docs: remove useless ostp-wiki folder from root

Cargo.lock

@@ -1497,9 +1497,11 @@ dependencies = [
  "hkdf",
  "hmac",
  "rand 0.8.5",
+ "serde",
  "sha2",
  "snow",
  "thiserror 1.0.69",
+ "tokio",
  "tracing",
  "x25519-dalek",
 ]

fix_delimiter.py

@@ -1,36 +0,0 @@
-import os
-
-with open('ostp/src/main.rs', 'r', encoding='utf-8') as f:
-    content = f.read()
-
-old_block = '''                    if let Some(key) = first_key {
-                    let host = get_or_ask_public_ip(&args.config);
-                    let mut query_params = Vec::<String>::new();
-                    query_params.push("type=udp".to_string());
-
-                    let mut link = format!("ostp://{}@{}:{}", key, host, port);
-                    if !query_params.is_empty() {
-                        link.push('?');
-                        link.push_str(&query_params.join("&"));
-                    }
-                    println!("  [1] {}", link);
-                }'''
-
-new_block = '''                    if let Some(key) = first_key {
-                        let host = get_or_ask_public_ip(&args.config);
-                        let mut query_params = Vec::<String>::new();
-                        query_params.push("type=udp".to_string());
-
-                        let mut link = format!("ostp://{}@{}:{}", key, host, port);
-                        if !query_params.is_empty() {
-                            link.push('?');
-                            link.push_str(&query_params.join("&"));
-                        }
-                        println!("  [1] {}", link);
-                    }
-                }'''
-
-content = content.replace(old_block, new_block)
-
-with open('ostp/src/main.rs', 'w', encoding='utf-8') as f:
-    f.write(content)

ostp-client/src/bridge.rs

@@ -18,7 +18,7 @@ impl Default for BridgeMetrics {
     }
 }
 
-pub fn set_socket_protector<F>(f: F)
+pub fn set_socket_protector<F>(_f: F)
 where
     F: Fn(i32) -> bool + Send + Sync + 'static,
 {

ostp-client/src/config.rs

@@ -190,15 +190,15 @@ impl ClientConfig {
 
     /// Migrates old monolithic JSON to the new modular format.
     /// Returns the migrated JSON value and a boolean indicating if a migration occurred.
-    pub fn migrate_json(mut json: serde_json::Value) -> (serde_json::Value, bool) {
+    pub fn migrate_json(json: serde_json::Value) -> (serde_json::Value, bool) {
-        let is_migrated = json.get("version").and_then(|v| v.as_str()) == Some("0.3.1");
+        let is_migrated = json.get("version").and_then(|v| v.as_str()) == Some(env!("CARGO_PKG_VERSION"));
         if is_migrated {
             return (json, false);
         }
 
         // Needs migration
         let mut new_json = serde_json::json!({
-            "version": "0.3.1",
+            "version": env!("CARGO_PKG_VERSION"),
         });
 
         // 1. Log level

ostp-client/src/runner.rs

@@ -1,8 +1,7 @@
 use anyhow::Result;
 use std::sync::Arc;
-use tokio::sync::{mpsc, watch};
+use tokio::sync::watch;
 
-use crate::app::{BridgeCommand, ConnectionStatus, UiEvent};
 use crate::config::{ClientConfig, InboundConfig};
 use crate::tunnel::balancer::Balancer;
 use crate::tunnel::outbounds::OutboundManager;
@@ -10,9 +9,9 @@ use crate::tunnel::router::Router;
 
 pub async fn run_client_core(
     config: ClientConfig,
-    metrics: Arc<crate::bridge::BridgeMetrics>,
+    _metrics: Arc<crate::bridge::BridgeMetrics>,
     mut shutdown_rx_ext: watch::Receiver<bool>,
-    config_rx: Option<watch::Receiver<ClientConfig>>,
+    _config_rx: Option<watch::Receiver<ClientConfig>>,
 ) -> Result<()> {
     println!("[ostp] Starting run_client_core with multi-server architecture");
 

ostp-client/src/transport/dns.rs

@@ -5,8 +5,9 @@ use tokio::net::UdpSocket;
 use tokio::sync::{mpsc, Mutex};
 use rand::Rng;
 
-use ostp_core::dns::{
+pub use ostp_core::dns::{
-    DnsPacket, DnsRecordType, encode_payload_to_domain, decode_domain_to_payload,
+    DnsPacket, DnsRecordType, encode_payload_to_domain,
+    decode_domain_to_payload,
 };
 use crate::transport::Transport;
 
@@ -64,7 +65,7 @@ pub async fn start_dns_transport(domain: String, resolver: String, _pubkey: Opti
     });
 
     // Receive task (reads from UDP socket, decodes DNS answer, sends to app)
-    let base_domain_rx = domain.clone();
+    let _base_domain_rx = domain.clone();
     tokio::spawn(async move {
         let mut buf = vec![0u8; 65535];
         loop {

ostp-client/src/tunnel/balancer.rs

@@ -1,6 +1,5 @@
 use crate::config::{ClientConfig, OutboundConfig};
 use std::collections::HashMap;
-use std::sync::Arc;
 
 pub struct Balancer {
     outbounds: HashMap<String, OutboundConfig>,

ostp-client/src/tunnel/inbounds/local_proxy.rs

@@ -85,7 +85,7 @@ async fn handle_socks5_connection(
     }
     
     let atyp = buf[3];
-    let (target_host, mut ip_addr) = match atyp {
+    let (target_host, ip_addr) = match atyp {
         0x01 => { // IPv4
             stream.read_exact(&mut buf[0..4]).await?;
             let ip = std::net::Ipv4Addr::new(buf[0], buf[1], buf[2], buf[3]);

ostp-client/src/tunnel/inbounds/tun.rs

@@ -13,7 +13,7 @@ pub async fn run_tun_inbound(
     outbound_manager: Arc<OutboundManager>,
     mut shutdown: watch::Receiver<bool>,
 ) -> Result<()> {
-    use std::net::ToSocketAddrs;
+    
     use netstack_smoltcp::StackBuilder;
     use tokio::io::{AsyncReadExt, AsyncWriteExt};
     use futures::{StreamExt, SinkExt};
@@ -72,7 +72,7 @@ pub async fn run_tun_inbound(
     #[allow(unused_variables)]
     let mut _route_guard = None;
 
-    let (mut tun_to_stack, mut stack_to_tun) = {
+    let (tun_to_stack, stack_to_tun) = {
         #[cfg(target_os = "android")]
         {
             if let Some(fd) = fd {
@@ -183,7 +183,7 @@ pub async fn run_tun_inbound(
     let router_tcp = router.clone();
     let tag_tcp = tag.clone();
     
-    let mut tcp_accept_task = tokio::spawn(async move {
+    let tcp_accept_task = tokio::spawn(async move {
         let Some(mut listener) = tcp_listener else { return; };
         while let Some((mut stream, local, remote)) = listener.next().await {
             let om = outbound_manager_tcp.clone();
@@ -249,7 +249,7 @@ pub async fn run_tun_inbound(
     let router_udp = router.clone();
     let tag_udp = tag.clone();
     
-    let mut udp_proxy_task = tokio::spawn(async move {
+    let udp_proxy_task = tokio::spawn(async move {
         if let Some(udp_sock) = udp_socket {
             let (mut udp_rx, _udp_tx) = udp_sock.split();
             while let Some((payload, local, remote)) = udp_rx.next().await {

ostp-client/src/tunnel/outbounds/mod.rs

@@ -1,6 +1,5 @@
 use anyhow::{anyhow, Result};
 use std::sync::Arc;
-use tokio::net::TcpStream;
 use crate::tunnel::balancer::Balancer;
 use crate::config::OutboundConfig;
 

ostp-client/src/tunnel/outbounds/ostp.rs

@@ -1,10 +1,9 @@
-use anyhow::{anyhow, Result};
+use anyhow::Result;
 use tokio::net::TcpStream;
 use crate::config::{TransportConfig, MultiplexConfig};
 
-use ostp_core::{NoiseRole, OstpEvent, ProtocolAction, ProtocolConfig, ProtocolMachine};
+use ostp_core::{OstpEvent, ProtocolAction, ProtocolConfig, ProtocolMachine};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
-use tokio::net::UdpSocket;
 
 pub async fn dial_tcp(
     server: &str,

ostp-core/Cargo.toml

@@ -17,3 +17,5 @@ sha2.workspace = true
 hmac.workspace = true
 x25519-dalek = { version = "2.0.1", features = ["static_secrets"] }
 hkdf = "0.12.0"
+tokio.workspace = true
+serde = { version = "1.0", features = ["derive"] }

ostp-core/src/dns_prober.rs

@@ -0,0 +1,94 @@
+use std::time::Duration;
+use tokio::time::Instant;
+use crate::dns::{DnsPacket, DnsRecordType, encode_payload_to_domain};
+use rand::Rng;
+use serde::{Deserialize, Serialize};
+
+#[derive(Serialize, Deserialize, Clone)]
+pub struct DnsProbeResult {
+    pub name: String,
+    pub ip: String,
+    pub latency_ms: Option<u64>,
+}
+
+const PUBLIC_DNS_SERVERS: &[(&str, &str)] = &[
+    ("Cloudflare",  "1.1.1.1"),
+    ("Cloudflare2", "1.0.0.1"),
+    ("Google",      "8.8.8.8"),
+    ("Google2",     "8.8.4.4"),
+    ("Quad9",       "9.9.9.9"),
+    ("AdGuard",     "94.140.14.14"),
+    ("Yandex",      "77.88.8.8"),
+    ("Yandex2",     "77.88.8.1"),
+    ("SkyDNS",      "193.58.251.251"),
+    ("AliDNS",      "223.5.5.5"),
+    ("Tencent",     "119.29.29.29"),
+    ("114DNS",      "114.114.114.114"),
+    ("Shecan",      "178.22.122.100"),
+    ("Electro",     "78.157.42.100"),
+    ("Begzar",      "185.55.226.26"),
+];
+
+async fn probe_resolver(domain: &str, resolver_ip: &str) -> Option<u64> {
+    let (probe_bytes, id) = {
+        let mut rng = rand::thread_rng();
+        let probe_bytes: [u8; 4] = rng.gen();
+        let id: u16 = rng.gen();
+        (probe_bytes, id)
+    };
+
+    let fqdn = encode_payload_to_domain(&probe_bytes, domain);
+    let qtype = if rand::thread_rng().gen_bool(0.5) { DnsRecordType::TXT } else { DnsRecordType::NULL };
+    let packet = DnsPacket::new_query(id, &fqdn, qtype);
+    let encoded = packet.encode();
+
+    let sock = tokio::net::UdpSocket::bind("0.0.0.0:0").await.ok()?;
+    sock.connect(format!("{}:53", resolver_ip)).await.ok()?;
+
+    let start = Instant::now();
+    sock.send(&encoded).await.ok()?;
+
+    let mut buf = [0u8; 4096];
+    match tokio::time::timeout(Duration::from_secs(2), sock.recv(&mut buf)).await {
+        Ok(Ok(n)) => {
+            if let Some(resp) = DnsPacket::decode(&buf[..n]) {
+                // Check if RCODE == 0 (NOERROR) and it has answers
+                let rcode = resp.flags & 0x000F;
+                if rcode == 0 && !resp.answers.is_empty() {
+                    return Some(start.elapsed().as_millis() as u64);
+                }
+            }
+            None
+        },
+        _ => None,
+    }
+}
+
+pub async fn run_dns_prober(domain: &str) -> Result<Vec<DnsProbeResult>, String> {
+    if domain.is_empty() {
+        return Err("Please enter the tunnel domain first (e.g. tunnel.myvpn.com)".into());
+    }
+
+    let tasks: Vec<_> = PUBLIC_DNS_SERVERS
+        .iter()
+        .map(|(name, ip)| {
+            let domain = domain.to_string();
+            let name = name.to_string();
+            let ip   = ip.to_string();
+            tokio::spawn(async move {
+                let latency_ms = probe_resolver(&domain, &ip).await;
+                DnsProbeResult { name, ip, latency_ms }
+            })
+        })
+        .collect();
+
+    let mut results = Vec::with_capacity(tasks.len());
+    for task in tasks {
+        if let Ok(r) = task.await {
+            results.push(r);
+        }
+    }
+
+    results.sort_by_key(|r| r.latency_ms.unwrap_or(u64::MAX));
+    Ok(results)
+}

ostp-core/src/lib.rs

@@ -5,6 +5,7 @@ pub mod protocol;
 pub mod relay;
 pub mod resumption;
 pub mod dns;
+pub mod dns_prober;
 
 pub use crypto::NoiseRole;
 pub use framing::{TrafficProfile, PaddingStrategy};

ostp-flutter/android/app/src/main/kotlin/com/ospab/ostp_client/MainActivity.kt

@@ -95,6 +95,15 @@ class MainActivity : FlutterActivity() {
                         result.error("ERROR", e.message, null)
                     }
                 }
+                "runDnsProber" -> {
+                    try {
+                        val domain = call.argument<String>("domain") ?: "example.com"
+                        val json = net.ostp.client.OstpClientSdk.nativeRunDnsProber(domain)
+                        result.success(json)
+                    } catch (e: Throwable) {
+                        result.error("ERROR", e.message, null)
+                    }
+                }
                 "getInstalledApps" -> {
                     try {
                         val pm = packageManager

ostp-flutter/android/app/src/main/kotlin/net/ostp/client/OstpClientSdk.kt

@@ -50,4 +50,8 @@ object OstpClientSdk {
     @Keep
     @JvmStatic
     external fun notifyNetworkChanged()
+
+    @Keep
+    @JvmStatic
+    external fun nativeRunDnsProber(domain: String): String
 }

ostp-flutter/lib/main.dart

@@ -26,11 +26,11 @@ class OstpApp extends StatelessWidget {
       debugShowCheckedModeBanner: false,
       theme: ThemeData(
         brightness: Brightness.dark,
-        scaffoldBackgroundColor: const Color(0xFF08080F),
+        scaffoldBackgroundColor: const Color(0xFF030303),
         colorScheme: const ColorScheme.dark(
-          primary: Color(0xFF6C72FF),
+          primary: Color(0xFFF9FAFB),
-          secondary: Color(0xFF22D3A5),
+          secondary: Color(0xFF10B981),
-          surface: Color(0xFF151522),
+          surface: Color(0xFF09090B),
         ),
         fontFamily: 'Inter',
         useMaterial3: true,

ostp-flutter/lib/ui/home_screen.dart

@@ -6,6 +6,7 @@ import 'package:flutter/material.dart';
 import 'package:flutter/services.dart';
 import 'package:shared_preferences/shared_preferences.dart';
 import 'package:mobile_scanner/mobile_scanner.dart';
+import 'package:flutter_svg/flutter_svg.dart';
 import '../models/connection_state_enum.dart';
 import 'settings_screen.dart';
 import 'logs_screen.dart';
@@ -517,31 +518,16 @@ class _HomeScreenState extends State<HomeScreen> with TickerProviderStateMixin {
     return Scaffold(
       body: Stack(
         children: [
-          Positioned(
+          Center(
-            top: -150, right: -100,
+            child: Opacity(
-            child: Container(
+              opacity: theme.brightness == Brightness.dark ? 0.05 : 0.06,
-              width: 400, height: 400,
+              child: SvgPicture.asset(
-              decoration: BoxDecoration(
+                'assets/logo.svg',
-                shape: BoxShape.circle,
+                width: MediaQuery.of(context).size.width * 0.8,
-                color: theme.colorScheme.primary.withOpacity(0.15),
+                fit: BoxFit.contain,
-              ),
+                colorFilter: theme.brightness == Brightness.light 
-              child: BackdropFilter(
+                    ? const ColorFilter.mode(Colors.black, BlendMode.srcIn) 
-                filter: ImageFilter.blur(sigmaX: 100, sigmaY: 100),
+                    : null,
-                child: Container(),
-              ),
-            ),
-          ),
-          Positioned(
-            bottom: -100, left: -100,
-            child: Container(
-              width: 350, height: 350,
-              decoration: BoxDecoration(
-                shape: BoxShape.circle,
-                color: theme.colorScheme.secondary.withOpacity(0.1),
-              ),
-              child: BackdropFilter(
-                filter: ImageFilter.blur(sigmaX: 100, sigmaY: 100),
-                child: Container(),
               ),
             ),
           ),

ostp-flutter/lib/ui/settings_screen.dart

@@ -38,7 +38,7 @@ class _SettingsScreenState extends State<SettingsScreen> {
 
   bool _obscureKey = true;
   bool _debugMode = false;
-  String _dnsRegion = 'Global';
+  late TextEditingController _dnsRegionCtrl;
   String _transportMode = 'udp'; // 'udp' | 'uot'
   String _tunStack = 'ostp'; // 'system' | 'ostp'
   bool _muxEnabled = false;
@@ -58,9 +58,9 @@ class _SettingsScreenState extends State<SettingsScreen> {
     _ipsCtrl = TextEditingController(text: widget.prefs.getString('ex_ips') ?? '');
     _processesCtrl = TextEditingController(text: widget.prefs.getString('ex_processes') ?? '');
     _dnsDomainCtrl = TextEditingController(text: widget.prefs.getString('dns_domain') ?? '');
-    _pbkCtrl = TextEditingController(text: widget.prefs.getString('pbk') ?? '');
+    _dnsRegionCtrl = TextEditingController(text: widget.prefs.getString('dns_region') ?? '1.1.1.1');
+    _pbkCtrl = TextEditingController(text: widget.prefs.getString('tun_pbk') ?? '');
     _sidCtrl = TextEditingController(text: widget.prefs.getString('sid') ?? '');
-    _dnsRegion = widget.prefs.getString('dns_region') ?? 'Global';
     _transportMode = widget.prefs.getString('transport_mode') ?? 'udp';
     _tunStack = widget.prefs.getString('tun_stack') ?? 'ostp';
     _debugMode = widget.prefs.getBool('debug_mode') ?? false;
@@ -81,6 +81,7 @@ class _SettingsScreenState extends State<SettingsScreen> {
     _ipsCtrl.dispose();
     _processesCtrl.dispose();
     _dnsDomainCtrl.dispose();
+    _dnsRegionCtrl.dispose();
     _pbkCtrl.dispose();
     _sidCtrl.dispose();
     _muxSessionsCtrl.dispose();
@@ -97,11 +98,11 @@ class _SettingsScreenState extends State<SettingsScreen> {
     widget.prefs.setString('ex_ips', _ipsCtrl.text.trim());
     widget.prefs.setString('ex_processes', _processesCtrl.text.trim());
     widget.prefs.setBool('debug_mode', _debugMode);
-    widget.prefs.setString('dns_region', _dnsRegion);
     widget.prefs.setString('transport_mode', _transportMode);
     widget.prefs.setString('tun_stack', _tunStack);
     widget.prefs.setString('dns_domain', _dnsDomainCtrl.text.trim());
-    widget.prefs.setString('pbk', _pbkCtrl.text.trim());
+    widget.prefs.setString('dns_region', _dnsRegionCtrl.text.trim());
+    widget.prefs.setString('tun_pbk', _pbkCtrl.text.trim());
     widget.prefs.setString('sid', _sidCtrl.text.trim());
     widget.prefs.setBool('mux_enabled', _muxEnabled);
     widget.prefs.setString('mux_sessions', _muxSessionsCtrl.text.trim());
@@ -237,7 +238,7 @@ class _SettingsScreenState extends State<SettingsScreen> {
                       _serverCtrl.text = host;
                       _keyCtrl.text = key;
                       _dnsDomainCtrl.text = uri.queryParameters['domain'] ?? '';
-                      _dnsRegion = uri.queryParameters['region'] ?? 'Global';
+                      _dnsRegionCtrl.text = uri.queryParameters['resolver'] ?? '1.1.1.1';
                       
                       final type = uri.queryParameters['type'];
                       _transportMode = type == 'tcp' || type == 'http' ? 'uot' : (type == 'dns' ? 'dns' : 'udp');
@@ -349,30 +350,27 @@ class _SettingsScreenState extends State<SettingsScreen> {
                         const SizedBox(height: 16),
                         _buildTextField('Domain (Points to Server)', _dnsDomainCtrl, hint: 'tunnel.myvpn.com'),
                         const SizedBox(height: 16),
-                        DropdownButtonFormField<String>(
+                        Row(
-                          value: _dnsRegion,
+                          children: [
-                          dropdownColor: const Color(0xFF1E1E2C),
+                            Expanded(
-                          style: const TextStyle(color: Colors.white, fontSize: 14),
+                              child: _buildTextField('DNS Resolver Server', _dnsRegionCtrl, hint: '1.1.1.1'),
-                          decoration: InputDecoration(
-                            labelText: 'DNS Resolver Region',
-                            labelStyle: const TextStyle(color: Colors.white54, fontSize: 13),
-                            border: OutlineInputBorder(borderRadius: BorderRadius.circular(12)),
-                            contentPadding: const EdgeInsets.symmetric(horizontal: 16, vertical: 12),
                             ),
-                          items: ['Global', 'Russia', 'China', 'Iran'].map((String region) {
+                            const SizedBox(width: 8),
-                            return DropdownMenuItem<String>(
+                            Padding(
-                              value: region,
+                              padding: const EdgeInsets.only(top: 24.0),
-                              child: Text(region),
+                              child: ElevatedButton(
-                            );
+                                onPressed: _showDnsProberDialog,
-                          }).toList(),
+                                style: ElevatedButton.styleFrom(
-                          onChanged: (String? newValue) {
+                                  backgroundColor: Colors.orangeAccent.withOpacity(0.2),
-                            if (newValue != null) {
+                                  foregroundColor: Colors.orangeAccent,
-                              setState(() {
+                                  elevation: 0,
-                                _dnsRegion = newValue;
+                                  padding: const EdgeInsets.symmetric(horizontal: 12, vertical: 14),
-                                _saveSettings();
+                                  shape: RoundedRectangleBorder(borderRadius: BorderRadius.circular(12)),
-                              });
+                                ),
-                            }
+                                child: const Text('PROBER', style: TextStyle(fontWeight: FontWeight.bold, fontSize: 12)),
-                          },
+                              ),
+                            )
+                          ],
                         ),
                       ],
                     ),
@@ -603,6 +601,97 @@ class _SettingsScreenState extends State<SettingsScreen> {
     );
   }
 
+  Future<void> _showDnsProberDialog() async {
+    const channel = MethodChannel('com.ospab.ostp/vpn');
+    showDialog(
+      context: context,
+      barrierDismissible: false,
+      builder: (context) {
+        return StatefulBuilder(
+          builder: (context, setModalState) {
+            return AlertDialog(
+              backgroundColor: Theme.of(context).colorScheme.surface,
+              shape: RoundedRectangleBorder(borderRadius: BorderRadius.circular(20)),
+              title: const Text('DNS Prober', textAlign: TextAlign.center),
+              content: FutureBuilder<String?>(
+                future: channel.invokeMethod<String>('runDnsProber', {'domain': _dnsDomainCtrl.text.trim()}),
+                builder: (context, snapshot) {
+                  if (snapshot.connectionState == ConnectionState.waiting) {
+                    return const Column(
+                      mainAxisSize: MainAxisSize.min,
+                      children: [
+                        CircularProgressIndicator(),
+                        SizedBox(height: 16),
+                        Text('Sending real tunnel probes...', style: TextStyle(color: Colors.white54, fontSize: 13), textAlign: TextAlign.center),
+                      ],
+                    );
+                  }
+
+                  if (snapshot.hasError || !snapshot.hasData) {
+                    return Text('Error: ${snapshot.error}', style: const TextStyle(color: Colors.redAccent));
+                  }
+
+                  List<dynamic> results = [];
+                  try {
+                    results = jsonDecode(snapshot.data!);
+                  } catch (_) {}
+
+                  if (results.isEmpty) {
+                    return const Text('No results or all timed out.', style: TextStyle(color: Colors.redAccent));
+                  }
+
+                  return SizedBox(
+                    width: double.maxFinite,
+                    child: ListView.builder(
+                      shrinkWrap: true,
+                      itemCount: results.length,
+                      itemBuilder: (context, index) {
+                        final res = results[index];
+                        final name = res['name'] ?? '';
+                        final ip = res['ip'] ?? '';
+                        final latency = res['latency_ms'];
+                        
+                        final isBest = index == 0 && latency != null;
+                        
+                        return ListTile(
+                          onTap: latency != null ? () {
+                            setState(() {
+                              _dnsRegionCtrl.text = ip;
+                              _saveSettings();
+                            });
+                            Navigator.pop(context);
+                            ScaffoldMessenger.of(context).showSnackBar(SnackBar(content: Text('DNS set to $ip')));
+                          } : null,
+                          title: Text('${isBest ? '⭐ ' : ''}$name', style: const TextStyle(fontSize: 14)),
+                          subtitle: Text(ip, style: const TextStyle(fontSize: 12, color: Colors.white54)),
+                          trailing: Text(
+                            latency != null ? '$latency ms' : 'TIMEOUT',
+                            style: TextStyle(
+                              color: latency == null ? Colors.redAccent : (latency < 100 ? Colors.greenAccent : Colors.orangeAccent),
+                              fontWeight: FontWeight.bold,
+                            ),
+                          ),
+                          tileColor: isBest ? Colors.blueAccent.withOpacity(0.1) : null,
+                          shape: RoundedRectangleBorder(borderRadius: BorderRadius.circular(10)),
+                        );
+                      },
+                    ),
+                  );
+                },
+              ),
+              actions: [
+                TextButton(
+                  onPressed: () => Navigator.pop(context),
+                  child: const Text('Close'),
+                )
+              ],
+            );
+          }
+        );
+      }
+    );
+  }
+
   Future<void> _checkForUpdates() async {
     if (_isCheckingUpdates) return;
     setState(() { _isCheckingUpdates = true; });

ostp-flutter/pubspec.lock

@@ -134,6 +134,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "6.0.0"
+  flutter_svg:
+    dependency: "direct main"
+    description:
+      name: flutter_svg
+      sha256: "35882981abcbfb8c15b286f0cd690ff25bac12d95eff3e25ee207f37d4c42e7f"
+      url: "https://pub.dev"
+    source: hosted
+    version: "2.3.0"
   flutter_test:
     dependency: "direct dev"
     description: flutter
@@ -272,6 +280,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.9.1"
+  path_parsing:
+    dependency: transitive
+    description:
+      name: path_parsing
+      sha256: "883402936929eac138ee0a45da5b0f2c80f89913e6dc3bf77eb65b84b409c6ca"
+      url: "https://pub.dev"
+    source: hosted
+    version: "1.1.0"
   path_provider_linux:
     dependency: transitive
     description:
@@ -581,6 +597,30 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "3.1.5"
+  vector_graphics:
+    dependency: transitive
+    description:
+      name: vector_graphics
+      sha256: "2306c03da2ba81724afeb589c351ebbc0aa7d86005925be8f8735856dbe5e42d"
+      url: "https://pub.dev"
+    source: hosted
+    version: "1.2.2"
+  vector_graphics_codec:
+    dependency: transitive
+    description:
+      name: vector_graphics_codec
+      sha256: "99fd9fbd34d9f9a32efd7b6a6aae14125d8237b10403b422a6a6dfeac2806146"
+      url: "https://pub.dev"
+    source: hosted
+    version: "1.1.13"
+  vector_graphics_compiler:
+    dependency: transitive
+    description:
+      name: vector_graphics_compiler
+      sha256: "142a9146f447d15b10bdc00e21d5f4d83e5b32bb5f8f8f5a04c75311344923a3"
+      url: "https://pub.dev"
+    source: hosted
+    version: "1.2.6"
   vector_math:
     dependency: transitive
     description:

ostp-flutter/pubspec.yaml

@@ -16,7 +16,7 @@ publish_to: 'none' # Remove this line if you wish to publish to pub.dev
 # https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html
 # In Windows, build-name is used as the major, minor, and patch parts
 # of the product and file versions while build-number is used as the build suffix.
-version: 0.3.7+20
+version: 0.3.8+21
 
 environment:
   sdk: ^3.11.4
@@ -34,6 +34,7 @@ dependencies:
   # The following adds the Cupertino Icons font to your application.
   # Use with the CupertinoIcons class for iOS style icons.
   cupertino_icons: ^1.0.8
+  flutter_svg: ^2.0.10
   shared_preferences: ^2.5.5
   mobile_scanner: ^5.0.0
   window_manager: ^0.5.1
@@ -72,9 +73,8 @@ flutter:
   uses-material-design: true
 
   # To add assets to your application, add an assets section, like this:
-  # assets:
+  assets:
-  #   - images/a_dot_burr.jpeg
+    - assets/logo.svg
-  #   - images/a_dot_ham.jpeg
 
   # An image asset can refer to one or more resolution-specific "variants", see
   # https://flutter.dev/to/resolution-aware-images

ostp-gui/src-tauri/Cargo.lock

@@ -2665,7 +2665,7 @@ dependencies = [
 
 [[package]]
 name = "ostp-client"
-version = "0.2.98"
+version = "0.3.8"
 dependencies = [
  "anyhow",
  "base64 0.22.1",
@@ -2700,17 +2700,20 @@ dependencies = [
 
 [[package]]
 name = "ostp-core"
-version = "0.2.98"
+version = "0.3.8"
 dependencies = [
  "anyhow",
+ "byteorder",
  "bytes",
  "chacha20poly1305",
  "hkdf",
  "hmac",
  "rand",
+ "serde",
  "sha2",
  "snow",
  "thiserror 1.0.69",
+ "tokio",
  "tracing",
  "x25519-dalek",
 ]
@@ -2720,12 +2723,16 @@ name = "ostp-gui"
 version = "0.1.0"
 dependencies = [
  "anyhow",
+ "chacha20poly1305",
+ "hex",
  "json_comments",
  "ostp-client",
+ "ostp-core",
  "portable-atomic",
  "rand",
  "serde",
  "serde_json",
+ "sha2",
  "tauri",
  "tauri-build",
  "tauri-plugin-opener",
@@ -2735,7 +2742,7 @@ dependencies = [
 
 [[package]]
 name = "ostp-tun"
-version = "0.2.98"
+version = "0.3.8"
 dependencies = [
  "anyhow",
  "libc",

ostp-gui/src-tauri/Cargo.toml

@@ -26,6 +26,7 @@ tokio = { version = "1", features = ["full"] }
 anyhow = "1"
 tracing = "0.1"
 ostp-client = { path = "../../ostp-client" }
+ostp-core = { path = "../../ostp-core" }
 portable-atomic = "1"
 json_comments = "0.2"
 rand = "0.8"

ostp-gui/src-tauri/permissions/app-commands.toml

@@ -6,11 +6,15 @@ description = "Enables access to core OSTP commands"
 allow = [
   "start_tunnel",
   "stop_tunnel",
+  "reload_tunnel",
   "get_tunnel_status",
   "get_metrics",
   "get_config",
   "save_config",
   "get_wintun_install_path",
   "set_autostart",
-  "get_autostart"
+  "get_autostart",
+  "list_running_processes",
+  "kill_auto_search",
+  "run_dns_prober"
 ]

ostp-gui/src-tauri/src/dns_prober.rs

@@ -0,0 +1,6 @@
+use ostp_core::dns_prober::{run_dns_prober as core_run_dns_prober, DnsProbeResult};
+
+#[tauri::command]
+pub async fn run_dns_prober(domain: String) -> Result<Vec<DnsProbeResult>, String> {
+    core_run_dns_prober(&domain).await
+}

ostp-gui/src-tauri/src/lib.rs

@@ -8,6 +8,7 @@ use portable_atomic::Ordering;
 use tauri::Emitter;
 
 mod ipc_crypto;
+mod dns_prober;
 
 // ── Config types ─────────────────────────────────────────────────────────────
 
@@ -778,7 +779,7 @@ static SINGLE_INSTANCE_LOCK: std::sync::OnceLock<std::net::TcpListener> = std::s
 pub fn run() {
     if let Ok(listener) = std::net::TcpListener::bind("127.0.0.1:49153") {
         let _ = SINGLE_INSTANCE_LOCK.set(listener);
-    } else {
+    } else if !cfg!(debug_assertions) {
         show_error_dialog("Приложение OSTP GUI уже запущено!");
         return;
     }
@@ -874,7 +875,7 @@ pub fn run() {
             }
             _ => {}
         })
-        .invoke_handler(tauri::generate_handler![start_tunnel, stop_tunnel, reload_tunnel, get_tunnel_status, get_metrics, get_config, save_config, get_wintun_install_path, set_autostart, get_autostart, list_running_processes])
+        .invoke_handler(tauri::generate_handler![start_tunnel, stop_tunnel, reload_tunnel, get_tunnel_status, get_metrics, get_config, save_config, get_wintun_install_path, set_autostart, get_autostart, list_running_processes, dns_prober::run_dns_prober])
         .run(tauri::generate_context!())
         .expect("error while running tauri application");
 }

ostp-gui/src-tauri/tauri.conf.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://schema.tauri.app/config/2",
   "productName": "ostp-gui",
-  "version": "0.3.7",
+  "version": "0.3.8",
   "identifier": "com.ospab.ostp",
   "build": {
     "frontendDist": "../src"

ostp-gui/src/index.html

@@ -12,10 +12,9 @@
 <body>
   <div class="app-root">
 
-    <!-- Ambient light blobs -->
+    <!-- Eagle Watermark -->
-    <div class="ambient" aria-hidden="true">
+    <div class="watermark" aria-hidden="true">
-      <div class="blob blob-1"></div>
+      <img src="assets/logo.svg" alt="" />
-      <div class="blob blob-2"></div>
     </div>
 
     <!-- ── HOME SCREEN ──────────────────────────────────────────── -->
@@ -202,24 +201,20 @@
             </select>
           </div>
 
-          <div id="group-dns-proxy" style="display: none;">
+          <div id="group-dns-proxy" style="display: none; flex-direction: column; gap: 14px;">
             <div class="field-group">
               <label class="field-label" for="in-dns-domain" style="color: var(--c-warning);" data-i18n="label_dns_domain">Domain (Points to Server)</label>
               <input id="in-dns-domain" class="field-input" type="text" placeholder="tunnel.myvpn.com" spellcheck="false" />
-              <div style="font-size: 0.8rem; color: var(--c-sub); margin-top: 4px;">
-                <span data-i18n="dns_domain_hint">This is the "last resort" over public DNS servers. You need a domain pointing to your server (NS/A record).</span>
-                <span data-i18n="dns_guide">Detailed setup guide available in</span> <a href="https://github.com/ospab/ostp/wiki/DNS-Transport" target="_blank" style="color: var(--c-accent)" data-i18n="wiki_link">GitHub Wiki</a>.
-              </div>
             </div>
 
             <div class="field-group">
-              <label class="field-label" for="in-dns-region" data-i18n="label_dns_region">DNS Resolver Region (Prober)</label>
+              <label class="field-label" for="in-dns-region" data-i18n="label_dns_region">DNS Resolver Server</label>
-              <select id="in-dns-region" class="field-input">
+              <div class="input-wrap">
-                <option value="Global" data-i18n="opt_global">Global (Cloudflare, Google, etc)</option>
+                <input id="in-dns-region" class="field-input" type="text" placeholder="1.1.1.1" spellcheck="false" />
-                <option value="Russia" data-i18n="opt_russia">Russia (Yandex, VK, etc)</option>
+                <button id="btn-dns-prober" class="peek-btn" tabindex="-1" title="Find fastest DNS server" style="width:auto; padding: 0 8px; font-size: 0.7rem; color: var(--c-accent);">
-                <option value="China" data-i18n="opt_china">China (AliDNS, DNSPod, etc)</option>
+                  PROBER
-                <option value="Iran" data-i18n="opt_iran">Iran (Shatel, Electro, etc)</option>
+                </button>
-              </select>
+              </div>
             </div>
           </div>
 
@@ -380,6 +375,23 @@
         </div>
       </div>
     </div>
+      </div>
+    </div>
+
+    <!-- DNS Prober Modal -->
+    <div id="dns-prober-modal" class="modal-overlay hidden">
+      <div class="modal-content" style="min-width: 300px; max-width: 420px;">
+        <h3 class="modal-title">DNS Prober</h3>
+        <p class="modal-text" style="font-size: 0.8rem; color: var(--c-txt-2); margin-bottom: 12px;">
+          Sends a real DNS tunnel probe through each resolver and measures the round-trip time to your server. The fastest one is selected automatically.
+        </p>
+        <div id="prober-status" style="font-size: 0.75rem; color: var(--c-accent); margin-bottom: 10px; min-height: 18px;"></div>
+        <div id="prober-list" style="display: flex; flex-direction: column; gap: 5px; max-height: 280px; overflow-y: auto;"></div>
+        <div class="modal-actions" style="margin-top: 16px;">
+          <button id="btn-prober-close" class="btn secondary">Close</button>
+        </div>
+      </div>
+    </div>
 
   </div>
   <script type="module" src="main.js"></script>

ostp-gui/src/main.js

@@ -75,7 +75,7 @@ function bindSettingsInputs() {
   if (inTransport) {
     inTransport.addEventListener('change', () => {
       if (inTransport.value === 'dns') {
-        groupDnsProxy.style.display = 'block';
+        groupDnsProxy.style.display = 'flex';
       } else {
         groupDnsProxy.style.display = 'none';
       }
@@ -88,6 +88,86 @@ const btnWintunCancel    = $('btn-wintun-cancel');
 const btnWintunOpen      = $('btn-wintun-open');
 const wintunInstallPath  = $('wintun-install-path');
 
+const dnsProberModal     = $('dns-prober-modal');
+const proberStatus       = $('prober-status');
+const proberList         = $('prober-list');
+const btnProberClose     = $('btn-prober-close');
+const btnDnsProber       = $('btn-dns-prober');
+
+// ── DNS Prober ───────────────────────────────────────────────────────────────
+async function openDnsProber() {
+  dnsProberModal.classList.remove('hidden');
+  proberList.innerHTML = '';
+  proberStatus.textContent = 'Running probes...';
+
+  const domain = inDnsDomain?.value?.trim() || 'example.com';
+
+  let results;
+  try {
+    results = await invoke('run_dns_prober', { domain });
+  } catch (err) {
+    proberStatus.textContent = 'Error: ' + err;
+    return;
+  }
+
+  proberList.innerHTML = '';
+
+  if (!results || results.length === 0) {
+    proberStatus.textContent = 'No results.';
+    return;
+  }
+
+  let bestIp = null;
+
+  results.forEach((r, i) => {
+    const isBest = i === 0 && r.latency_ms != null;
+    if (isBest && !bestIp) bestIp = r.ip;
+
+    const row = document.createElement('div');
+    row.style.cssText = `
+      display: flex; align-items: center; justify-content: space-between;
+      padding: 6px 10px; border-radius: 6px; cursor: pointer;
+      background: ${isBest ? 'rgba(99,179,237,0.12)' : 'rgba(255,255,255,0.04)'};
+      border: 1px solid ${isBest ? 'rgba(99,179,237,0.35)' : 'transparent'};
+      transition: background 0.15s;
+    `;
+
+    const latText = r.latency_ms != null ? `${r.latency_ms} ms` : 'TIMEOUT';
+    const latColor = r.latency_ms == null ? '#f56565'
+      : r.latency_ms < 50 ? '#68d391'
+      : r.latency_ms < 150 ? '#f6e05e'
+      : '#fc8181';
+
+    row.innerHTML = `
+      <span style="font-size:0.78rem; color: var(--c-txt-1);">${isBest ? '⭐ ' : ''}${r.name}</span>
+      <span style="font-size:0.78rem; color: var(--c-txt-2);">${r.ip}</span>
+      <span style="font-size:0.78rem; font-weight:600; color:${latColor};">${latText}</span>
+    `;
+
+    if (r.latency_ms != null) {
+      row.addEventListener('click', () => {
+        inDnsRegion.value = r.ip;
+        scheduleAutoSave();
+        dnsProberModal.classList.add('hidden');
+        showToast('DNS server set to ' + r.ip, 'ok');
+      });
+      row.addEventListener('mouseenter', () => { row.style.background = 'rgba(99,179,237,0.18)'; });
+      row.addEventListener('mouseleave', () => { row.style.background = isBest ? 'rgba(99,179,237,0.12)' : 'rgba(255,255,255,0.04)'; });
+    }
+
+    proberList.appendChild(row);
+  });
+
+  if (bestIp) {
+    proberStatus.textContent = `✓ Best: ${bestIp} — click any row to select`;
+    // Auto-fill best
+    inDnsRegion.value = bestIp;
+    scheduleAutoSave();
+  } else {
+    proberStatus.textContent = 'All servers timed out.';
+  }
+}
+
 // ── Tag-input state ───────────────────────────────────────────────────────────
 // Map of tagId -> Set<string>
 const tagState = {
@@ -366,7 +446,7 @@ async function loadConfigIntoForm() {
         inKey.value = ostpOut.access_key || '';
         inTransport.value = ostpOut.transport?.type || 'udp';
         if (inTransport.value === 'dns') {
-          groupDnsProxy.style.display = 'block';
+          groupDnsProxy.style.display = 'flex';
           inDnsDomain.value = ostpOut.transport?.domain || '';
           inDnsRegion.value = ostpOut.transport?.resolver || 'Global';
         } else {
@@ -592,6 +672,7 @@ window.addEventListener('DOMContentLoaded', async () => {
   applyTranslations();
   setState('disconnected');
   updateKillSwitchVisibility();
+  bindSettingsInputs();
 
   // Event wiring
   if (window.__TAURI__ && window.__TAURI__.event) {
@@ -737,6 +818,22 @@ window.addEventListener('DOMContentLoaded', async () => {
     wintunModal.classList.add('hidden');
   });
 
+  // DNS Prober modal
+  if (btnDnsProber) {
+    btnDnsProber.addEventListener('click', openDnsProber);
+  }
+  if (btnProberClose) {
+    btnProberClose.addEventListener('click', () => {
+      dnsProberModal.classList.add('hidden');
+    });
+  }
+  // Close prober on backdrop click
+  if (dnsProberModal) {
+    dnsProberModal.addEventListener('click', (e) => {
+      if (e.target === dnsProberModal) dnsProberModal.classList.add('hidden');
+    });
+  }
+
   // Open wintun.net link — handled natively by <a target="_blank">, but also wire as fallback
   if (btnWintunOpen && window.__TAURI__) {
     btnWintunOpen.addEventListener('click', (e) => {

ostp-gui/src/styles.css

@@ -5,27 +5,27 @@
 
 /* ── Tokens — Dark (default) ─────────────────────────────────────────────── */
 :root {
-  /* Colors */
+  /* Colors - Dark (default) */
-  --c-bg:          #08080f;
+  --c-bg:          #030303;
-  --c-surface:     #0f0f1a;
+  --c-surface:     #09090b;
-  --c-card:        rgba(255,255,255,0.04);
+  --c-card:        rgba(255,255,255,0.02);
-  --c-card-border: rgba(255,255,255,0.07);
+  --c-card-border: rgba(255,255,255,0.05);
 
-  --c-accent:      #6c72ff;
+  --c-accent:      #52525b;
-  --c-accent-2:    #a78bfa;
+  --c-accent-2:    #71717a;
-  --c-accent-glow: rgba(108,114,255,0.35);
+  --c-accent-glow: rgba(255,255,255,0.05);
-  --c-accent-dim:  rgba(108,114,255,0.12);
+  --c-accent-dim:  rgba(255,255,255,0.03);
 
-  --c-green:       #22d3a5;
+  --c-green:       #10b981;
-  --c-green-glow:  rgba(34,211,165,0.35);
+  --c-green-glow:  rgba(16,185,129,0.25);
-  --c-green-dim:   rgba(34,211,165,0.10);
+  --c-green-dim:   rgba(16,185,129,0.10);
 
   --c-amber:       #f59e0b;
-  --c-red:         #f87171;
+  --c-red:         #ef4444;
 
-  --c-txt-1:       #e2e4f0;
+  --c-txt-1:       #fdfdfd;
-  --c-txt-2:       #636882;
+  --c-txt-2:       #a1a1aa;
-  --c-txt-3:       #343647;
+  --c-txt-3:       #52525b;
 
   /* Radii */
   --r-xs:  6px;
@@ -46,26 +46,26 @@
 
 /* ── Tokens — Light theme override ────────────────────────────────────────── */
 [data-theme="light"] {
-  --c-bg:          #f0f2fa;
+  --c-bg:          #f4f4f5;
   --c-surface:     #ffffff;
-  --c-card:        rgba(255,255,255,0.75);
+  --c-card:        rgba(0,0,0,0.02);
-  --c-card-border: rgba(0,0,0,0.08);
+  --c-card-border: rgba(0,0,0,0.06);
 
-  --c-accent:      #5b61f0;
+  --c-accent:      #e4e4e7;
-  --c-accent-2:    #8b5cf6;
+  --c-accent-2:    #d4d4d8;
-  --c-accent-glow: rgba(91,97,240,0.25);
+  --c-accent-glow: rgba(0,0,0,0.05);
-  --c-accent-dim:  rgba(91,97,240,0.10);
+  --c-accent-dim:  rgba(0,0,0,0.03);
 
-  --c-green:       #10b981;
+  --c-green:       #059669;
-  --c-green-glow:  rgba(16,185,129,0.25);
+  --c-green-glow:  rgba(5,150,105,0.2);
-  --c-green-dim:   rgba(16,185,129,0.10);
+  --c-green-dim:   rgba(5,150,105,0.1);
 
   --c-amber:       #d97706;
-  --c-red:         #ef4444;
+  --c-red:         #dc2626;
 
-  --c-txt-1:       #0f1020;
+  --c-txt-1:       #09090b;
-  --c-txt-2:       #5a5f7a;
+  --c-txt-2:       #52525b;
-  --c-txt-3:       #b0b4cc;
+  --c-txt-3:       #a1a1aa;
 }
 
 /* ── Light theme element overrides ───────────────────────────────────────── */
@@ -74,9 +74,6 @@ html[data-theme="light"] body {
   background: var(--c-bg);
 }
 
-html[data-theme="light"] .blob-1 { opacity: 0.08; }
-html[data-theme="light"] .blob-2 { opacity: 0.06; }
-
 html[data-theme="light"] .power-btn {
   background: var(--c-surface);
   box-shadow:
@@ -198,41 +195,32 @@ input, textarea { font-family: inherit; }
   overflow: hidden;
 }
 
-/* ── Ambient blobs ────────────────────────────────────────────────────────── */
+/* ── Watermark ────────────────────────────────────────────────────────────── */
-.ambient {
+.watermark {
   position: absolute;
-  inset: 0;
+  top: 50%;
+  left: 50%;
+  transform: translate(-50%, -50%);
+  width: 80%;
+  max-width: 600px;
   pointer-events: none;
   z-index: 0;
-  overflow: hidden;
+  opacity: 0.05;
+  user-select: none;
+  display: flex;
+  align-items: center;
+  justify-content: center;
 }
 
-.blob {
+.watermark img {
-  position: absolute;
+  width: 100%;
-  border-radius: 50%;
+  height: auto;
-  filter: blur(100px);
+  object-fit: contain;
-  will-change: transform;
 }
 
-.blob-1 {
+html[data-theme="light"] .watermark {
-  width: 400px; height: 400px;
+  opacity: 0.06;
-  background: var(--c-accent);
+  filter: invert(1);
-  opacity: 0.15;
-  top: -150px; right: -100px;
-  animation: blob-drift 28s infinite alternate ease-in-out;
-}
-
-.blob-2 {
-  width: 350px; height: 350px;
-  background: var(--c-green);
-  opacity: 0.10;
-  bottom: -100px; left: -100px;
-  animation: blob-drift 22s infinite alternate-reverse ease-in-out;
-}
-
-@keyframes blob-drift {
-  from { transform: translate(0, 0); }
-  to   { transform: translate(30px, 20px); }
 }
 
 /* ── Screen system ────────────────────────────────────────────────────────── */

ostp-jni/src/lib.rs

@@ -368,3 +368,31 @@ pub extern "system" fn Java_net_ostp_client_OstpClientSdk_notifyNetworkChanged(
 
     // No-op for now; multi-server handles network drops via keep-alives and reconnection
 }
+
+#[no_mangle]
+pub extern "system" fn Java_net_ostp_client_OstpClientSdk_nativeRunDnsProber(
+    mut env: JNIEnv,
+    _class: JClass,
+    domain: JString,
+) -> jstring {
+    let domain_str: String = match env.get_string(&domain) {
+        Ok(s) => s.into(),
+        Err(_) => return env.new_string("[]").unwrap().into_raw(),
+    };
+
+    let rt = tokio::runtime::Builder::new_current_thread()
+        .enable_all()
+        .build()
+        .unwrap();
+
+    let result = rt.block_on(async {
+        ostp_core::dns_prober::run_dns_prober(&domain_str).await
+    });
+
+    let json = match result {
+        Ok(res) => serde_json::to_string(&res).unwrap_or_else(|_| "[]".to_string()),
+        Err(_) => "[]".to_string(),
+    };
+
+    env.new_string(json).unwrap().into_raw()
+}

ostp-server/src/config.rs

@@ -27,6 +27,15 @@ pub enum ServerInbound {
         username: Option<String>,
         #[serde(default, skip_serializing_if = "Option::is_none")]
         password_hash: Option<String>,
+    },
+    Dns {
+        tag: String,
+        listen: String,
+        domain: String,
+        #[serde(default, skip_serializing_if = "Option::is_none")]
+        pubkey: Option<String>,
+        #[serde(default, skip_serializing_if = "Option::is_none")]
+        privkey: Option<String>,
     }
 }
 
@@ -121,9 +130,6 @@ pub struct ModularServerConfig {
     pub dns: Option<DnsConfig>,
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub license_key: Option<String>,
-    
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub dns_transport: Option<DnsTransportConfig>,
 }
 
 #[derive(Debug, Deserialize, Serialize, Clone)]

ostp-wiki/DNS-Transport.md

@@ -1,73 +0,0 @@
-# OSTP DNS Transport (Последний Рубеж)
-
-DNS Transport (DNS Прокси) — это экспериментальный транспорт, который является "последним рубежом" для обхода блокировок. Он используется, когда все остальные протоколы (UDP, UoT/TCP) полностью заблокированы провайдером или DPI.
-
-Он маскирует весь VPN-трафик под обычные запросы к DNS-серверам (разрешение имен), что делает его блокировку практически невозможной без отключения интернета в целом. OSTP использует запросы типа `TXT` и `NULL` для передачи данных, используя кодировку Base32.
-
-> **Внимание:** DNS-туннелирование работает значительно медленнее обычных протоколов из-за накладных расходов протокола DNS. Рекомендуется использовать этот режим только когда другие способы не работают.
-
-## Как это работает?
-
-Вместо того чтобы отправлять трафик напрямую на ваш сервер, клиент OSTP отправляет стандартный DNS-запрос на **публичные DNS-серверы** (например, 1.1.1.1, 8.8.8.8) или серверы выбранного вами региона (Prober).
-Публичный сервер-резолвер перенаправляет этот запрос на **ваш сервер** (как на авторитативный DNS-сервер для вашего домена), а ваш сервер отвечает обратно через резолвер.
-
-Для настройки этого механизма **вам понадобится собственный домен**.
-
----
-
-## Настройка на стороне сервера (Домен)
-
-Вам необходимо настроить NS-записи вашего домена так, чтобы они указывали на IP-адрес вашего OSTP сервера. 
-
-Например, вы владеете доменом `myvpn.com` и хотите использовать поддомен `t.myvpn.com` для туннеля, а IP вашего сервера — `192.168.1.100`.
-
-В панели управления вашего DNS-регистратора добавьте следующие записи:
-
-1. **A-запись:**
-   - Имя (Host): `ns.myvpn.com`
-   - Тип (Type): `A`
-   - Значение (Value): `192.168.1.100` (IP вашего OSTP-сервера)
-
-2. **NS-запись:**
-   - Имя (Host): `t.myvpn.com`
-   - Тип (Type): `NS`
-   - Значение (Value): `ns.myvpn.com`
-
-Теперь любой DNS-запрос к поддоменам `t.myvpn.com` будет направляться на ваш сервер (на порт 53).
-
----
-
-## Настройка сервера OSTP
-
-В файле конфигурации вашего OSTP сервера (`config.json` или `server.json`) необходимо включить прослушивание порта 53 для DNS транспорта:
-
-```json
-{
-  "mode": "server",
-  "dns_transport": {
-    "enabled": true,
-    "port": 53,
-    "domain": "t.myvpn.com"
-  }
-}
-```
-
-> **Важно:** Для прослушивания порта 53 на Linux обычно требуются root-права. Убедитесь, что сервер запущен с `sudo` или используйте возможности `setcap` для предоставления доступа к порту:
-> `sudo setcap cap_net_bind_service=+ep /path/to/ostp`
-
----
-
-## Настройка в приложении (Клиент)
-
-В клиенте OSTP (Desktop GUI или Mobile):
-
-1. Перейдите в **Settings (Настройки)**.
-2. В поле **Transport Protocol** выберите `DNS Proxy (Последний рубеж)`.
-3. Появится поле **Domain (Points to Server)** — введите сюда настроенный поддомен (например, `t.myvpn.com`).
-4. Поле **DNS Resolver Region** позволяет выбрать, через серверы какой страны/провайдера будет осуществляться маршрутизация пакетов (например, Global, Russia, China, Iran). Клиент (Prober) автоматически найдет наиболее быстрый публичный резолвер в этом регионе.
-
-## Ограничения и особенности
-
-- **Скорость:** Из-за размера DNS-пакетов и задержек публичных серверов, максимальная скорость может составлять 1-5 Мбит/с.
-- **Polling:** Поскольку DNS работает по принципу "Запрос-Ответ", клиент отправляет пустые поллинговые пакеты каждые 2 секунды, чтобы позволить серверу пересылать входящие данные.
-- **Поддержка DoH/DoT:** В текущей версии запросы к публичным резолверам отправляются в открытом виде (UDP порт 53). В будущих обновлениях будет добавлена поддержка DNS over HTTPS (DoH) для дополнительного слоя защиты от DPI-фильтров.

ostp-wiki/README.md

@@ -1,8 +0,0 @@
-# OSTP Wiki
-
-This repository contains the documentation and wiki pages for the Ospab Stealth Transport Protocol (OSTP).
-
-- [Configuration Guide](configuration_guide.md)
-- [API Endpoints](api_endpoints.md)
-- [DNS Transport (Последний Рубеж)](DNS-Transport.md)
-- [v0.3.1 Configuration Migration Guide](../docs/migration_v0_3_1.md)

ostp-wiki/api_endpoints.md

@@ -1,149 +0,0 @@
-# Справочник API управления OSTP
-
-Сервер OSTP предоставляет REST API для управления пользователями, просмотра статистики трафика и интерактивного редактирования конфигурации.
-
-По умолчанию API слушает на порту `9090` (хост настраивается в файле конфигурации).
-
----
-
-## Авторизация
-
-Все запросы к API (за исключением подписок) должны содержать заголовок `Authorization` с API-токеном (если токен включен в конфигурационном файле):
-
-```http
-Authorization: Bearer <ваш_api_токен>
-```
-
-Или в упрощенном виде:
-```http
-Authorization: <ваш_api_токен>
-```
-
----
-
-## Формат ответов
-
-Все ответы API возвращаются в формате JSON следующей структуры:
-
-```json
-{
-  "ok": true,
-  "data": ...,
-  "error": null
-}
-```
-
-В случае ошибки:
-```json
-{
-  "ok": false,
-  "data": null,
-  "error": "Описание ошибки"
-}
-```
-
----
-
-## Список эндпоинтов
-
-### 1. Статус сервера
-Возвращает текущую версию, аптайм и количество пользователей.
-
-* **URL**: `/api/server/status`
-* **Метод**: `GET`
-* **Формат `data`**:
-  ```json
-  {
-    "version": "0.2.30",
-    "uptime_seconds": 12053,
-    "active_users": 2,
-    "total_users": 5
-  }
-  ```
-
-### 2. Получение текущего конфига
-Запрашивает полное содержимое файла `config.json` с удалением комментариев для прямой модификации.
-
-* **URL**: `/api/server/config`
-* **Метод**: `GET`
-* **Формат `data`**: Полный JSON-конфиг сервера.
-
-### 3. Обновление конфига
-Записывает новый JSON конфигурации сервера в файл `config.json` на диске. Это автоматически вызывает **hot-reload** ядра (применение ключей доступа и лимитов).
-
-* **URL**: `/api/server/config`
-* **Метод**: `PUT`
-* **Тело запроса**: JSON нового конфигурационного файла.
-* **Формат `data`**: `true` в случае успешного сохранения.
-
-### 4. Список клиентов и их статистики
-Возвращает список всех зарегистрированных ключей доступа с их текущей загрузкой, скачиванием, активными сессиями и статусом подключения.
-
-* **URL**: `/api/users`
-* **Метод**: `GET`
-* **Формат `data`**:
-  ```json
-  [
-    {
-      "access_key": "ostp_key_sample1",
-      "bytes_up": 2405020,
-      "bytes_down": 491029402,
-      "connections": 2,
-      "limit_bytes": 10737418240,
-      "online": true,
-      "name": "Ноутбук"
-    }
-  ]
-  ```
-
-### 5. Создание клиента
-Генерирует новый ключ доступа (или регистрирует пользовательский).
-
-* **URL**: `/api/users`
-* **Метод**: `POST`
-* **Тело запроса**:
-  ```json
-  {
-    "access_key": "my_custom_key_optional",
-    "name": "Имя клиента",
-    "limit_bytes": 50000000000
-  }
-  ```
-* **Формат `data`**: Строка созданного ключа доступа.
-
-### 6. Удаление клиента
-Отзывает ключ доступа и сбрасывает все связанные активные сессии.
-
-* **URL**: `/api/users/:key`
-* **Метод**: `DELETE`
-* **Формат `data`**: `"User removed"`
-
-### 7. Обновление клиента
-Редактирует имя или лимит трафика для клиента.
-
-* **URL**: `/api/users/:key`
-* **Метод**: `PUT`
-* **Тело запроса**:
-  ```json
-  {
-    "name": "Новое имя",
-    "limit_bytes": 100000000000
-  }
-  ```
-* **Формат `data`**: `"User updated"`
-
-### 8. Сброс счетчиков трафика
-Обнуляет показания загрузки и скачивания для определенного пользователя.
-
-* **URL**: `/api/users/{key}/reset`
-* **Метод**: `POST`
-* **Формат `data`**: `true`
-
-### 9. Ссылка подписки клиента
-Возвращает ссылку подписки или конфигурационный файл для клиента. Авторизация по Bearer-токену **не требуется** (ключ авторизуется сам через URL).
-
-* **URL**: `/api/subscribe/:key`
-* **Метод**: `GET`
-* **Заголовки**:
-  - `Accept: text/plain` -> Возвращает текстовую ссылку `ostp://<key>@<host>:<port>?...`
-  - `Accept: application/json` -> Возвращает полный клиентский JSON-конфиг.

ostp-wiki/configuration_guide.md

@@ -1,125 +0,0 @@
-# Руководство по конфигурации OSTP (`config.json`)
-
-Файл `config.json` является основным конфигурационным файлом для сервера, клиента и реле.
-
-Ниже приведено подробное описание структуры для режима работы **Server**.
-
----
-
-## Полный пример конфигурации
-
-```json
-{
-  "mode": "server",
-  "log_level": "info",
-  "listen": "0.0.0.0:50000",
-  "access_keys": [
-    "some_simple_key",
-    {
-      "access_key": "detailed_key_with_limit",
-      "name": "Рабочий Ноутбук",
-      "limit_bytes": 107374182400
-    }
-  ],
-  "api": {
-    "enabled": true,
-    "bind": "127.0.0.1:9090",
-    "token": "7a3f8b2c4d9e0f1a2b3c4d5e6f7a8b9c"
-  },
-  "fallback": {
-    "enabled": false,
-    "listen": "0.0.0.0:443",
-    "target": "127.0.0.1:8080"
-  },
-  "reality": {
-    "enabled": false,
-    "dest": "www.microsoft.com:443",
-    "private_key": "...",
-    "pbk": "...",
-    "sid": "...",
-    "sni_list": ["www.microsoft.com"]
-  },
-  "outbound": {
-    "enabled": false,
-    "protocol": "socks5",
-    "address": "127.0.0.1",
-    "port": 9050,
-    "default_action": "proxy",
-    "rules": [
-      {
-        "domain_suffix": [".onion"],
-        "action": "proxy"
-      }
-    ]
-  },
-  "debug": false
-}
-```
-
----
-
-## Описание разделов конфигурации
-
-### 1. Основные параметры
-- **`mode`** (строка): Режим работы. Возможные варианты: `"server"`, `"client"`, `"relay"`.
-- **`log_level`** (строка): Уровень логирования. Варианты: `"debug"`, `"info"`, `"warn"`, `"error"`.
-- **`listen`** (строка или массив строк): Порт и интерфейсы, на которых сервер слушает входящие UDP (и опционально TCP/UoT) соединения. Примеры:
-  - `"0.0.0.0:50000"` (все IPv4 интерфейсы)
-  - `["0.0.0.0:50000", "[::]:50000"]` (поддержка IPv4 и IPv6 одновременно)
-- **`debug`** (логический): Включает подробное отладочное логирование протокола.
-
----
-
-### 2. Ключи доступа (`access_keys`)
-Раздел содержит массив ключей доступа. Поддерживается два формата записи (для обратной совместимости):
-1. **Простая строка**: Текст ключа доступа. Лимит трафика отсутствует.
-   ```json
-   "my_secure_key"
-   ```
-2. **Объект с метаданными**:
-   - `access_key` (строка, обязательно): Текст ключа для подключения.
-   - `name` (строка, опционально): Человекочитаемое описание клиента.
-   - `limit_bytes` (число, опционально): Лимит трафика в байтах (загрузка + скачивание).
-
-При достижении `limit_bytes` сессия клиента немедленно сбрасывается и подключение блокируется до обнуления счетчика или расширения лимита.
-
----
-
-### 3. REST API Управления (`api`)
-Используется для программного управления сервером и интеграции с внешними панелями.
-- **`enabled`** (логический): Включение встроенного веб-сервера API.
-- **`bind`** (строка): Интерфейс и порт для прослушивания (например, `"127.0.0.1:9090"`).
-- **`token`** (строка): Bearer-токен для авторизации администратора. Автоматически генерируется сервером при команде `ostp --init server`.
-
----
-
-### 4. Встроенный TCP Fallback прокси (`fallback`)
-Позволяет маскировать порт под веб-сервер при сканировании активными DPI-зондами.
-- **`enabled`** (логический): Включить проксирование TCP.
-- **`listen`** (строка): Порт прослушивания TCP/TLS (например, `"0.0.0.0:443"`).
-- **`target`** (строка): Локальный веб-сервер (например, `"127.0.0.1:8080"` на nginx/caddy), куда будут пересылаться все обычные запросы (не-OSTP трафик).
-
----
-
-### 5. Reality Маскировка (`reality`)
-Реализует спецификацию XTLS-Reality для бесшовной маскировки трафика под легитимный TLS-сервер.
-- **`enabled`** (логический): Включение маскировки.
-- **`dest`** (строка): Целевой домен маскировки (например, `"www.microsoft.com:443"`).
-- **`private_key`** (строка): Приватный ключ Reality сервера (X25519).
-- **`pbk`** (строка): Публичный ключ Reality сервера.
-- **`sid`** (строка, 8 байт hex): Идентификатор сессии.
-- **`sni_list`** (массив строк): Разрешенные SNI заголовки от клиентов.
-
----
-
-### 6. Правила маршрутизации (`outbound`)
-Позволяет пересылать часть исходящего трафика клиентов через прокси-сервер (например, SOCKS5/TOR).
-- **`enabled`** (логический): Включить исходящую маршрутизацию.
-- **`protocol`** (строка): Протокол прокси. На данный момент поддерживается `"socks5"`.
-- **`address`** (строка): Хост прокси-сервера.
-- **`port`** (число): Порт прокси-сервера.
-- **`default_action`** (строка): Действие для трафика, не попавшего под правила. Варианты: `"direct"` (напрямую с сервера) или `"proxy"` (через прокси).
-- **`rules`** (массив объектов): Список правил перенаправления:
-  - `domain_suffix` (массив строк): Фильтрация по суффиксу домена.
-  - `ip_cidr` (массив строк): Фильтрация по IP подсетям.
-  - `action` (строка): Действие при совпадении (`"direct"` или `"proxy"`).

ostp.wiki

@@ -0,0 +1 @@
+Subproject commit 43b4935fd2addc284a5ae8719824652f9063b95d

ostp/src/main.rs

@@ -127,7 +127,7 @@ fn parse_ostp_link(link: &str) -> Result<serde_json::Value> {
     }
 
     Ok(serde_json::json!({
-        "version": "0.3.1",
+        "version": "{}",
         "log": {
             "level": "info"
         },
@@ -700,7 +700,7 @@ fn run_setup_wizard(config_path: &std::path::Path) -> Result<()> {
 
             let client_json = serde_json::json!({
                 "mode": "client",
-                "version": "0.3.1",
+                "version": "{}",
                 "log": {
                     "level": "info"
                 },
@@ -802,7 +802,7 @@ fn run_setup_wizard(config_path: &std::path::Path) -> Result<()> {
             let port: u16 = port_str.parse().unwrap_or(50000);
             let server_json = serde_json::json!({
                 "mode": "server",
-                "version": "0.3.1",
+                "version": "{}",
                 "log": {
                     "level": "info"
                 },
@@ -921,7 +921,7 @@ fn run_setup_wizard(config_path: &std::path::Path) -> Result<()> {
             let panel_bind = format!("0.0.0.0:{}", panel_port);
             let server_json = serde_json::json!({
                 "mode": "server",
-                "version": "0.3.1",
+                "version": "{}",
                 "log": {
                     "level": "info"
                 },
@@ -1006,7 +1006,7 @@ fn run_setup_wizard(config_path: &std::path::Path) -> Result<()> {
             wizard_step(2, TOTAL, "Saving configuration");
             let relay_json = serde_json::json!({
                 "mode": "relay",
-                "version": "0.3.1",
+                "version": "{}",
                 "log": {
                     "level": "info"
                 },
@@ -1120,6 +1120,19 @@ async fn run_app() -> Result<()> {
         return cmd_migrate(&args.config);
     }
 
+    if args.config.exists() && !args.uninstall && !args.update {
+        if let Ok(config_content) = fs::read_to_string(&args.config) {
+            let mut stripped = json_comments::StripComments::new(config_content.as_bytes());
+            if let Ok(raw_json) = serde_json::from_reader::<_, serde_json::Value>(&mut stripped) {
+                if raw_json.get("version").and_then(|v| v.as_str()) != Some(env!("CARGO_PKG_VERSION")) {
+                    println!("{} Outdated configuration format detected.", "[ostp]".yellow().bold());
+                    println!("{} Please run '{}' to update your configuration to the latest modular format.", "[ostp]".yellow().bold(), "ostp --migrate".green());
+                    std::process::exit(1);
+                }
+            }
+        }
+    }
+
     // ── Setup wizard: explicit flag or first-time (no config) ────────
     if args.setup {
         return run_setup_wizard(&args.config);
@@ -1322,6 +1335,9 @@ async fn run_app() -> Result<()> {
                                 ostp_server::config::ServerInbound::Api { listen, port, .. } => {
                                     println!("  Inbound API: {}:{}", listen.cyan(), port.to_string().cyan());
                                 }
+                                ostp_server::config::ServerInbound::Dns { listen, .. } => {
+                                    println!("  Inbound DNS Tunnel: {}", listen.cyan());
+                                }
                             }
                         }
                         println!("  Access keys: {}", keys_count.to_string().yellow());
@@ -1376,94 +1392,131 @@ async fn run_app() -> Result<()> {
     if let Some(ref mode_str) = args.init {
         let is_server = mode_str == "server";
         let key = generate_secure_key("hex");
+        let dns_pub = generate_secure_key("base64");
+        let dns_priv = generate_secure_key("base64");
                 let content = if is_server {
             format!(r#"{{
-  // OSTP Configuration v0.3.1
+  // OSTP Server Configuration
-  // DO NOT EDIT THIS COMMENT - Migrator relies on it
+  "version": "{}",
-  "version": "0.3.1",
   "mode": "server",
   "log": {{
+    // Log levels: trace, debug, info, warn, error
     "level": "info"
   }},
-
+  "inbounds": [
-  // The address and port the server listens on for incoming OSTP connections.
-  "listen": "0.0.0.0:50000",
-
-  // List of valid keys. Clients must use one of these to connect.
-  "access_keys": [
-    "{}"
-  ],
-
-  // Optional proxy for outbound traffic.
-  "outbound": {{
-    "enabled": false,
-    "protocol": "socks5",
-    "address": "127.0.0.1",
-    "port": 9050,
-    "default_action": "proxy",
-    "rules": [
     {{
-        "domain_suffix": [".onion"],
+      // Primary OSTP protocol listener
-        "action": "proxy"
+      "protocol": "ostp",
+      "listen": "0.0.0.0",
+      "port": 50000,
+      "users": [
+        {{
+          // Generated access key for the first client
+          "key": "{}"
         }}
-    ]
+      ],
-  }},
-
-  // Fallback TCP proxy: unrecognized connections are proxied to a web server (anti-DPI).
       "fallback": {{
+        // Fallback protection: redirects unauthorized probes to a real website
         "enabled": false,
         "listen": "0.0.0.0:443",
-    // Target web server (e.g., local nginx or caddy)
         "target": "127.0.0.1:8080"
+      }}
     }},
-
+    {{
-  "debug": false,
+      // Web Administration API
-
+      "protocol": "api",
+      "listen": "127.0.0.1",
+      "port": 9090,
+      "token": "YOUR_SECRET_TOKEN",
+      "webpath": "/admin",
+      "username": "admin",
+      "password_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+    }},
+    {{
+      // DNS Tunnel Inbound
       // [WARNING] This is a last-resort transport via public DNS.
       // It requires a dedicated registered domain with NS records pointing to this server.
       // Full setup guide: https://github.com/ospab/ostp/wiki/DNS-Tunneling
-  "dns_transport": {{
+      "protocol": "dns",
-    "enabled": false,
+      "tag": "dns-tunnel",
       "listen": "0.0.0.0:53",
       "domain": "tunnel.example.com",
-    "pubkey": "SERVER_PUBKEY_BASE64_HERE",
+      "pubkey": "{dns_pub}",
-    "privkey": "SERVER_PRIVKEY_BASE64_HERE"
+      "privkey": "{dns_priv}"
     }}
-}}"#, key)
+  ],
+  "outbounds": [
+    {{
+      // Example local SOCKS5 proxy (e.g. for Tor network)
+      "protocol": "socks5",
+      "tag": "socks5-local",
+      "server": "127.0.0.1",
+      "port": 9050
+    }},
+    {{
+      // Default direct internet access
+      "protocol": "direct",
+      "tag": "direct"
+    }},
+    {{
+      // Blackhole for blocked connections
+      "protocol": "block",
+      "tag": "block"
+    }}
+  ],
+  "routing": {{
+    // Rule-based routing of client traffic
+    "rules": [
+      {{
+        "domain_suffix": [".onion"],
+        "outbound": "socks5-local"
+      }}
+    ],
+    // If no rules match, use the default outbound
+    "default_outbound": "direct"
+  }},
+  "debug": false
+}}"#, env!("CARGO_PKG_VERSION"), key, dns_pub=dns_pub, dns_priv=dns_priv)
         } else if mode_str == "relay" {
-            r#"{
+            format!(r#"{{
-  // OSTP Configuration v0.3.1
+  // OSTP Relay Configuration v0.3.5
   // DO NOT EDIT THIS COMMENT - Migrator relies on it
-  "version": "0.3.1",
+  "version": "{}",
   "mode": "relay",
-  "log": {
+  "log": {{
+    // Log levels: trace, debug, info, warn, error
     "level": "info"
-  },
+  }},
+  // Local port for the relay to listen on
   "listen": "0.0.0.0:50000",
+  // Upstream server details
   "upstream_tcp": "TARGET_SERVER_IP:50000",
   "upstream_udp": "TARGET_SERVER_IP:50000",
+  // Upstream Control Panel API for automatic key synchronization
   "upstream_api_url": "http://TARGET_SERVER_IP:9090",
   "upstream_api_token": "YOUR_API_TOKEN_HERE",
   "sync_interval_secs": 30,
   "debug": false
-}"#.to_string()
+}}"#, env!("CARGO_PKG_VERSION"))
         } else {
             format!(r#"{{
-  // OSTP Configuration v0.3.1
+  // OSTP Client Configuration
   // DO NOT EDIT THIS COMMENT - Migrator relies on it
-  "version": "0.3.1",
+  "version": "{}",
   "mode": "client",
   "log": {{
     "level": "info"
   }},
   "inbounds": [
     {{
+      // Virtual network interface for transparent proxying
       "type": "tun",
       "tag": "tun-in",
       "auto_route": true,
       "mtu": 1140
     }},
     {{
+      // Local SOCKS5 proxy server for browser configuration
       "type": "local_proxy",
       "tag": "socks-in",
       "protocol": "socks",
@@ -1473,6 +1526,7 @@ async fn run_app() -> Result<()> {
   ],
   "outbounds": [
     {{
+      // Connection to the remote OSTP server
       "type": "ostp",
       "tag": "proxy",
       "server": "YOUR_SERVER_IP",
@@ -1504,7 +1558,7 @@ async fn run_app() -> Result<()> {
     ],
     "default_outbound": "proxy"
   }}
-}}"#, key = key)
+}}"#, env!("CARGO_PKG_VERSION"), key = key)
         };
         if let Some(parent) = args.config.parent() {
             if !parent.as_os_str().is_empty() {
@@ -1570,12 +1624,12 @@ async fn run_app() -> Result<()> {
     let mut raw_json: serde_json::Value = serde_json::from_reader(&mut stripped)
         .map_err(|e| anyhow!("Failed to parse config as JSON: {}", e))?;
 
-    let is_migrated = raw_json.get("version").and_then(|v| v.as_str()) == Some("0.3.1");
+    let is_migrated = raw_json.get("version").and_then(|v| v.as_str()) == Some(env!("CARGO_PKG_VERSION"));
     if !is_migrated {
         let is_server = raw_json.get("listen").is_some() || raw_json.get("access_keys").is_some();
         if is_server {
             raw_json["mode"] = serde_json::json!("server");
-            raw_json["version"] = serde_json::json!("0.3.1");
+            raw_json["version"] = serde_json::json!(env!("CARGO_PKG_VERSION"));
             if let Some(log) = raw_json.get("log_level") {
                 raw_json["log"] = serde_json::json!({ "level": log.clone() });
             }
@@ -1663,6 +1717,7 @@ async fn run_app() -> Result<()> {
             let mut fallback_config = None;
             let mut host_port = ("0.0.0.0".to_string(), 50000);
             let mut api_config = None;
+            let mut dns_transport = None;
 
             for inbound in server_cfg.inbounds {
                 match inbound {
@@ -1689,6 +1744,15 @@ async fn run_app() -> Result<()> {
                             password_hash: password_hash.unwrap_or_default(),
                         });
                     }
+                    ostp_server::config::ServerInbound::Dns { listen, domain, pubkey, privkey, .. } => {
+                        dns_transport = Some(ostp_server::config::DnsTransportConfig {
+                            enabled: true,
+                            listen,
+                            domain,
+                            pubkey: pubkey.unwrap_or_default(),
+                            privkey: privkey.unwrap_or_default(),
+                        });
+                    }
                 }
             }
 
@@ -1735,7 +1799,7 @@ async fn run_app() -> Result<()> {
                 host_port.0.to_string()
             };
 
-            ostp_server::run_server(listen_addrs, Some(host), access_keys_meta, outbound, api_config, fallback_config, debug, dns_cfg, server_cfg.dns_transport, Some(args.config)).await?;
+            ostp_server::run_server(listen_addrs, Some(host), access_keys_meta, outbound, api_config, fallback_config, debug, dns_cfg, dns_transport, Some(args.config)).await?;
         }
         AppMode::Client(client_cfg) => {
             println!("{}", include_str!("../../docs/banner.txt").blue().bold());
@@ -1877,32 +1941,140 @@ fn cmd_migrate(config_path: &std::path::Path) -> Result<()> {
     let mut raw_json: serde_json::Value = serde_json::from_reader(&mut stripped)
         .map_err(|e| anyhow!("Failed to parse config as JSON: {}", e))?;
 
-    let is_migrated = raw_json.get("version").and_then(|v| v.as_str()) == Some("0.3.1");
+    let is_migrated = raw_json.get("version").and_then(|v| v.as_str()) == Some(env!("CARGO_PKG_VERSION"));
     if is_migrated {
-        println!("{} Configuration is already up to date (v0.3.1)", "[ostp]".cyan().bold());
+        println!("{} Configuration is already up to date (v0.3.5)", "[ostp]".cyan().bold());
         return Ok(());
     }
 
-    let is_server = raw_json.get("listen").is_some() || raw_json.get("access_keys").is_some();
+    let is_server = raw_json.get("listen").is_some() || raw_json.get("access_keys").is_some() || raw_json.get("mode").and_then(|m| m.as_str()) == Some("server");
     if is_server {
         raw_json["mode"] = serde_json::json!("server");
-        raw_json["version"] = serde_json::json!("0.3.1");
+        raw_json["version"] = serde_json::json!(env!("CARGO_PKG_VERSION"));
         if let Some(log) = raw_json.get("log_level") {
             raw_json["log"] = serde_json::json!({ "level": log.clone() });
         }
+        
+        let mut inbounds = Vec::new();
+        let mut outbounds = Vec::new();
+        let mut routing = serde_json::json!({
+            "rules": [],
+            "default_outbound": "direct"
+        });
+
+        // Migrate Ostp inbound
+        let listen = raw_json.get("listen").and_then(|l| l.as_str()).unwrap_or("0.0.0.0:50000");
+        let parts: Vec<&str> = listen.split(':').collect();
+        let host = parts.get(0).unwrap_or(&"0.0.0.0");
+        let port: u16 = parts.get(1).and_then(|p| p.parse().ok()).unwrap_or(50000);
+        
+        let mut users = Vec::new();
+        if let Some(keys) = raw_json.get("access_keys").and_then(|a| a.as_array()) {
+            for k in keys {
+                users.push(serde_json::json!({
+                    "key": k.as_str().unwrap_or("")
+                }));
+            }
+        }
+        
+        let mut ostp_inbound = serde_json::json!({
+            "protocol": "ostp",
+            "listen": host,
+            "port": port,
+            "users": users
+        });
+        
+        if let Some(fallback) = raw_json.get("fallback") {
+            ostp_inbound["fallback"] = fallback.clone();
+        }
+        inbounds.push(ostp_inbound);
+
+        // Migrate Api inbound
+        if let Some(api) = raw_json.get("api") {
+            let mut api_inbound = api.clone();
+            api_inbound["protocol"] = serde_json::json!("api");
+            let bind = api.get("bind").and_then(|b| b.as_str()).unwrap_or("127.0.0.1:9090");
+            let parts: Vec<&str> = bind.split(':').collect();
+            api_inbound["listen"] = serde_json::json!(parts.get(0).unwrap_or(&"127.0.0.1"));
+            api_inbound["port"] = serde_json::json!(parts.get(1).and_then(|p| p.parse::<u16>().ok()).unwrap_or(9090));
+            inbounds.push(api_inbound);
+        }
+
+        // Migrate Outbound
+        outbounds.push(serde_json::json!({
+            "protocol": "direct",
+            "tag": "direct"
+        }));
+        outbounds.push(serde_json::json!({
+            "protocol": "block",
+            "tag": "block"
+        }));
+        
+        if let Some(ob) = raw_json.get("outbound") {
+            if ob.get("enabled").and_then(|e| e.as_bool()).unwrap_or(false) {
+                let tag = "socks5-legacy";
+                let mut socks = serde_json::json!({
+                    "protocol": "socks5",
+                    "tag": tag,
+                    "server": ob.get("address").and_then(|a| a.as_str()).unwrap_or("127.0.0.1"),
+                    "port": ob.get("port").and_then(|p| p.as_u64()).unwrap_or(9050)
+                });
+                outbounds.push(socks);
+                
+                if let Some(rules) = ob.get("rules").and_then(|r| r.as_array()) {
+                    let mut new_rules = Vec::new();
+                    for rule in rules {
+                        let mut new_rule = rule.clone();
+                        new_rule["outbound"] = serde_json::json!(tag);
+                        new_rules.push(new_rule);
+                    }
+                    routing["rules"] = serde_json::json!(new_rules);
+                }
+                
+                let default_action = ob.get("default_action").and_then(|a| a.as_str()).unwrap_or("proxy");
+                if default_action == "proxy" {
+                    routing["default_outbound"] = serde_json::json!(tag);
+                } else if default_action == "block" {
+                    routing["default_outbound"] = serde_json::json!("block");
+                }
+            }
+        }
+
+        // DNS migrate
+        if let Some(dns) = raw_json.get("dns_transport") {
+            let mut dns_inbound = dns.clone();
+            dns_inbound["protocol"] = serde_json::json!("dns");
+            dns_inbound["tag"] = serde_json::json!("dns-tunnel");
+            inbounds.push(dns_inbound);
+        }
+
+        raw_json["inbounds"] = serde_json::json!(inbounds);
+        raw_json["outbounds"] = serde_json::json!(outbounds);
+        raw_json["routing"] = routing;
+        
+        // Remove legacy fields
+        let obj = raw_json.as_object_mut().unwrap();
+        obj.remove("listen");
+        obj.remove("access_keys");
+        obj.remove("fallback");
+        obj.remove("api");
+        obj.remove("outbound");
+        obj.remove("log_level");
+        obj.remove("dns_transport");
+        
         println!("{} Detected Server configuration.", "[ostp]".cyan().bold());
     } else {
         println!("{} Detected Client configuration.", "[ostp]".cyan().bold());
-        let (migrated, _) = ostp_client::config::ClientConfig::migrate_json(raw_json);
+        let (migrated, _) = ostp_client::config::ClientConfig::migrate_json(raw_json.clone());
         raw_json = migrated;
         raw_json["mode"] = serde_json::json!("client");
+        raw_json["version"] = serde_json::json!(env!("CARGO_PKG_VERSION"));
     }
 
     let serialized = serde_json::to_string_pretty(&raw_json)?;
-    let header = "// OSTP Configuration v0.3.1\n// DO NOT EDIT THIS COMMENT - Migrator relies on it\n";
+    let final_content = format!("{}", serialized);
-    let final_content = format!("{}{}", header, serialized);
     fs::write(config_path, final_content)?;
     
-    println!("{} Successfully migrated configuration to v0.3.1!", "[ostp]".green().bold());
+    println!("{} Successfully migrated configuration to v0.3.5!", "[ostp]".green().bold());
     Ok(())
 }

refactor_main_1.py

@@ -1,261 +0,0 @@
-import os
-import re
-
-with open('ostp/src/main.rs', 'r', encoding='utf-8') as f:
-    content = f.read()
-
-# 1. Update validation logic in `UnifiedConfig::validate`
-content = content.replace('''            if let AppMode::Server(cfg) = &self.mode {
-                if cfg.access_keys.is_empty() {
-                    anyhow::bail!("Server configuration must contain at least one access_key.");
-                }
-                if let Some(outbound) = &cfg.outbound {
-                    if outbound.enabled {
-                        if outbound.protocol != "socks5" {
-                            anyhow::bail!("Only SOCKS5 is currently supported for outbound connections.");
-                        }
-                    }
-                }
-            }''', '''            if let AppMode::Server(cfg) = &self.mode {
-                let mut has_ostp = false;
-                for inbound in &cfg.inbounds {
-                    if let ostp_server::config::ServerInbound::Ostp { users, .. } = inbound {
-                        has_ostp = true;
-                        if users.is_empty() {
-                            anyhow::bail!("Ostp inbound must contain at least one user.");
-                        }
-                    }
-                }
-                if !has_ostp {
-                    anyhow::bail!("Server configuration must contain at least one Ostp inbound.");
-                }
-            }''')
-
-# 2. Update `cmd_add_user` 
-# Inside cmd_add_user, we need to read json, append user to the Ostp inbound
-old_add_user = '''            let mut config: serde_json::Value = serde_json::from_str(&content)?;
-            if let Some(keys) = config.get_mut("access_keys").and_then(|k| k.as_array_mut()) {
-                if let Some(meta) = user_meta {
-                    let mut obj = serde_json::Map::new();
-                    obj.insert("key".to_string(), serde_json::Value::String(key_to_add.clone()));
-                    if let Some(name) = meta.name {
-                        obj.insert("name".to_string(), serde_json::Value::String(name));
-                    }
-                    if let Some(limit) = meta.limit_bytes {
-                        obj.insert("limit_bytes".to_string(), serde_json::Value::Number(limit.into()));
-                    }
-                    keys.push(serde_json::Value::Object(obj));
-                } else {
-                    keys.push(serde_json::Value::String(key_to_add.clone()));
-                }
-            } else {
-                anyhow::bail!("Invalid or missing access_keys array in config.json");
-            }
-            wizard_save_config(config_path, &config)?;'''
-
-new_add_user = '''            let mut config: serde_json::Value = serde_json::from_str(&content)?;
-            let mut added = false;
-            if let Some(inbounds) = config.get_mut("inbounds").and_then(|i| i.as_array_mut()) {
-                for inbound in inbounds.iter_mut() {
-                    if inbound.get("type").and_then(|t| t.as_str()) == Some("ostp") {
-                        if let Some(users) = inbound.get_mut("users").and_then(|u| u.as_array_mut()) {
-                            if let Some(meta) = &user_meta {
-                                let mut obj = serde_json::Map::new();
-                                obj.insert("key".to_string(), serde_json::Value::String(key_to_add.clone()));
-                                if let Some(name) = &meta.name {
-                                    obj.insert("name".to_string(), serde_json::Value::String(name.clone()));
-                                }
-                                if let Some(limit) = meta.limit_bytes {
-                                    obj.insert("limit_bytes".to_string(), serde_json::Value::Number(limit.into()));
-                                }
-                                users.push(serde_json::Value::Object(obj));
-                            } else {
-                                users.push(serde_json::Value::String(key_to_add.clone()));
-                            }
-                            added = true;
-                            break;
-                        }
-                    }
-                }
-            }
-            if !added {
-                anyhow::bail!("Could not find Ostp inbound with users array in config.json");
-            }
-            wizard_save_config(config_path, &config)?;'''
-content = content.replace(old_add_user, new_add_user)
-
-# 3. Update JSON template in cmd_add_user (where server_json is generated if config doesn't exist)
-old_server_json_1 = '''            let server_json = serde_json::json!({
-                "mode": "server",
-                "version": "0.3.1",
-                "log": {
-                    "level": "info"
-                },
-                "listen": listen,
-                "access_keys": access_keys,
-                "outbound": {
-                    "enabled": false,
-                    "protocol": "socks5",
-                    "address": "127.0.0.1",
-                    "port": 9050,
-                    "default_action": "proxy",
-                    "rules": []
-                },
-                "fallback": { "enabled": false, "listen": "0.0.0.0:443", "target": "127.0.0.1:8080" },
-                "debug": false
-            });'''
-
-new_server_json_1 = '''            let server_json = serde_json::json!({
-                "mode": "server",
-                "version": "0.3.1",
-                "log": {
-                    "level": "info"
-                },
-                "inbounds": [
-                    {
-                        "type": "ostp",
-                        "tag": "ostp-in",
-                        "listen": "0.0.0.0",
-                        "port": 50000,
-                        "users": access_keys
-                    }
-                ],
-                "outbounds": [
-                    {
-                        "type": "direct",
-                        "tag": "direct"
-                    }
-                ]
-            });'''
-content = content.replace(old_server_json_1, new_server_json_1)
-
-# 4. Update JSON template in cmd_run_relay_wizard
-old_server_json_2 = '''            let server_json = serde_json::json!({
-                "mode": "server",
-                "version": "0.3.1",
-                "log": {
-                    "level": "info"
-                },
-                "listen": listen,
-                "access_keys": access_keys,
-                "outbound": {
-                    "enabled": false,
-                    "protocol": "socks5",
-                    "address": "127.0.0.1",
-                    "port": 9050,
-                    "default_action": "proxy",
-                    "rules": []
-                },
-                "api": {
-                    "enabled": true,
-                    "bind": panel_bind,
-                    "webpath": webpath,
-                    "username": username,
-                    "password_hash": pass_hash
-                },
-                "fallback": { "enabled": false, "listen": "0.0.0.0:443", "target": "127.0.0.1:8080" },
-                "debug": false,
-                "license_key": license_key
-            });'''
-
-new_server_json_2 = '''            let server_json = serde_json::json!({
-                "mode": "server",
-                "version": "0.3.1",
-                "log": {
-                    "level": "info"
-                },
-                "inbounds": [
-                    {
-                        "type": "ostp",
-                        "tag": "ostp-in",
-                        "listen": "0.0.0.0",
-                        "port": 50000,
-                        "users": access_keys
-                    },
-                    {
-                        "type": "api",
-                        "tag": "api-in",
-                        "listen": "0.0.0.0",
-                        "port": panel_port.parse::<u16>().unwrap_or(9090),
-                        "webpath": webpath,
-                        "username": username,
-                        "password_hash": pass_hash
-                    }
-                ],
-                "outbounds": [
-                    {
-                        "type": "direct",
-                        "tag": "direct"
-                    }
-                ],
-                "license_key": license_key
-            });'''
-content = content.replace(old_server_json_2, new_server_json_2)
-
-# 5. Fix configuration info display
-old_info = '''                        let mut has_outbound = false;
-                        println!("{} {} server:", "[ostp]".cyan().bold(), "OSTP".green().bold());
-                        println!("  Listen: {:?}", s.listen.primary().as_str().cyan());
-                        println!("  Access keys: {}", s.access_keys.len().to_string().yellow());
-                        if let Some(api) = &s.api {
-                            println!("  Control Panel API: {} (bind: {})", 
-                                if api.enabled { "enabled" } else { "disabled" },
-                                api.bind.as_str());
-                        }
-                        if let Some(outbound) = &s.outbound {
-                            if outbound.enabled {
-                                println!("  Outbound Proxy: SOCKS5 {} (default_action: {})", outbound.address.cyan(), outbound.default_action.as_deref().unwrap_or("proxy").cyan());
-                                has_outbound = true;
-                            }
-                        }
-                        if let Some(fb) = &s.fallback {
-                            if fb.enabled {
-                                println!("  Anti-DPI Fallback: Target {} (bind: {})", fb.target.cyan(), fb.listen.cyan());
-                            }
-                        }
-                        if let Some(dns) = &s.dns {
-                            println!("  DNS Proxy: Listen {}", dns.listen.as_deref().unwrap_or("0.0.0.0:53").cyan());
-                        }
-                        if !has_outbound {
-                            println!("  Outbound Proxy: disabled");
-                        }'''
-
-new_info = '''                        println!("{} {} server:", "[ostp]".cyan().bold(), "OSTP".green().bold());
-                        let mut keys_count = 0;
-                        let mut has_outbound = false;
-                        for inbound in &s.inbounds {
-                            match inbound {
-                                ostp_server::config::ServerInbound::Ostp { listen, port, users, fallback, .. } => {
-                                    println!("  Inbound OSTP: {}:{}", listen.cyan(), port.to_string().cyan());
-                                    keys_count += users.len();
-                                    if let Some(fb) = fallback {
-                                        if fb.enabled {
-                                            println!("    Fallback: -> {}", fb.target.cyan());
-                                        }
-                                    }
-                                }
-                                ostp_server::config::ServerInbound::Api { listen, port, .. } => {
-                                    println!("  Inbound API: {}:{}", listen.cyan(), port.to_string().cyan());
-                                }
-                            }
-                        }
-                        println!("  Access keys: {}", keys_count.to_string().yellow());
-                        
-                        for ob in &s.outbounds {
-                            if let ostp_server::config::ServerOutbound::Socks { server, port, .. } = ob {
-                                println!("  Outbound Proxy: SOCKS5 {}:{}", server.cyan(), port.to_string().cyan());
-                                has_outbound = true;
-                            }
-                        }
-                        
-                        if let Some(dns) = &s.dns {
-                            println!("  DNS Proxy: Listen {}", dns.listen.as_deref().unwrap_or("0.0.0.0:53").cyan());
-                        }
-                        if !has_outbound {
-                            println!("  Outbound Proxy: disabled");
-                        }'''
-content = content.replace(old_info, new_info)
-
-
-with open('ostp/src/main.rs', 'w', encoding='utf-8') as f:
-    f.write(content)

refactor_main_2.py

@@ -1,226 +0,0 @@
-import os
-
-with open('ostp/src/main.rs', 'r', encoding='utf-8') as f:
-    content = f.read()
-
-# Replace run_app Server parsing
-old_run_app = '''            if let Some(cmd) = matches.subcommand_matches("user") {
-                if let Some(key) = cmd.get_one::<String>("add") {
-                    let limit_str = cmd.get_one::<String>("limit");
-                    let name = cmd.get_one::<String>("name").cloned();
-                    let limit_bytes = limit_str.map(|s| s.parse::<u64>().unwrap_or(0) * 1024 * 1024 * 1024);
-                    let meta = ostp_server::api::UserMeta { name, limit_bytes };
-                    cmd_add_user(&args.config, key, Some(meta))?;
-                } else if let Some(key) = cmd.get_one::<String>("delete") {
-                    cmd_delete_user(&args.config, key)?;
-                } else if cmd.get_flag("list") {
-                    cmd_list_users(&args.config, server_cfg)?;
-                }
-                return Ok(());
-            }
-
-            if args.share_link {
-                let host = server_cfg.listen.host();
-                let port = server_cfg.listen.port();
-                
-                let host = if host == "0.0.0.0" {
-                    println!("[ostp] Server listens on 0.0.0.0. Detecting public IP...");
-                    get_or_ask_public_ip(&args.config)
-                } else {
-                    host.to_string()
-                };
-
-                for (idx, key) in server_cfg.access_keys.iter().enumerate() {
-                    let meta_name = key.name().unwrap_or_else(|| format!("user{}", idx + 1));
-                    let meta_name_encoded = urlencoding::encode(&meta_name);
-                    
-                    let mut link = format!("ostp://{}@{}:{}", key.key(), host, port);
-                    link.push_str(&format!("?name={}", meta_name_encoded));
-                    
-                    if let Some(transport) = &server_cfg.transport {
-                        if let Some(mode) = &transport.mode {
-                            link.push_str(&format!("&mode={}", mode));
-                        }
-                    }
-                    
-                    println!("Client #{}:", idx + 1);
-                    println!("  {}", link.cyan().bold());
-                }
-                return Ok(());
-            }
-
-            let host = server_cfg.listen.host();
-            let host = if host == "0.0.0.0" {
-                detect_local_public_ip().unwrap_or_else(|| "127.0.0.1".to_string())
-            } else {
-                host.to_string()
-            };
-
-            let listen_addrs = server_cfg.listen.addresses();
-            
-            // Map JSON Outbound to core OutboundConfig
-            let outbound = server_cfg.outbound.map(|o| ostp_server::OutboundConfig {
-                enabled: o.enabled,
-                protocol: o.protocol,
-                address: o.address,
-                port: o.port,
-                rules: o.rules,
-                default_action: o.default_action,
-            });
-
-            // Map API
-            let api_config = server_cfg.api.map(|a| ostp_server::ApiConfig {
-                enabled: a.enabled,
-                bind: a.bind,
-                token: a.token,
-                webpath: a.webpath,
-                username: a.username,
-                password_hash: a.password_hash,
-            });
-
-            // Map Fallback
-            let fallback_config = server_cfg.fallback.map(|f| ostp_server::FallbackConfig {
-                enabled: f.enabled,
-                listen: f.listen,
-                target: f.target,
-            });
-
-            let access_keys_meta = server_cfg.access_keys.into_iter().map(|uc| {
-                (uc.key(), ostp_server::api::UserMeta {
-                    name: uc.name(),
-                    limit_bytes: uc.limit(),
-                })
-            }).collect();
-            
-            let dns_cfg = server_cfg.dns;
-
-            ostp_server::run_server(listen_addrs, Some(host), access_keys_meta, outbound, api_config, fallback_config, debug, dns_cfg, Some(args.config), server_cfg.license_key.clone()).await?;'''
-
-new_run_app = '''            if let Some(cmd) = matches.subcommand_matches("user") {
-                if let Some(key) = cmd.get_one::<String>("add") {
-                    let limit_str = cmd.get_one::<String>("limit");
-                    let name = cmd.get_one::<String>("name").cloned();
-                    let limit_bytes = limit_str.map(|s| s.parse::<u64>().unwrap_or(0) * 1024 * 1024 * 1024);
-                    let meta = ostp_server::api::UserMeta { name, limit_bytes };
-                    cmd_add_user(&args.config, key, Some(meta))?;
-                } else if let Some(key) = cmd.get_one::<String>("delete") {
-                    cmd_delete_user(&args.config, key)?;
-                } else if cmd.get_flag("list") {
-                    // cmd_list_users needs update
-                    // cmd_list_users(&args.config, server_cfg)?;
-                }
-                return Ok(());
-            }
-
-            // Extract ostp inbound info
-            let mut listen_addrs = Vec::new();
-            let mut access_keys_meta = Vec::new();
-            let mut fallback_config = None;
-            let mut host_port = ("0.0.0.0".to_string(), 50000);
-            let mut transport_mode = None;
-            
-            let mut api_config = None;
-
-            for inbound in server_cfg.inbounds {
-                match inbound {
-                    ostp_server::config::ServerInbound::Ostp { listen, port, users, fallback, transport, .. } => {
-                        listen_addrs.push(format!("{}:{}", listen, port));
-                        host_port = (listen, port);
-                        for uc in users {
-                            access_keys_meta.push((uc.key(), ostp_server::api::UserMeta {
-                                name: uc.name(),
-                                limit_bytes: uc.limit(),
-                            }));
-                        }
-                        if fallback_config.is_none() {
-                            fallback_config = fallback;
-                        }
-                        if let Some(tr) = transport {
-                            transport_mode = tr.mode;
-                        }
-                    }
-                    ostp_server::config::ServerInbound::Api { listen, port, token, webpath, username, password_hash, .. } => {
-                        api_config = Some(ostp_server::ApiConfig {
-                            enabled: true,
-                            bind: format!("{}:{}", listen, port),
-                            token,
-                            webpath,
-                            username,
-                            password_hash,
-                        });
-                    }
-                }
-            }
-
-            if args.share_link {
-                let host = if host_port.0 == "0.0.0.0" {
-                    println!("[ostp] Server listens on 0.0.0.0. Detecting public IP...");
-                    get_or_ask_public_ip(&args.config)
-                } else {
-                    host_port.0.to_string()
-                };
-
-                for (idx, (key, meta)) in access_keys_meta.iter().enumerate() {
-                    let meta_name = meta.name.clone().unwrap_or_else(|| format!("user{}", idx + 1));
-                    let meta_name_encoded = urlencoding::encode(&meta_name);
-                    
-                    let mut link = format!("ostp://{}@{}:{}", key, host, host_port.1);
-                    link.push_str(&format!("?name={}", meta_name_encoded));
-                    
-                    if let Some(mode) = &transport_mode {
-                        link.push_str(&format!("&mode={}", mode));
-                    }
-                    
-                    println!("Client #{}:", idx + 1);
-                    println!("  {}", link.cyan().bold());
-                }
-                return Ok(());
-            }
-
-            let host = if host_port.0 == "0.0.0.0" {
-                detect_local_public_ip().unwrap_or_else(|| "127.0.0.1".to_string())
-            } else {
-                host_port.0.to_string()
-            };
-
-            // Map JSON Outbound to core OutboundConfig
-            let mut outbound = None;
-            for ob in server_cfg.outbounds {
-                if let ostp_server::config::ServerOutbound::Socks { server, port, tag } = ob {
-                    let mut rules = Vec::new();
-                    let mut default_action = Some("proxy".to_string());
-                    if let Some(routing) = &server_cfg.routing {
-                        for rule in &routing.rules {
-                            if rule.outbound == tag {
-                                rules.push(ostp_server::OutboundRule {
-                                    domain_suffix: rule.domain_suffix.clone(),
-                                    ip_cidr: rule.ip_cidr.clone(),
-                                    protocol: rule.protocol.clone(),
-                                    action: Some("proxy".to_string()),
-                                });
-                            }
-                        }
-                        if routing.default_outbound != tag {
-                            default_action = Some("direct".to_string());
-                        }
-                    }
-                    outbound = Some(ostp_server::OutboundConfig {
-                        enabled: true,
-                        protocol: "socks5".to_string(),
-                        address: server,
-                        port,
-                        rules,
-                        default_action,
-                    });
-                    break; // Only map the first SOCKS outbound for now
-                }
-            }
-
-            let dns_cfg = server_cfg.dns;
-
-            ostp_server::run_server(listen_addrs, Some(host), access_keys_meta, outbound, api_config, fallback_config, debug, dns_cfg, Some(args.config), server_cfg.license_key.clone()).await?;'''
-
-content = content.replace(old_run_app, new_run_app)
-
-with open('ostp/src/main.rs', 'w', encoding='utf-8') as f:
-    f.write(content)

refactor_main_3.py

@@ -1,81 +0,0 @@
-import os
-
-with open('ostp/src/main.rs', 'r', encoding='utf-8') as f:
-    content = f.read()
-
-# Fix cmd_list_users
-old_list_users = '''fn cmd_list_users(config_path: &std::path::Path, server_cfg: ServerConfig) -> Result<()> {
-    println!("{} {} server:", "[ostp]".cyan().bold(), "OSTP".green().bold());
-    println!("  Listen: {:?}", server_cfg.listen.primary().as_str().cyan());
-    println!("  Access keys: {}", server_cfg.access_keys.len().to_string().yellow());
-    
-    if server_cfg.access_keys.is_empty() {
-        println!("  No users found.");
-        return Ok(());
-    }
-
-    println!("\n  Users:");
-    for (idx, key) in server_cfg.access_keys.iter().enumerate() {
-        let name_str = if let Some(n) = key.name() {
-            format!(" ({})", n.green())
-        } else {
-            "".to_string()
-        };
-        let limit_str = if let Some(l) = key.limit() {
-            let l_gb = l as f64 / (1024.0 * 1024.0 * 1024.0);
-            format!(" [limit: {:.2} GB]", l_gb.to_string().yellow())
-        } else {
-            "".to_string()
-        };
-        println!("  {}. {}{}{}", idx + 1, key.key().cyan(), name_str, limit_str);
-    }
-    Ok(())
-}'''
-
-new_list_users = '''fn cmd_list_users(config_path: &std::path::Path, server_cfg: ServerConfig) -> Result<()> {
-    println!("{} {} server:", "[ostp]".cyan().bold(), "OSTP".green().bold());
-    
-    let mut users = Vec::new();
-    for inbound in server_cfg.inbounds {
-        if let ostp_server::config::ServerInbound::Ostp { users: u, listen, port, .. } = inbound {
-            println!("  Listen: {}:{}", listen.cyan(), port.to_string().cyan());
-            users.extend(u);
-        }
-    }
-    
-    println!("  Access keys: {}", users.len().to_string().yellow());
-    
-    if users.is_empty() {
-        println!("  No users found.");
-        return Ok(());
-    }
-
-    println!("\n  Users:");
-    for (idx, key) in users.iter().enumerate() {
-        let name_str = if let Some(n) = key.name() {
-            format!(" ({})", n.green())
-        } else {
-            "".to_string()
-        };
-        let limit_str = if let Some(l) = key.limit() {
-            let l_gb = l as f64 / (1024.0 * 1024.0 * 1024.0);
-            format!(" [limit: {:.2} GB]", l_gb.to_string().yellow())
-        } else {
-            "".to_string()
-        };
-        println!("  {}. {}{}{}", idx + 1, key.key().cyan(), name_str, limit_str);
-    }
-    Ok(())
-}'''
-
-content = content.replace(old_list_users, new_list_users)
-
-# Fix commented cmd_list_users in run_app
-old_call_list = '''                    // cmd_list_users needs update
-                    // cmd_list_users(&args.config, server_cfg)?;'''
-new_call_list = '''                    cmd_list_users(&args.config, server_cfg)?;'''
-content = content.replace(old_call_list, new_call_list)
-
-
-with open('ostp/src/main.rs', 'w', encoding='utf-8') as f:
-    f.write(content)

refactor_main_4.py

@@ -1,142 +0,0 @@
-import os
-
-with open('ostp/src/main.rs', 'r', encoding='utf-8') as f:
-    content = f.read()
-
-old_run_app_block = '''        AppMode::Server(server_cfg) => {
-            println!("{}", include_str!("../../docs/banner.txt").blue().bold());
-            
-            let listen_addrs = server_cfg.listen.addresses();
-            println!("{} Starting server on {:?}", "[ostp]".cyan().bold(), listen_addrs);
-            let debug = server_cfg.debug.unwrap_or(false);
-            let outbound = server_cfg.outbound.map(|o| ostp_server::OutboundConfig {
-                enabled: o.enabled,
-                protocol: o.protocol,
-                address: o.address,
-                port: o.port,
-                rules: o
-                    .rules
-                    .into_iter()
-                    .map(|r| ostp_server::OutboundRule {
-                        domain_suffix: r.domain_suffix.unwrap_or_default(),
-                        ip_cidr: r.ip_cidr.unwrap_or_default(),
-                        protocol: r.protocol,
-                        action: parse_outbound_action(r.action),
-                    })
-                    .collect(),
-                default_action: parse_outbound_action(o.default_action),
-            });
-            let api_config = server_cfg.api.map(|a| ostp_server::ApiConfig {
-                enabled: a.enabled.unwrap_or(false),
-                bind: a.bind.unwrap_or_else(|| "127.0.0.1:9090".to_string()),
-                token: a.token.clone(),
-                webpath: a.webpath.unwrap_or_default(),
-                username: a.username.unwrap_or_default(),
-                password_hash: a.password_hash.unwrap_or_default(),
-            });
-            let fallback_config = server_cfg.fallback.map(|f| ostp_server::FallbackConfig {
-                enabled: f.enabled.unwrap_or(false),
-                listen: f.listen.unwrap_or_else(|| "0.0.0.0:443".to_string()),
-                target: f.target.unwrap_or_else(|| "127.0.0.1:8080".to_string()),
-            });
-
-            let access_keys_meta = server_cfg.access_keys.into_iter().map(|uc| {
-                (uc.key(), ostp_server::api::UserMeta {
-                    name: uc.name(),
-                    limit_bytes: uc.limit(),
-                })
-            }).collect::<Vec<_>>();
-            let host = get_or_ask_public_ip(&args.config);
-            // Build DNS config and set owndns flag in subscribe links if DNS enabled
-            let dns_cfg = server_cfg.dns;
-            // Pass all listen addresses for multi-listener support
-            ostp_server::run_server(listen_addrs, Some(host), access_keys_meta, outbound, api_config, fallback_config, debug, dns_cfg, Some(args.config), server_cfg.license_key.clone()).await?;
-        }'''
-
-new_run_app_block = '''        AppMode::Server(server_cfg) => {
-            println!("{}", include_str!("../../docs/banner.txt").blue().bold());
-            
-            let mut listen_addrs = Vec::new();
-            let mut access_keys_meta = Vec::new();
-            let mut fallback_config = None;
-            let mut host_port = ("0.0.0.0".to_string(), 50000);
-            let mut api_config = None;
-
-            for inbound in server_cfg.inbounds {
-                match inbound {
-                    ostp_server::config::ServerInbound::Ostp { listen, port, users, fallback, .. } => {
-                        listen_addrs.push(format!("{}:{}", listen, port));
-                        host_port = (listen.clone(), port);
-                        for uc in users {
-                            access_keys_meta.push((uc.key(), ostp_server::api::UserMeta {
-                                name: uc.name(),
-                                limit_bytes: uc.limit(),
-                            }));
-                        }
-                        if fallback_config.is_none() {
-                            fallback_config = fallback;
-                        }
-                    }
-                    ostp_server::config::ServerInbound::Api { listen, port, token, webpath, username, password_hash, .. } => {
-                        api_config = Some(ostp_server::ApiConfig {
-                            enabled: true,
-                            bind: format!("{}:{}", listen, port),
-                            token,
-                            webpath,
-                            username,
-                            password_hash,
-                        });
-                    }
-                }
-            }
-
-            println!("{} Starting server on {:?}", "[ostp]".cyan().bold(), listen_addrs);
-            let debug = server_cfg.debug.unwrap_or(false);
-            
-            let mut outbound = None;
-            for ob in server_cfg.outbounds {
-                if let ostp_server::config::ServerOutbound::Socks { server, port, tag } = ob {
-                    let mut rules = Vec::new();
-                    let mut default_action = Some("proxy".to_string());
-                    if let Some(routing) = &server_cfg.routing {
-                        for rule in &routing.rules {
-                            if rule.outbound == tag {
-                                rules.push(ostp_server::OutboundRule {
-                                    domain_suffix: rule.domain_suffix.clone(),
-                                    ip_cidr: rule.ip_cidr.clone(),
-                                    protocol: rule.protocol.clone(),
-                                    action: Some("proxy".to_string()),
-                                });
-                            }
-                        }
-                        if routing.default_outbound != tag {
-                            default_action = Some("direct".to_string());
-                        }
-                    }
-                    outbound = Some(ostp_server::OutboundConfig {
-                        enabled: true,
-                        protocol: "socks5".to_string(),
-                        address: server,
-                        port,
-                        rules,
-                        default_action,
-                    });
-                    break;
-                }
-            }
-
-            let dns_cfg = server_cfg.dns;
-            
-            let host = if host_port.0 == "0.0.0.0" {
-                detect_local_public_ip().unwrap_or_else(|| "127.0.0.1".to_string())
-            } else {
-                host_port.0.to_string()
-            };
-
-            ostp_server::run_server(listen_addrs, Some(host), access_keys_meta, outbound, api_config, fallback_config, debug, dns_cfg, Some(args.config), server_cfg.license_key.clone()).await?;
-        }'''
-
-content = content.replace(old_run_app_block, new_run_app_block)
-
-with open('ostp/src/main.rs', 'w', encoding='utf-8') as f:
-    f.write(content)