updates = { mitmEnabled: enabled };
+    if (password) updates.mitmSudoEncrypted = encryptPassword(password);
+    await _updateSettings(updates);
+  } catch (e) {
+    err(`Failed to save settings: ${e.message}`);
+  }
+}
+async function clearEncryptedPassword() {
+  if (!_updateSettings) return;
+  try {
+    await _updateSettings({ mitmSudoEncrypted: null });
+  } catch (e) {
+    err(`Failed to clear encrypted password: ${e.message}`);
+  }
+}
+async function loadEncryptedPassword() {
+  if (!_getSettings) return null;
+  try {
+    const settings = await _getSettings();
+    if (!settings.mitmSudoEncrypted) return null;
+    return decryptPassword(settings.mitmSudoEncrypted);
+  } catch {
+    return null;
+  }
+}
+async function saveDnsToolState(tool, enabled) {
+  if (!_updateSettings || !_getSettings) return;
+  try {
+    const s = await _getSettings();
+    const next = { ...(s.dnsToolEnabled || {}), [tool]: enabled };
+    await _updateSettings({ dnsToolEnabled: next });
+  } catch (e) {
+    err(`Failed to save DNS state: ${e.message}`);
+  }
+}
+async function loadDnsToolState() {
+  if (!_getSettings) return {};
+  try {
+    const s = await _getSettings();
+    return s.dnsToolEnabled || {};
+  } catch {
+    return {};
+  }
+}
+/**
+ * Re-apply DNS for tools previously enabled — called on app startup after MITM running.
+ */
+async function restoreToolDNS(sudoPassword) {
+  const state = await loadDnsToolState();
+  const password = sudoPassword || getCachedPassword() || await loadEncryptedPassword();
+  for (const [tool, enabled] of Object.entries(state)) {
+    if (!enabled || !TOOL_HOSTS[tool]) continue;
+    try {
+      await addDNSEntry(tool, password);
+    } catch (e) {
+      err(`DNS ${tool}: restore failed — ${e.message}`);
+    }
+  }
+}
+/**
+ * Check if user has privilege to mutate hosts file.
+ * Win: needs admin. Mac/Linux: root OR cached/encrypted sudo password.
+ */
+async function hasDnsPrivilege() {
+  if (IS_WIN) return isAdmin();
+  if (isAdmin()) return true;
+  if (!isSudoPasswordRequired()) return true;
+  const pwd = getCachedPassword() || await loadEncryptedPassword();
+  return !!pwd;
+}
+function checkPort443Free() {
+  return new Promise((resolve) => {
+    const tester = net.createServer();
+    tester.once("error", (err) => {
+      if (err.code === "EADDRINUSE") resolve("in-use");
+      else resolve("no-permission");
+    });
+    tester.once("listening", () => { tester.close(() => resolve("free")); });
+    tester.listen(MITM_PORT, "127.0.0.1");
+  });
+}
+function getPort443Owner(sudoPassword) {
+  return new Promise((resolve) => {
+    if (IS_WIN) {
+      const psCmd = `powershell -NonInteractive -WindowStyle Hidden -Command "` +
+        `$c = Get-NetTCPConnection -LocalPort 443 -State Listen -ErrorAction SilentlyContinue | Select-Object -First 1; ` +
+        `if ($c) { $c.OwningProcess } else { 0 }"`;
+      exec(psCmd, { windowsHide: true }, (err, stdout) => {
+        if (err) return resolve(null);
+        const pid = parseInt(stdout.trim(), 10);
+        if (!pid || pid <= 4) return resolve(null);
+        exec(`tasklist /FI "PID eq ${pid}" /FO CSV /NH`, { windowsHide: true }, (e2, out2) => {
+          const m = out2?.match(/"([^"]+)"/);
+          resolve({ pid, name: m ? m[1] : "unknown" });
+        });
+      });
+    } else {
+      // Only find process actually LISTENING on TCP port 443
+      exec(`${LSOF_BIN} -nP -iTCP:443 -sTCP:LISTEN -t`, { windowsHide: true }, (err, stdout) => {
+        if (err || !stdout?.trim()) return resolve(null);
+        const pid = parseInt(stdout.trim().split("\n")[0], 10);
+        if (!pid || isNaN(pid)) return resolve(null);
+        exec(`ps -p ${pid} -o comm=`, { windowsHide: true }, (e2, out2) => {
+          resolve({ pid, name: (out2?.trim() || "unknown") });
+        });
+      });
+    }
+  });
+}
+async function killLeftoverMitm(sudoPassword) {
+  if (serverProcess && !serverProcess.killed) {
+    try { serverProcess.kill("SIGKILL"); } catch { /* ignore */ }
+    serverProcess = null;
+    serverPid = null;
+  }
+  try {
+    if (fs.existsSync(PID_FILE)) {
+      const savedPid = parseInt(fs.readFileSync(PID_FILE, "utf-8").trim(), 10);
+      if (savedPid && isProcessAlive(savedPid)) {
+        killProcess(savedPid, true, sudoPassword);
+        await new Promise(r => setTimeout(r, 500));
+      }
+      fs.unlinkSync(PID_FILE);
+    }
+  } catch { /* ignore */ }
+  if (!IS_WIN && SERVER_PATH) {
+    try {
+      const escaped = SERVER_PATH.replace(/'/g, "'\\''");
+      if (sudoPassword || isSudoAvailable()) {
+        const { execWithPassword } = require("./dns/dnsConfig");
+        await execWithPassword(`pkill -SIGKILL -f "${escaped}" 2>/dev/null || true`, sudoPassword || "").catch(() => { });
+      } else {
+        exec(`pkill -SIGKILL -f "${escaped}" 2>/dev/null || true`, { windowsHide: true }, () => { });
+      }
+      await new Promise(r => setTimeout(r, 500));
+    } catch { /* ignore */ }
+  }
+}
+function pollMitmHealth(timeoutMs, port = MITM_PORT) {
+  return new Promise((resolve) => {
+    const deadline = Date.now() + timeoutMs;
+    const check = () => {
+      const req = https.request(
+        { hostname: "127.0.0.1", port, path: "/_mitm_health", method: "GET", rejectUnauthorized: false },
+        (res) => {
+          let body = "";
+          res.on("data", (d) => { body += d; });
+          res.on("end", () => {
+            try {
+              const json = JSON.parse(body);
+              resolve(json.ok === true ? { ok: true, pid: json.pid || null } : null);
+            } catch { resolve(null); }
+          });
+        }
+      );
+      req.on("error", () => {
+        if (Date.now() < deadline) setTimeout(check, 500);
+        else resolve(null);
+      });
+      req.end();
+    };
+    check();
+  });
+}
+/**
+ * Get full MITM status including per-tool DNS status
+ */
+async function getMitmStatus() {
+  let running = serverProcess !== null && !serverProcess.killed;
+  let pid = serverPid;
+  if (!running) {
+    try {
+      if (fs.existsSync(PID_FILE)) {
+        const savedPid = parseInt(fs.readFileSync(PID_FILE, "utf-8").trim(), 10);
+        if (savedPid && isProcessAlive(savedPid)) {
+          running = true;
+          pid = savedPid;
+        } else {
+          fs.unlinkSync(PID_FILE);
+        }
+      }
+    } catch { /* ignore */ }
+  }
+  const dnsStatus = checkAllDNSStatus();
+  const rootCACertPath = path.join(MITM_DIR, "rootCA.crt");
+  const certExists = fs.existsSync(rootCACertPath);
+  const { checkCertInstalled } = require("./cert/install");
+  const certTrusted = certExists ? await checkCertInstalled(rootCACertPath) : false;
+  return { running, pid, certExists, certTrusted, dnsStatus };
+}
+async function scheduleMitmRestart(apiKey) {
+  if (mitmIsRestarting) return;
+  const aliveMs = Date.now() - mitmLastStartTime;
+  if (aliveMs >= MITM_RESTART_RESET_MS) mitmRestartCount = 0;
+  if (mitmRestartCount >= MITM_MAX_RESTARTS) {
+    err("Max restart attempts reached. Giving up.");
+    return;
+  }
+  const attempt = mitmRestartCount;
+  const delay = MITM_RESTART_DELAYS_MS[Math.min(attempt, MITM_RESTART_DELAYS_MS.length - 1)];
+  mitmRestartCount++;
+  mitmIsRestarting = true;
+  log(`Restarting in ${delay / 1000}s... (${mitmRestartCount}/${MITM_MAX_RESTARTS})`);
+  await new Promise((r) => setTimeout(r, delay));
+  try {
+    const settings = _getSettings ? await _getSettings() : null;
+    if (settings && !settings.mitmEnabled) {
+      log("MITM disabled, skipping restart");
+      mitmIsRestarting = false;
+      return;
+    }
+    const password = getCachedPassword() || await loadEncryptedPassword();
+    if (!password && !IS_WIN) {
+      err("No cached password, cannot auto-restart");
+      mitmIsRestarting = false;
+      return;
+    }
+    await startServer(apiKey, password);
+    log("🔄 Restarted successfully");
+    mitmRestartCount = 0;
+    mitmIsRestarting = false;
+  } catch (e) {
+    err(`Restart attempt ${mitmRestartCount}/${MITM_MAX_RESTARTS} failed: ${e.message}`);
+    mitmIsRestarting = false;
+    // Schedule next retry
+    scheduleMitmRestart(apiKey);
+  }
+}
+/**
+ * Start MITM server only (cert + server, no DNS)
+ */
+async function killPort443Owner(owner, sudoPassword) {
+  if (!owner || !owner.pid) return;
+  if (IS_WIN) {
+    try {
+      execSync(`powershell -NonInteractive -WindowStyle Hidden -Command "Stop-Process -Id ${owner.pid} -Force -ErrorAction SilentlyContinue"`, { windowsHide: true });
+    } catch { /* best effort */ }
+  } else {
+    try {
+      const { execWithPassword } = require("./dns/dnsConfig");
+      if (sudoPassword || isSudoAvailable()) {
+        await execWithPassword(`kill -9 ${owner.pid}`, sudoPassword || "");
+      } else {
+        execSync(`kill -9 ${owner.pid}`, { windowsHide: true });
+      }
+    } catch { /* best effort */ }
+  }
+  await new Promise(r => setTimeout(r, 800));
+}
+async function startServer(apiKey, sudoPassword, forceKillPort443 = false) {
+  if (!serverProcess || serverProcess.killed) {
+    try {
+      if (fs.existsSync(PID_FILE)) {
+        const savedPid = parseInt(fs.readFileSync(PID_FILE, "utf-8").trim(), 10);
+        if (savedPid && isProcessAlive(savedPid)) {
+          serverPid = savedPid;
+          log(`♻️ Reusing existing process (PID: ${savedPid})`);
+          await saveMitmSettings(true, sudoPassword);
+          if (sudoPassword) setCachedPassword(sudoPassword);
+          return { running: true, pid: savedPid };
+        } else {
+          fs.unlinkSync(PID_FILE);
+        }
+      }
+    } catch { /* ignore */ }
+  }
+  if (serverProcess && !serverProcess.killed) {
+    throw new Error("MITM server is already running");
+  }
+  await killLeftoverMitm(sudoPassword);
+  if (!IS_WIN) {
+    const portStatus = await checkPort443Free();
+    if (portStatus === "in-use" || portStatus === "no-permission") {
+      const owner = await getPort443Owner(sudoPassword);
+      if (owner) {
+        const shortName = owner.name.includes("/")
+          ? owner.name.split("/").filter(Boolean).pop()
+          : owner.name;
+        if (forceKillPort443) {
+          log(`Killing process on port 443 (PID ${owner.pid}, name=${shortName})...`);
+          await killPort443Owner(owner, sudoPassword);
+        } else {
+          const e = new Error(`Port 443 is already in use by "${shortName}" (PID ${owner.pid}).`);
+          e.code = "PORT_443_BUSY";
+          e.portOwner = { pid: owner.pid, name: shortName };
+          throw e;
+        }
+      }
+    }
+  }
+  // Step 1: Generate Root CA if missing or expired
+  const rootCACertPath = path.join(MITM_DIR, "rootCA.crt");
+  const rootCAKeyPath = path.join(MITM_DIR, "rootCA.key");
+  const certExists = fs.existsSync(rootCACertPath) && fs.existsSync(rootCAKeyPath);
+  if (!certExists || isCertExpired(rootCACertPath)) {
+    if (certExists) {
+      // Uninstall expired cert from system store before regenerating
+      log("🔐 Cert expired — uninstalling old cert...");
+      const password = sudoPassword || getCachedPassword() || await loadEncryptedPassword();
+      try { await uninstallCert(password, rootCACertPath); } catch { /* best effort */ }
+    }
+    log("🔐 Generating Root CA...");
+    await generateCert();
+  }
+  // Step 1.5: Auto-install Root CA if not trusted yet
+  const { checkCertInstalled } = require("./cert/install");
+  const rootCATrusted = await checkCertInstalled(rootCACertPath);
+  const linuxNoSystemTrust = !IS_WIN && !IS_MAC && !isSudoAvailable();
+  if (!rootCATrusted) {
+    log("🔐 Cert: not trusted → installing...");
+    const password = sudoPassword || getCachedPassword() || await loadEncryptedPassword();
+    if (linuxNoSystemTrust) {
+      log(`🔐 Cert: skipping system trust (no sudo). Install ${rootCACertPath} as a trusted CA on machines that use this proxy.`);
+    } else {
+      if (!password && isSudoPasswordRequired()) {
+        throw new Error("Sudo password required to install Root CA certificate");
+      }
+      try {
+        await installCert(password, rootCACertPath);
+        log("🔐 Cert: ✅ trusted");
+      } catch (e) {
+        throw new Error(`Failed to trust certificate: ${e.message}`);
+      }
+    }
+  } else {
+    log("🔐 Cert: already trusted ✅");
+  }
+  // Step 2: Spawn server (Root CA already installed in Step 1.5)
+  // Verify server.js exists — recopy if runtime file was deleted (antivirus/cleanup)
+  let effectiveServerPath = SERVER_PATH;
+  if (!effectiveServerPath || !fs.existsSync(effectiveServerPath)) {
+    log(`[MITM] server.js missing at ${effectiveServerPath} → recopying`);
+    effectiveServerPath = ensureRuntimeServer(resolveBundledServerPath());
+    if (!effectiveServerPath || !fs.existsSync(effectiveServerPath)) {
+      throw new Error(`MITM server.js not found at ${effectiveServerPath}. Reinstall 9router.`);
+    }
+  }
+  const mitmRouterBase = await resolveMitmRouterBaseUrl();
+  log(`🚀 Starting server... (router: ${mitmRouterBase})`);
+  if (IS_WIN) {
+    // Check port 443 — ask user before killing
+    const winOwner = await getPort443Owner(sudoPassword);
+    if (winOwner) {
+      if (forceKillPort443) {
+        log(`Killing process on port 443 (PID ${winOwner.pid}, name=${winOwner.name})...`);
+        await killPort443Owner(winOwner, sudoPassword);
+      } else {
+        const e = new Error(`Port 443 is already in use by "${winOwner.name}" (PID ${winOwner.pid}).`);
+        e.code = "PORT_443_BUSY";
+        e.portOwner = { pid: winOwner.pid, name: winOwner.name };
+        throw e;
+      }
+    }
+    // Spawn directly — process already has admin rights
+    // cwd=tmpdir so process doesn't lock the install dir on Windows (EBUSY on update)
+    serverProcess = spawn(
+      process.execPath,
+      [effectiveServerPath],
+      {
+        detached: false,
+        windowsHide: true,
+        cwd: os.tmpdir(),
+        stdio: ["ignore", "pipe", "pipe"],
+        env: {
+          ...process.env,
+          ROUTER_API_KEY: apiKey,
+          NODE_ENV: "production",
+          MITM_ROUTER_BASE: mitmRouterBase,
+        },
+      }
+    );
+    if (_updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => { });
+  } else if (isSudoAvailable()) {
+    // Pass HOME explicitly so os.homedir() resolves to the unprivileged user's home
+    // instead of /root when sudo resets the environment.
+    const inlineCmd = [
+      `HOME=${shellQuoteSingle(os.homedir())}`,
+      `ROUTER_API_KEY=${shellQuoteSingle(apiKey)}`,
+      `MITM_ROUTER_BASE=${shellQuoteSingle(mitmRouterBase)}`,
+      "NODE_ENV=production",
+      shellQuoteSingle(process.execPath),
+      shellQuoteSingle(effectiveServerPath),
+    ].join(" ");
+    serverProcess = spawn(
+      "sudo", ["-S", "-E", "sh", "-c", inlineCmd],
+      { detached: false, windowsHide: true, stdio: ["pipe", "pipe", "pipe"] }
+    );
+    serverProcess.stdin.write(`${sudoPassword}\n`);
+    serverProcess.stdin.end();
+  } else {
+    // Docker/minimal images: no sudo — same as Windows-style direct spawn
+    serverProcess = spawn(process.execPath, [effectiveServerPath], {
+      detached: false,
+      windowsHide: true,
+      cwd: os.tmpdir(),
+      stdio: ["ignore", "pipe", "pipe"],
+      env: {
+        ...process.env,
+        ROUTER_API_KEY: apiKey,
+        NODE_ENV: "production",
+        MITM_ROUTER_BASE: mitmRouterBase,
+      },
+    });
+  }
+  if (serverProcess) {
+    serverPid = serverProcess.pid;
+    fs.writeFileSync(PID_FILE, String(serverPid));
+    mitmLastStartTime = Date.now();
+  }
+  // Set NODE_EXTRA_CA_CERTS so Node-based GUI apps (Electron/AG language_server) trust MITM cert
+  if (IS_MAC) {
+    const rootCAPath = path.join(MITM_DIR, "rootCA.crt");
+    if (fs.existsSync(rootCAPath)) {
+      exec(`launchctl setenv NODE_EXTRA_CA_CERTS "${rootCAPath}"`, { windowsHide: true }, (e) => {
+        if (e) log(`[launchctl] Failed to set NODE_EXTRA_CA_CERTS: ${e.message}`);
+        else log(`[launchctl] NODE_EXTRA_CA_CERTS set to ${rootCAPath}`);
+      });
+    }
+  } else if (IS_WIN) {
+    const rootCAPath = path.join(MITM_DIR, "rootCA.crt");
+    if (fs.existsSync(rootCAPath)) {
+      exec(`setx NODE_EXTRA_CA_CERTS "${rootCAPath}"`, { windowsHide: true }, (e) => {
+        if (e) log(`[setx] Failed to set NODE_EXTRA_CA_CERTS: ${e.message}`);
+        else log(`[setx] NODE_EXTRA_CA_CERTS set for current user`);
+      });
+    }
+  }
+  let startError = null;
+  if (serverProcess) {
+    serverProcess.stdout.on("data", (data) => {
+      // server.js already formats its own logs — print as-is
+      process.stdout.write(data);
+    });
+    serverProcess.stderr.on("data", (data) => {
+      const msg = data.toString().trim();
+      // Mac/Linux: filter sudo password prompt noise
+      if (msg && (IS_WIN || (!msg.includes("Password:") && !msg.includes("password for")))) {
+        err(msg);
+        startError = msg;
+      }
+      // Detect wrong/missing password — clear cache and stop retry loop
+      if (!IS_WIN && (msg.includes("incorrect password") || msg.includes("no password was provided"))) {
+        setCachedPassword(null);
+        clearEncryptedPassword();
+        mitmIsRestarting = true; // prevent scheduleMitmRestart from firing
+      }
+    });
+    serverProcess.on("exit", (code) => {
+      log(`Server exited (code: ${code})`);
+      serverProcess = null;
+      serverPid = null;
+      try { fs.unlinkSync(PID_FILE); } catch { /* ignore */ }
+      // Auto-restart on unexpected exit
+      if (code !== 0 && !mitmIsRestarting) scheduleMitmRestart(apiKey);
+    });
+  }
+  const health = await pollMitmHealth(8000, MITM_PORT);
+  if (!health) {
+    if (serverProcess && !serverProcess.killed) { try { serverProcess.kill(); } catch { /* ignore */ } serverProcess = null; }
+    const processUsing443 = getProcessUsingPort443();
+    const portInfo = processUsing443 ? ` Port 443 already in use by ${processUsing443}.` : "";
+    const reason = startError || `Check sudo password or port 443 access.${portInfo}`;
+    throw new Error(`MITM server failed to start. ${reason}`);
+  }
+  if (_updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => { });
+  log(`✅ Server healthy (PID: ${serverPid || health.pid})`);
+  // Log DNS status per tool
+  const dnsStatus = checkAllDNSStatus();
+  for (const [tool, active] of Object.entries(dnsStatus)) {
+    log(`🌐 DNS ${tool}: ${active ? "✅ active" : "❌ inactive"}`);
+  }
+  await saveMitmSettings(true, sudoPassword);
+  if (sudoPassword) setCachedPassword(sudoPassword);
+  return { running: true, pid: serverPid };
+}
+/**
+ * Stop MITM server — removes ALL tool DNS entries first, then kills server
+ */
+async function stopServer(sudoPassword) {
+  // Prevent auto-restart from triggering on intentional stop
+  mitmIsRestarting = true;
+  mitmRestartCount = 0;
+  log("⏹ Stopping server...");
+  // Kill server process
+  const proc = serverProcess;
+  const pidToKill = proc && !proc.killed
+    ? proc.pid
+    : (() => { try { return parseInt(fs.readFileSync(PID_FILE, "utf-8").trim(), 10); } catch { return null; } })();
+  if (pidToKill && isProcessAlive(pidToKill)) {
+    log(`Killing server (PID: ${pidToKill})...`);
+    killProcess(pidToKill, false, sudoPassword);
+    await new Promise(r => setTimeout(r, 1000));
+    if (isProcessAlive(pidToKill)) killProcess(pidToKill, true, sudoPassword);
+  }
+  serverProcess = null;
+  serverPid = null;
+  if (IS_WIN) {
+    const hostsFile = path.join(process.env.SystemRoot || "C:\\Windows", "System32", "drivers", "etc", "hosts");
+    const allHosts = Object.values(TOOL_HOSTS).flat();
+    try {
+      const { isAdmin, runElevatedPowerShell, quotePs } = require("./winElevated.js");
+      if (isAdmin()) {
+        // Direct fs write — bypass PowerShell to avoid parser pitfalls
+        const content = fs.readFileSync(hostsFile, "utf8");
+        const filtered = content.split(/\r?\n/).filter(l => !allHosts.some(h => l.includes(h))).join("\r\n");
+        const next = filtered.replace(/[\r\n\s]+$/g, "") + "\r\n";
+        if (next !== content) fs.writeFileSync(hostsFile, next, "utf8");
+        try { require("child_process").execSync("ipconfig /flushdns", { windowsHide: true, stdio: "ignore" }); } catch { /* ignore */ }
+        log("🌐 DNS: ✅ all tool hosts removed");
+      } else {
+        const hostsList = allHosts.map(quotePs).join(",");
+        const script = `
+          $hosts = @(${hostsList})
+          $lines = Get-Content -LiteralPath ${quotePs(hostsFile)}
+          $filtered = $lines | Where-Object {
+            $line = $_
+            -not ($hosts | Where-Object { $line -match [regex]::Escape($_) })
+          }
+          Set-Content -LiteralPath ${quotePs(hostsFile)} -Value $filtered
+          ipconfig /flushdns | Out-Null
+        `;
+        await runElevatedPowerShell(script);
+      }
+    } catch (e) { err(`Failed to clean hosts: ${e.message}`); }
+  } else {
+    await removeAllDNSEntries(sudoPassword);
+  }
+  // Unset NODE_EXTRA_CA_CERTS so apps don't keep trusting stale MITM cert
+  if (IS_MAC) {
+    exec(`launchctl unsetenv NODE_EXTRA_CA_CERTS`, { windowsHide: true }, (e) => {
+      if (e) log(`[launchctl] Failed to unset NODE_EXTRA_CA_CERTS: ${e.message}`);
+      else log(`[launchctl] NODE_EXTRA_CA_CERTS unset`);
+    });
+  } else if (IS_WIN) {
+    exec(`reg delete HKCU\\Environment /F /V NODE_EXTRA_CA_CERTS`, { windowsHide: true }, (e) => {
+      if (e) log(`[reg] Failed to unset NODE_EXTRA_CA_CERTS: ${e.message}`);
+      else log(`[reg] NODE_EXTRA_CA_CERTS unset`);
+    });
+  }
+  try { fs.unlinkSync(PID_FILE); } catch { /* ignore */ }
+  await saveMitmSettings(false, null);
+  mitmIsRestarting = false;
+  return { running: false, pid: null };
+}
+/**
+ * Enable DNS for a specific tool (requires server running)
+ */
+async function enableToolDNS(tool, sudoPassword) {
+  const status = await getMitmStatus();
+  if (!status.running) throw new Error("MITM server is not running. Start the server first.");
+  const password = sudoPassword || getCachedPassword() || await loadEncryptedPassword();
+  await addDNSEntry(tool, password);
+  await saveDnsToolState(tool, true);
+  return { success: true };
+}
+/**
+ * Disable DNS for a specific tool
+ */
+async function disableToolDNS(tool, sudoPassword) {
+  const password = sudoPassword || getCachedPassword() || await loadEncryptedPassword();
+  await removeDNSEntry(tool, password);
+  await saveDnsToolState(tool, false);
+  return { success: true };
+}
+/**
+ * Install Root CA to system trust store (standalone, no server start)
+ */
+async function trustCert(sudoPassword) {
+  const rootCACertPath = path.join(MITM_DIR, "rootCA.crt");
+  if (!fs.existsSync(rootCACertPath)) throw new Error("Root CA not found. Start server first to generate it.");
+  const { installCert } = require("./cert/install");
+  if (!IS_WIN && !IS_MAC && !isSudoAvailable()) {
+    log(`🔐 Cert: system trust unavailable (no sudo). Use file: ${rootCACertPath}`);
+    return;
+  }
+  const password = sudoPassword || getCachedPassword() || await loadEncryptedPassword();
+  if (!password && isSudoPasswordRequired()) throw new Error("Sudo password required to trust certificate");
+  await installCert(password, rootCACertPath);
+  if (password) setCachedPassword(password);
+}
+// Legacy aliases for backward compatibility
+const startMitm = startServer;
+const stopMitm = stopServer;
+module.exports = {
+  getMitmStatus,
+  startServer,
+  stopServer,
+  enableToolDNS,
+  disableToolDNS,
+  trustCert,
+  // Legacy
+  startMitm,
+  stopMitm,
+  getCachedPassword,
+  setCachedPassword,
+  loadEncryptedPassword,
+  clearEncryptedPassword,
+  isSudoPasswordRequired,
+  initDbHooks,
+  restoreToolDNS,
+  hasDnsPrivilege,
+  removeAllDNSEntriesSync,
+};