chore: Trift Bridge 3.4.1 changelog.

fix(GODT-2859): Fix scope of the function + rename properly.
fix(GODT-2859): Fix lint.
2025-12-10 12:46:46 +00:00 · 2023-08-14 08:33:51 +02:00 · 2023-08-10 08:32:54 +02:00 · 2023-08-10 08:30:46 +02:00 · 2023-08-10 08:28:39 +02:00 · 2023-08-08 15:06:16 +02:00
389 changed files with 22017 additions and 50103 deletions
--- a/.gitignore
+++ b/.gitignore
@ -41,3 +41,7 @@ cmake-build-*/

 # Doxygen doc files
 _doc/
+
+# gRPC auto-generated C++ source files
+*.pb.cc
+*.pb.h
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -16,7 +16,7 @@
 # along with ProtonMail Bridge.  If not, see <https://www.gnu.org/licenses/>.

 ---
-image: harbor.protontech.ch/docker.io/library/golang:1.18
+image: gitlab.protontech.ch:4567/go/bridge-internal:test-go1.20

 variables:
  GOPRIVATE: gitlab.protontech.ch
@ -30,13 +30,6 @@ stages:
  - test
  - build

-.rules-branch-and-MR-always:
-  rules:
-    - if: $CI_COMMIT_BRANCH ||  $CI_PIPELINE_SOURCE == "merge_request_event"
-      when: always
-      allow_failure: false
-    - when: never
-
 .rules-branch-and-MR-manual:
  rules:
    - if: $CI_COMMIT_BRANCH ||  $CI_PIPELINE_SOURCE == "merge_request_event"
@ -44,9 +37,9 @@ stages:
      allow_failure: true
    - when: never

-.rules-branch-manual-MR-always:
+.rules-branch-manual-MR-and-devel-always:
  rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == "devel" || $CI_PIPELINE_SOURCE == "merge_request_event"
      when: always
      allow_failure: false
    - if: $CI_COMMIT_BRANCH
@ -54,98 +47,48 @@ stages:
      allow_failure: true
    - when: never

-# Stage: TEST
-
-lint:
-  stage: test
-  extends:
-    - .rules-branch-and-MR-always
-  script:
-    - make lint
-  tags:
-    - medium
-
-test-linux:
-  stage: test
-  extends:
-    - .rules-branch-manual-MR-always
-  script:
-    - make test
-  tags:
-    - medium
-
-test-linux-race:
-  stage: test
-  extends:
-    - .rules-branch-and-MR-manual
-  script:
-    - make test-race
-  tags:
-    - medium
-
-test-integration:
-  stage: test
-  extends:
-    - .rules-branch-manual-MR-always
-  script:
-    - make test-integration
-  tags:
-    - large
-
-test-integration-race:
-  stage: test
-  extends:
-    - .rules-branch-and-MR-manual
-  script:
-    - make test-integration-race
-  tags:
-    - large
-
-dependency-updates:
-  stage: test
-  script:
-    - make updates
-
-# Stage: BUILD
-
-.build-base:
-  stage: build
-  needs: ["lint"]
-  rules:
-    # GODT-1833: use `=~ /qa/` after mac and windows runners are fixed
-    - if: $CI_JOB_NAME =~ /build-linux-qa/  && $CI_PIPELINE_SOURCE == "merge_request_event"
-      when: always
-      allow_failure: false
-    - if: $CI_COMMIT_BRANCH || $CI_PIPELINE_SOURCE == "merge_request_event"
-      when: manual
-      allow_failure: true
-    - when: never
+# ENV
+.env-windows:
  before_script:
-    - mkdir -p .cache/bin
-    - export PATH=$(pwd)/.cache/bin:$PATH
-    - export GOPATH="$CI_PROJECT_DIR/.cache"
-    - export PATH=$PATH:$QT6DIR/bin
+    - export BRIDGE_SYNC_FORCE_MINIMUM_SPEC=1
+    - export GOROOT=/c/Go1.20/
+    - export PATH=$GOROOT/bin:$PATH
+    - export GOARCH=amd64
+    - export GOPATH=~/go1.20
+    - export GO111MODULE=on
+    - export PATH="${GOPATH}/bin:${PATH}"
+    - export MSYSTEM=
+    - export QT6DIR=/c/grrrQt/6.3.2/msvc2019_64
+    - export PATH=$PATH:${QT6DIR}/bin
+    - export PATH="/c/Program Files/Microsoft Visual Studio/2022/Community/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/bin:$PATH"
    - $(git config --global -l | grep -o 'url.*gitlab.protontech.ch.*insteadof' | xargs -L 1 git config --global --unset &> /dev/null) || echo "nothing to remove"
    - git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
-  script:
-    - make build
-    - git diff && git diff-index --quiet HEAD
-    - make vault-editor
-  artifacts:
-    # Note: The latest artifacts for refs are locked against deletion, and kept
-    # regardless of the expiry time. Introduced in GitLab 13.0 behind a
-    # disabled feature flag, and made the default behavior in GitLab 13.4.
-    expire_in: 1 day
-    when: always
-    paths:
-      - bridge_*.tgz
-      - vault-editor
+    - git config --global safe.directory '*'
+    - git status --porcelain
+  cache: {}
  tags:
-    - large
+    - windows-bridge

-build-linux:
-  extends: .build-base
-  image: gitlab.protontech.ch:4567/go/bridge-internal:qt6
+.env-darwin:
+  before_script:
+    - export BRIDGE_SYNC_FORCE_MINIMUM_SPEC=1
+    - export PATH=/usr/local/bin:$PATH
+    - export PATH=/usr/local/opt/git/bin:$PATH
+    - export PATH=/usr/local/opt/make/libexec/gnubin:$PATH
+    - export PATH=/usr/local/opt/gnu-sed/libexec/gnubin:$PATH
+    - export GOROOT=~/local/opt/go@1.20
+    - export PATH="${GOROOT}/bin:$PATH"
+    - export GOPATH=~/go1.20
+    - export PATH="${GOPATH}/bin:$PATH"
+    - export QT6DIR=/opt/Qt/6.3.2/macos
+    - export PATH="${QT6DIR}/bin:$PATH"
+    - uname -a
+  cache: {}
+  tags:
+    - macos-m1-bridge
+
+.env-linux-build:
+  image: gitlab.protontech.ch:4567/go/bridge-internal:build-go1.20-qt6.3.2
  variables:
    VCPKG_DEFAULT_BINARY_CACHE: ${CI_PROJECT_DIR}/.cache
  cache:
@ -153,84 +96,150 @@ build-linux:
    paths:
      - .cache
    when: 'always'
+  before_script:
+    - mkdir -p .cache/bin
+    - export BRIDGE_SYNC_FORCE_MINIMUM_SPEC=1
+    - export PATH=$(pwd)/.cache/bin:$PATH
+    - export GOPATH="$CI_PROJECT_DIR/.cache"
+    - export PATH=$PATH:$QT6DIR/bin
+    - $(git config --global -l | grep -o 'url.*gitlab.protontech.ch.*insteadof' | xargs -L 1 git config --global --unset &> /dev/null) || echo "nothing to remove"
+    - git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
+  tags:
+    - large
+
+# Stage: TEST
+
+lint:
+  stage: test
+  extends:
+    - .rules-branch-manual-MR-and-devel-always
+  script:
+    - make lint
+  tags:
+    - medium
+
+.script-test:
+  stage: test
+  extends:
+    - .rules-branch-manual-MR-and-devel-always
+  script:
+    - make test
  artifacts:
-    name: "bridge-linux-$CI_COMMIT_SHORT_SHA"
+    paths:
+      - coverage/**
+
+test-linux:
+  extends:
+    - .script-test
+  tags:
+    - large
+
+test-linux-race:
+  extends:
+    - test-linux
+    - .rules-branch-and-MR-manual
+  script:
+    - make test-race
+
+test-integration:
+  extends:
+    - test-linux
+  script:
+    - make test-integration
+
+test-integration-race:
+  extends:
+    - test-integration
+    - .rules-branch-and-MR-manual
+  script:
+    - make test-integration-race
+
+test-windows:
+  extends:
+    - .env-windows
+    - .script-test
+    - .rules-branch-and-MR-manual
+
+test-darwin:
+  extends:
+    - .env-darwin
+    - .script-test
+
+test-coverage:
+  stage: test
+  extends:
+    - .rules-branch-manual-MR-and-devel-always
+  script:
+    - ./utils/coverage.sh
+  coverage: '/total:.*\(statements\).*\d+\.\d+%/'
+  needs:
+    - test-linux
+    #- test-windows
+    - test-darwin
+    - test-integration
+  tags:
+    - small
+  artifacts:
+    paths:
+      - coverage*
+      - coverage/**
+    when: 'always'
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+# Stage: BUILD
+
+.script-build:
+  stage: build
+  needs: ["lint"]
+  extends:
+    - .rules-branch-and-MR-manual
+  script:
+    - make build
+    - git diff && git diff-index --quiet HEAD
+    - make vault-editor
+  artifacts:
+    expire_in: 1 day
+    when: always
+    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
+    paths:
+      - bridge_*.tgz
+      - vault-editor
+
+build-linux:
+  extends:
+    - .script-build
+    - .env-linux-build

 build-linux-qa:
-  extends: build-linux
+  extends:
+    - build-linux
+    - .rules-branch-manual-MR-and-devel-always
  variables:
    BUILD_TAGS: "build_qa"
-  artifacts:
-    name: "bridge-linux-qa-$CI_COMMIT_SHORT_SHA"
-
-
-.build-darwin-base:
-  extends: .build-base
-  before_script:
-    - export PATH=/usr/local/bin:$PATH
-    - export PATH=/usr/local/opt/git/bin:$PATH
-    - export PATH=/usr/local/opt/make/libexec/gnubin:$PATH
-    - export PATH=/usr/local/opt/go@1.13/bin:$PATH
-    - export PATH=/usr/local/opt/gnu-sed/libexec/gnubin:$PATH
-    - export GOPATH=~/go
-    - export PATH=$GOPATH/bin:$PATH
-    - export CGO_CPPFLAGS='-Wno-error -Wno-nullability-completeness -Wno-expansion-to-defined -Wno-builtin-requires-header'
-    - $(git config --global -l | grep -o 'url.*gitlab.protontech.ch.*insteadof' | xargs -L 1 git config --global --unset &> /dev/null) || echo "nothing to remove"
-    - git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
-  script:
-    - go version
-    - make build-nogui
-    - git diff && git diff-index --quiet HEAD
-    - make vault-editor
-  cache: {}
-  tags:
-    - macOS

 build-darwin:
-  extends: .build-darwin-base
-  artifacts:
-    name: "bridge-darwin-$CI_COMMIT_SHORT_SHA"
+  extends:
+    - .script-build
+    - .env-darwin

 build-darwin-qa:
-  extends: .build-darwin-base
+  extends:
+    - build-darwin
  variables:
    BUILD_TAGS: "build_qa"
-  artifacts:
-    name: "bridge-darwin-qa-$CI_COMMIT_SHORT_SHA"
-
-
-.build-windows-base:
-  extends: .build-base
-  before_script:
-    - export GOROOT=/c/Go1.18/
-    - export PATH=$GOROOT/bin:$PATH
-    - export GOARCH=amd64
-    - export GOPATH=~/go18
-    - export GO111MODULE=on
-    - export PATH="${GOPATH}/bin:${PATH}"
-    - export MSYSTEM=
-    - export QT6DIR=/c/grrrQt/6.3.1/msvc2019_64
-    - export PATH=$PATH:${QT6DIR}/bin
-    - export PATH="/c/Program Files/Microsoft Visual Studio/2022/Community/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/bin:$PATH"
-    - $(git config --global -l | grep -o 'url.*gitlab.protontech.ch.*insteadof' | xargs -L 1 git config --global --unset &> /dev/null) || echo "nothing to remove"
-    - git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
-  script:
-    - make build-nogui
-    - git diff && git diff-index --quiet HEAD
-    - make vault-editor
-  tags:
-    - windows-bridge

 build-windows:
-  extends: .build-windows-base
-  artifacts:
-    name: "bridge-windows-$CI_COMMIT_SHORT_SHA"
+  extends:
+    - .script-build
+    - .env-windows

 build-windows-qa:
-  extends: .build-windows-base
+  extends:
+    - build-windows
  variables:
    BUILD_TAGS: "build_qa"
-  artifacts:
-    name: "bridge-windows-qa-$CI_COMMIT_SHORT_SHA"

 # TODO: PUT BACK ALL THE JOBS! JUST DID THIS FOR NOW TO GET CI WORKING AGAIN...
--- a/.golangci.yml
+++ b/.golangci.yml
@ -23,7 +23,6 @@ issues:
    - path: _test\.go
      linters:
        - dupl
-        - funlen
        - gochecknoglobals
        - gochecknoinits
        - gosec
@ -32,7 +31,14 @@ issues:
    - path: test
      linters:
        - dupl
-        - funlen
+        - gochecknoglobals
+        - gochecknoinits
+        - gosec
+        - goconst
+        - dogsled
+    - path: utils/smtp-send
+      linters:
+        - dupl
        - gochecknoglobals
        - gochecknoinits
        - gosec
@ -50,21 +56,17 @@ linters:
  disable-all: true

  enable:
-    - deadcode          # Finds unused code [fast: true, auto-fix: false]
    - errcheck          # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases [fast: true, auto-fix: false]
    - gosimple          # Linter for Go source code that specializes in simplifying a code [fast: true, auto-fix: false]
    - govet             # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string [fast: true, auto-fix: false]
    - ineffassign       # Detects when assignments to existing variables are not used [fast: true, auto-fix: false]
    - staticcheck       # Staticcheck is a go vet on steroids, applying a ton of static analysis checks [fast: true, auto-fix: false]
-    - structcheck       # Finds unused struct fields [fast: true, auto-fix: false]
    - typecheck         # Like the front-end of a Go compiler, parses and type-checks Go code [fast: true, auto-fix: false]
    - unused            # Checks Go code for unused constants, variables, functions and types [fast: false, auto-fix: false]
-    - varcheck          # Finds unused global variables and constants [fast: true, auto-fix: false]
    - bodyclose         # checks whether HTTP response body is closed successfully [fast: true, auto-fix: false]
-    - depguard          # Go linter that checks if package imports are in a list of acceptable packages [fast: true, auto-fix: false]
+    #- depguard          # Go linter that checks if package imports are in a list of acceptable packages [fast: true, auto-fix: false]
    - dogsled           # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f()) [fast: true, auto-fix: false]
    - dupl              # Tool for code clone detection [fast: true, auto-fix: false]
-    - funlen            # Tool for detection of long functions [fast: true, auto-fix: false]
    - gochecknoglobals  # Checks that no globals are present in Go code [fast: true, auto-fix: false]
    - gochecknoinits    # Checks that no init functions are present in Go code [fast: true, auto-fix: false]
    - goconst           # Finds repeated strings that could be replaced by a constant [fast: true, auto-fix: false]
@ -122,3 +124,8 @@ linters:
    # - testpackage       # linter that makes you use a separate _test package [fast: true, auto-fix: false]
    # - thelper           # thelper detects golang test helpers without t.Helper() call and checks the consistency of test helpers [fast: false, auto-fix: false]
    # - wrapcheck         # Checks that errors returned from external packages are wrapped [fast: false, auto-fix: false]
+
+    # Deprecated:
+    # - structcheck       # Finds unused struct fields [fast: true, auto-fix: false] deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused.
+    # - deadcode          # Finds unused code [fast: true, auto-fix: false] deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused.
+    # - varcheck          # Finds unused global variables and constants [fast: true, auto-fix: false] deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused.
--- a/BUILDS.md
+++ b/BUILDS.md
@ -3,15 +3,18 @@
 ## Prerequisites
 * 64-bit OS:
    - the go-rfc5322 module cannot currently be compiled for 32-bit OSes
-* Go 1.18
+* Go 1.20
 * Bash with basic build utils: make, gcc, sed, find, grep, ...
  - For Windows, it is recommended to use MinGW 64bit shell from [MSYS2](https://www.msys2.org/)
-* GCC (linux), msvc (windows) or Xcode (macOS)
-* Windres (windows)
-* libglvnd and libsecret development files (linux)
+* GCC (Linux), msvc (Windows) or Xcode (macOS)
+* Windres (Windows)
+* libglvnd and libsecret development files (Linux)
+* pkg-config (Linux)
+* cmake, ninja-build and Qt 6 are required to build the graphical user interface. On Linux, 
+the Mesa OpenGL development files are also needed.

 To enable the sending of crash reports using Sentry please set the
-`main.DSNSentry` value with the client key of your sentry project before build.
+`DSN_SENTRY` environment variable with the client key of your sentry project before build.
 Otherwise, the sending of crash reports will be disabled.

 ## Build
--- a/COPYING_NOTES.md
+++ b/COPYING_NOTES.md
@ -26,7 +26,6 @@ Proton Mail Bridge includes the following 3rd party software:
 * [gluon](https://github.com/ProtonMail/gluon) available under [license](https://github.com/ProtonMail/gluon/blob/master/LICENSE) 
 * [go-autostart](https://github.com/ProtonMail/go-autostart) available under [license](https://github.com/ProtonMail/go-autostart/blob/master/LICENSE) 
 * [go-proton-api](https://github.com/ProtonMail/go-proton-api) available under [license](https://github.com/ProtonMail/go-proton-api/blob/master/LICENSE) 
-* [go-rfc5322](https://github.com/ProtonMail/go-rfc5322) available under [license](https://github.com/ProtonMail/go-rfc5322/blob/master/LICENSE) 
 * [gopenpgp](https://github.com/ProtonMail/gopenpgp/v2) available under [license](https://github.com/ProtonMail/gopenpgp/v2/blob/master/LICENSE) 
 * [goquery](https://github.com/PuerkitoBio/goquery) available under [license](https://github.com/PuerkitoBio/goquery/blob/master/LICENSE) 
 * [ishell](https://github.com/abiosoft/ishell) available under [license](https://github.com/abiosoft/ishell/blob/master/LICENSE) 
@ -44,7 +43,6 @@ Proton Mail Bridge includes the following 3rd party software:
 * [color](https://github.com/fatih/color) available under [license](https://github.com/fatih/color/blob/master/LICENSE) 
 * [sentry-go](https://github.com/getsentry/sentry-go) available under [license](https://github.com/getsentry/sentry-go/blob/master/LICENSE) 
 * [resty](https://github.com/go-resty/resty/v2) available under [license](https://github.com/go-resty/resty/v2/blob/master/LICENSE) 
-* [go-json](https://github.com/goccy/go-json) available under [license](https://github.com/goccy/go-json/blob/master/LICENSE) 
 * [dbus](https://github.com/godbus/dbus) available under [license](https://github.com/godbus/dbus/blob/master/LICENSE) 
 * [mock](https://github.com/golang/mock) available under [license](https://github.com/golang/mock/blob/master/LICENSE) 
 * [go-cmp](https://github.com/google/go-cmp) available under [license](https://github.com/google/go-cmp/blob/master/LICENSE) 
@ -53,13 +51,14 @@ Proton Mail Bridge includes the following 3rd party software:
 * [html2text](https://github.com/jaytaylor/html2text) available under [license](https://github.com/jaytaylor/html2text/blob/master/LICENSE) 
 * [go-keychain](https://github.com/keybase/go-keychain) available under [license](https://github.com/keybase/go-keychain/blob/master/LICENSE) 
 * [dns](https://github.com/miekg/dns) available under [license](https://github.com/miekg/dns/blob/master/LICENSE) 
+* [memory](https://github.com/pbnjay/memory) available under [license](https://github.com/pbnjay/memory/blob/master/LICENSE) 
 * [errors](https://github.com/pkg/errors) available under [license](https://github.com/pkg/errors/blob/master/LICENSE) 
 * [profile](https://github.com/pkg/profile) available under [license](https://github.com/pkg/profile/blob/master/LICENSE) 
 * [logrus](https://github.com/sirupsen/logrus) available under [license](https://github.com/sirupsen/logrus/blob/master/LICENSE) 
 * [testify](https://github.com/stretchr/testify) available under [license](https://github.com/stretchr/testify/blob/master/LICENSE) 
 * [cli](https://github.com/urfave/cli/v2) available under [license](https://github.com/urfave/cli/v2/blob/master/LICENSE) 
 * [msgpack](https://github.com/vmihailenco/msgpack/v5) available under [license](https://github.com/vmihailenco/msgpack/v5/blob/master/LICENSE) 
-* [goleak](https://go.uber.org/goleak)
+* [goleak](https://go.uber.org/goleak) available under [license](https://pkg.go.dev/go.uber.org/goleak?tab=licenses) 
 * [exp](https://golang.org/x/exp) available under [license](https://cs.opensource.google/go/x/exp/+/master:LICENSE) 
 * [net](https://golang.org/x/net) available under [license](https://cs.opensource.google/go/x/net/+/master:LICENSE) 
 * [sys](https://golang.org/x/sys) available under [license](https://cs.opensource.google/go/x/sys/+/master:LICENSE) 
@ -67,17 +66,14 @@ Proton Mail Bridge includes the following 3rd party software:
 * [grpc](https://google.golang.org/grpc) available under [license](https://github.com/grpc/grpc-go/blob/master/LICENSE) 
 * [protobuf](https://google.golang.org/protobuf) available under [license](https://github.com/protocolbuffers/protobuf/blob/main/LICENSE) 
 * [plist](https://howett.net/plist) available under [license](https://github.com/DHowett/go-plist/blob/main/LICENSE) 
-* [atlas](https://ariga.io/atlas)
-* [ent](https://entgo.io/ent)
 * [bcrypt](https://github.com/ProtonMail/bcrypt) available under [license](https://github.com/ProtonMail/bcrypt/blob/master/LICENSE) 
 * [go-crypto](https://github.com/ProtonMail/go-crypto) available under [license](https://github.com/ProtonMail/go-crypto/blob/master/LICENSE) 
 * [go-mime](https://github.com/ProtonMail/go-mime) available under [license](https://github.com/ProtonMail/go-mime/blob/master/LICENSE) 
 * [go-srp](https://github.com/ProtonMail/go-srp) available under [license](https://github.com/ProtonMail/go-srp/blob/master/LICENSE) 
 * [readline](https://github.com/abiosoft/readline) available under [license](https://github.com/abiosoft/readline/blob/master/LICENSE) 
-* [levenshtein](https://github.com/agext/levenshtein) available under [license](https://github.com/agext/levenshtein/blob/master/LICENSE) 
 * [cascadia](https://github.com/andybalholm/cascadia) available under [license](https://github.com/andybalholm/cascadia/blob/master/LICENSE) 
-* [antlr](https://github.com/antlr/antlr4/runtime/Go/antlr) available under [license](https://github.com/antlr/antlr4/runtime/Go/antlr/blob/master/LICENSE) 
-* [go-textseg](https://github.com/apparentlymart/go-textseg/v13) available under [license](https://github.com/apparentlymart/go-textseg/v13/blob/master/LICENSE) 
+* [sonic](https://github.com/bytedance/sonic) available under [license](https://github.com/bytedance/sonic/blob/master/LICENSE) 
+* [base64x](https://github.com/chenzhuoyu/base64x) available under [license](https://github.com/chenzhuoyu/base64x/blob/master/LICENSE) 
 * [test](https://github.com/chzyer/test) available under [license](https://github.com/chzyer/test/blob/master/LICENSE) 
 * [circl](https://github.com/cloudflare/circl) available under [license](https://github.com/cloudflare/circl/blob/master/LICENSE) 
 * [go-md2man](https://github.com/cpuguy83/go-md2man/v2) available under [license](https://github.com/cpuguy83/go-md2man/v2/blob/master/LICENSE) 
@ -88,49 +84,52 @@ Proton Mail Bridge includes the following 3rd party software:
 * [go-windows](https://github.com/elastic/go-windows) available under [license](https://github.com/elastic/go-windows/blob/master/LICENSE) 
 * [go-textwrapper](https://github.com/emersion/go-textwrapper) available under [license](https://github.com/emersion/go-textwrapper/blob/master/LICENSE) 
 * [go-vcard](https://github.com/emersion/go-vcard) available under [license](https://github.com/emersion/go-vcard/blob/master/LICENSE) 
+* [fgprof](https://github.com/felixge/fgprof) available under [license](https://github.com/felixge/fgprof/blob/master/LICENSE) 
 * [go-shlex](https://github.com/flynn-archive/go-shlex) available under [license](https://github.com/flynn-archive/go-shlex/blob/master/LICENSE) 
+* [mimetype](https://github.com/gabriel-vasile/mimetype) available under [license](https://github.com/gabriel-vasile/mimetype/blob/master/LICENSE) 
 * [sse](https://github.com/gin-contrib/sse) available under [license](https://github.com/gin-contrib/sse/blob/master/LICENSE) 
 * [gin](https://github.com/gin-gonic/gin) available under [license](https://github.com/gin-gonic/gin/blob/master/LICENSE) 
-* [inflect](https://github.com/go-openapi/inflect) available under [license](https://github.com/go-openapi/inflect/blob/master/LICENSE) 
 * [locales](https://github.com/go-playground/locales) available under [license](https://github.com/go-playground/locales/blob/master/LICENSE) 
 * [universal-translator](https://github.com/go-playground/universal-translator) available under [license](https://github.com/go-playground/universal-translator/blob/master/LICENSE) 
 * [validator](https://github.com/go-playground/validator/v10) available under [license](https://github.com/go-playground/validator/v10/blob/master/LICENSE) 
+* [go-json](https://github.com/goccy/go-json) available under [license](https://github.com/goccy/go-json/blob/master/LICENSE) 
 * [uuid](https://github.com/gofrs/uuid) available under [license](https://github.com/gofrs/uuid/blob/master/LICENSE) 
 * [protobuf](https://github.com/golang/protobuf) available under [license](https://github.com/golang/protobuf/blob/master/LICENSE) 
+* [pprof](https://github.com/google/pprof) available under [license](https://github.com/google/pprof/blob/master/LICENSE) 
 * [errwrap](https://github.com/hashicorp/errwrap) available under [license](https://github.com/hashicorp/errwrap/blob/master/LICENSE) 
 * [go-immutable-radix](https://github.com/hashicorp/go-immutable-radix) available under [license](https://github.com/hashicorp/go-immutable-radix/blob/master/LICENSE) 
 * [go-memdb](https://github.com/hashicorp/go-memdb) available under [license](https://github.com/hashicorp/go-memdb/blob/master/LICENSE) 
 * [golang-lru](https://github.com/hashicorp/golang-lru) available under [license](https://github.com/hashicorp/golang-lru/blob/master/LICENSE) 
-* [hcl](https://github.com/hashicorp/hcl/v2) available under [license](https://github.com/hashicorp/hcl/v2/blob/master/LICENSE) 
 * [multierror](https://github.com/joeshaw/multierror) available under [license](https://github.com/joeshaw/multierror/blob/master/LICENSE) 
 * [go](https://github.com/json-iterator/go) available under [license](https://github.com/json-iterator/go/blob/master/LICENSE) 
+* [cpuid](https://github.com/klauspost/cpuid/v2) available under [license](https://github.com/klauspost/cpuid/v2/blob/master/LICENSE) 
 * [go-urn](https://github.com/leodido/go-urn) available under [license](https://github.com/leodido/go-urn/blob/master/LICENSE) 
 * [go-colorable](https://github.com/mattn/go-colorable) available under [license](https://github.com/mattn/go-colorable/blob/master/LICENSE) 
 * [go-isatty](https://github.com/mattn/go-isatty) available under [license](https://github.com/mattn/go-isatty/blob/master/LICENSE) 
 * [go-runewidth](https://github.com/mattn/go-runewidth) available under [license](https://github.com/mattn/go-runewidth/blob/master/LICENSE) 
 * [go-sqlite3](https://github.com/mattn/go-sqlite3) available under [license](https://github.com/mattn/go-sqlite3/blob/master/LICENSE) 
-* [go-wordwrap](https://github.com/mitchellh/go-wordwrap) available under [license](https://github.com/mitchellh/go-wordwrap/blob/master/LICENSE) 
 * [concurrent](https://github.com/modern-go/concurrent) available under [license](https://github.com/modern-go/concurrent/blob/master/LICENSE) 
 * [reflect2](https://github.com/modern-go/reflect2) available under [license](https://github.com/modern-go/reflect2/blob/master/LICENSE) 
 * [tablewriter](https://github.com/olekukonko/tablewriter) available under [license](https://github.com/olekukonko/tablewriter/blob/master/LICENSE) 
 * [go-toml](https://github.com/pelletier/go-toml/v2) available under [license](https://github.com/pelletier/go-toml/v2/blob/master/LICENSE) 
+* [lz4](https://github.com/pierrec/lz4/v4) available under [license](https://github.com/pierrec/lz4/v4/blob/master/LICENSE) 
 * [go-difflib](https://github.com/pmezard/go-difflib) available under [license](https://github.com/pmezard/go-difflib/blob/master/LICENSE) 
 * [procfs](https://github.com/prometheus/procfs) available under [license](https://github.com/prometheus/procfs/blob/master/LICENSE) 
 * [uniseg](https://github.com/rivo/uniseg) available under [license](https://github.com/rivo/uniseg/blob/master/LICENSE) 
 * [blackfriday](https://github.com/russross/blackfriday/v2) available under [license](https://github.com/russross/blackfriday/v2/blob/master/LICENSE) 
 * [pflag](https://github.com/spf13/pflag) available under [license](https://github.com/spf13/pflag/blob/master/LICENSE) 
 * [bom](https://github.com/ssor/bom) available under [license](https://github.com/ssor/bom/blob/master/LICENSE) 
+* [golang-asm](https://github.com/twitchyliquid64/golang-asm) available under [license](https://github.com/twitchyliquid64/golang-asm/blob/master/LICENSE) 
 * [codec](https://github.com/ugorji/go/codec) available under [license](https://github.com/ugorji/go/codec/blob/master/LICENSE) 
 * [tagparser](https://github.com/vmihailenco/tagparser/v2) available under [license](https://github.com/vmihailenco/tagparser/v2/blob/master/LICENSE) 
 * [smetrics](https://github.com/xrash/smetrics) available under [license](https://github.com/xrash/smetrics/blob/master/LICENSE) 
-* [go-cty](https://github.com/zclconf/go-cty) available under [license](https://github.com/zclconf/go-cty/blob/master/LICENSE) 
+* [arch](https://golang.org/x/arch) available under [license](https://cs.opensource.google/go/x/arch/+/master:LICENSE) 
 * [crypto](https://golang.org/x/crypto) available under [license](https://cs.opensource.google/go/x/crypto/+/master:LICENSE) 
 * [mod](https://golang.org/x/mod) available under [license](https://cs.opensource.google/go/x/mod/+/master:LICENSE) 
 * [sync](https://golang.org/x/sync) available under [license](https://cs.opensource.google/go/x/sync/+/master:LICENSE) 
 * [tools](https://golang.org/x/tools) available under [license](https://cs.opensource.google/go/x/tools/+/master:LICENSE) 
-* [genproto](https://google.golang.org/genproto)
-gopkg.in/yaml.v2
-gopkg.in/yaml.v3
+* [genproto](https://google.golang.org/genproto) available under [license](https://pkg.go.dev/google.golang.org/genproto?tab=licenses) 
+* [yaml](https://gopkg.in/yaml.v3) available under [license](https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE) 
 * [docker-credential-helpers](https://github.com/ProtonMail/docker-credential-helpers) available under [license](https://github.com/ProtonMail/docker-credential-helpers/blob/master/LICENSE) 
 * [go-message](https://github.com/ProtonMail/go-message) available under [license](https://github.com/ProtonMail/go-message/blob/master/LICENSE) 
 * [go-keychain](https://github.com/cuthix/go-keychain) available under [license](https://github.com/cuthix/go-keychain/blob/master/LICENSE) 
--- a/Changelog.md
+++ b/Changelog.md
@ -1,8 +1,374 @@
-# Proton Mail Bridge and Import-Export app Changelog
+# Proton Mail Bridge Changelog

 Changelog [format](http://keepachangelog.com/en/1.0.0/)

-## [Bridge 3.0.15/16] Perth Narrows
+
+## Trift Bridge 3.4.1
+
+### Fixed
+* GODT-2859: Trigger user resync while updating from 3.4.0 to 3.4.1.
+* GODT-2833: Fix migration of message flags.
+* GODT-2759: Use examine rather than select for fetching.
+
+
+## Trift Bridge 3.4.0
+
+### Added
+
+### Changed
+* Test: Add require.Eventually to TestBridge_UserAgentFromSMTPClient.
+* Test: Add smtp-send utility.
+* GODT-2759: Check for oprhan messages.
+* GODT-2759: Add prompt to download missing messages for analysis.
+* GODT-2759: CLI debug commands.
+* Remove gRPC auto-generated C++ source files.
+* Test: Force all unit test to use minimum sync spec.
+* Test: Force sync limits to minimum with env variable.
+* GODT-2691: Close logrus output file on exit.
+* GODT-2522: New Gluon database layout.
+* GODT-2678: When internet is off, do not display status dot icon for the user in the context menu.
+* GODT-2686: Change the orientation of the expand/collapse arrow for Advanced settings.
+* Test(GODT-2636): Add step for sending from EML.
+* Log failed message ids during sync.
+* GODT-2510: Remove Ent.
+* Test(GODT-2600): Changing state (read/unread, starred/unstarred) of a message in integration tests.
+* GODT-2703: Got rid of account details dialog with Apple Mail autoconf.
+* GODT-2685: Update to bug report log attachment logic.
+* GODT-2690: Update sentry reporting in GUI for new log file naming.
+* GODT-2668: Implemented new log retention policy.
+* Test(GODT-2683): Save Draft without "Date" & "From" in headers.
+* GODT-2666: Feat(GODT-2667): introduce sessionID in bridge.
+* GODT-2660: Calculate bridge coverage and refactor CI yaml file.
+* Fix dependency_license script to handle dot formated version.
+
+### Fixed
+* GODT-2812: Fix rare sync deadlock.
+* GODT-2822: Better handling 429 during sync and event loop.
+* GODT-2763: Missing Answered flag on Sync and Message Create.
+* GODT-2758: Fix panic in SetFlagsOnMessages.
+* GODT-2578: Refresh literals appended to Sent folder.
+* GODT-2753: Vault test now check that value auto-assigned is first available port.
+* GODT-2522: Handle migration with unreferenced db values.
+* GODT-2693: Allow missing whitespace after header field colon.
+* GODT-2653: Only log when err is not nil.
+* GODT-2680: Fix for C++ debugger not working on ARM64 because of OpenSSL 3.1.
+* GODT-2675: Update GPA to applye togin-gonic/gin patch + update COPYING_NOTES.
+
+
+## Stone Bridge 3.3.2
+
+### Fixed
+* GODT-2782: Filter all labels when doing perma delete check.
+
+
+## Stone Bridge 3.3.1
+
+### Changed
+* GODT-2707: Set bridge-gui default log level to 'debug'.
+* GODT-2674: Add more logs during update failed.
+* GODT-2750: Disable raise on main window when a notification is clicked on Linux.
+* GODT-2709: Remove the config status file when user is removed.
+* GODT-2748: Log calls that cause main window to show, with reason.
+* GODT-2705: Added log entries for focus service on client and server sides.
+* GODT-2712: Feed config_status with user action while pending.
+* GODT-2728: Remove the sentry report for gRPC event stream interruptions in bridge-gui.
+* GODT-2715: Add Unitary test for configStatus event.
+* GODT-2715: Add Functional test for configStatus telemetry event.
+* Disable windows runner.
+* GODT-2714: Apply PR comments.
+* GODT-2714: Set Configuration Status to Failure and send Recovery event when issue is solved.
+* GODT-2713: Send config_progress event once a day if the configuration is stucked in pending for more than a day.
+* GODT-2711: Send config_abort event on User removal.
+* GODT-2710: Send config success on IMAP/SMTP connection..
+* GODT-2716: Make Configuration Statistics persistent.
+* GODT-2709: Init Configuration status.
+* Log errors on failed message Downloads.
+
+### Fixed
+* GODT-2774: Only check telemetry availability for the current user.
+* GODT-2774: Add external context to telemetry tasks.
+* GODT-2774: Add context to Authorize in `gluon.Connector`.
+* GODT-2726: Fix Parsing of Details field in GPA error message.
+* GODT-2708: Fix dimensions event format + handling of ReportClicked event.
+* GODT-2756: Fix for 'Settings' context menu opening the 'Help' page.
+
+
+## Stone Bridge 3.3.0
+
+### Changed
+* GODT-2653: Log API error details on Message import and send.
+* GODT-2655: Display internal build time tag in log and GUI.
+* Add error logs when messages fail to build during sync.
+* GODT-2673: Use NoClient as UserAgent without any client connected and...
+* GODT-2648: Make win build work on AWS machine.
+* Disable building of bridgepp-test app in build script.
+* GODT-2631: Bump go to 1.20.
+* GODT-2639: Enhance sentry init log.
+* GODT-2161: Auto-submit 2FA.
+* Bump Gluon for GODT-2595, GODT-2634 and GODT-2619.
+* Test: Fix TestBridge_Report.
+* Extend the timeout for integration test form 20m to 30.
+* Improve CPC code.
+* GODT-2585: Only Start IMAP/SMTP once one user is loaded.
+* GODT-2585: Server Manager.
+* GODT-2585: Add CPC utility.
+* GODT-2621: Display pop up warning when IMAP login fails because user is locked (connecting).
+* Set default log level to Debug.
+* GODT-2520: Update error message for free users.
+* Test: Disable sync open files test.
+* GODT-2346: Treat external address as disabled one.
+* GODT-2610: Re-use previous password when removing and adding back account.
+* GODT-2611: Bridge CLI exits on the first SIGINT / Ctrl+C.
+* GODT-2540: Make icon loading failure behavior consistent.
+* GODT-2540: Pop-up notification error icon is loaded on startup.
+* GODT-2540: Notify user of wrong IMAP password.
+
+### Fixed
+* GODT-2683: Only validate messages that are not appended to Drafts.
+* GODT-2683: Reduce message checks when appending into Drafts.
+* Fix linter errors.
+* GODT-2669: Display sentry ID in bridge init log.
+* GODT-2672: Fix context cancelled when IMAP/SMTP parameters change is in progress.
+* GODT-2650: Fix crash during header serialization.
+* GODT-2437: Fix lint, test + bump Gluon with silenced report.
+* GODT-2437: Silence harmless report to sentry.
+* GODT-2649: Clean up cache files after failed connector create (Gluon).
+* GODT-2638: Validate messages before import.
+* GODT-2646: Bump GPA and Gluon dependecy after CIRCL upgrade.
+* GODT-2454: Only Send status update if transaction succeeded.
+* Test: fix flaky tests.
+* GODT-2628: Attempt to fix closed channel panic on logout.
+* GODT-2627: Properly handle recording of message with Bcc fields.
+* GODT-2627: Fix crash on closed channel.
+* GODT-2307: Removed deprecated macOS security framework function.
+* GODT-2637: Fix address parser error due to trailing separator.
+* GODT-2635: Ensure Bridge can be compiled with GCC 13.
+* GODT-2626: Handle rare crash due to missing address update ch.
+* GODT-2626: Server Events should not be merged.
+* GODT-2606: Improve Vault concurrency scopes.
+* GODT-2623: Log IMAP/SMTP login failure as error.
+* GODT-2527: Cleanup 503 test since handled by GPA.
+* GODT-2613: Install the TLS certificate in the user keychain.
+* GODT-2618: Crash when address does not have unlocked keyring.
+* GODT-2616: Silence out of Order UID report.
+* Update Gluon for async.Group.Do() fix.
+* Upgraded golangci-lint v1.52.2 and fixed all issues.
+* GODT-2464: Filter attachment name from content-type parameter to not send it twice to the API.
+
+
+## [Bridge 3.2.0] Rialto
+
+### Added
+* GODT-2552, GODT-2553, GODT-2555, GODT-2556: Add telemetry.
+* GODT-2575: Add dev info to cookies.
+
+### Changed
+* GODT-2598: Map Message Size Error to Gluon Error.
+* GODT-2569: Support multiple externalID matching if we send one of it when looking for parentID.
+* GODT-2576: Connector can send any flags to Gluon.
+* GODT-2496: Bump gopenPGP to 2.7.1-proton.
+* GODT-2517: Replace status window with native tray icon context menu.
+* GODT-2586: Two-columns layout for account details.
+* GODT-2580: Updated link to support website in GUI.
+* GODT-2239: Bridgepp worker/overseer unit tests.
+* GODT-2538: Implement smart picking of default IMAP/SMTP ports.
+* GODT-2502: Improve logs.
+* GODT-2551: Store and Recover Last User Agent from Vault.
+* GODT-2550: Verify IMAP ID is set properly.
+* GODT-2554: Compute telemetry availability from API UserSettings.
+* Add missing double quotes in test.
+* GODT-2239: Unit tests for BridgeUtils.cpp in bridgepp.
+* Replace go-rfc5322 with gluon's rfc5322 parser.
+* GODT-2483: Install cert without external tool on macOS.
+
+### Fixed
+* GODT-2625: Update Bridge pubkey for updates.
+* GODT-2620: Avoid stalls in case of panic in gluon.
+* GODT-2615: Remove keyboard shortcut for tray icon context menu on Windows and Linux.
+* GODT-2596: Fix bug when trying to generate Sentry report and there is not log.
+* GODT-1374: Fix tray icon DPI change handling.
+* GODT-2589: Update BUILDS.md.
+* GODT-2581: Update outdated link to bridge homepage in CLI 'manual' command.
+* GODT-2337: Filter reply-to on draft.
+* GODT-2550: Announce IMAP ID Capability.
+* GODT-2574: Fix label/unlabel of large amounts of messages.
+* GODT-2573: Handle invalid header fields in message.
+* GODT-2573: Crash on null update.
+* GODT-2407: Replace invalid email addresses with emtpy for new Drafts.
+
+## [Bridge 3.1.3] Quebec
+
+### Changed
+* GODT-2616: Silence UID of order report.
+* GODT-2614: Handle failed update during sync.
+
+
+## [Bridge 3.1.2] Quebec
+
+### Changed
+* GODT-2582 Dedup recovered messages folder.
+
+## [Bridge 3.1.1] Quebec
+
+### Fixed
+* GODT-2500: Fix handler passing.
+
+
+## [Bridge 3.1.0] Quebec
+
+### Changed
+* GODT-2523: Use software QML rendering backend by default on Windows.
+* GODT-2500: Reorganise async methods.
+* GODT-2500: Add panic handlers everywhere.
+* GODT-2511: Add bridge-gui switches to permanently select the QML rendering backend.
+* GODT-2509: Migrate TLS cert from v1/v2 location during upgrade to v3.
+* GODT-2487: Add windows test job and worker.
+* Update GPA to include detailed error messages.
+* GODT-2479: Ensure messages always have a text body part.
+* GODT-2482: More attachment to relevant exceptions.
+* GODT-2224: Refactor bridge sync to use less memory.
+* GODT-2448: Supported Answered flag.
+* GODT-2382: Added bridge-gui settings file with 'UseSoftwareRenderer' value.
+* GODT-2411: Allow qmake executable to be named qmake6.
+* GODT-2273: Menu with "Close window" and "Quit Bridge" button in main window.
+* GODT-2261: Sync progress in GUI.
+* GODT-2385: Gluon cache fallback.
+* GODT-2366: Handle failed message updates as creates.
+* GODT-2201: Bump Gluon to use pure Go IMAP parser.
+* GODT-2374: Import TLS certs via shell.
+* GODT-2361: Bump GPA to use simple encrypter.
+* GODT-1264: Constraint on Scheduled mailbox in connector + Integration tests.
+* GODT-1264: Creation and visibility of the 'Scheduled' system label.
+* GODT-2283: Limit max import size to 30MB (bump GPA to v0.4.0).
+* GODT-2352: Only copy resource file when needed.
+* GODT-2352: Use go-build-finalize macro to build vault-editor for both mac arch.
+* GODT-2278: Properly override server_name for go.
+* GODT-2255: Randomize the focus service port.
+* GODT-2144: Handle IMAP/SMTP server errors via event stream.
+* GODT-2144: Delay IMAP/SMTP server start until all users are loaded.
+* GODT-2295: Notifications for IMAP login when signed out.
+* GODT-2278: Improve sentry logs.
+* GODT-2289: UIDValidity as Timestamp.
+
+### Fixed
+* GODT-2505: Show notification only for cases when user needs to do actions.
+* GODT-2516: Log error when the vault key cannot be created/loaded from the keychain.
+* GODT-2526: Fix high memory usage with fetch/search.
+* GODT-2514: Apply Retry-After to 503.
+* GODT-2524: Preserve old vault values.
+* GODT-2508: Handle Address Updated for none-existing address.
+* GODT-2504: Fix missing attachments in imported message.
+* GODT-2513: Scanner Crash in Gluon.
+* GODT-2512: Catch unhandled API errors.
+* GODT-2507: Memory consumption bug.
+* GODT-2497: Do not report EOF and network errors.
+* GODT-2481: Fix DBUS Secert Service.
+* GODT-2455: Upper limit for number of merged events.
+* GODT-2480: Do not override X-Original-Date with invalid Date.
+* GODT-2473: Fix handling of complex mime types.
+* GODT-2469: Fix sentry revision hash for cmake on windows.
+* GODT-2424: Sync Builder Message Split.
+* GODT-2419: Use connector.ErrOperationNotAllowed.
+* GODT-2418: Ensure child folders are updated when parent is.
+* GODT-1945: Handle disabled addresses correctly.
+* GODT-2390: Add reports for uncaught json and net.opErr.
+* GODT-2393: Improved handling of unrecoverable error.
+* GODT-2394: Bump Gluon for golang.org/x/text DoS risk.
+* GODT-2387: Ensure vault can be unlocked after factory reset.
+* GODT-2389: Close bridge on exception and add max termination wait time.
+* GODT-2201: Add missing rfc5322.CharsetReader initialization.
+* GODT-1804: Preserve MIME parameters when uploading attachments.
+* GODT-2312: Used space is properly updated.
+* GODT-2319: Seed the math/rand RNG on app startup.
+* GODT-2272: Use shorter filename for gRPC file socket.
+* GODT-2318: Remove gluon DB if label sync was incomplete.
+* GODT-2326: Only run sync after addIMAPUser().
+* GODT-2323: Fix Expunge not issued for move.
+* GODT-2224: Properly handle context cancellation during sync.
+* GODT-2328: Ignore labels that aren't part of user label set.
+* GODT-2326: Fix potential Win32 API deadlock.
+* GODT-1804: Only promote content headers if non-empty.
+* GODT-2327: Remove unnecessary sync when changing address mode.
+* GODT-2343: Only poll after send if sync is complete.
+* GODT-2336: Recover from changed address order while bridge is down.
+* GODT-2347: Prevent updates from being dropped if goroutine doesn't start fast.
+* GODT-2351: Bump GPA to properly handle net.OpError and add tests.
+* GODT-2351: Bump GPA to automatically retry on net.OpError.
+* GODT-2365: Use predictable remote ID for placeholder mailboxes.
+* GODT-2381: Unset draft flag on sent messages.
+* GODT-2380: Only set external ID in header if non-empty.
+
+
+## [Bridge 3.0.21] Perth Narrows
+
+### Added
+* GODT-2509: Migrate TLS cert from v1/v2 location during upgrade to v3.
+
+### Changed
+* GODT-2516: log error when the vault key cannot be created/loaded from the keychain.
+
+### Fixed
+* GODT-2501: Remove additional .desktop file.
+* GODT-2513: Crash in scanner.
+* GODT-2481: Fix DBUS Secert Service.
+* GODT-2512: Catch unhandled API errors.
+* GODT-2469: Fix sentry revision hash for cmake on windows.
+
+
+## [Bridge 3.0.20] Perth Narrows
+
+### Added
+* GODT-2442: Allow user to re-sync DB without logout.
+
+### Changed
+* GODT-2419: Reduce sentry reports.
+* GODT-2458: Wait for both bridge and bridge-gui to be ended before restarting on crash.
+* GODT-2457: Include address if GetPublickKeys() error message.
+* GODT-2446: Attach logs to sentry reports for relevant bridge-gui exceptions.
+* GODT-2425: Out of sync messages and read status.
+* GODT-2435: Group report exception by message if exception message looks corrupted.
+* GODT-2356: Unify sentry release description and add more context to it.
+* GODT-2357: Hide DSN_SENTRY and use single setting point for DSN_SENTRY.
+* GODT-2444: Bad event info.
+* GODT-2447: Don't assume timestamp exists in log filename.
+* GODT-2333: Do not allow modifications to All Mail label.
+* GODT-2429: Do not report context cancel to sentry.
+
+### Fixed
+* GODT-2467: elide long email adresses in 'bad event' QML notification dialog.
+* GODT-2449: fix bug in Bridge-GUI's Exception::what().
+* GODT-2427: Parsing header issues.
+* GODT-2426: Fix crash on user delete.
+* GODT-2417: Do not request gluon recovered message from API.
+
+
+## [Bridge 3.0.19] Perth Narrows
+
+### Fixed
+* GODT-2364: Wait and retry once if the gRPC service config file exists but cannot be opened.
+* GODT-2364: Added optional details to C++ exceptions.
+* GODT-2413: Use qEnvironmentVariable() instead of qgetenv().
+* GODT-2412: Don't treat context cancellation as BadEvent.
+* GODT-2404: Handle unexpected EOF.
+* GODT-2400: Allow state updates to be applied if command fails.
+* GODT-2399: Fix immediate message deletion during updates.
+* GODT-2390: Missing changes from pervious commit.
+* GODT-2390: Add reports for uncaught json and net.opErr.
+* GODT-2414: Multiple deletion bug in WriteControlledStore.
+
+
+## [Bridge 3.0.18] Perth Narrows
+
+### Fixed
+* GODT-2392: Create message if gluon updateMessage returns `no such message`.
+* GODT-2391: Create draft if missing during message update on gluon side.
+
+## [Bridge 3.0.16/17] Perth Narrows
+
+### Fixed
+* GODT-2371: Continue, not return, when handling draft.
+
+## [Bridge 3.0.15] Perth Narrows

 ### Changed
 * GODT-2355: Improve wording and actions on bad event.
--- a/69
+++ b/69
@ -11,7 +11,7 @@ ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
 .PHONY: build build-gui build-nogui build-launcher versioner hasher

 # Keep version hardcoded so app build works also without Git repository.
-BRIDGE_APP_VERSION?=3.0.15+git
+BRIDGE_APP_VERSION?=3.4.1+git
 APP_VERSION:=${BRIDGE_APP_VERSION}
 APP_FULL_NAME:=Proton Mail Bridge
 APP_VENDOR:=Proton AG
@ -19,20 +19,26 @@ SRC_ICO:=bridge.ico
 SRC_ICNS:=Bridge.icns
 SRC_SVG:=bridge.svg
 EXE_NAME:=proton-bridge
-REVISION:=$(shell git rev-parse --short=10 HEAD)
+REVISION:=$(shell ./utils/get_revision.sh)
+TAG:=$(shell ./utils/get_revision.sh tag)
 BUILD_TIME:=$(shell date +%FT%T%z)
 MACOS_MIN_VERSION_ARM64=11.0
 MACOS_MIN_VERSION_AMD64=10.15
+BUILD_ENV?=dev

 BUILD_FLAGS:=-tags='${BUILD_TAGS}'
 BUILD_FLAGS_LAUNCHER:=${BUILD_FLAGS}
-BUILD_FLAGS_GUI:=-tags='${BUILD_TAGS} build_qt'
-GO_LDFLAGS:=$(addprefix -X github.com/ProtonMail/proton-bridge/v3/internal/constants., Version=${APP_VERSION} Revision=${REVISION} BuildTime=${BUILD_TIME})
+GO_LDFLAGS:=$(addprefix -X github.com/ProtonMail/proton-bridge/v3/internal/constants., Version=${APP_VERSION} Revision=${REVISION} Tag=${TAG} BuildTime=${BUILD_TIME})
 GO_LDFLAGS+=-X "github.com/ProtonMail/proton-bridge/v3/internal/constants.FullAppName=${APP_FULL_NAME}"

-ifneq "${BUILD_LDFLAGS}" ""
-	GO_LDFLAGS+=${BUILD_LDFLAGS}
+ifneq "${DSN_SENTRY}" ""
+	GO_LDFLAGS+=-X github.com/ProtonMail/proton-bridge/v3/internal/constants.DSNSentry=${DSN_SENTRY}
 endif
+
+ifneq "${BUILD_ENV}" ""
+	GO_LDFLAGS+=-X github.com/ProtonMail/proton-bridge/v3/internal/constants.BuildEnv=${BUILD_ENV}
+endif
+
 GO_LDFLAGS_LAUNCHER:=${GO_LDFLAGS}
 ifeq "${TARGET_OS}" "windows"
 	#GO_LDFLAGS+=-H=windowsgui # Disabled so we can inspect trace logs from the bridge for debugging.
@ -40,7 +46,6 @@ ifeq "${TARGET_OS}" "windows"
 endif

 BUILD_FLAGS+=-ldflags '${GO_LDFLAGS}'
-BUILD_FLAGS_GUI+=-ldflags "${GO_LDFLAGS}"
 BUILD_FLAGS_LAUNCHER+=-ldflags '${GO_LDFLAGS_LAUNCHER}'
 DEPLOY_DIR:=cmd/${TARGET_CMD}/deploy
 DIRNAME:=$(shell basename ${CURDIR})
@ -96,9 +101,9 @@ endif

 ifeq "${GOOS}" "windows"
 	go-build-finalize= \
-		powershell Copy-Item ${ROOT_DIR}/${RESOURCE_FILE} ${4}  && \
-		$(call go-build,$(1),$(2),$(3)) && \
-		powershell Remove-Item ${4} -Force
+		$(if $(4),powershell Copy-Item ${ROOT_DIR}/${RESOURCE_FILE} ${4}  &&,) \
+		$(call go-build,$(1),$(2),$(3)) \
+		$(if $(4), && powershell Remove-Item ${4} -Force,)
 endif

 ${EXE_NAME}: gofiles  ${RESOURCE_FILE}
@ -112,7 +117,7 @@ versioner:
 	go build ${BUILD_FLAGS} -o versioner utils/versioner/main.go

 vault-editor:
-	go build -tags debug -o vault-editor utils/vault-editor/main.go
+	$(call go-build-finalize,"-tags=debug","vault-editor","./utils/vault-editor/main.go")

 hasher:
 	go build -o hasher utils/hasher/main.go
@ -154,8 +159,11 @@ ${EXE_TARGET}: check-build-essentials ${EXE_NAME}
 		BRIDGE_VENDOR="${APP_VENDOR}" \
 		BRIDGE_APP_VERSION=${APP_VERSION} \
 		BRIDGE_REVISION=${REVISION} \
-		BRIDGE_BUILD_TIME=${BUILD_TIME} \
+		BRIDGE_TAG=${TAG} \
+		BRIDGE_DSN_SENTRY=${DSN_SENTRY} \
+ 		BRIDGE_BUILD_TIME=${BUILD_TIME} \
 		BRIDGE_GUI_BUILD_CONFIG=Release \
+		BRIDGE_BUILD_ENV=${BUILD_ENV} \
 		BRIDGE_INSTALL_PATH=${ROOT_DIR}/${DEPLOY_DIR}/${GOOS} \
 		./build.sh install
 	mv "${ROOT_DIR}/${BRIDGE_EXE}" "$(ROOT_DIR)/${EXE_TARGET}"
@ -177,7 +185,7 @@ ${RESOURCE_FILE}: ./dist/info.rc ./dist/${SRC_ICO} .FORCE

 ## Dev dependencies
 .PHONY: install-devel-tools install-linter install-go-mod-outdated install-git-hooks
-LINTVER:="v1.50.0"
+LINTVER:="v1.52.2"
 LINTSRC:="https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh"

 install-dev-dependencies: install-devel-tools install-linter install-go-mod-outdated
@ -221,14 +229,28 @@ add-license:
 change-copyright-year:
 	./utils/missing_license.sh change-year

+GOCOVERAGE=-covermode=count -coverpkg=github.com/ProtonMail/proton-bridge/v3/internal/...,github.com/ProtonMail/proton-bridge/v3/pkg/...,
+GOCOVERDIR=-args -test.gocoverdir=$$PWD/coverage
+
 test: gofiles
-	go test -v -timeout=5m -p=1 -count=1 -coverprofile=/tmp/coverage.out -run=${TESTRUN} ./internal/... ./pkg/...
+	mkdir -p coverage/unit-${GOOS}
+	go test \
+		-v -timeout=20m -p=1 -count=1 \
+		${GOCOVERAGE} \
+		-run=${TESTRUN} ./internal/... ./pkg/... \
+		${GOCOVERDIR}/unit-${GOOS}

 test-race: gofiles
-	go test -v -timeout=30m -p=1 -count=1 -race -failfast -run=${TESTRUN} ./internal/... ./pkg/...
+	go test -v -timeout=40m -p=1 -count=1 -race -failfast -run=${TESTRUN} ./internal/... ./pkg/...

 test-integration: gofiles
-	go test -v -timeout=10m -p=1 -count=1 github.com/ProtonMail/proton-bridge/v3/tests
+	mkdir -p coverage/integration
+	go test \
+		-v -timeout=60m -p=1 -count=1 \
+		${GOCOVERAGE} \
+		github.com/ProtonMail/proton-bridge/v3/tests \
+		${GOCOVERDIR}/integration
+

 test-integration-debug: gofiles
 	dlv test github.com/ProtonMail/proton-bridge/v3/tests -- -test.v -test.timeout=10m -test.parallel=1 -test.count=1
@ -247,9 +269,12 @@ coverage: test
 mocks:
 	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/bridge TLSReporter,ProxyController,Autostarter > tmp
 	mv tmp internal/bridge/mocks/mocks.go
-	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/async PanicHandler > internal/bridge/mocks/async_mocks.go
+	mockgen --package mocks github.com/ProtonMail/gluon/async PanicHandler > internal/bridge/mocks/async_mocks.go
 	mockgen --package mocks github.com/ProtonMail/gluon/reporter Reporter > internal/bridge/mocks/gluon_mocks.go
 	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/updater Downloader,Installer > internal/updater/mocks/mocks.go
+	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/telemetry HeartbeatManager > internal/telemetry/mocks/mocks.go
+	cp internal/telemetry/mocks/mocks.go internal/bridge/mocks/telemetry_mocks.go
+	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/user MessageDownloader > internal/user/mocks/mocks.go

 lint: gofiles lint-golang lint-license lint-dependencies lint-changelog

@ -319,7 +344,11 @@ run-nogui: build-nogui clean-vendor gofiles
 	PROTONMAIL_ENV=dev ./${LAUNCHER_EXE} ${RUN_FLAGS} -c

 run-debug:
-	dlv debug ./cmd/Desktop-Bridge/main.go -- -l=debug
+	dlv debug \
+		--build-flags "-ldflags '-X github.com/ProtonMail/proton-bridge/v3/internal/constants.Version=3.1.0+git'" \
+		./cmd/Desktop-Bridge/main.go \
+		-- \
+		-n -l=trace

 ifeq "${TARGET_OS}" "windows"
 	EXE_SUFFIX=.exe
@ -340,7 +369,7 @@ clean-vendor:

 clean-gui:
 	cd internal/frontend/bridge-gui/ && \
-		rm -f Version.h && \
+		rm -f BuildConfig.h && \
 		rm -rf cmake-build-*/

 clean-vcpkg:
@ -363,6 +392,6 @@ clean: clean-vendor clean-gui clean-vcpkg
 .PHONY: generate
 generate:
 	go generate ./...
-	$(MAKE) add-license
+	$(MAKE) build

 .FORCE:
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 # Proton Mail Bridge and Import Export app
-Copyright (c) 2022 Proton AG
+Copyright (c) 2023 Proton AG

 This repository holds the Proton Mail Bridge and the Proton Mail Import-Export applications.
 For a detailed build information see [BUILDS](./BUILDS.md).
@ -48,9 +48,6 @@ major problems.

 ## Environment Variables

-### Bridge application
- `BRIDGESTRICTMODE`: tells bridge to turn on `bbolt`'s "strict mode" which checks the database after every `Commit`. Set to `1` to enable.
-
 ### Dev build or run
 - `APP_VERSION`: set the bridge app version used during testing or building
 - `PROTONMAIL_ENV`: when set to `dev` it is not using Sentry to report crashes
@ -70,25 +67,26 @@ There are now three types of system folders which Bridge recognises:
 |--------|-------------------------------------|-----------------------------------------------------|-------------------------------------|---------------------------------------|
 | config | %APPDATA%\protonmail\bridge-v3      | ~/Library/Application Support/protonmail/bridge-v3  | ~/.config/protonmail/bridge-v3      | $XDG_CONFIG_HOME/protonmail/bridge-v3 |
 | cache  | %LOCALAPPDATA%\protonmail\bridge-v3 | ~/Library/Caches/protonmail/bridge-v3               | ~/.cache/protonmail/bridge-v3       | $XDG_CACHE_HOME/protonmail/bridge-v3  |
-| data	 | %APPDATA%\protonmail\bridge-v3      | ~/Library/Application Support/protonmail/bridge-v3  | ~/.local/share/protonmail/bridge-v3 | $XDG_DATA_HOME/protonmail/bridge-v3   |
+| data	  | %APPDATA%\protonmail\bridge-v3      | ~/Library/Application Support/protonmail/bridge-v3  | ~/.local/share/protonmail/bridge-v3 | $XDG_DATA_HOME/protonmail/bridge-v3   |
 | temp   | %LOCALAPPDATA%\Temp                 | $TMPDIR if non-empty, else /tmp                     | $TMPDIR if non-empty, else /tmp     | $TMPDIR if non-empty, else /tmp       |



 ## Files

-|                       | Base Dir | Path                       |
-|-----------------------|----------|----------------------------|
-| bridge lock file      | cache    | bridge.lock                |
-| bridge-gui lock file  | cache    | bridge-gui.lock            |
-| vault                 | config   | vault.enc                  |
-| gRPC server json      | config   | grpcServerConfig.json      |
-| gRPC client json      | config   | grpcClientConfig_<id>.json |
-| Logs                  | data     | logs                       |
-| gluon DB              | data     | gluon/backend/db           |
-| gluon messages        | sata     | gluon/backend/store        |
-| Update files          | data     | updates                    |
-| sentry cache          | data     | sentry_cache               |
-| Mac/Linux File Socket | temp     | bridge_{RANDOM_UUID}.sock  |
+|                        | Base Dir | Path                       |
+|------------------------|----------|----------------------------|
+| bridge lock file       | cache    | bridge.lock                |
+| bridge-gui lock file   | cache    | bridge-gui.lock            |
+| vault                  | config   | vault.enc                  |
+| gRPC server json       | config   | grpcServerConfig.json      |
+| gRPC client json       | config   | grpcClientConfig_<id>.json |
+| gRPC Focus server json | config   | grpcFocusServerConfig.json |
+| Logs                   | data     | logs                       |
+| gluon DB               | data     | gluon/backend/db           |
+| gluon messages         | data     | gluon/backend/store        |
+| Update files           | data     | updates                    |
+| sentry cache           | data     | sentry_cache               |
+| Mac/Linux File Socket  | temp     | bridge{4_DIGITS}           |


--- a/cmd/launcher/main.go
+++ b/cmd/launcher/main.go
@ -18,13 +18,14 @@
 package main

 import (
-	"fmt"
+	"io"
 	"os"
 	"path/filepath"
 	"runtime"
 	"time"

 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/crash"
@ -43,9 +44,10 @@ import (
 )

 const (
-	appName = "Proton Mail Launcher"
-	exeName = "bridge"
-	guiName = "bridge-gui"
+	appName      = "Proton Mail Launcher"
+	exeName      = "bridge"
+	guiName      = "bridge-gui"
+	launcherName = "launcher"

 	FlagCLI                 = "cli"
 	FlagCLIShort            = "c"
@ -53,16 +55,17 @@ const (
 	FlagNonInteractiveShort = "n"
 	FlagLauncher            = "--launcher"
 	FlagWait                = "--wait"
+	FlagSessionID           = "--session-id"
 )

 func main() { //nolint:funlen
 	logrus.SetLevel(logrus.DebugLevel)
 	l := logrus.WithField("launcher_version", constants.Version)

-	reporter := sentry.NewReporter(appName, constants.Version, useragent.New())
+	reporter := sentry.NewReporter(appName, useragent.New())

 	crashHandler := crash.NewHandler(reporter.ReportException)
-	defer crashHandler.HandlePanic()
+	defer async.HandlePanic(crashHandler)

 	locationsProvider, err := locations.NewDefaultProvider(filepath.Join(constants.VendorName, constants.ConfigName))
 	if err != nil {
@ -75,12 +78,26 @@ func main() { //nolint:funlen
 	if err != nil {
 		l.WithError(err).Fatal("Failed to get logs path")
 	}
-	crashHandler.AddRecoveryAction(logging.DumpStackTrace(logsPath))

-	if err := logging.Init(logsPath, os.Getenv("VERBOSITY")); err != nil {
+	sessionID := logging.NewSessionID()
+	crashHandler.AddRecoveryAction(logging.DumpStackTrace(logsPath, sessionID, launcherName))
+
+	var closer io.Closer
+	if closer, err = logging.Init(
+		logsPath,
+		sessionID,
+		logging.LauncherShortAppName,
+		logging.DefaultMaxLogFileSize,
+		logging.NoPruning,
+		os.Getenv("VERBOSITY"),
+	); err != nil {
 		l.WithError(err).Fatal("Failed to setup logging")
 	}

+	defer func() {
+		_ = logging.Close(closer)
+	}()
+
 	updatesPath, err := locations.ProvideUpdatesPath()
 	if err != nil {
 		l.WithError(err).Fatal("Failed to get updates path")
@ -107,7 +124,7 @@ func main() { //nolint:funlen

 	args := os.Args[1:]

-	exe, err := getPathToUpdatedExecutable(filepath.Base(launcher), versioner, kr, reporter)
+	exe, err := getPathToUpdatedExecutable(filepath.Base(launcher), versioner, kr)
 	if err != nil {
 		exeToLaunch := guiName
 		if inCLIMode(args) {
@ -127,12 +144,14 @@ func main() { //nolint:funlen

 	l = l.WithField("exe_path", exe)

-	args, wait, mainExe := findAndStripWait(args)
+	args, wait, mainExes := findAndStripWait(args)
 	if wait {
-		waitForProcessToFinish(mainExe)
+		for _, mainExe := range mainExes {
+			waitForProcessToFinish(mainExe)
+		}
 	}

-	cmd := execabs.Command(exe, appendLauncherPath(launcher, args)...) //nolint:gosec
+	cmd := execabs.Command(exe, appendLauncherPath(launcher, append(args, FlagSessionID, string(sessionID)))...) //nolint:gosec

 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout
@ -186,12 +205,11 @@ func findAndStrip[T comparable](slice []T, v T) (strippedList []T, found bool) {
 }

 // findAndStripWait Check for waiter flag get its value and clean them both.
-func findAndStripWait(args []string) ([]string, bool, string) {
+func findAndStripWait(args []string) ([]string, bool, []string) {
 	res := append([]string{}, args...)

 	hasFlag := false
-	var value string
-
+	values := make([]string, 0)
 	for k, v := range res {
 		if v != FlagWait {
 			continue
@ -200,21 +218,22 @@ func findAndStripWait(args []string) ([]string, bool, string) {
 			continue
 		}
 		hasFlag = true
-		value = res[k+1]
+		values = append(values, res[k+1])
 	}

 	if hasFlag {
 		res, _ = findAndStrip(res, FlagWait)
-		res, _ = findAndStrip(res, value)
+		for _, v := range values {
+			res, _ = findAndStrip(res, v)
+		}
 	}
-	return res, hasFlag, value
+	return res, hasFlag, values
 }

 func getPathToUpdatedExecutable(
 	name string,
 	ver *versioner.Versioner,
 	kr *crypto.KeyRing,
-	reporter *sentry.Reporter,
 ) (string, error) {
 	versions, err := ver.ListVersions()
 	if err != nil {
@ -236,10 +255,6 @@ func getPathToUpdatedExecutable(
 		if err := version.VerifyFiles(kr); err != nil {
 			vlog.WithError(err).Error("Files failed verification and will be removed")

-			if err := reporter.ReportMessage(fmt.Sprintf("version %v failed verification: %v", version, err)); err != nil {
-				vlog.WithError(err).Error("Failed to report corrupt update files")
-			}
-
 			if err := version.Remove(); err != nil {
 				vlog.WithError(err).Error("Failed to remove files")
 			}
--- a/cmd/launcher/main_test.go
+++ b/cmd/launcher/main_test.go
@ -56,3 +56,25 @@ func TestFindAndStrip(t *testing.T) {
 	assert.False(t, found)
 	assert.True(t, xslices.Equal(result, []string{}))
 }
+
+func TestFindAndStripWait(t *testing.T) {
+	result, found, values := findAndStripWait([]string{"a", "b", "c"})
+	assert.False(t, found)
+	assert.True(t, xslices.Equal(result, []string{"a", "b", "c"}))
+	assert.True(t, xslices.Equal(values, []string{}))
+
+	result, found, values = findAndStripWait([]string{"a", "--wait", "b"})
+	assert.True(t, found)
+	assert.True(t, xslices.Equal(result, []string{"a"}))
+	assert.True(t, xslices.Equal(values, []string{"b"}))
+
+	result, found, values = findAndStripWait([]string{"a", "--wait", "b", "--wait", "c"})
+	assert.True(t, found)
+	assert.True(t, xslices.Equal(result, []string{"a"}))
+	assert.True(t, xslices.Equal(values, []string{"b", "c"}))
+
+	result, found, values = findAndStripWait([]string{"a", "--wait", "b", "--wait", "c", "--wait", "d"})
+	assert.True(t, found)
+	assert.True(t, xslices.Equal(result, []string{"a"}))
+	assert.True(t, xslices.Equal(values, []string{"b", "c", "d"}))
+}
--- a/extern/vcpkg
+++ b/extern/vcpkg
--- a/go.mod
+++ b/go.mod
@ -1,24 +1,23 @@
 module github.com/ProtonMail/proton-bridge/v3

-go 1.18
+go 1.20

 require (
 	github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557
-	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/ProtonMail/gluon v0.14.2-0.20230207072331-53797c5aa3f6
+	github.com/Masterminds/semver/v3 v3.2.0
+	github.com/ProtonMail/gluon v0.16.1-0.20230808094407-85a10f17ae92
 	github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a
-	github.com/ProtonMail/go-proton-api v0.3.1-0.20230209110241-fe7894c4931a
-	github.com/ProtonMail/go-rfc5322 v0.11.0
-	github.com/ProtonMail/gopenpgp/v2 v2.4.10
-	github.com/PuerkitoBio/goquery v1.8.0
+	github.com/ProtonMail/go-proton-api v0.4.1-0.20230727082922-9115b4750ec7
+	github.com/ProtonMail/gopenpgp/v2 v2.7.1-proton
+	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/abiosoft/ishell v2.0.0+incompatible
 	github.com/allan-simon/go-singleinstance v0.0.0-20210120080615-d0997106ab37
-	github.com/bradenaw/juniper v0.8.0
+	github.com/bradenaw/juniper v0.12.0
 	github.com/cucumber/godog v0.12.5
 	github.com/cucumber/messages-go/v16 v16.0.1
 	github.com/docker/docker-credential-helpers v0.6.3
 	github.com/elastic/go-sysinfo v1.8.1
-	github.com/emersion/go-imap v1.2.1-0.20220429085312-746087b7a317
+	github.com/emersion/go-imap v1.2.1
 	github.com/emersion/go-imap-id v0.0.0-20190926060100-f94a56b9ecde
 	github.com/emersion/go-message v0.16.0
 	github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead
@ -26,7 +25,6 @@ require (
 	github.com/fatih/color v1.13.0
 	github.com/getsentry/sentry-go v0.15.0
 	github.com/go-resty/resty/v2 v2.7.0
-	github.com/goccy/go-json v0.9.11
 	github.com/godbus/dbus v4.1.0+incompatible
 	github.com/golang/mock v1.6.0
 	github.com/google/go-cmp v0.5.9
@ -35,36 +33,34 @@ require (
 	github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba
 	github.com/keybase/go-keychain v0.0.0
 	github.com/miekg/dns v1.1.50
+	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58
 	github.com/pkg/errors v0.9.1
-	github.com/pkg/profile v1.6.0
-	github.com/sirupsen/logrus v1.9.0
-	github.com/stretchr/testify v1.8.0
-	github.com/urfave/cli/v2 v2.20.3
+	github.com/pkg/profile v1.7.0
+	github.com/sirupsen/logrus v1.9.2
+	github.com/stretchr/testify v1.8.3
+	github.com/urfave/cli/v2 v2.24.4
 	github.com/vmihailenco/msgpack/v5 v5.3.5
-	go.uber.org/goleak v1.2.0
-	golang.org/x/exp v0.0.0-20221023144134-a1e5550cf13e
-	golang.org/x/net v0.1.0
-	golang.org/x/sys v0.1.0
-	golang.org/x/text v0.4.0
-	google.golang.org/grpc v1.50.1
-	google.golang.org/protobuf v1.28.1
+	go.uber.org/goleak v1.2.1
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
+	golang.org/x/net v0.10.0
+	golang.org/x/sys v0.8.0
+	golang.org/x/text v0.9.0
+	google.golang.org/grpc v1.53.0
+	google.golang.org/protobuf v1.30.0
 	howett.net/plist v1.0.0
 )

 require (
-	ariga.io/atlas v0.7.0 // indirect
-	entgo.io/ent v0.11.2 // indirect
 	github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 // indirect
-	github.com/ProtonMail/go-mime v0.0.0-20220429130430-2192574d760f // indirect
-	github.com/ProtonMail/go-srp v0.0.5 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
+	github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
+	github.com/ProtonMail/go-srp v0.0.7 // indirect
 	github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db // indirect
-	github.com/agext/levenshtein v1.2.3 // indirect
-	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
-	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/andybalholm/cascadia v1.3.2 // indirect
+	github.com/bytedance/sonic v1.9.1 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/chzyer/test v1.0.0 // indirect
-	github.com/cloudflare/circl v1.2.0 // indirect
+	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/cronokirby/saferith v0.33.0 // indirect
 	github.com/cucumber/gherkin-go/v19 v19.0.3 // indirect
@ -72,54 +68,57 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/elastic/go-windows v1.0.1 // indirect
 	github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 // indirect
-	github.com/emersion/go-vcard v0.0.0-20220507122617-d4056df0ec4a // indirect
+	github.com/emersion/go-vcard v0.0.0-20230331202150-f3d26859ccd3 // indirect
+	github.com/felixge/fgprof v0.9.3 // indirect
 	github.com/flynn-archive/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/gin-gonic/gin v1.8.1 // indirect
-	github.com/go-openapi/inflect v0.19.0 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
-	github.com/go-playground/validator/v10 v10.11.1 // indirect
+	github.com/gin-gonic/gin v1.9.1 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.14.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid v4.3.0+incompatible // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/pprof v0.0.0-20211214055906-6f57359322fd // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-memdb v1.3.3 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/hcl/v2 v2.14.0 // indirect
 	github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/mattn/go-sqlite3 v1.14.15 // indirect
-	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/mattn/go-sqlite3 v1.14.17 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
+	github.com/pierrec/lz4/v4 v4.1.17 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/rivo/uniseg v0.4.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
-	github.com/ugorji/go/codec v1.2.7 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.11 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	github.com/zclconf/go-cty v1.11.0 // indirect
-	golang.org/x/crypto v0.1.0 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/sync v0.0.0-20220907140024-f12130a52804 // indirect
-	golang.org/x/tools v0.1.13-0.20220804200503-81c7dc4e4efa // indirect
-	google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	golang.org/x/arch v0.3.0 // indirect
+	golang.org/x/crypto v0.9.0 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/sync v0.2.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
+	google.golang.org/genproto v0.0.0-20230221151758-ace64dc21148 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

 replace (
 	github.com/docker/docker-credential-helpers => github.com/ProtonMail/docker-credential-helpers v1.1.0
-	github.com/emersion/go-message => github.com/ProtonMail/go-message v0.0.0-20210611055058-fabeff2ec753
-	github.com/keybase/go-keychain => github.com/cuthix/go-keychain v0.0.0-20220405075754-31e7cee908fe
+	github.com/emersion/go-message => github.com/ProtonMail/go-message v0.13.1-0.20230526094639-b62c999c85b7
+	github.com/keybase/go-keychain => github.com/cuthix/go-keychain v0.0.0-20230517073537-fc1740a83768
 )
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,3 @@
-ariga.io/atlas v0.7.0 h1:daEFdUsyNm7EHyzcMfjWwq/fVv48fCfad+dIGyobY1k=
-ariga.io/atlas v0.7.0/go.mod h1:ft47uSh5hWGDCmQC9DsztZg6Xk+KagM5Ts/mZYKb9JE=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@ -13,61 +11,49 @@ cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqCl
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-entgo.io/ent v0.11.2 h1:UM2/BUhF2FfsxPHRxLjQbhqJNaDdVlOwNIAMLs2jyto=
-entgo.io/ent v0.11.2/go.mod h1:YGHEQnmmIUgtD5b1ICD5vg74dS3npkNnmC5K+0J+IHU=
 github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557 h1:l6surSnJ3RP4qA1qmKJ+hQn3UjytosdoG27WGjrDlVs=
 github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557/go.mod h1:sTrmvD/TxuypdOERsDOS7SndZg0rzzcCi1b6wQMXUYM=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
-github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
+github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/bcrypt v0.0.0-20210511135022-227b4adcab57/go.mod h1:HecWFHognK8GfRDGnFQbW/LiV7A3MX3gZVs45vk5h8I=
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs69zUkSzubzjBbL+cmOXgnmt9Fyd9ug=
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo=
 github.com/ProtonMail/docker-credential-helpers v1.1.0 h1:+kvUIpwWcbtP3WFv5sSvkFn/XLzSqPOB5AAthuk9xPk=
 github.com/ProtonMail/docker-credential-helpers v1.1.0/go.mod h1:mK0aBveCxhnQ756AmaTfXMZDeULvheYVhF/MWMErN5g=
-github.com/ProtonMail/gluon v0.14.2-0.20230207072331-53797c5aa3f6 h1:HR944ZH7lN6sCA9OJMTdyoH1IRU0dBjxQHc7W0vFVrg=
-github.com/ProtonMail/gluon v0.14.2-0.20230207072331-53797c5aa3f6/go.mod h1:z2AxLIiBCT1K+0OBHyaDI7AEaO5qI6/BEC2TE42vs4Q=
+github.com/ProtonMail/gluon v0.16.1-0.20230808094407-85a10f17ae92 h1:yoaUatxdB6EXChiWdfIBpasJJxrQ6dHJknG0hwBAqmQ=
+github.com/ProtonMail/gluon v0.16.1-0.20230808094407-85a10f17ae92/go.mod h1:Og5/Dz1MiGpCJn51XujZwxiLG7WzvvjE5PRpZBQmAHo=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a h1:D+aZah+k14Gn6kmL7eKxoo/4Dr/lK3ChBcwce2+SQP4=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a/go.mod h1:oTGdE7/DlWIr23G0IKW3OXK9wZ5Hw1GGiaJFccTvZi4=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20220822140716-1678d6eb0cbe/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
-github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErIPzRrnogAXYwSoU7txA977LjDGrbkewJbg=
-github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
-github.com/ProtonMail/go-message v0.0.0-20210611055058-fabeff2ec753 h1:I8IsYA297x0QLU80G5I6aLYUu3JYNSpo8j5fkXtFDW0=
-github.com/ProtonMail/go-message v0.0.0-20210611055058-fabeff2ec753/go.mod h1:NBAn21zgCJ/52WLDyed18YvYFm5tEoeDauubFqLokM4=
-github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f/go.mod h1:NYt+V3/4rEeDuaev/zw1zCq8uqVEuPHzDPo3OZrlGJ4=
-github.com/ProtonMail/go-mime v0.0.0-20220429130430-2192574d760f h1:4IWzKjHzZxdrW9k4zl/qCwenOVHDbVDADPPHFLjs0Oc=
-github.com/ProtonMail/go-mime v0.0.0-20220429130430-2192574d760f/go.mod h1:qRZgbeASl2a9OwmsV85aWwRqic0NHPh+9ewGAzb4cgM=
-github.com/ProtonMail/go-proton-api v0.3.1-0.20230209110241-fe7894c4931a h1:h9KLPt0HTCJjILYHREWCYnZv+1xaYmOVx/rxiT/1dIg=
-github.com/ProtonMail/go-proton-api v0.3.1-0.20230209110241-fe7894c4931a/go.mod h1:JUo5IQG0hNuPRuDpOUsCOvtee6UjTEHHF1QN2i8RSos=
-github.com/ProtonMail/go-rfc5322 v0.11.0 h1:o5Obrm4DpmQEffvgsVqG6S4BKwC1Wat+hYwjIp2YcCY=
-github.com/ProtonMail/go-rfc5322 v0.11.0/go.mod h1:6oOKr0jXvpoE6pwTx/HukigQpX2J9WUf6h0auplrFTw=
-github.com/ProtonMail/go-srp v0.0.5 h1:xhUioxZgDbCnpo9JehyFhwwsn9JLWkUGfB0oiKXgiGg=
-github.com/ProtonMail/go-srp v0.0.5/go.mod h1:06iYHtLXW8vjLtccWj++x3MKy65sIT8yZd7nrJF49rs=
-github.com/ProtonMail/gopenpgp/v2 v2.4.10 h1:EYgkxzwmQvsa6kxxkgP1AwzkFqKHscF2UINxaSn6rdI=
-github.com/ProtonMail/gopenpgp/v2 v2.4.10/go.mod h1:CTRA7/toc/4DxDy5Du4hPDnIZnJvXSeQ8LsRTOUJoyc=
-github.com/PuerkitoBio/goquery v1.8.0 h1:PJTF7AmFCFKk1N6V6jmKfrNH9tV5pNE6lZMkG0gta/U=
-github.com/PuerkitoBio/goquery v1.8.0/go.mod h1:ypIiRMtY7COPGk+I/YbZLbxsxn9g5ejnI2HSMtkjZvI=
+github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
+github.com/ProtonMail/go-crypto v0.0.0-20230322105811-d73448b7e800/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
+github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek=
+github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
+github.com/ProtonMail/go-message v0.13.1-0.20230526094639-b62c999c85b7 h1:+j+Kd/DyZ/qGfMT9htAT7HxqIEbZHsatsx+m8AoV6fc=
+github.com/ProtonMail/go-message v0.13.1-0.20230526094639-b62c999c85b7/go.mod h1:NBAn21zgCJ/52WLDyed18YvYFm5tEoeDauubFqLokM4=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20230727082922-9115b4750ec7 h1:Rmg3TPK6vFGNWR4hxmPoBhV75Sl716iB46wEi2U4Q+c=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20230727082922-9115b4750ec7/go.mod h1:+aTJoYu8bqzGECXL2DOdiZTZ64bGn3w0NC8VcFpJrFM=
+github.com/ProtonMail/go-srp v0.0.7 h1:Sos3Qk+th4tQR64vsxGIxYpN3rdnG9Wf9K4ZloC1JrI=
+github.com/ProtonMail/go-srp v0.0.7/go.mod h1:giCp+7qRnMIcCvI6V6U3S1lDDXDQYx2ewJ6F/9wdlJk=
+github.com/ProtonMail/gopenpgp/v2 v2.7.1-proton h1:YS6M20yvjCJPR1r4ADW5TPn6rahs4iAyZaACei86bEc=
+github.com/ProtonMail/gopenpgp/v2 v2.7.1-proton/go.mod h1:S1lYsaGHykYpxxh2SnJL6ypcAlANKj5NRSY6HxKryKQ=
+github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
+github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
 github.com/abiosoft/ishell v2.0.0+incompatible h1:zpwIuEHc37EzrsIYah3cpevrIc8Oma7oZPxr03tlmmw=
 github.com/abiosoft/ishell v2.0.0+incompatible/go.mod h1:HQR9AqF2R3P4XXpMpI0NAzgHf/aS6+zVXRj14cVk9qg=
 github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db h1:CjPUSXOiYptLbTdr1RceuZgSFDQ7U15ITERUGrUORx8=
 github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db/go.mod h1:rB3B4rKii8V21ydCbIzH5hZiCQE7f5E9SzUb/ZZx530=
-github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
-github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/allan-simon/go-singleinstance v0.0.0-20210120080615-d0997106ab37 h1:28uU3TtuvQ6KRndxg9TrC868jBWmSKgh0GTXkACCXmA=
 github.com/allan-simon/go-singleinstance v0.0.0-20210120080615-d0997106ab37/go.mod h1:6AXRstqK+32jeFmw89QGL2748+dj34Av4xc/I9oo9BY=
-github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
-github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220816024939-bc8df83d7b9d/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
-github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
-github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
+github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
+github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
@ -75,19 +61,27 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
-github.com/bradenaw/juniper v0.8.0 h1:sdanLNdJbLjcLj993VYIwUHlUVkLzvgiD/x9O7cvvxk=
-github.com/bradenaw/juniper v0.8.0/go.mod h1:Z2B7aJlQ7xbfWsnMLROj5t/5FQ94/MkIdKC30J4WvzI=
+github.com/bradenaw/juniper v0.12.0 h1:Q/7icpPQD1nH/La5DobQfNEtwyrBSiSu47jOQx7lJEM=
+github.com/bradenaw/juniper v0.12.0/go.mod h1:Z2B7aJlQ7xbfWsnMLROj5t/5FQ94/MkIdKC30J4WvzI=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
+github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
+github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-github.com/cloudflare/circl v1.2.0 h1:NheeISPSUcYftKlfrLuOo4T62FkmD4t4jviLfFFYaec=
-github.com/cloudflare/circl v1.2.0/go.mod h1:Ch2UgYr6ti2KTtlejELlROl0YIYj7SLjAC8M+INXlMk=
+github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@ -96,7 +90,6 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cronokirby/saferith v0.33.0 h1:TgoQlfsD4LIwx71+ChfRcIpjkw+RPOapDEVxa+LhwLo=
 github.com/cronokirby/saferith v0.33.0/go.mod h1:QKJhjoqUtBsXCAVEjw38mFqoi7DebT7kthcD7UzbnoA=
 github.com/cucumber/gherkin-go/v19 v19.0.3 h1:mMSKu1077ffLbTJULUfM5HPokgeBcIGboyeNUof1MdE=
@ -106,8 +99,8 @@ github.com/cucumber/godog v0.12.5/go.mod h1:u6SD7IXC49dLpPN35kal0oYEjsXZWee4pW6T
 github.com/cucumber/messages-go/v16 v16.0.0/go.mod h1:EJcyR5Mm5ZuDsKJnT2N9KRnBK30BGjtYotDKpwQ0v6g=
 github.com/cucumber/messages-go/v16 v16.0.1 h1:fvkpwsLgnIm0qugftrw2YwNlio+ABe2Iu94Ap8GMYIY=
 github.com/cucumber/messages-go/v16 v16.0.1/go.mod h1:EJcyR5Mm5ZuDsKJnT2N9KRnBK30BGjtYotDKpwQ0v6g=
-github.com/cuthix/go-keychain v0.0.0-20220405075754-31e7cee908fe h1:KRj3wdvA9yE92prNmOjS7x5DOqoyjxqdE30qnrmTasc=
-github.com/cuthix/go-keychain v0.0.0-20220405075754-31e7cee908fe/go.mod h1:ZoZU1fnBy3mOLWr3Pg+Y2+nTKtu6ypDte2kZg9HvSwY=
+github.com/cuthix/go-keychain v0.0.0-20230517073537-fc1740a83768 h1:Jrcoxtrk4qpuzKIYPlEkjIK0M+bABs0oW2QzrOuwlzk=
+github.com/cuthix/go-keychain v0.0.0-20230517073537-fc1740a83768/go.mod h1:ZoZU1fnBy3mOLWr3Pg+Y2+nTKtu6ypDte2kZg9HvSwY=
 github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
 github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
 github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
@ -120,8 +113,8 @@ github.com/elastic/go-sysinfo v1.8.1 h1:4Yhj+HdV6WjbCRgGdZpPJ8lZQlXZLKDAeIkmQ/VR
 github.com/elastic/go-sysinfo v1.8.1/go.mod h1:JfllUnzoQV/JRYymbH3dO1yggI3mV2oTKSXsDHM+uIM=
 github.com/elastic/go-windows v1.0.1 h1:AlYZOldA+UJ0/2nBuqWdo90GFCgG9xuyw9SYzGUtJm0=
 github.com/elastic/go-windows v1.0.1/go.mod h1:FoVvqWSun28vaDQPbj2Elfc0JahhPB7WQEGa3c814Ss=
-github.com/emersion/go-imap v1.2.1-0.20220429085312-746087b7a317 h1:i0cBrdFLm8A/3hWEjn/BwdXLBplFJoZtu63p7bjrmaI=
-github.com/emersion/go-imap v1.2.1-0.20220429085312-746087b7a317/go.mod h1:Qlx1FSx2FTxjnjWpIlVNEuX+ylerZQNFE5NsmKFSejY=
+github.com/emersion/go-imap v1.2.1 h1:+s9ZjMEjOB8NzZMVTM3cCenz2JrQIGGo5j1df19WjTA=
+github.com/emersion/go-imap v1.2.1/go.mod h1:Qlx1FSx2FTxjnjWpIlVNEuX+ylerZQNFE5NsmKFSejY=
 github.com/emersion/go-imap-id v0.0.0-20190926060100-f94a56b9ecde h1:43mBoVwooyLm1+1YVf5nvn1pSFWhw7rOpcrp1Jg/qk0=
 github.com/emersion/go-imap-id v0.0.0-20190926060100-f94a56b9ecde/go.mod h1:sPwp0FFboaK/bxsrUz1lNrDMUCsZUsKC5YuM4uRVRVs=
 github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
@ -131,42 +124,42 @@ github.com/emersion/go-smtp v0.15.1-0.20221021114529-49b17434419d h1:hFRM6zCBSc+
 github.com/emersion/go-smtp v0.15.1-0.20221021114529-49b17434419d/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
 github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 h1:IbFBtwoTQyw0fIM5xv1HF+Y+3ZijDR839WMulgxCcUY=
 github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594/go.mod h1:aqO8z8wPrjkscevZJFVE1wXJrLpC5LtJG7fqLOsPb2U=
-github.com/emersion/go-vcard v0.0.0-20220507122617-d4056df0ec4a h1:cltZpe6s0SJtqK5c/5y2VrIYi8BAtDM6qjmiGYqfTik=
-github.com/emersion/go-vcard v0.0.0-20220507122617-d4056df0ec4a/go.mod h1:HMJKR5wlh/ziNp+sHEDV2ltblO4JD2+IdDOWtGcQBTM=
+github.com/emersion/go-vcard v0.0.0-20230331202150-f3d26859ccd3 h1:hQ1wTMaKcGfobYRT88RM8NFNyX+IQHvagkm/tqViU98=
+github.com/emersion/go-vcard v0.0.0-20230331202150-f3d26859ccd3/go.mod h1:HMJKR5wlh/ziNp+sHEDV2ltblO4JD2+IdDOWtGcQBTM=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/felixge/fgprof v0.9.3 h1:VvyZxILNuCiUCSXtPtYmmtGvb65nqXh2QFWc0Wpf2/g=
+github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw=
 github.com/flynn-archive/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BMXYYRWTLOJKlh+lOBt6nUQgXAfB7oVIQt5cNreqSLI=
 github.com/flynn-archive/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:rZfgFAXFS/z/lEd6LJmf9HVZ1LkgYiHx5pHhV5DR16M=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
+github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/getsentry/sentry-go v0.15.0 h1:CP9bmA7pralrVUedYZsmIHWpq/pBtXTSew7xvVpfLaA=
 github.com/getsentry/sentry-go v0.15.0/go.mod h1:RZPJKSw+adu8PBNygiri/A98FqVr2HtRckJk9XVxJ9I=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
-github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
+github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
-github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
-github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
+github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
 github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
-github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
-github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4=
 github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
@ -198,6 +191,8 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20211214055906-6f57359322fd h1:1FjCyPC+syAzJ5/2S8fqdZK1R22vvA0J7JZKcuOIQ7Y=
+github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@ -239,12 +234,11 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/hcl/v2 v2.14.0 h1:jX6+Q38Ly9zaAJlAjnFVyeNSNCKKW8D0wvyg7vij5Wc=
-github.com/hashicorp/hcl/v2 v2.14.0/go.mod h1:e4z5nxYlWNPdDSNYX+ph14EvWYMFm3eP0zIUqPc2jr0=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
+github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba h1:QFQpJdgbON7I0jr2hYW7Bs+XV0qjc3d5tZoDnRFnqTg=
 github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk=
@ -261,19 +255,19 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
+github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
+github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@ -282,13 +276,14 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
-github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
+github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
@ -297,8 +292,6 @@ github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceT
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
-github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
@ -314,17 +307,20 @@ github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=
+github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg=
-github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
+github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
+github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
+github.com/pierrec/lz4/v4 v4.1.17 h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc=
+github.com/pierrec/lz4/v4 v4.1.17/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/profile v1.6.0 h1:hUDfIISABYI59DyeB3OTay/HxSRwTQ8rB/H83k6r5dM=
-github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18=
+github.com/pkg/profile v1.7.0 h1:hnbDkaNWPCLMO9wGLdBFTIZvzDrDfBM2072E1S9gJkA=
+github.com/pkg/profile v1.7.0/go.mod h1:8Uer0jas47ZQMJ7VD+OHknK4YDY07LPUC6dEvqDjvNo=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
@ -344,20 +340,16 @@ github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
 github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y=
+github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
@ -376,24 +368,28 @@ github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf h1:pvbZ0lM0XWPBqUKqFU8cma
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
-github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
-github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
-github.com/urfave/cli/v2 v2.20.3 h1:lOgGidH/N5loaigd9HjFsOIhXSTrzl7tBpHswZ428w4=
-github.com/urfave/cli/v2 v2.20.3/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/urfave/cli/v2 v2.24.4 h1:0gyJJEBYtCV87zI/x2nZCPyDxD51K6xM8SkwjHFCNEU=
+github.com/urfave/cli/v2 v2.24.4/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
 github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
 github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
@ -402,36 +398,35 @@ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/zclconf/go-cty v1.11.0 h1:726SxLdi2SDnjY+BStqB9J1hNp4+2WlzyXLuimibIe0=
-github.com/zclconf/go-cty v1.11.0/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
-go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
+go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
+golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
+golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20221023144134-a1e5550cf13e h1:SkwG94eNiiYJhbeDE018Grw09HIN/KB9NlRmZsrzfWs=
-golang.org/x/exp v0.0.0-20221023144134-a1e5550cf13e/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@ -440,18 +435,15 @@ golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTk
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mobile v0.0.0-20200801112145-973feb4309de/go.mod h1:skQtrUTUwhdJvXM/2KKJzY8pDgNr9I/FOMqDVRPBUS4=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191209134235-331c550502dd/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -471,9 +463,13 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -483,8 +479,10 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220907140024-f12130a52804 h1:0SH2R3f1b1VmIMG7BXbEZCBUu2dKmHschSmjqGUrW8A=
-golang.org/x/sync v0.0.0-20220907140024-f12130a52804/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -494,7 +492,6 @@ golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -508,15 +505,23 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@ -524,8 +529,10 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5-0.20201125200606-c27b9fd57aec/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -546,11 +553,11 @@ golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200117012304-6edc0a871e69/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.13-0.20220804200503-81c7dc4e4efa h1:uKcci2q7Qtp6nMTC/AAvfNUAldFtJuHWV9/5QWiypts=
-golang.org/x/tools v0.1.13-0.20220804200503-81c7dc4e4efa/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -573,17 +580,17 @@ google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 h1:K1zaaMdYBXRyX+cwFnxj7M6zwDyumLQMZ5xqwGvjreQ=
-google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737/go.mod h1:2r/26NEF3bFmT3eC3aZreahSal0C3Shl8Gi6vyDYqOQ=
+google.golang.org/genproto v0.0.0-20230221151758-ace64dc21148 h1:muK+gVBJBfFb4SejshDBlN2/UgxCCOKH9Y34ljqEGOc=
+google.golang.org/genproto v0.0.0-20230221151758-ace64dc21148/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
-google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
+google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
+google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@ -598,11 +605,8 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@ -612,3 +616,4 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
 howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
--- a/internal/app/app.go
+++ b/internal/app/app.go
@ -19,21 +19,23 @@ package app

 import (
 	"fmt"
-	"math/rand"
+	"io"
 	"net/http"
 	"net/http/cookiejar"
+	"net/url"
 	"os"
 	"path/filepath"
 	"runtime"
-	"time"

 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/cookies"
 	"github.com/ProtonMail/proton-bridge/v3/internal/crash"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/focus"
+	"github.com/ProtonMail/proton-bridge/v3/internal/frontend/theme"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/sentry"
@ -75,13 +77,15 @@ const (
 	flagNoWindow         = "no-window"
 	flagParentPID        = "parent-pid"
 	flagSoftwareRenderer = "software-renderer"
+	flagSessionID        = "session-id"
 )

 const (
-	appUsage = "Proton Mail IMAP and SMTP Bridge"
+	appUsage     = "Proton Mail IMAP and SMTP Bridge"
+	appShortName = "bridge"
 )

-func New() *cli.App { //nolint:funlen
+func New() *cli.App {
 	app := cli.NewApp()

 	app.Name = constants.FullAppName
@ -149,6 +153,10 @@ func New() *cli.App { //nolint:funlen
 			Hidden: true,
 			Value:  false,
 		},
+		&cli.StringFlag{
+			Name:   flagSessionID,
+			Hidden: true,
+		},
 	}

 	app.Action = run
@ -156,10 +164,7 @@ func New() *cli.App { //nolint:funlen
 	return app
 }

-func run(c *cli.Context) error { //nolint:funlen
-	// Seed the default RNG from the math/rand package.
-	rand.Seed(time.Now().UnixNano())
-
+func run(c *cli.Context) error {
 	// Get the current bridge version.
 	version, err := semver.NewVersion(constants.Version)
 	if err != nil {
@ -170,7 +175,7 @@ func run(c *cli.Context) error { //nolint:funlen
 	identifier := useragent.New()

 	// Create a new Sentry client that will be used to report crashes etc.
-	reporter := sentry.NewReporter(constants.FullAppName, constants.Version, identifier)
+	reporter := sentry.NewReporter(constants.FullAppName, identifier)

 	// Determine the exe that should be used to restart/autostart the app.
 	// By default, this is the launcher, if used. Otherwise, we try to get
@ -185,14 +190,19 @@ func run(c *cli.Context) error { //nolint:funlen
 		exe = os.Args[0]
 	}

-	migrationErr := migrateOldVersions()
+	var logCloser io.Closer
+	defer func() {
+		_ = logging.Close(logCloser)
+	}()

-	// Run with profiling if requested.
-	return withProfiler(c, func() error {
-		// Restart the app if requested.
-		return withRestarter(exe, func(restarter *restarter.Restarter) error {
-			// Handle crashes with various actions.
-			return withCrashHandler(restarter, reporter, func(crashHandler *crash.Handler, quitCh <-chan struct{}) error {
+	// Restart the app if requested.
+	return withRestarter(exe, func(restarter *restarter.Restarter) error {
+		// Handle crashes with various actions.
+		return withCrashHandler(restarter, reporter, func(crashHandler *crash.Handler, quitCh <-chan struct{}) error {
+			migrationErr := migrateOldVersions()
+
+			// Run with profiling if requested.
+			return withProfiler(c, func() error {
 				// Load the locations where we store our files.
 				return WithLocations(func(locations *locations.Locations) error {
 					// Migrate the keychain helper.
@ -201,47 +211,53 @@ func run(c *cli.Context) error { //nolint:funlen
 					}

 					// Initialize logging.
-					return withLogging(c, crashHandler, locations, func() error {
+					return withLogging(c, crashHandler, locations, func(closer io.Closer) error {
+						logCloser = closer
+
 						// If there was an error during migration, log it now.
 						if migrationErr != nil {
 							logrus.WithError(migrationErr).Error("Failed to migrate old app data")
 						}

 						// Ensure we are the only instance running.
-						return withSingleInstance(locations, version, func() error {
+						settings, err := locations.ProvideSettingsPath()
+						if err != nil {
+							logrus.WithError(err).Error("Failed to get settings path")
+						}
+
+						return withSingleInstance(settings, locations.GetLockFile(), version, func() error {
 							// Unlock the encrypted vault.
-							return WithVault(locations, func(vault *vault.Vault, insecure, corrupt bool) error {
-								// Report insecure vault.
-								if insecure {
-									_ = reporter.ReportMessageWithContext("Vault is insecure", map[string]interface{}{})
-								}
-
-								// Report corrupt vault.
-								if corrupt {
-									_ = reporter.ReportMessageWithContext("Vault is corrupt", map[string]interface{}{})
-								}
-
-								if !vault.Migrated() {
+							return WithVault(locations, crashHandler, func(v *vault.Vault, insecure, corrupt bool) error {
+								if !v.Migrated() {
 									// Migrate old settings into the vault.
-									if err := migrateOldSettings(vault); err != nil {
+									if err := migrateOldSettings(v); err != nil {
 										logrus.WithError(err).Error("Failed to migrate old settings")
 									}

 									// Migrate old accounts into the vault.
-									if err := migrateOldAccounts(locations, vault); err != nil {
+									if err := migrateOldAccounts(locations, v); err != nil {
 										logrus.WithError(err).Error("Failed to migrate old accounts")
 									}

 									// The vault has been migrated.
-									if err := vault.SetMigrated(); err != nil {
+									if err := v.SetMigrated(); err != nil {
 										logrus.WithError(err).Error("Failed to mark vault as migrated")
 									}
 								}

+								logrus.WithFields(logrus.Fields{
+									"lastVersion": v.GetLastVersion().String(),
+									"showAllMail": v.GetShowAllMail(),
+									"updateCh":    v.GetUpdateChannel(),
+									"autoUpdate":  v.GetAutoUpdate(),
+									"rollout":     v.GetUpdateRollout(),
+									"DoH":         v.GetProxyAllowed(),
+								}).Info("Vault loaded")
+
 								// Load the cookies from the vault.
-								return withCookieJar(vault, func(cookieJar http.CookieJar) error {
+								return withCookieJar(v, func(cookieJar http.CookieJar) error {
 									// Create a new bridge instance.
-									return withBridge(c, exe, locations, version, identifier, crashHandler, reporter, vault, cookieJar, func(b *bridge.Bridge, eventCh <-chan events.Event) error {
+									return withBridge(c, exe, locations, version, identifier, crashHandler, reporter, v, cookieJar, func(b *bridge.Bridge, eventCh <-chan events.Event) error {
 										if insecure {
 											logrus.Warn("The vault key could not be retrieved; the vault will not be encrypted")
 											b.PushError(bridge.ErrVaultInsecure)
@ -252,6 +268,9 @@ func run(c *cli.Context) error { //nolint:funlen
 											b.PushError(bridge.ErrVaultCorrupt)
 										}

+										// Start telemetry heartbeat process
+										b.StartHeartbeat(b)
+
 										// Run the frontend.
 										return runFrontend(c, crashHandler, restarter, locations, b, eventCh, quitCh, c.Int(flagParentPID))
 									})
@ -266,15 +285,15 @@ func run(c *cli.Context) error { //nolint:funlen
 }

 // If there's another instance already running, try to raise it and exit.
-func withSingleInstance(locations *locations.Locations, version *semver.Version, fn func() error) error {
+func withSingleInstance(settingPath, lockFile string, version *semver.Version, fn func() error) error {
 	logrus.Debug("Checking for other instances")
 	defer logrus.Debug("Single instance stopped")

-	lock, err := checkSingleInstance(locations.GetLockFile(), version)
+	lock, err := checkSingleInstance(settingPath, lockFile, version)
 	if err != nil {
 		logrus.Info("Another instance is already running; raising it")

-		if ok := focus.TryRaise(); !ok {
+		if ok := focus.TryRaise(settingPath); !ok {
 			return fmt.Errorf("another instance is already running but it could not be raised")
 		}

@ -293,7 +312,7 @@ func withSingleInstance(locations *locations.Locations, version *semver.Version,
 }

 // Initialize our logging system.
-func withLogging(c *cli.Context, crashHandler *crash.Handler, locations *locations.Locations, fn func() error) error {
+func withLogging(c *cli.Context, crashHandler *crash.Handler, locations *locations.Locations, fn func(closer io.Closer) error) error {
 	logrus.Debug("Initializing logging")
 	defer logrus.Debug("Logging stopped")

@ -306,23 +325,34 @@ func withLogging(c *cli.Context, crashHandler *crash.Handler, locations *locatio
 	logrus.WithField("path", logsPath).Debug("Received logs path")

 	// Initialize logging.
-	if err := logging.Init(logsPath, c.String(flagLogLevel)); err != nil {
+	sessionID := logging.NewSessionIDFromString(c.String(flagSessionID))
+	var closer io.Closer
+	if closer, err = logging.Init(
+		logsPath,
+		sessionID,
+		logging.BridgeShortAppName,
+		logging.DefaultMaxLogFileSize,
+		logging.DefaultPruningSize,
+		c.String(flagLogLevel),
+	); err != nil {
 		return fmt.Errorf("could not initialize logging: %w", err)
 	}

 	// Ensure we dump a stack trace if we crash.
-	crashHandler.AddRecoveryAction(logging.DumpStackTrace(logsPath))
+	crashHandler.AddRecoveryAction(logging.DumpStackTrace(logsPath, sessionID, appShortName))

 	logrus.
 		WithField("appName", constants.FullAppName).
 		WithField("version", constants.Version).
 		WithField("revision", constants.Revision).
+		WithField("tag", constants.Tag).
 		WithField("build", constants.BuildTime).
 		WithField("runtime", runtime.GOOS).
 		WithField("args", os.Args).
+		WithField("SentryID", sentry.GetProtectedHostname()).
 		Info("Run app")

-	return fn()
+	return fn(closer)
 }

 // WithLocations provides access to locations where we store our files.
@ -374,7 +404,7 @@ func withCrashHandler(restarter *restarter.Restarter, reporter *sentry.Reporter,
 	defer logrus.Debug("Crash handler stopped")

 	crashHandler := crash.NewHandler(crash.ShowErrorNotification(constants.FullAppName))
-	defer crashHandler.HandlePanic()
+	defer async.HandlePanic(crashHandler)

 	// On crash, send crash report to Sentry.
 	crashHandler.AddRecoveryAction(reporter.ReportException)
@ -411,6 +441,10 @@ func withCookieJar(vault *vault.Vault, fn func(http.CookieJar) error) error {
 		return fmt.Errorf("could not create cookie jar: %w", err)
 	}

+	if err := setDeviceCookies(persister); err != nil {
+		return fmt.Errorf("could not set device cookies: %w", err)
+	}
+
 	// Persist the cookies to the vault when we close.
 	defer func() {
 		logrus.Debug("Persisting cookies")
@ -422,3 +456,21 @@ func withCookieJar(vault *vault.Vault, fn func(http.CookieJar) error) error {

 	return fn(persister)
 }
+
+func setDeviceCookies(jar *cookies.Jar) error {
+	url, err := url.Parse(constants.APIHost)
+	if err != nil {
+		return err
+	}
+
+	for name, value := range map[string]string{
+		"hhn": sentry.GetProtectedHostname(),
+		"tz":  sentry.GetTimeZone(),
+		"lng": sentry.GetSystemLang(),
+		"clr": string(theme.DefaultTheme()),
+	} {
+		jar.SetCookies(url, []*http.Cookie{{Name: name, Value: value, Secure: true}})
+	}
+
+	return nil
+}
--- a/internal/app/bridge.go
+++ b/internal/app/bridge.go
@ -23,6 +23,7 @@ import (
 	"runtime"

 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/go-autostart"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
@ -40,13 +41,11 @@ import (
 	"github.com/urfave/cli/v2"
 )

-const vaultSecretName = "bridge-vault-key"
-
 // deleteOldGoIMAPFiles Set with `-ldflags -X app.deleteOldGoIMAPFiles=true` to enable cleanup of old imap cache data.
 var deleteOldGoIMAPFiles bool //nolint:gochecknoglobals

-// withBridge creates creates and tears down the bridge.
-func withBridge( //nolint:funlen
+// withBridge creates and tears down the bridge.
+func withBridge(
 	c *cli.Context,
 	exe string,
 	locations *locations.Locations,
@ -79,7 +78,7 @@ func withBridge( //nolint:funlen
 	)

 	// Create a proxy dialer which switches to a proxy if the request fails.
-	proxyDialer := dialer.NewProxyTLSDialer(pinningDialer, constants.APIHost)
+	proxyDialer := dialer.NewProxyTLSDialer(pinningDialer, constants.APIHost, crashHandler)

 	// Create the autostarter.
 	autostarter := newAutostarter(exe)
@ -110,6 +109,7 @@ func withBridge( //nolint:funlen
 		// Crash and report stuff
 		crashHandler,
 		reporter,
+		imap.DefaultEpochUIDValidityGenerator(),

 		// The logging stuff.
 		c.String(flagLogIMAP) == "client" || c.String(flagLogIMAP) == "all",
--- a/internal/app/frontend.go
+++ b/internal/app/frontend.go
@ -46,10 +46,11 @@ func runFrontend(

 	switch {
 	case c.Bool(flagCLI):
-		return bridgeCLI.New(bridge, restarter, eventCh).Loop()
+		return bridgeCLI.New(bridge, restarter, eventCh, crashHandler, quitCh).Loop()

 	case c.Bool(flagNonInteractive):
-		select {}
+		<-quitCh
+		return nil

 	case c.Bool(flagGRPC):
 		service, err := grpc.NewService(crashHandler, restarter, locations, bridge, eventCh, quitCh, !c.Bool(flagNoWindow), parentPID)
--- a/internal/app/migration.go
+++ b/internal/app/migration.go
@ -87,6 +87,11 @@ func migrateOldSettings(v *vault.Vault) error {
 		return fmt.Errorf("failed to get user config dir: %w", err)
 	}

+	return migrateOldSettingsWithDir(configDir, v)
+}
+
+// nolint:gosec
+func migrateOldSettingsWithDir(configDir string, v *vault.Vault) error {
 	b, err := os.ReadFile(filepath.Join(configDir, "protonmail", "bridge", "prefs.json"))
 	if errors.Is(err, fs.ErrNotExist) {
 		return nil
@ -94,7 +99,27 @@ func migrateOldSettings(v *vault.Vault) error {
 		return fmt.Errorf("failed to read old prefs file: %w", err)
 	}

-	return migratePrefsToVault(v, b)
+	if err := migratePrefsToVault(v, b); err != nil {
+		return fmt.Errorf("failed to migrate prefs to vault: %w", err)
+	}
+
+	logrus.Info("Migrating TLS certificate")
+
+	certPEM, err := os.ReadFile(filepath.Join(configDir, "protonmail", "bridge", "cert.pem"))
+	if errors.Is(err, fs.ErrNotExist) {
+		return nil
+	} else if err != nil {
+		return fmt.Errorf("failed to read old cert file: %w", err)
+	}
+
+	keyPEM, err := os.ReadFile(filepath.Join(configDir, "protonmail", "bridge", "key.pem"))
+	if errors.Is(err, fs.ErrNotExist) {
+		return nil
+	} else if err != nil {
+		return fmt.Errorf("failed to read old key file: %w", err)
+	}
+
+	return v.SetBridgeTLSCertKey(certPEM, keyPEM)
 }

 func migrateOldAccounts(locations *locations.Locations, v *vault.Vault) error {
@ -187,7 +212,6 @@ func migrateOldAccount(userID string, store *credentials.Store, v *vault.Vault)
 	return nil
 }

-// nolint:funlen
 func migratePrefsToVault(vault *vault.Vault, b []byte) error {
 	var prefs struct {
 		IMAPPort int  `json:"user_port_imap,,string"`
@ -265,14 +289,6 @@ func migratePrefsToVault(vault *vault.Vault, b []byte) error {
 		errs = multierror.Append(errs, fmt.Errorf("failed to migrate show all mail: %w", err))
 	}

-	if err := vault.SetSyncWorkers(prefs.FetchWorkers); err != nil {
-		errs = multierror.Append(errs, fmt.Errorf("failed to migrate sync workers: %w", err))
-	}
-
-	if err := vault.SetSyncAttPool(prefs.AttachmentWorkers); err != nil {
-		errs = multierror.Append(errs, fmt.Errorf("failed to migrate sync attachment pool: %w", err))
-	}
-
 	if err := vault.SetCookies([]byte(prefs.Cookies)); err != nil {
 		errs = multierror.Append(errs, fmt.Errorf("failed to migrate cookies: %w", err))
 	}
--- a/internal/app/migration_test.go
+++ b/internal/app/migration_test.go
@ -25,6 +25,7 @@ import (
 	"runtime"
 	"testing"

+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/cookies"
@ -38,53 +39,49 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func TestMigratePrefsToVault(t *testing.T) {
+func TestMigratePrefsToVaultWithKeys(t *testing.T) {
 	// Create a new vault.
-	vault, corrupt, err := vault.New(t.TempDir(), t.TempDir(), []byte("my secret key"))
+	vault, corrupt, err := vault.New(t.TempDir(), t.TempDir(), []byte("my secret key"), async.NoopPanicHandler{})
 	require.NoError(t, err)
 	require.False(t, corrupt)

 	// load the old prefs file.
-	b, err := os.ReadFile(filepath.Join("testdata", "prefs.json"))
-	require.NoError(t, err)
+	configDir := filepath.Join("testdata", "with_keys")

 	// Migrate the old prefs file to the new vault.
-	require.NoError(t, migratePrefsToVault(vault, b))
+	require.NoError(t, migrateOldSettingsWithDir(configDir, vault))

-	// Check that the IMAP and SMTP prefs are migrated.
-	require.Equal(t, 2143, vault.GetIMAPPort())
-	require.Equal(t, 2025, vault.GetSMTPPort())
-	require.True(t, vault.GetSMTPSSL())
+	// Check Json Settings
+	validateJSONPrefs(t, vault)

-	// Check that the update channel is migrated.
-	require.True(t, vault.GetAutoUpdate())
-	require.Equal(t, updater.EarlyChannel, vault.GetUpdateChannel())
-	require.Equal(t, 0.4849529004202015, vault.GetUpdateRollout())
+	cert, key := vault.GetBridgeTLSCert()
+	// Check the keys were found and collected.
+	require.Equal(t, "-----BEGIN CERTIFICATE-----", string(cert))
+	require.Equal(t, "-----BEGIN RSA PRIVATE KEY-----", string(key))
+}

-	// Check that the app settings have been migrated.
-	require.False(t, vault.GetFirstStart())
-	require.Equal(t, "blablabla", vault.GetColorScheme())
-	require.Equal(t, "2.3.0+git", vault.GetLastVersion().String())
-	require.True(t, vault.GetAutostart())
-
-	// Check that the other app settings have been migrated.
-	require.Equal(t, 16, vault.SyncWorkers())
-	require.Equal(t, 16, vault.SyncAttPool())
-	require.False(t, vault.GetProxyAllowed())
-	require.False(t, vault.GetShowAllMail())
-
-	// Check that the cookies have been migrated.
-	jar, err := cookiejar.New(nil)
+func TestMigratePrefsToVaultWithoutKeys(t *testing.T) {
+	// Create a new vault.
+	vault, corrupt, err := vault.New(t.TempDir(), t.TempDir(), []byte("my secret key"), async.NoopPanicHandler{})
 	require.NoError(t, err)
+	require.False(t, corrupt)

-	cookies, err := cookies.NewCookieJar(jar, vault)
-	require.NoError(t, err)
+	// load the old prefs file.
+	configDir := filepath.Join("testdata", "without_keys")

-	url, err := url.Parse("https://api.protonmail.ch")
-	require.NoError(t, err)
+	// Migrate the old prefs file to the new vault.
+	require.NoError(t, migrateOldSettingsWithDir(configDir, vault))

-	// There should be a cookie for the API.
-	require.NotEmpty(t, cookies.Cookies(url))
+	// Migrate the old prefs file to the new vault.
+	require.NoError(t, migrateOldSettingsWithDir(configDir, vault))
+
+	// Check Json Settings
+	validateJSONPrefs(t, vault)
+
+	// Check the keys were found and collected.
+	cert, key := vault.GetBridgeTLSCert()
+	require.NotEqual(t, []byte("-----BEGIN CERTIFICATE-----"), cert)
+	require.NotEqual(t, []byte("-----BEGIN RSA PRIVATE KEY-----"), key)
 }

 func TestKeychainMigration(t *testing.T) {
@ -101,7 +98,7 @@ func TestKeychainMigration(t *testing.T) {
 		oldCacheDir := filepath.Join(tmpDir, "protonmail", "bridge")
 		require.NoError(t, os.MkdirAll(oldCacheDir, 0o700))

-		oldPrefs, err := os.ReadFile(filepath.Join("testdata", "prefs.json"))
+		oldPrefs, err := os.ReadFile(filepath.Join("testdata", "without_keys", "protonmail", "bridge", "prefs.json"))
 		require.NoError(t, err)

 		require.NoError(t, os.WriteFile(
@ -177,7 +174,7 @@ func TestUserMigration(t *testing.T) {
 	token, err := crypto.RandomToken(32)
 	require.NoError(t, err)

-	v, corrupt, err := vault.New(settingsFolder, settingsFolder, token)
+	v, corrupt, err := vault.New(settingsFolder, settingsFolder, token, async.NoopPanicHandler{})
 	require.NoError(t, err)
 	require.False(t, corrupt)

@ -196,3 +193,38 @@ func TestUserMigration(t *testing.T) {
 		require.Equal(t, vault.CombinedMode, u.AddressMode())
 	}))
 }
+
+func validateJSONPrefs(t *testing.T, vault *vault.Vault) {
+	// Check that the IMAP and SMTP prefs are migrated.
+	require.Equal(t, 2143, vault.GetIMAPPort())
+	require.Equal(t, 2025, vault.GetSMTPPort())
+	require.True(t, vault.GetSMTPSSL())
+
+	// Check that the update channel is migrated.
+	require.True(t, vault.GetAutoUpdate())
+	require.Equal(t, updater.EarlyChannel, vault.GetUpdateChannel())
+	require.Equal(t, 0.4849529004202015, vault.GetUpdateRollout())
+
+	// Check that the app settings have been migrated.
+	require.False(t, vault.GetFirstStart())
+	require.Equal(t, "blablabla", vault.GetColorScheme())
+	require.Equal(t, "2.3.0+git", vault.GetLastVersion().String())
+	require.True(t, vault.GetAutostart())
+
+	// Check that the other app settings have been migrated.
+	require.False(t, vault.GetProxyAllowed())
+	require.False(t, vault.GetShowAllMail())
+
+	// Check that the cookies have been migrated.
+	jar, err := cookiejar.New(nil)
+	require.NoError(t, err)
+
+	cookies, err := cookies.NewCookieJar(jar, vault)
+	require.NoError(t, err)
+
+	url, err := url.Parse("https://api.protonmail.ch")
+	require.NoError(t, err)
+
+	// There should be a cookie for the API.
+	require.NotEmpty(t, cookies.Cookies(url))
+}
--- a/internal/app/singleinstance.go
+++ b/internal/app/singleinstance.go
@ -34,17 +34,17 @@ import (
 //
 // For macOS and Linux when already running version is older than this instance
 // it will kill old and continue with this new bridge (i.e. no error returned).
-func checkSingleInstance(lockFilePath string, curVersion *semver.Version) (*os.File, error) {
+func checkSingleInstance(settingPath, lockFilePath string, curVersion *semver.Version) (*os.File, error) {
 	if lock, err := singleinstance.CreateLockFile(lockFilePath); err == nil {
 		logrus.WithField("path", lockFilePath).Debug("Created lock file; no other instance is running")
 		return lock, nil
 	}

-	logrus.Debug("Failed to create lock file; another instance is running")
+	logrus.Warn("Failed to create lock file; another instance is running")

 	// We couldn't create the lock file, so another instance is probably running.
 	// Check if it's an older version of the app.
-	lastVersion, ok := focus.TryVersion()
+	lastVersion, ok := focus.TryVersion(settingPath)
 	if !ok {
 		return nil, fmt.Errorf("failed to determine version of running instance")
 	}
--- a/internal/app/testdata/with_keys/protonmail/bridge/cert.pem
+++ b/internal/app/testdata/with_keys/protonmail/bridge/cert.pem
@ -0,0 +1 @@
+-----BEGIN CERTIFICATE-----
--- a/internal/app/testdata/with_keys/protonmail/bridge/key.pem
+++ b/internal/app/testdata/with_keys/protonmail/bridge/key.pem
@ -0,0 +1 @@
+-----BEGIN RSA PRIVATE KEY-----
--- a/internal/app/testdata/with_keys/protonmail/bridge/prefs.json
+++ b/internal/app/testdata/with_keys/protonmail/bridge/prefs.json
--- a/internal/app/testdata/without_keys/protonmail/bridge/prefs.json
+++ b/internal/app/testdata/without_keys/protonmail/bridge/prefs.json
@ -0,0 +1,31 @@
+{
+	"allow_proxy": "false",
+	"attachment_workers": "16",
+	"autostart": "true",
+	"autoupdate": "true",
+	"cache_compression": "true",
+	"cache_concurrent_read": "16",
+	"cache_concurrent_write": "16",
+	"cache_enabled": "true",
+	"cache_location": "/home/user/.config/protonmail/bridge/cache/c11/messages",
+	"cache_min_free_abs": "250000000",
+	"cache_min_free_rat": "",
+	"color_scheme": "blablabla",
+	"cookies": "{\"https://api.protonmail.ch\":[{\"Name\":\"Session-Id\",\"Value\":\"blablablablablablablablabla\",\"Path\":\"/\",\"Domain\":\"protonmail.ch\",\"Expires\":\"2023-02-19T00:20:40.269424437+01:00\",\"RawExpires\":\"\",\"MaxAge\":7776000,\"Secure\":true,\"HttpOnly\":true,\"SameSite\":0,\"Raw\":\"Session-Id=blablablablablablablablabla; Domain=protonmail.ch; Path=/; HttpOnly; Secure; Max-Age=7776000\",\"Unparsed\":null},{\"Name\":\"Tag\",\"Value\":\"default\",\"Path\":\"/\",\"Domain\":\"\",\"Expires\":\"2023-02-19T00:20:40.269428627+01:00\",\"RawExpires\":\"\",\"MaxAge\":7776000,\"Secure\":true,\"HttpOnly\":false,\"SameSite\":0,\"Raw\":\"Tag=default; Path=/; Secure; Max-Age=7776000\",\"Unparsed\":null}],\"https://protonmail.com\":[{\"Name\":\"Session-Id\",\"Value\":\"blablablablablablablablabla\",\"Path\":\"/\",\"Domain\":\"protonmail.com\",\"Expires\":\"2023-02-19T00:20:18.315084712+01:00\",\"RawExpires\":\"\",\"MaxAge\":7776000,\"Secure\":true,\"HttpOnly\":true,\"SameSite\":0,\"Raw\":\"Session-Id=Y3q2Mh-ClvqL6LWeYdfyPgAAABI; Domain=protonmail.com; Path=/; HttpOnly; Secure; Max-Age=7776000\",\"Unparsed\":null},{\"Name\":\"Tag\",\"Value\":\"redirect\",\"Path\":\"/\",\"Domain\":\"\",\"Expires\":\"2023-02-19T00:20:18.315087646+01:00\",\"RawExpires\":\"\",\"MaxAge\":7776000,\"Secure\":true,\"HttpOnly\":false,\"SameSite\":0,\"Raw\":\"Tag=redirect; Path=/; Secure; Max-Age=7776000\",\"Unparsed\":null}]}",
+	"fetch_workers": "16",
+	"first_time_start": "false",
+	"first_time_start_gui": "true",
+	"imap_workers": "16",
+	"is_all_mail_visible": "false",
+	"last_heartbeat": "325",
+	"last_used_version": "2.3.0+git",
+	"preferred_keychain": "secret-service",
+	"rebranding_migrated": "true",
+	"report_outgoing_email_without_encryption": "false",
+	"rollout": "0.4849529004202015",
+	"user_port_api": "1042",
+	"update_channel": "early",
+	"user_port_imap": "2143",
+	"user_port_smtp": "2025",
+	"user_ssl_smtp": "true"
+}
--- a/internal/app/vault.go
+++ b/internal/app/vault.go
@ -18,26 +18,24 @@
 package app

 import (
-	"encoding/base64"
 	"fmt"
 	"path"

-	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/certs"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/exp/slices"
 )

-func WithVault(locations *locations.Locations, fn func(*vault.Vault, bool, bool) error) error {
+func WithVault(locations *locations.Locations, panicHandler async.PanicHandler, fn func(*vault.Vault, bool, bool) error) error {
 	logrus.Debug("Creating vault")
 	defer logrus.Debug("Vault stopped")

 	// Create the encVault.
-	encVault, insecure, corrupt, err := newVault(locations)
+	encVault, insecure, corrupt, err := newVault(locations, panicHandler)
 	if err != nil {
 		return fmt.Errorf("could not create vault: %w", err)
 	}
@ -51,7 +49,9 @@ func WithVault(locations *locations.Locations, fn func(*vault.Vault, bool, bool)
 	if installed := encVault.GetCertsInstalled(); !installed {
 		logrus.Debug("Installing certificates")

-		if err := certs.NewInstaller().InstallCert(encVault.GetBridgeTLSCert()); err != nil {
+		certPEM, _ := encVault.GetBridgeTLSCert()
+
+		if err := certs.NewInstaller().InstallCert(certPEM); err != nil {
 			return fmt.Errorf("failed to install certs: %w", err)
 		}

@ -67,7 +67,7 @@ func WithVault(locations *locations.Locations, fn func(*vault.Vault, bool, bool)
 	return fn(encVault, insecure, corrupt)
 }

-func newVault(locations *locations.Locations) (*vault.Vault, bool, bool, error) {
+func newVault(locations *locations.Locations, panicHandler async.PanicHandler) (*vault.Vault, bool, bool, error) {
 	vaultDir, err := locations.ProvideSettingsPath()
 	if err != nil {
 		return nil, false, false, fmt.Errorf("could not get vault dir: %w", err)
@ -80,7 +80,8 @@ func newVault(locations *locations.Locations) (*vault.Vault, bool, bool, error)
 		insecure bool
 	)

-	if key, err := getVaultKey(vaultDir); err != nil {
+	if key, err := loadVaultKey(vaultDir); err != nil {
+		logrus.WithError(err).Error("Could not load/create vault key")
 		insecure = true

 		// We store the insecure vault in a separate directory
@ -94,7 +95,7 @@ func newVault(locations *locations.Locations) (*vault.Vault, bool, bool, error)
 		return nil, false, false, fmt.Errorf("could not provide gluon path: %w", err)
 	}

-	vault, corrupt, err := vault.New(vaultDir, gluonCacheDir, vaultKey)
+	vault, corrupt, err := vault.New(vaultDir, gluonCacheDir, vaultKey, panicHandler)
 	if err != nil {
 		return nil, false, false, fmt.Errorf("could not create vault: %w", err)
 	}
@ -102,42 +103,25 @@ func newVault(locations *locations.Locations) (*vault.Vault, bool, bool, error)
 	return vault, insecure, corrupt, nil
 }

-func getVaultKey(vaultDir string) ([]byte, error) {
+func loadVaultKey(vaultDir string) ([]byte, error) {
 	helper, err := vault.GetHelper(vaultDir)
 	if err != nil {
 		return nil, fmt.Errorf("could not get keychain helper: %w", err)
 	}

-	keychain, err := keychain.NewKeychain(helper, constants.KeyChainName)
+	kc, err := keychain.NewKeychain(helper, constants.KeyChainName)
 	if err != nil {
 		return nil, fmt.Errorf("could not create keychain: %w", err)
 	}

-	secrets, err := keychain.List()
+	has, err := vault.HasVaultKey(kc)
 	if err != nil {
-		return nil, fmt.Errorf("could not list keychain: %w", err)
+		return nil, fmt.Errorf("could not check for vault key: %w", err)
 	}

-	if !slices.Contains(secrets, vaultSecretName) {
-		tok, err := crypto.RandomToken(32)
-		if err != nil {
-			return nil, fmt.Errorf("could not generate random token: %w", err)
-		}
-
-		if err := keychain.Put(vaultSecretName, base64.StdEncoding.EncodeToString(tok)); err != nil {
-			return nil, fmt.Errorf("could not put keychain item: %w", err)
-		}
+	if has {
+		return vault.GetVaultKey(kc)
 	}

-	_, keyEnc, err := keychain.Get(vaultSecretName)
-	if err != nil {
-		return nil, fmt.Errorf("could not get keychain item: %w", err)
-	}
-
-	keyDec, err := base64.StdEncoding.DecodeString(keyEnc)
-	if err != nil {
-		return nil, fmt.Errorf("could not decode keychain item: %w", err)
-	}
-
-	return keyDec, nil
+	return vault.NewVaultKey(kc)
 }
--- a/internal/async/context.go
+++ b/internal/async/context.go
@ -1,82 +0,0 @@
-// Copyright (c) 2023 Proton AG
-//
-// This file is part of Proton Mail Bridge.
-//
-// Proton Mail Bridge is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// Proton Mail Bridge is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
-
-package async
-
-import (
-	"context"
-	"sync"
-)
-
-// Abortable collects groups of functions that can be aborted by calling Abort.
-type Abortable struct {
-	abortFunc []context.CancelFunc
-	abortLock sync.RWMutex
-}
-
-func (a *Abortable) Do(ctx context.Context, fn func(context.Context)) {
-	fn(a.newCancelCtx(ctx))
-}
-
-func (a *Abortable) Abort() {
-	a.abortLock.RLock()
-	defer a.abortLock.RUnlock()
-
-	for _, fn := range a.abortFunc {
-		fn()
-	}
-}
-
-func (a *Abortable) newCancelCtx(ctx context.Context) context.Context {
-	a.abortLock.Lock()
-	defer a.abortLock.Unlock()
-
-	ctx, cancel := context.WithCancel(ctx)
-
-	a.abortFunc = append(a.abortFunc, cancel)
-
-	return ctx
-}
-
-// RangeContext iterates over the given channel until the context is canceled or the
-// channel is closed.
-func RangeContext[T any](ctx context.Context, ch <-chan T, fn func(T)) {
-	for {
-		select {
-		case v, ok := <-ch:
-			if !ok {
-				return
-			}
-
-			fn(v)
-
-		case <-ctx.Done():
-			return
-		}
-	}
-}
-
-// ForwardContext forwards all values from the src channel to the dst channel until the
-// context is canceled or the src channel is closed.
-func ForwardContext[T any](ctx context.Context, dst chan<- T, src <-chan T) {
-	RangeContext(ctx, src, func(v T) {
-		select {
-		case dst <- v:
-		case <-ctx.Done():
-		}
-	})
-}
--- a/internal/async/group.go
+++ b/internal/async/group.go
@ -1,233 +0,0 @@
-// Copyright (c) 2023 Proton AG
-//
-// This file is part of Proton Mail Bridge.
-//
-// Proton Mail Bridge is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// Proton Mail Bridge is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
-
-package async
-
-import (
-	"context"
-	"math/rand"
-	"sync"
-	"time"
-)
-
-type PanicHandler interface {
-	HandlePanic()
-}
-
-// Group is forked and improved version of "github.com/bradenaw/juniper/xsync.Group".
-//
-// It manages a group of goroutines. The main change to original is posibility
-// to wait passed function to finish without canceling it's context and adding
-// PanicHandler.
-type Group struct {
-	baseCtx context.Context
-	ctx     context.Context
-	jobCtx  context.Context
-	cancel  context.CancelFunc
-	finish  context.CancelFunc
-	wg      sync.WaitGroup
-
-	panicHandler PanicHandler
-}
-
-// NewGroup returns a Group ready for use. The context passed to any of the f functions will be a
-// descendant of ctx.
-func NewGroup(ctx context.Context, panicHandler PanicHandler) *Group {
-	bgCtx, cancel := context.WithCancel(ctx)
-	jobCtx, finish := context.WithCancel(ctx)
-	return &Group{
-		baseCtx:      ctx,
-		ctx:          bgCtx,
-		jobCtx:       jobCtx,
-		cancel:       cancel,
-		finish:       finish,
-		panicHandler: panicHandler,
-	}
-}
-
-// Once calls f once from another goroutine.
-func (g *Group) Once(f func(ctx context.Context)) {
-	g.wg.Add(1)
-	go func() {
-		defer g.handlePanic()
-
-		f(g.ctx)
-		g.wg.Done()
-	}()
-}
-
-// jitterDuration returns a random duration in [d - jitter, d + jitter].
-func jitterDuration(d time.Duration, jitter time.Duration) time.Duration {
-	return d + time.Duration(float64(jitter)*((rand.Float64()*2)-1)) //nolint:gosec
-}
-
-// Periodic spawns a goroutine that calls f once per interval +/- jitter.
-func (g *Group) Periodic(
-	interval time.Duration,
-	jitter time.Duration,
-	f func(ctx context.Context),
-) {
-	g.wg.Add(1)
-	go func() {
-		defer g.handlePanic()
-
-		defer g.wg.Done()
-
-		t := time.NewTimer(jitterDuration(interval, jitter))
-		defer t.Stop()
-
-		for {
-			if g.ctx.Err() != nil {
-				return
-			}
-
-			select {
-			case <-g.jobCtx.Done():
-				return
-			case <-t.C:
-			}
-
-			t.Reset(jitterDuration(interval, jitter))
-			f(g.ctx)
-		}
-	}()
-}
-
-// Trigger spawns a goroutine which calls f whenever the returned function is called. If f is
-// already running when triggered, f will run again immediately when it finishes.
-func (g *Group) Trigger(f func(ctx context.Context)) func() {
-	c := make(chan struct{}, 1)
-	g.wg.Add(1)
-	go func() {
-		defer g.handlePanic()
-
-		defer g.wg.Done()
-
-		for {
-			if g.ctx.Err() != nil {
-				return
-			}
-			select {
-			case <-g.jobCtx.Done():
-				return
-			case <-c:
-			}
-			f(g.ctx)
-		}
-	}()
-
-	return func() {
-		select {
-		case c <- struct{}{}:
-		default:
-		}
-	}
-}
-
-// PeriodicOrTrigger spawns a goroutine which calls f whenever the returned function is called.  If
-// f is already running when triggered, f will run again immediately when it finishes. Also calls f
-// when it has been interval+/-jitter since the last trigger.
-func (g *Group) PeriodicOrTrigger(
-	interval time.Duration,
-	jitter time.Duration,
-	f func(ctx context.Context),
-) func() {
-	c := make(chan struct{}, 1)
-	g.wg.Add(1)
-	go func() {
-		defer g.handlePanic()
-
-		defer g.wg.Done()
-
-		t := time.NewTimer(jitterDuration(interval, jitter))
-		defer t.Stop()
-
-		for {
-			if g.ctx.Err() != nil {
-				return
-			}
-			select {
-			case <-g.jobCtx.Done():
-				return
-			case <-t.C:
-				t.Reset(jitterDuration(interval, jitter))
-			case <-c:
-				if !t.Stop() {
-					<-t.C
-				}
-				t.Reset(jitterDuration(interval, jitter))
-			}
-			f(g.ctx)
-		}
-	}()
-
-	return func() {
-		select {
-		case c <- struct{}{}:
-		default:
-		}
-	}
-}
-
-func (g *Group) resetCtx() {
-	g.jobCtx, g.finish = context.WithCancel(g.baseCtx)
-	g.ctx, g.cancel = context.WithCancel(g.baseCtx)
-}
-
-// Cancel is send to all of the spawn goroutines and ends periodic
-// or trigger routines.
-func (g *Group) Cancel() {
-	g.cancel()
-	g.finish()
-	g.resetCtx()
-}
-
-// Finish will ends all periodic or polls routines. It will let
-// currently running functions to finish (cancel is not sent).
-//
-// It is not safe to call Wait concurrently with any other method on g.
-func (g *Group) Finish() {
-	g.finish()
-	g.jobCtx, g.finish = context.WithCancel(g.baseCtx)
-}
-
-// CancelAndWait cancels the context passed to any of the spawned goroutines and waits for all spawned
-// goroutines to exit.
-//
-// It is not safe to call Wait concurrently with any other method on g.
-func (g *Group) CancelAndWait() {
-	g.finish()
-	g.cancel()
-	g.wg.Wait()
-	g.resetCtx()
-}
-
-// WaitToFinish will ends all periodic or polls routines. It will wait for
-// currently running functions to finish (cancel is not sent).
-//
-// It is not safe to call Wait concurrently with any other method on g.
-func (g *Group) WaitToFinish() {
-	g.finish()
-	g.wg.Wait()
-	g.jobCtx, g.finish = context.WithCancel(g.baseCtx)
-}
-
-func (g *Group) handlePanic() {
-	if g.panicHandler != nil {
-		g.panicHandler.HandlePanic()
-	}
-}
--- a/internal/bridge/api.go
+++ b/internal/bridge/api.go
@ -21,6 +21,7 @@ import (
 	"net/http"

 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/sirupsen/logrus"
@ -32,14 +33,14 @@ func defaultAPIOptions(
 	version *semver.Version,
 	cookieJar http.CookieJar,
 	transport http.RoundTripper,
-	poolSize int,
+	panicHandler async.PanicHandler,
 ) []proton.Option {
 	return []proton.Option{
 		proton.WithHostURL(apiURL),
 		proton.WithAppVersion(constants.AppVersion(version.Original())),
 		proton.WithCookieJar(cookieJar),
 		proton.WithTransport(transport),
-		proton.WithAttPoolSize(poolSize),
 		proton.WithLogger(logrus.StandardLogger()),
+		proton.WithPanicHandler(panicHandler),
 	}
 }
--- a/internal/bridge/api_default.go
+++ b/internal/bridge/api_default.go
@ -23,6 +23,7 @@ import (
 	"net/http"

 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/go-proton-api"
 )

@ -32,7 +33,7 @@ func newAPIOptions(
 	version *semver.Version,
 	cookieJar http.CookieJar,
 	transport http.RoundTripper,
-	poolSize int,
+	panicHandler async.PanicHandler,
 ) []proton.Option {
-	return defaultAPIOptions(apiURL, version, cookieJar, transport, poolSize)
+	return defaultAPIOptions(apiURL, version, cookieJar, transport, panicHandler)
 }
--- a/internal/bridge/api_qa.go
+++ b/internal/bridge/api_qa.go
@ -20,10 +20,12 @@
 package bridge

 import (
+	"crypto/tls"
 	"net/http"
 	"os"

 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/go-proton-api"
 )

@ -33,9 +35,17 @@ func newAPIOptions(
 	version *semver.Version,
 	cookieJar http.CookieJar,
 	transport http.RoundTripper,
-	poolSize int,
+	panicHandler async.PanicHandler,
 ) []proton.Option {
-	opt := defaultAPIOptions(apiURL, version, cookieJar, transport, poolSize)
+
+	if allow := os.Getenv("BRIDGE_ALLOW_PROXY"); allow != "" {
+		transport = &http.Transport{
+			Proxy:           http.ProxyFromEnvironment,
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+	}
+
+	opt := defaultAPIOptions(apiURL, version, cookieJar, transport, panicHandler)

 	if host := os.Getenv("BRIDGE_API_HOST"); host != "" {
 		opt = append(opt, proton.WithHostURL(host))
--- a/internal/bridge/bridge.go
+++ b/internal/bridge/bridge.go
@ -29,21 +29,21 @@ import (
 	"time"

 	"github.com/Masterminds/semver/v3"
-	"github.com/ProtonMail/gluon"
+	"github.com/ProtonMail/gluon/async"
 	imapEvents "github.com/ProtonMail/gluon/events"
+	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/gluon/watcher"
 	"github.com/ProtonMail/go-proton-api"
-	"github.com/ProtonMail/proton-bridge/v3/internal/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/focus"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/sentry"
+	"github.com/ProtonMail/proton-bridge/v3/internal/telemetry"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/bradenaw/juniper/xslices"
-	"github.com/emersion/go-smtp"
 	"github.com/go-resty/resty/v2"
 	"github.com/sirupsen/logrus"
 )
@ -65,18 +65,15 @@ type Bridge struct {
 	tlsConfig *tls.Config

 	// imapServer is the bridge's IMAP server.
-	imapServer   *gluon.Server
-	imapListener net.Listener
-	imapEventCh  chan imapEvents.Event
-
-	// smtpServer is the bridge's SMTP server.
-	smtpServer   *smtp.Server
-	smtpListener net.Listener
+	imapEventCh chan imapEvents.Event

 	// updater is the bridge's updater.
 	updater   Updater
 	installCh chan installJob

+	// heartbeat is the telemetry heartbeat for metrics.
+	heartbeat telemetry.Heartbeat
+
 	// curVersion is the current version of the bridge,
 	// newVersion is the version that was installed by the updater.
 	curVersion     *semver.Version
@ -92,8 +89,8 @@ type Bridge struct {
 	// locator is the bridge's locator.
 	locator Locator

-	// crashHandler
-	crashHandler async.PanicHandler
+	// panicHandler
+	panicHandler async.PanicHandler

 	// reporter
 	reporter reporter.Reporter
@ -124,10 +121,17 @@ type Bridge struct {

 	// goUpdate triggers a check/install of updates.
 	goUpdate func()
+
+	// goHeartbeat triggers a check/sending if heartbeat is needed.
+	goHeartbeat func()
+
+	uidValidityGenerator imap.UIDValidityGenerator
+
+	serverManager *ServerManager
 }

 // New creates a new bridge.
-func New( //nolint:funlen
+func New(
 	locator Locator, // the locator to provide paths to store data
 	vault *vault.Vault, // the bridge's encrypted data store
 	autostarter Autostarter, // the autostarter to manage autostart settings
@ -140,17 +144,18 @@ func New( //nolint:funlen
 	tlsReporter TLSReporter, // the TLS reporter to report TLS errors
 	roundTripper http.RoundTripper, // the round tripper to use for API requests
 	proxyCtl ProxyController, // the DoH controller
-	crashHandler async.PanicHandler,
+	panicHandler async.PanicHandler,
 	reporter reporter.Reporter,
+	uidValidityGenerator imap.UIDValidityGenerator,

 	logIMAPClient, logIMAPServer bool, // whether to log IMAP client/server activity
 	logSMTP bool, // whether to log SMTP activity
 ) (*Bridge, <-chan events.Event, error) {
 	// api is the user's API manager.
-	api := proton.New(newAPIOptions(apiURL, curVersion, cookieJar, roundTripper, vault.SyncAttPool())...)
+	api := proton.New(newAPIOptions(apiURL, curVersion, cookieJar, roundTripper, panicHandler)...)

 	// tasks holds all the bridge's background tasks.
-	tasks := async.NewGroup(context.Background(), crashHandler)
+	tasks := async.NewGroup(context.Background(), panicHandler)

 	// imapEventCh forwards IMAP events from gluon instances to the bridge for processing.
 	imapEventCh := make(chan imapEvents.Event)
@ -165,12 +170,13 @@ func New( //nolint:funlen
 		autostarter,
 		updater,
 		curVersion,
-		crashHandler,
+		panicHandler,
 		reporter,

 		api,
 		identifier,
 		proxyCtl,
+		uidValidityGenerator,
 		logIMAPClient, logIMAPServer, logSMTP,
 	)
 	if err != nil {
@ -185,22 +191,9 @@ func New( //nolint:funlen
 		return nil, nil, fmt.Errorf("failed to initialize bridge: %w", err)
 	}

-	// Start serving IMAP.
-	if err := bridge.serveIMAP(); err != nil {
-		logrus.WithError(err).Error("IMAP error")
-		bridge.PushError(ErrServeIMAP)
-	}
-
-	// Start serving SMTP.
-	if err := bridge.serveSMTP(); err != nil {
-		logrus.WithError(err).Error("SMTP error")
-		bridge.PushError(ErrServeSMTP)
-	}
-
 	return bridge, eventCh, nil
 }

-// nolint:funlen
 func newBridge(
 	tasks *async.Group,
 	imapEventCh chan imapEvents.Event,
@ -210,12 +203,13 @@ func newBridge(
 	autostarter Autostarter,
 	updater Updater,
 	curVersion *semver.Version,
-	crashHandler async.PanicHandler,
+	panicHandler async.PanicHandler,
 	reporter reporter.Reporter,

 	api *proton.Manager,
 	identifier Identifier,
 	proxyCtl ProxyController,
+	uidValidityGenerator imap.UIDValidityGenerator,

 	logIMAPClient, logIMAPServer, logSMTP bool,
 ) (*Bridge, error) {
@ -224,16 +218,6 @@ func newBridge(
 		return nil, fmt.Errorf("failed to load TLS config: %w", err)
 	}

-	gluonCacheDir, err := getGluonDir(vault)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get Gluon directory: %w", err)
-	}
-
-	gluonDataDir, err := locator.ProvideGluonDataPath()
-	if err != nil {
-		return nil, fmt.Errorf("failed to get Gluon Database directory: %w", err)
-	}
-
 	firstStart := vault.GetFirstStart()
 	if err := vault.SetFirstStart(false); err != nil {
 		return nil, fmt.Errorf("failed to save first start indicator: %w", err)
@ -244,22 +228,9 @@ func newBridge(
 		return nil, fmt.Errorf("failed to save last version indicator: %w", err)
 	}

-	imapServer, err := newIMAPServer(
-		gluonCacheDir,
-		gluonDataDir,
-		curVersion,
-		tlsConfig,
-		reporter,
-		logIMAPClient,
-		logIMAPServer,
-		imapEventCh,
-		tasks,
-	)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create IMAP server: %w", err)
-	}
+	identifier.SetClientString(vault.GetLastUserAgent())

-	focusService, err := focus.NewService(curVersion)
+	focusService, err := focus.NewService(locator, curVersion, panicHandler)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create focus service: %w", err)
 	}
@ -275,7 +246,6 @@ func newBridge(
 		identifier: identifier,

 		tlsConfig:   tlsConfig,
-		imapServer:  imapServer,
 		imapEventCh: imapEventCh,

 		updater:   updater,
@ -285,7 +255,7 @@ func newBridge(
 		newVersion:     curVersion,
 		newVersionLock: safe.NewRWMutex(),

-		crashHandler: crashHandler,
+		panicHandler: panicHandler,
 		reporter:     reporter,

 		focusService: focusService,
@ -300,14 +270,19 @@ func newBridge(
 		lastVersion: lastVersion,

 		tasks: tasks,
+
+		uidValidityGenerator: uidValidityGenerator,
+
+		serverManager: newServerManager(),
 	}

-	bridge.smtpServer = newSMTPServer(bridge, tlsConfig, logSMTP)
+	if err := bridge.serverManager.Init(bridge); err != nil {
+		return nil, err
+	}

 	return bridge, nil
 }

-// nolint:funlen
 func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Enable or disable the proxy at startup.
 	if bridge.vault.GetProxyAllowed() {
@ -376,16 +351,17 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 		})
 	})

-	// Attempt to lazy load users when triggered.
+	// Attempt to load users from the vault when triggered.
 	bridge.goLoad = bridge.tasks.Trigger(func(ctx context.Context) {
 		if err := bridge.loadUsers(ctx); err != nil {
 			logrus.WithError(err).Error("Failed to load users")
 			if netErr := new(proton.NetError); !errors.As(err, &netErr) {
 				sentry.ReportError(bridge.reporter, "Failed to load users", err)
 			}
-		} else {
-			bridge.publish(events.AllUsersLoaded{})
+			return
 		}
+
+		bridge.publish(events.AllUsersLoaded{})
 	})
 	defer bridge.goLoad()

@ -431,18 +407,13 @@ func (bridge *Bridge) GetErrors() []error {
 func (bridge *Bridge) Close(ctx context.Context) {
 	logrus.Info("Closing bridge")

-	// Close the IMAP server.
-	if err := bridge.closeIMAP(ctx); err != nil {
-		logrus.WithError(err).Error("Failed to close IMAP server")
-	}
-
-	// Close the SMTP server.
-	if err := bridge.closeSMTP(); err != nil {
-		logrus.WithError(err).Error("Failed to close SMTP server")
+	// Close the servers
+	if err := bridge.serverManager.CloseServers(ctx); err != nil {
+		logrus.WithError(err).Error("Failed to close servers")
 	}

 	// Close all users.
-	safe.RLock(func() {
+	safe.Lock(func() {
 		for _, user := range bridge.users {
 			user.Close()
 		}
@ -484,7 +455,7 @@ func (bridge *Bridge) addWatcher(ofType ...events.Event) *watcher.Watcher[events
 	bridge.watchersLock.Lock()
 	defer bridge.watchersLock.Unlock()

-	watcher := watcher.New(ofType...)
+	watcher := watcher.New(bridge.panicHandler, ofType...)

 	bridge.watchers = append(bridge.watchers, watcher)

@ -545,7 +516,7 @@ func (bridge *Bridge) onStatusDown(ctx context.Context) {
 }

 func loadTLSConfig(vault *vault.Vault) (*tls.Config, error) {
-	cert, err := tls.X509KeyPair(vault.GetBridgeTLSCert(), vault.GetBridgeTLSKey())
+	cert, err := tls.X509KeyPair(vault.GetBridgeTLSCert())
 	if err != nil {
 		return nil, err
 	}
--- a/internal/bridge/bridge_test.go
+++ b/internal/bridge/bridge_test.go
@ -21,14 +21,18 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"net"
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 	"sync"
 	"testing"
 	"time"

 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/gluon/async"
+	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/go-proton-api/server/backend"
@ -46,7 +50,9 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/tests"
 	"github.com/bradenaw/juniper/xslices"
-	"github.com/emersion/go-imap/client"
+	imapid "github.com/emersion/go-imap-id"
+	"github.com/emersion/go-sasl"
+	"github.com/emersion/go-smtp"
 	"github.com/stretchr/testify/require"
 )

@ -121,8 +127,11 @@ func TestBridge_Focus(t *testing.T) {
 			raiseCh, done := bridge.GetEvents(events.Raise{})
 			defer done()

+			settingsFolder, err := locator.ProvideSettingsPath()
+			require.NoError(t, err)
+
 			// Simulate a focus event.
-			focus.TryRaise()
+			focus.TryRaise(settingsFolder)

 			// Wait for the event.
 			require.IsType(t, events.Raise{}, <-raiseCh)
@ -164,6 +173,210 @@ func TestBridge_UserAgent(t *testing.T) {
 	})
 }

+func TestBridge_UserAgent_Persistence(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
+		otherPassword := []byte("bar")
+		otherUser := "foo"
+		_, _, err := s.CreateUser(otherUser, otherPassword)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(b)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(b)
+			defer smtpWaiter.Done()
+
+			currentUserAgent := b.GetCurrentUserAgent()
+			require.Contains(t, currentUserAgent, useragent.DefaultUserAgent)
+
+			require.NoError(t, getErr(b.LoginFull(ctx, otherUser, otherPassword, nil, nil)))
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			require.NoError(t, err)
+			defer func() { _ = imapClient.Logout() }()
+
+			idClient := imapid.NewClient(imapClient)
+
+			// Set IMAP ID before Login to have the value capture in the Login API Call.
+			_, err = idClient.ID(imapid.ID{
+				imapid.FieldName:    "MyFancyClient",
+				imapid.FieldVersion: "0.1.2",
+			})
+
+			require.NoError(t, err)
+
+			// Login the user.
+			_, err = b.LoginFull(context.Background(), username, password, nil, nil)
+			require.NoError(t, err)
+
+			// Assert that the user agent then contains the platform.
+			require.Contains(t, b.GetCurrentUserAgent(), "MyFancyClient/0.1.2")
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			currentUserAgent := bridge.GetCurrentUserAgent()
+			require.Contains(t, currentUserAgent, "MyFancyClient/0.1.2")
+		})
+	})
+}
+
+func TestBridge_UserAgentFromUnknownClient(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
+		otherPassword := []byte("bar")
+		otherUser := "foo"
+		_, _, err := s.CreateUser(otherUser, otherPassword)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(b)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(b)
+			defer smtpWaiter.Done()
+
+			currentUserAgent := b.GetCurrentUserAgent()
+			require.Contains(t, currentUserAgent, useragent.DefaultUserAgent)
+
+			userID, err := b.LoginFull(context.Background(), username, password, nil, nil)
+			require.NoError(t, err)
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			require.NoError(t, err)
+			defer func() { _ = imapClient.Logout() }()
+
+			info, err := b.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.True(t, info.State == bridge.Connected)
+
+			require.NoError(t, imapClient.Login(info.Addresses[0], string(info.BridgePass)))
+
+			currentUserAgent = b.GetCurrentUserAgent()
+			require.Contains(t, currentUserAgent, "UnknownClient/0.0.1")
+		})
+	})
+}
+
+func TestBridge_UserAgentFromSMTPClient(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
+		otherPassword := []byte("bar")
+		otherUser := "foo"
+		_, _, err := s.CreateUser(otherUser, otherPassword)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(b)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(b)
+			defer smtpWaiter.Done()
+
+			currentUserAgent := b.GetCurrentUserAgent()
+			require.Contains(t, currentUserAgent, useragent.DefaultUserAgent)
+
+			userID, err := b.LoginFull(context.Background(), username, password, nil, nil)
+			require.NoError(t, err)
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			client, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(b.GetSMTPPort())))
+			require.NoError(t, err)
+			defer client.Close() //nolint:errcheck
+
+			info, err := b.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.True(t, info.State == bridge.Connected)
+
+			// Upgrade to TLS.
+			require.NoError(t, client.StartTLS(&tls.Config{InsecureSkipVerify: true}))
+			require.NoError(t, client.Auth(sasl.NewLoginClient(
+				info.Addresses[0],
+				string(info.BridgePass)),
+			))
+
+			require.Eventually(t, func() bool {
+				currentUserAgent = b.GetCurrentUserAgent()
+
+				return strings.Contains(currentUserAgent, "UnknownClient/0.0.1")
+			}, time.Minute, 5*time.Second)
+		})
+	})
+}
+
+func TestBridge_UserAgentFromIMAPID(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
+		var (
+			calls []server.Call
+			lock  sync.Mutex
+		)
+
+		s.AddCallWatcher(func(call server.Call) {
+			lock.Lock()
+			defer lock.Unlock()
+
+			calls = append(calls, call)
+		})
+
+		otherPassword := []byte("bar")
+		otherUser := "foo"
+		_, _, err := s.CreateUser(otherUser, otherPassword)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(b)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(b)
+			defer smtpWaiter.Done()
+
+			require.NoError(t, getErr(b.LoginFull(ctx, otherUser, otherPassword, nil, nil)))
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			require.NoError(t, err)
+			defer func() { _ = imapClient.Logout() }()
+
+			idClient := imapid.NewClient(imapClient)
+
+			// Set IMAP ID before Login to have the value capture in the Login API Call.
+			_, err = idClient.ID(imapid.ID{
+				imapid.FieldName:    "MyFancyClient",
+				imapid.FieldVersion: "0.1.2",
+			})
+
+			require.NoError(t, err)
+
+			// Login the user.
+			userID, err := b.LoginFull(context.Background(), username, password, nil, nil)
+			require.NoError(t, err)
+
+			info, err := b.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.True(t, info.State == bridge.Connected)
+
+			require.NoError(t, imapClient.Login(info.Addresses[0], string(info.BridgePass)))
+
+			lock.Lock()
+			defer lock.Unlock()
+
+			userAgent := calls[len(calls)-1].RequestHeader.Get("User-Agent")
+
+			// Assert that the user agent was sent to the API.
+			require.Contains(t, userAgent, b.GetCurrentUserAgent())
+			require.Contains(t, userAgent, "MyFancyClient/0.1.2")
+		})
+	})
+}
+
 func TestBridge_Cookies(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		var (
@ -496,6 +709,33 @@ func TestBridge_InitGluonDirectory(t *testing.T) {
 	})
 }

+func TestBridge_LoginFailed(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(bridge)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(bridge)
+			defer smtpWaiter.Done()
+
+			failCh, done := chToType[events.Event, events.IMAPLoginFailed](bridge.GetEvents(events.IMAPLoginFailed{}))
+			defer done()
+
+			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
+			require.NoError(t, err)
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			imapClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			require.NoError(t, err)
+
+			require.Error(t, imapClient.Login("badUser", "badPass"))
+			require.Equal(t, "badUser", (<-failCh).Username)
+		})
+	})
+}
+
 func TestBridge_ChangeCacheDirectory(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		userID, addrID, err := s.CreateUser("imap", password)
@ -514,6 +754,12 @@ func TestBridge_ChangeCacheDirectory(t *testing.T) {
 			configDir, err := b.GetGluonDataDir()
 			require.NoError(t, err)

+			imapWaiter := waitForIMAPServerReady(b)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(b)
+			defer smtpWaiter.Done()
+
 			// Login the user.
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()
@ -547,7 +793,10 @@ func TestBridge_ChangeCacheDirectory(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)

-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -587,7 +836,7 @@ func TestBridge_ChangeAddressOrder(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)

-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -608,7 +857,7 @@ func TestBridge_ChangeAddressOrder(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)

-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -657,6 +906,9 @@ func withMocks(t *testing.T, tests func(*bridge.Mocks)) {
 	tests(mocks)
 }

+// Needs to be global to survive bridge shutdown/startup in unit tests as they happen to fast.
+var testUIDValidityGenerator = imap.DefaultEpochUIDValidityGenerator()
+
 // withBridge creates a new bridge which points to the given API URL and uses the given keychain, and closes it when done.
 func withBridgeNoMocks(
 	ctx context.Context,
@ -667,6 +919,7 @@ func withBridgeNoMocks(
 	locator bridge.Locator,
 	vaultKey []byte,
 	tests func(*bridge.Bridge),
+	waitOnServers bool,
 ) {
 	// Bridge will disable the proxy by default at startup.
 	mocks.ProxyCtl.EXPECT().DisallowProxy()
@ -676,7 +929,7 @@ func withBridgeNoMocks(
 	require.NoError(t, err)

 	// Create the vault.
-	vault, _, err := vault.New(vaultDir, t.TempDir(), vaultKey)
+	vault, _, err := vault.New(vaultDir, t.TempDir(), vaultKey, async.NoopPanicHandler{})
 	require.NoError(t, err)

 	// Create a new cookie jar.
@ -702,6 +955,7 @@ func withBridgeNoMocks(
 		mocks.ProxyCtl,
 		mocks.CrashHandler,
 		mocks.Reporter,
+		testUIDValidityGenerator,

 		// The logging stuff.
 		os.Getenv("BRIDGE_LOG_IMAP_CLIENT") == "1",
@ -711,12 +965,22 @@ func withBridgeNoMocks(
 	require.NoError(t, err)
 	require.Empty(t, bridge.GetErrors())

+	// Start the Heartbeat process.
+	bridge.StartHeartbeat(mocks.Heartbeat)
+
 	// Wait for bridge to finish loading users.
 	waitForEvent(t, eventCh, events.AllUsersLoaded{})

 	// Set random IMAP and SMTP ports for the tests.
-	require.NoError(t, bridge.SetIMAPPort(0))
-	require.NoError(t, bridge.SetSMTPPort(0))
+	require.NoError(t, bridge.SetIMAPPort(ctx, 0))
+	require.NoError(t, bridge.SetSMTPPort(ctx, 0))
+
+	if waitOnServers {
+		// Wait for bridge to start the IMAP server.
+		waitForEvent(t, eventCh, events.IMAPServerReady{})
+		// Wait for bridge to start the SMTP server.
+		waitForEvent(t, eventCh, events.SMTPServerReady{})
+	}

 	// Close the bridge when done.
 	defer bridge.Close(ctx)
@ -738,11 +1002,28 @@ func withBridge(
 	withMocks(t, func(mocks *bridge.Mocks) {
 		withBridgeNoMocks(ctx, t, mocks, apiURL, netCtl, locator, vaultKey, func(bridge *bridge.Bridge) {
 			tests(bridge, mocks)
-		})
+		}, false)
 	})
 }

-func waitForEvent[T any](t *testing.T, eventCh <-chan events.Event, wantEvent T) {
+// withBridgeWaitForServers is the same as withBridge, but it will wait until IMAP & SMTP servers are ready.
+func withBridgeWaitForServers(
+	ctx context.Context,
+	t *testing.T,
+	apiURL string,
+	netCtl *proton.NetCtl,
+	locator bridge.Locator,
+	vaultKey []byte,
+	tests func(*bridge.Bridge, *bridge.Mocks),
+) {
+	withMocks(t, func(mocks *bridge.Mocks) {
+		withBridgeNoMocks(ctx, t, mocks, apiURL, netCtl, locator, vaultKey, func(bridge *bridge.Bridge) {
+			tests(bridge, mocks)
+		}, true)
+	})
+}
+
+func waitForEvent[T any](t *testing.T, eventCh <-chan events.Event, _ T) {
 	t.Helper()

 	for event := range eventCh {
@ -791,3 +1072,48 @@ func chToType[In, Out any](inCh <-chan In, done func()) (<-chan Out, func()) {

 	return outCh, done
 }
+
+type eventWaiter struct {
+	evtCh  <-chan events.Event
+	cancel func()
+}
+
+func (e *eventWaiter) Done() {
+	e.cancel()
+}
+
+func (e *eventWaiter) Wait() {
+	<-e.evtCh
+}
+
+func waitForSMTPServerReady(b *bridge.Bridge) *eventWaiter {
+	evtCh, cancel := b.GetEvents(events.SMTPServerReady{})
+	return &eventWaiter{
+		evtCh:  evtCh,
+		cancel: cancel,
+	}
+}
+
+func waitForSMTPServerStopped(b *bridge.Bridge) *eventWaiter {
+	evtCh, cancel := b.GetEvents(events.SMTPServerStopped{})
+	return &eventWaiter{
+		evtCh:  evtCh,
+		cancel: cancel,
+	}
+}
+
+func waitForIMAPServerReady(b *bridge.Bridge) *eventWaiter {
+	evtCh, cancel := b.GetEvents(events.IMAPServerReady{})
+	return &eventWaiter{
+		evtCh:  evtCh,
+		cancel: cancel,
+	}
+}
+
+func waitForIMAPServerStopped(b *bridge.Bridge) *eventWaiter {
+	evtCh, cancel := b.GetEvents(events.IMAPServerStopped{})
+	return &eventWaiter{
+		evtCh:  evtCh,
+		cancel: cancel,
+	}
+}
--- a/internal/bridge/bug_report.go
+++ b/internal/bridge/bug_report.go
@ -18,26 +18,22 @@
 package bridge

 import (
-	"archive/zip"
-	"bytes"
 	"context"
 	"io"
-	"os"
-	"path/filepath"
-	"sort"

 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
+	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 )

 const (
-	MaxTotalAttachmentSize  = 7 * (1 << 20)
-	MaxCompressedFilesCount = 6
+	DefaultMaxBugReportZipSize         = 7 * 1024 * 1024
+	DefaultMaxSessionCountForBugReport = 10
 )

-func (bridge *Bridge) ReportBug(ctx context.Context, osType, osVersion, description, username, email, client string, attachLogs bool) error { //nolint:funlen
+func (bridge *Bridge) ReportBug(ctx context.Context, osType, osVersion, description, username, email, client string, attachLogs bool) error {
 	var account string

 	if info, err := bridge.QueryUserInfo(username); err == nil {
@ -50,54 +46,25 @@ func (bridge *Bridge) ReportBug(ctx context.Context, osType, osVersion, descript
 		}
 	}

-	var atts []proton.ReportBugAttachment
+	var attachment []proton.ReportBugAttachment

 	if attachLogs {
-		logs, err := getMatchingLogs(bridge.locator, func(filename string) bool {
-			return logging.MatchLogName(filename) && !logging.MatchStackTraceName(filename)
-		})
+		logsPath, err := bridge.locator.ProvideLogsPath()
 		if err != nil {
 			return err
 		}

-		crashes, err := getMatchingLogs(bridge.locator, func(filename string) bool {
-			return logging.MatchLogName(filename) && logging.MatchStackTraceName(filename)
-		})
+		buffer, err := logging.ZipLogsForBugReport(logsPath, DefaultMaxSessionCountForBugReport, DefaultMaxBugReportZipSize)
 		if err != nil {
 			return err
 		}

-		guiLogs, err := getMatchingLogs(bridge.locator, func(filename string) bool {
-			return logging.MatchGUILogName(filename) && !logging.MatchStackTraceName(filename)
-		})
+		body, err := io.ReadAll(buffer)
 		if err != nil {
 			return err
 		}

-		var matchFiles []string
-
-		// Include bridge logs, up to a maximum amount.
-		matchFiles = append(matchFiles, logs[max(0, len(logs)-(MaxCompressedFilesCount/2)):]...)
-
-		// Include crash logs, up to a maximum amount.
-		matchFiles = append(matchFiles, crashes[max(0, len(crashes)-(MaxCompressedFilesCount/2)):]...)
-
-		// bridge-gui keeps just one small (~ 1kb) log file; we always include it.
-		if len(guiLogs) > 0 {
-			matchFiles = append(matchFiles, guiLogs[len(guiLogs)-1])
-		}
-
-		archive, err := zipFiles(matchFiles)
-		if err != nil {
-			return err
-		}
-
-		body, err := io.ReadAll(archive)
-		if err != nil {
-			return err
-		}
-
-		atts = append(atts, proton.ReportBugAttachment{
+		attachment = append(attachment, proton.ReportBugAttachment{
 			Name:     "logs.zip",
 			Filename: "logs.zip",
 			MIMEType: "application/zip",
@ -105,6 +72,12 @@ func (bridge *Bridge) ReportBug(ctx context.Context, osType, osVersion, descript
 		})
 	}

+	safe.Lock(func() {
+		for _, user := range bridge.users {
+			user.ReportBugSent()
+		}
+	}, bridge.usersLock)
+
 	return bridge.api.ReportBug(ctx, proton.ReportBugReq{
 		OS:        osType,
 		OSVersion: osVersion,
@ -118,116 +91,5 @@ func (bridge *Bridge) ReportBug(ctx context.Context, osType, osVersion, descript

 		Username: account,
 		Email:    email,
-	}, atts...)
-}
-
-func max(a, b int) int {
-	if a > b {
-		return a
-	}
-
-	return b
-}
-
-func getMatchingLogs(locator Locator, filenameMatchFunc func(string) bool) (filenames []string, err error) {
-	logsPath, err := locator.ProvideLogsPath()
-	if err != nil {
-		return nil, err
-	}
-
-	files, err := os.ReadDir(logsPath)
-	if err != nil {
-		return nil, err
-	}
-
-	var matchFiles []string
-
-	for _, file := range files {
-		if filenameMatchFunc(file.Name()) {
-			matchFiles = append(matchFiles, filepath.Join(logsPath, file.Name()))
-		}
-	}
-
-	sort.Strings(matchFiles) // Sorted by timestamp: oldest first.
-
-	return matchFiles, nil
-}
-
-type limitedBuffer struct {
-	capacity int
-	buf      *bytes.Buffer
-}
-
-func newLimitedBuffer(capacity int) *limitedBuffer {
-	return &limitedBuffer{
-		capacity: capacity,
-		buf:      bytes.NewBuffer(make([]byte, 0, capacity)),
-	}
-}
-
-func (b *limitedBuffer) Write(p []byte) (n int, err error) {
-	if len(p)+b.buf.Len() > b.capacity {
-		return 0, ErrSizeTooLarge
-	}
-
-	return b.buf.Write(p)
-}
-
-func (b *limitedBuffer) Read(p []byte) (n int, err error) {
-	return b.buf.Read(p)
-}
-
-func zipFiles(filenames []string) (io.Reader, error) {
-	if len(filenames) == 0 {
-		return nil, nil
-	}
-
-	buf := newLimitedBuffer(MaxTotalAttachmentSize)
-
-	w := zip.NewWriter(buf)
-	defer w.Close() //nolint:errcheck
-
-	for _, file := range filenames {
-		if err := addFileToZip(file, w); err != nil {
-			return nil, err
-		}
-	}
-
-	if err := w.Close(); err != nil {
-		return nil, err
-	}
-
-	return buf, nil
-}
-
-func addFileToZip(filename string, writer *zip.Writer) error {
-	fileReader, err := os.Open(filepath.Clean(filename))
-	if err != nil {
-		return err
-	}
-	defer fileReader.Close() //nolint:errcheck,gosec
-
-	fileInfo, err := fileReader.Stat()
-	if err != nil {
-		return err
-	}
-
-	header, err := zip.FileInfoHeader(fileInfo)
-	if err != nil {
-		return err
-	}
-
-	header.Method = zip.Deflate
-	header.Name = filepath.Base(filename)
-
-	fileWriter, err := writer.CreateHeader(header)
-	if err != nil {
-		return err
-	}
-
-	if _, err := io.Copy(fileWriter, fileReader); err != nil {
-		return err
-	}
-
-	return fileReader.Close()
+	}, attachment...)
 }
--- a/internal/bridge/config_status.go
+++ b/internal/bridge/config_status.go
@ -0,0 +1,46 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package bridge
+
+import (
+	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
+)
+
+func (bridge *Bridge) ReportBugClicked() {
+	safe.Lock(func() {
+		for _, user := range bridge.users {
+			user.ReportBugClicked()
+		}
+	}, bridge.usersLock)
+}
+
+func (bridge *Bridge) AutoconfigUsed(client string) {
+	safe.Lock(func() {
+		for _, user := range bridge.users {
+			user.AutoconfigUsed(client)
+		}
+	}, bridge.usersLock)
+}
+
+func (bridge *Bridge) KBArticleOpened(article string) {
+	safe.Lock(func() {
+		for _, user := range bridge.users {
+			user.KBArticleOpened(article)
+		}
+	}, bridge.usersLock)
+}
--- a/internal/bridge/configure.go
+++ b/internal/bridge/configure.go
@ -18,6 +18,7 @@
 package bridge

 import (
+	"context"
 	"strings"

 	"github.com/ProtonMail/proton-bridge/v3/internal/clientconfig"
@ -31,7 +32,7 @@ import (

 // ConfigureAppleMail configures apple mail for the given userID and address.
 // If configuring apple mail for Catalina or newer, it ensures Bridge is using SSL.
-func (bridge *Bridge) ConfigureAppleMail(userID, address string) error {
+func (bridge *Bridge) ConfigureAppleMail(ctx context.Context, userID, address string) error {
 	logrus.WithFields(logrus.Fields{
 		"userID":  userID,
 		"address": logging.Sensitive(address),
@ -56,7 +57,7 @@ func (bridge *Bridge) ConfigureAppleMail(userID, address string) error {
 		}

 		if useragent.IsCatalinaOrNewer() && !bridge.vault.GetSMTPSSL() {
-			if err := bridge.SetSMTPSSL(true); err != nil {
+			if err := bridge.SetSMTPSSL(ctx, true); err != nil {
 				return err
 			}
 		}
--- a/internal/bridge/debug.go
+++ b/internal/bridge/debug.go
@ -0,0 +1,297 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package bridge
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/ProtonMail/gluon/imap"
+	"github.com/ProtonMail/gluon/rfc822"
+	"github.com/ProtonMail/go-proton-api"
+	"github.com/ProtonMail/proton-bridge/v3/internal/user"
+	"github.com/bradenaw/juniper/iterator"
+	"github.com/bradenaw/juniper/xslices"
+	goimap "github.com/emersion/go-imap"
+	goimapclient "github.com/emersion/go-imap/client"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/exp/maps"
+)
+
+type CheckClientStateResult struct {
+	MissingMessages map[string]map[string]user.DiagMailboxMessage
+}
+
+func (c *CheckClientStateResult) AddMissingMessage(userID string, message user.DiagMailboxMessage) {
+	v, ok := c.MissingMessages[userID]
+	if !ok {
+		c.MissingMessages[userID] = map[string]user.DiagMailboxMessage{message.ID: message}
+	} else {
+		v[message.ID] = message
+	}
+}
+
+// CheckClientState checks the current IMAP client reported state against the proton server state and reports
+// anything that is out of place.
+func (bridge *Bridge) CheckClientState(ctx context.Context, checkFlags bool, progressCB func(string)) (CheckClientStateResult, error) {
+	bridge.usersLock.RLock()
+	defer bridge.usersLock.RUnlock()
+
+	users := maps.Values(bridge.users)
+
+	result := CheckClientStateResult{
+		MissingMessages: make(map[string]map[string]user.DiagMailboxMessage),
+	}
+
+	for _, usr := range users {
+		if progressCB != nil {
+			progressCB(fmt.Sprintf("Checking state for user %v", usr.Name()))
+		}
+		log := logrus.WithField("user", usr.Name()).WithField("diag", "state-check")
+		log.Debug("Retrieving all server metadata")
+		meta, err := usr.GetDiagnosticMetadata(ctx)
+		if err != nil {
+			return result, err
+		}
+
+		success := true
+
+		if len(meta.Metadata) != len(meta.MessageIDs) {
+			log.Errorf("Metadata (%v) and message(%v) list sizes do not match", len(meta.Metadata), len(meta.MessageIDs))
+		}
+
+		log.Debug("Building state")
+		state, err := meta.BuildMailboxToMessageMap(usr)
+		if err != nil {
+			log.WithError(err).Error("Failed to build state")
+			return result, err
+		}
+
+		info, err := bridge.GetUserInfo(usr.ID())
+		if err != nil {
+			log.WithError(err).Error("Failed to get user info")
+			return result, err
+		}
+
+		addr := fmt.Sprintf("127.0.0.1:%v", bridge.GetIMAPPort())
+
+		for account, mboxMap := range state {
+			if progressCB != nil {
+				progressCB(fmt.Sprintf("Checking state for user %v's account '%v'", usr.Name(), account))
+			}
+			if err := func(account string, mboxMap user.AccountMailboxMap) error {
+				client, err := goimapclient.Dial(addr)
+				if err != nil {
+					log.WithError(err).Error("Failed to connect to imap client")
+					return err
+				}
+
+				defer func() {
+					_ = client.Logout()
+				}()
+
+				if err := client.Login(account, string(info.BridgePass)); err != nil {
+					return fmt.Errorf("failed to login for user %v:%w", usr.Name(), err)
+				}
+
+				log := log.WithField("account", account)
+				for mboxName, messageList := range mboxMap {
+					log := log.WithField("mbox", mboxName)
+					status, err := client.Select(mboxName, true)
+					if err != nil {
+						log.WithError(err).Errorf("Failed to select mailbox %v", messageList)
+						return fmt.Errorf("failed to select '%v':%w", mboxName, err)
+					}
+
+					log.Debug("Checking message count")
+
+					if int(status.Messages) != len(messageList) {
+						success = false
+						log.Errorf("Message count doesn't match, got '%v' expected '%v'", status.Messages, len(messageList))
+					}
+
+					ids, err := clientGetMessageIDs(client, mboxName)
+					if err != nil {
+						return fmt.Errorf("failed to get message ids for mbox '%v': %w", mboxName, err)
+					}
+
+					for _, msg := range messageList {
+						imapFlags, ok := ids[msg.ID]
+						if !ok {
+							if meta.FailedMessageIDs.Contains(msg.ID) {
+								log.Warningf("Missing message '%v', but it is part of failed message set", msg.ID)
+							} else {
+								log.Errorf("Missing message '%v'", msg.ID)
+							}
+
+							result.AddMissingMessage(msg.UserID, msg)
+							continue
+						}
+
+						if checkFlags {
+							if !imapFlags.Equals(msg.Flags) {
+								log.Errorf("Message '%v' flags do mot match, got=%v, expected=%v",
+									msg.ID,
+									imapFlags.ToSlice(),
+									msg.Flags.ToSlice(),
+								)
+							}
+						}
+					}
+				}
+
+				if !success {
+					log.Errorf("State does not match")
+				} else {
+					log.Info("State matches")
+				}
+
+				return nil
+			}(account, mboxMap); err != nil {
+				return result, err
+			}
+		}
+
+		// Check for orphaned messages (only present in All Mail)
+		if progressCB != nil {
+			progressCB(fmt.Sprintf("Checking user %v for orphans", usr.Name()))
+		}
+		log.Debugf("Checking for orphans")
+
+		for _, m := range meta.Metadata {
+			filteredLabels := xslices.Filter(m.LabelIDs, func(t string) bool {
+				switch t {
+				case proton.AllMailLabel:
+					return false
+				case proton.AllSentLabel:
+					return false
+				case proton.AllDraftsLabel:
+					return false
+				case proton.OutboxLabel:
+					return false
+				default:
+					return true
+				}
+			})
+
+			if len(filteredLabels) == 0 {
+				log.Warnf("Message %v is only present in All Mail (Subject=%v)", m.ID, m.Subject)
+			}
+		}
+	}
+
+	return result, nil
+}
+
+func (bridge *Bridge) DebugDownloadFailedMessages(
+	ctx context.Context,
+	result CheckClientStateResult,
+	exportPath string,
+	progressCB func(string, int, int),
+) error {
+	bridge.usersLock.RLock()
+	defer bridge.usersLock.RUnlock()
+
+	for userID, messages := range result.MissingMessages {
+		usr, ok := bridge.users[userID]
+		if !ok {
+			return fmt.Errorf("failed to find user with id %v", userID)
+		}
+
+		userDir := filepath.Join(exportPath, userID)
+		if err := os.MkdirAll(userDir, 0o700); err != nil {
+			return fmt.Errorf("failed to create directory '%v': %w", userDir, err)
+		}
+
+		if err := usr.DebugDownloadMessages(ctx, userDir, messages, progressCB); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func clientGetMessageIDs(client *goimapclient.Client, mailbox string) (map[string]imap.FlagSet, error) {
+	status, err := client.Select(mailbox, true)
+	if err != nil {
+		return nil, err
+	}
+
+	if status.Messages == 0 {
+		return nil, nil
+	}
+
+	resCh := make(chan *goimap.Message)
+
+	section, err := goimap.ParseBodySectionName("BODY[HEADER]")
+	if err != nil {
+		return nil, err
+	}
+
+	fetchItems := []goimap.FetchItem{"BODY[HEADER]", goimap.FetchFlags}
+
+	seq, err := goimap.ParseSeqSet("1:*")
+	if err != nil {
+		return nil, err
+	}
+
+	go func() {
+		if err := client.Fetch(
+			seq,
+			fetchItems,
+			resCh,
+		); err != nil {
+			panic(err)
+		}
+	}()
+
+	messages := iterator.Collect(iterator.Chan(resCh))
+
+	ids := make(map[string]imap.FlagSet, len(messages))
+
+	for i, m := range messages {
+		literal, err := io.ReadAll(m.GetBody(section))
+		if err != nil {
+			return nil, err
+		}
+
+		header, err := rfc822.NewHeader(literal)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse header for msg %v: %w", i, err)
+		}
+
+		internalID, ok := header.GetChecked("X-Pm-Internal-Id")
+		if !ok {
+			logrus.Errorf("Message %v does not have internal id", internalID)
+			continue
+		}
+
+		messageFlags := imap.NewFlagSet(m.Flags...)
+
+		// Recent and Deleted are not part of the proton flag set.
+		messageFlags.RemoveFromSelf("\\Recent")
+		messageFlags.RemoveFromSelf("\\Deleted")
+
+		ids[internalID] = messageFlags
+	}
+
+	return ids, nil
+}
--- a/internal/bridge/draft_test.go
+++ b/internal/bridge/draft_test.go
@ -0,0 +1,175 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package bridge_test
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"fmt"
+	"io"
+	"net"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/ProtonMail/gluon/rfc822"
+	"github.com/ProtonMail/go-proton-api"
+	"github.com/ProtonMail/go-proton-api/server"
+	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
+	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
+	"github.com/ProtonMail/proton-bridge/v3/internal/events"
+	go_imap "github.com/emersion/go-imap"
+	"github.com/emersion/go-sasl"
+	"github.com/emersion/go-smtp"
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/require"
+)
+
+func TestBridge_HandleDraftsSendFromOtherClient(t *testing.T) {
+	getGluonHeaderID := func(literal []byte) (string, string) {
+		h, err := rfc822.NewHeader(literal)
+		require.NoError(t, err)
+
+		gluonID, ok := h.GetChecked("X-Pm-Gluon-Id")
+		require.True(t, ok)
+
+		externalID, ok := h.GetChecked("Message-Id")
+		require.True(t, ok)
+
+		return gluonID, externalID
+	}
+
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		_, _, err := s.CreateUser("imap", password)
+		require.NoError(t, err)
+
+		_, _, err = s.CreateUser("bar", password)
+		require.NoError(t, err)
+
+		// The initial user should be fully synced.
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
+			waiter := waitForIMAPServerReady(b)
+			defer waiter.Done()
+
+			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
+			defer done()
+
+			userID, err := b.LoginFull(ctx, "imap", password, nil, nil)
+			require.NoError(t, err)
+
+			require.Equal(t, userID, (<-syncCh).UserID)
+			waiter.Wait()
+
+			info, err := b.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.True(t, info.State == bridge.Connected)
+
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			require.NoError(t, err)
+			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
+			defer func() { _ = client.Logout() }()
+
+			// Create first draft in client.
+			literal := fmt.Sprintf(`From: %v
+To: %v
+Date: Fri, 3 Feb 2023 01:04:32 +0100
+Subject: Foo
+
+Hello
+`, info.Addresses[0], "bar@proton.local")
+
+			require.NoError(t, client.Append("Drafts", nil, time.Now(), strings.NewReader(literal)))
+			// Verify the draft is available in client.
+			require.Eventually(t, func() bool {
+				status, err := client.Status("Drafts", []go_imap.StatusItem{go_imap.StatusMessages})
+				require.NoError(t, err)
+				return status.Messages == 1
+			}, 2*time.Second, time.Second)
+
+			// Retrieve the new literal so we can have the Proton Message ID.
+			messages, err := clientFetch(client, "Drafts")
+			require.NoError(t, err)
+			require.Equal(t, 1, len(messages))
+
+			newLiteral, err := io.ReadAll(messages[0].GetBody(must(go_imap.ParseBodySectionName("BODY[]"))))
+			require.NoError(t, err)
+			logrus.Info(string(newLiteral))
+
+			newLiteralID, newLiteralExternID := getGluonHeaderID(newLiteral)
+
+			// Modify new literal.
+			newLiteralModified := append(newLiteral, []byte(" world from client2")...) //nolint:gocritic
+
+			func() {
+				smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(b.GetSMTPPort())))
+				require.NoError(t, err)
+				defer func() { _ = smtpClient.Close() }()
+
+				// Upgrade to TLS.
+				require.NoError(t, smtpClient.StartTLS(&tls.Config{InsecureSkipVerify: true}))
+
+				// Authorize with SASL PLAIN.
+				require.NoError(t, smtpClient.Auth(sasl.NewPlainClient(
+					info.Addresses[0],
+					info.Addresses[0],
+					string(info.BridgePass)),
+				))
+
+				// Send the message.
+				require.NoError(t, smtpClient.SendMail(
+					info.Addresses[0],
+					[]string{"bar@proton.local"},
+					bytes.NewReader(newLiteralModified),
+				))
+			}()
+
+			// Append message to Sent as the imap client would.
+			require.NoError(t, client.Append("Sent", nil, time.Now(), strings.NewReader(literal)))
+
+			// Verify the sent message gets updated with the new literal.
+			require.Eventually(t, func() bool {
+				// Check if sent message matches the latest draft.
+				messagesClient1, err := clientFetch(client, "Sent", "BODY[TEXT]", "BODY[]")
+				require.NoError(t, err)
+
+				if len(messagesClient1) != 1 {
+					return false
+				}
+
+				sentLiteral, err := io.ReadAll(messagesClient1[0].GetBody(must(go_imap.ParseBodySectionName("BODY[]"))))
+				require.NoError(t, err)
+
+				sentLiteralID, sentLiteralExternID := getGluonHeaderID(sentLiteral)
+
+				sentLiteralText, err := io.ReadAll(messagesClient1[0].GetBody(must(go_imap.ParseBodySectionName("BODY[TEXT]"))))
+				require.NoError(t, err)
+
+				sentLiteralStr := string(sentLiteralText)
+
+				literalMatches := sentLiteralStr == "Hello\r\n world from client2\r\n"
+
+				idIsDifferent := sentLiteralID != newLiteralID
+
+				externIDMatches := sentLiteralExternID == newLiteralExternID
+
+				return literalMatches && idIsDifferent && externIDMatches
+			}, 2*time.Second, time.Second)
+		})
+	}, server.WithMessageDedup())
+}
--- a/internal/bridge/errors.go
+++ b/internal/bridge/errors.go
@ -22,10 +22,7 @@ import "errors"
 var (
 	ErrVaultInsecure = errors.New("the vault is insecure")
 	ErrVaultCorrupt  = errors.New("the vault is corrupt")
-
-	ErrServeIMAP    = errors.New("failed to serve IMAP")
-	ErrServeSMTP    = errors.New("failed to serve SMTP")
-	ErrWatchUpdates = errors.New("failed to watch for updates")
+	ErrWatchUpdates  = errors.New("failed to watch for updates")

 	ErrNoSuchUser          = errors.New("no such user")
 	ErrUserAlreadyExists   = errors.New("user already exists")
--- a/internal/bridge/files.go
+++ b/internal/bridge/files.go
@ -58,11 +58,7 @@ func moveFile(from, to string) error {
 		return err
 	}

-	if err := os.Rename(from, to); err != nil {
-		return err
-	}
-
-	return nil
+	return os.Rename(from, to)
 }

 func copyDir(from, to string) error {
--- a/internal/bridge/heartbeat.go
+++ b/internal/bridge/heartbeat.go
@ -0,0 +1,128 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package bridge
+
+import (
+	"context"
+	"encoding/json"
+	"time"
+
+	"github.com/ProtonMail/gluon/reporter"
+	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
+	"github.com/ProtonMail/proton-bridge/v3/internal/telemetry"
+	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
+	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
+	"github.com/sirupsen/logrus"
+)
+
+const HeartbeatCheckInterval = time.Hour
+
+func (bridge *Bridge) IsTelemetryAvailable(ctx context.Context) bool {
+	var flag = true
+	if bridge.GetTelemetryDisabled() {
+		return false
+	}
+
+	safe.RLock(func() {
+		for _, user := range bridge.users {
+			flag = flag && user.IsTelemetryEnabled(ctx)
+		}
+	}, bridge.usersLock)
+
+	return flag
+}
+
+func (bridge *Bridge) SendHeartbeat(ctx context.Context, heartbeat *telemetry.HeartbeatData) bool {
+	data, err := json.Marshal(heartbeat)
+	if err != nil {
+		if err := bridge.reporter.ReportMessageWithContext("Cannot parse heartbeat data.", reporter.Context{
+			"error": err,
+		}); err != nil {
+			logrus.WithError(err).Error("Failed to parse heartbeat data.")
+		}
+		return false
+	}
+
+	var sent = false
+
+	safe.RLock(func() {
+		for _, user := range bridge.users {
+			if err := user.SendTelemetry(ctx, data); err == nil {
+				sent = true
+				break
+			}
+		}
+	}, bridge.usersLock)
+
+	return sent
+}
+
+func (bridge *Bridge) GetLastHeartbeatSent() time.Time {
+	return bridge.vault.GetLastHeartbeatSent()
+}
+
+func (bridge *Bridge) SetLastHeartbeatSent(timestamp time.Time) error {
+	return bridge.vault.SetLastHeartbeatSent(timestamp)
+}
+
+func (bridge *Bridge) StartHeartbeat(manager telemetry.HeartbeatManager) {
+	bridge.heartbeat = telemetry.NewHeartbeat(manager, 1143, 1025, bridge.GetGluonCacheDir(), keychain.DefaultHelper)
+
+	// Check for heartbeat when triggered.
+	bridge.goHeartbeat = bridge.tasks.PeriodicOrTrigger(HeartbeatCheckInterval, 0, func(ctx context.Context) {
+		logrus.Debug("Checking for heartbeat")
+
+		bridge.heartbeat.TrySending(ctx)
+	})
+
+	bridge.heartbeat.SetRollout(bridge.GetUpdateRollout())
+	bridge.heartbeat.SetAutoStart(bridge.GetAutostart())
+	bridge.heartbeat.SetAutoUpdate(bridge.GetAutoUpdate())
+	bridge.heartbeat.SetBeta(bridge.GetUpdateChannel())
+	bridge.heartbeat.SetDoh(bridge.GetProxyAllowed())
+	bridge.heartbeat.SetShowAllMail(bridge.GetShowAllMail())
+	bridge.heartbeat.SetIMAPConnectionMode(bridge.GetIMAPSSL())
+	bridge.heartbeat.SetSMTPConnectionMode(bridge.GetSMTPSSL())
+	bridge.heartbeat.SetIMAPPort(bridge.GetIMAPPort())
+	bridge.heartbeat.SetSMTPPort(bridge.GetSMTPPort())
+	bridge.heartbeat.SetCacheLocation(bridge.GetGluonCacheDir())
+	if val, err := bridge.GetKeychainApp(); err != nil {
+		bridge.heartbeat.SetKeyChainPref(val)
+	} else {
+		bridge.heartbeat.SetKeyChainPref(keychain.DefaultHelper)
+	}
+	bridge.heartbeat.SetPrevVersion(bridge.GetLastVersion().String())
+
+	safe.RLock(func() {
+		var splitMode = false
+		for _, user := range bridge.users {
+			if user.GetAddressMode() == vault.SplitMode {
+				splitMode = true
+				break
+			}
+		}
+		var nbAccount = len(bridge.users)
+		bridge.heartbeat.SetNbAccount(nbAccount)
+		bridge.heartbeat.SetSplitMode(splitMode)
+
+		// Do not try to send if there is no user yet.
+		if nbAccount > 0 {
+			defer bridge.goHeartbeat()
+		}
+	}, bridge.usersLock)
+}
--- a/internal/bridge/identifier.go
+++ b/internal/bridge/identifier.go
@ -17,6 +17,8 @@

 package bridge

+import "github.com/sirupsen/logrus"
+
 func (bridge *Bridge) GetCurrentUserAgent() string {
 	return bridge.identifier.GetUserAgent()
 }
@ -24,3 +26,17 @@ func (bridge *Bridge) GetCurrentUserAgent() string {
 func (bridge *Bridge) SetCurrentPlatform(platform string) {
 	bridge.identifier.SetPlatform(platform)
 }
+
+func (bridge *Bridge) setUserAgent(name, version string) {
+	currentUserAgent := bridge.identifier.GetClientString()
+
+	bridge.identifier.SetClient(name, version)
+
+	newUserAgent := bridge.identifier.GetClientString()
+
+	if currentUserAgent != newUserAgent {
+		if err := bridge.vault.SetLastUserAgent(newUserAgent); err != nil {
+			logrus.WithError(err).Error("Failed to write new user agent to vault")
+		}
+	}
+}
--- a/internal/bridge/imap.go
+++ b/internal/bridge/imap.go
@ -20,200 +20,39 @@ package bridge
 import (
 	"context"
 	"crypto/tls"
-	"fmt"
 	"io"
 	"os"
 	"path/filepath"
+	"strings"

 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon"
+	"github.com/ProtonMail/gluon/async"
 	imapEvents "github.com/ProtonMail/gluon/events"
+	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/gluon/store"
-	"github.com/ProtonMail/proton-bridge/v3/internal/async"
+	"github.com/ProtonMail/gluon/store/fallback_v0"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
+	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
-	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
+	"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
 	"github.com/sirupsen/logrus"
 )

-const (
-	defaultClientName    = "UnknownClient"
-	defaultClientVersion = "0.0.1"
-)
-
-func (bridge *Bridge) serveIMAP() error {
-	if bridge.imapServer == nil {
-		return fmt.Errorf("no imap server instance running")
-	}
-
-	logrus.Info("Starting IMAP server")
-
-	imapListener, err := newListener(bridge.vault.GetIMAPPort(), bridge.vault.GetIMAPSSL(), bridge.tlsConfig)
-	if err != nil {
-		return fmt.Errorf("failed to create IMAP listener: %w", err)
-	}
-
-	bridge.imapListener = imapListener
-
-	if err := bridge.imapServer.Serve(context.Background(), bridge.imapListener); err != nil {
-		return fmt.Errorf("failed to serve IMAP: %w", err)
-	}
-
-	if err := bridge.vault.SetIMAPPort(getPort(imapListener.Addr())); err != nil {
-		return fmt.Errorf("failed to store IMAP port in vault: %w", err)
-	}
-
-	return nil
-}
-
-func (bridge *Bridge) restartIMAP() error {
-	logrus.Info("Restarting IMAP server")
-
-	if bridge.imapListener != nil {
-		if err := bridge.imapListener.Close(); err != nil {
-			return fmt.Errorf("failed to close IMAP listener: %w", err)
-		}
-	}
-
-	return bridge.serveIMAP()
-}
-
-func (bridge *Bridge) closeIMAP(ctx context.Context) error {
-	logrus.Info("Closing IMAP server")
-
-	if bridge.imapServer != nil {
-		if err := bridge.imapServer.Close(ctx); err != nil {
-			return fmt.Errorf("failed to close IMAP server: %w", err)
-		}
-		bridge.imapServer = nil
-	}
-
-	if bridge.imapListener != nil {
-		if err := bridge.imapListener.Close(); err != nil {
-			return fmt.Errorf("failed to close IMAP listener: %w", err)
-		}
-	}
-
-	return nil
+func (bridge *Bridge) restartIMAP(ctx context.Context) error {
+	return bridge.serverManager.RestartIMAP(ctx)
 }

 // addIMAPUser connects the given user to gluon.
-//
-//nolint:funlen
 func (bridge *Bridge) addIMAPUser(ctx context.Context, user *user.User) error {
-	if bridge.imapServer == nil {
-		return fmt.Errorf("no imap server instance running")
-	}
-
-	imapConn, err := user.NewIMAPConnectors()
-	if err != nil {
-		return fmt.Errorf("failed to create IMAP connectors: %w", err)
-	}
-
-	for addrID, imapConn := range imapConn {
-		log := logrus.WithFields(logrus.Fields{
-			"userID": user.ID(),
-			"addrID": addrID,
-		})
-
-		if gluonID, ok := user.GetGluonID(addrID); ok {
-			log.WithField("gluonID", gluonID).Info("Loading existing IMAP user")
-
-			// Load the user, checking whether the DB was newly created.
-			isNew, err := bridge.imapServer.LoadUser(ctx, imapConn, gluonID, user.GluonKey())
-			if err != nil {
-				return fmt.Errorf("failed to load IMAP user: %w", err)
-			}
-
-			if isNew {
-				// If the DB was newly created, clear the sync status; gluon's DB was not found.
-				logrus.Warn("IMAP user DB was newly created, clearing sync status")
-
-				// Remove the user from IMAP so we can clear the sync status.
-				if err := bridge.imapServer.RemoveUser(ctx, gluonID, false); err != nil {
-					return fmt.Errorf("failed to remove IMAP user: %w", err)
-				}
-
-				// Clear the sync status -- we need to resync all messages.
-				if err := user.ClearSyncStatus(); err != nil {
-					return fmt.Errorf("failed to clear sync status: %w", err)
-				}
-
-				// Add the user back to the IMAP server.
-				if isNew, err := bridge.imapServer.LoadUser(ctx, imapConn, gluonID, user.GluonKey()); err != nil {
-					return fmt.Errorf("failed to add IMAP user: %w", err)
-				} else if isNew {
-					panic("IMAP user should already have a database")
-				}
-			} else if status := user.GetSyncStatus(); !status.HasLabels {
-				// Otherwise, the DB already exists -- if the labels are not yet synced, we need to re-create the DB.
-				if err := bridge.imapServer.RemoveUser(ctx, gluonID, true); err != nil {
-					return fmt.Errorf("failed to remove old IMAP user: %w", err)
-				}
-
-				if err := user.RemoveGluonID(addrID, gluonID); err != nil {
-					return fmt.Errorf("failed to remove old IMAP user ID: %w", err)
-				}
-
-				gluonID, err := bridge.imapServer.AddUser(ctx, imapConn, user.GluonKey())
-				if err != nil {
-					return fmt.Errorf("failed to add IMAP user: %w", err)
-				}
-
-				if err := user.SetGluonID(addrID, gluonID); err != nil {
-					return fmt.Errorf("failed to set IMAP user ID: %w", err)
-				}
-
-				log.WithField("gluonID", gluonID).Info("Re-created IMAP user")
-			}
-		} else {
-			log.Info("Creating new IMAP user")
-
-			gluonID, err := bridge.imapServer.AddUser(ctx, imapConn, user.GluonKey())
-			if err != nil {
-				return fmt.Errorf("failed to add IMAP user: %w", err)
-			}
-
-			if err := user.SetGluonID(addrID, gluonID); err != nil {
-				return fmt.Errorf("failed to set IMAP user ID: %w", err)
-			}
-
-			log.WithField("gluonID", gluonID).Info("Created new IMAP user")
-		}
-	}
-
-	// Trigger a sync for the user, if needed.
-	user.TriggerSync()
-
-	return nil
+	return bridge.serverManager.AddIMAPUser(ctx, user)
 }

 // removeIMAPUser disconnects the given user from gluon, optionally also removing its files.
 func (bridge *Bridge) removeIMAPUser(ctx context.Context, user *user.User, withData bool) error {
-	if bridge.imapServer == nil {
-		return fmt.Errorf("no imap server instance running")
-	}
-
-	logrus.WithFields(logrus.Fields{
-		"userID":   user.ID(),
-		"withData": withData,
-	}).Debug("Removing IMAP user")
-
-	for addrID, gluonID := range user.GetGluonIDs() {
-		if err := bridge.imapServer.RemoveUser(ctx, gluonID, withData); err != nil {
-			return fmt.Errorf("failed to remove IMAP user: %w", err)
-		}
-
-		if withData {
-			if err := user.RemoveGluonID(addrID, gluonID); err != nil {
-				return fmt.Errorf("failed to remove IMAP user ID: %w", err)
-			}
-		}
-	}
-
-	return nil
+	return bridge.serverManager.RemoveIMAPUser(ctx, user, withData)
 }

 func (bridge *Bridge) handleIMAPEvent(event imapEvents.Event) {
@ -227,11 +66,6 @@ func (bridge *Bridge) handleIMAPEvent(event imapEvents.Event) {
 			}).Info("Received mailbox message count")
 		}

-	case imapEvents.SessionAdded:
-		if !bridge.identifier.HasClient() {
-			bridge.identifier.SetClient(defaultClientName, defaultClientVersion)
-		}
-
 	case imapEvents.IMAPID:
 		logrus.WithFields(logrus.Fields{
 			"sessionID": event.SessionID,
@ -240,19 +74,24 @@ func (bridge *Bridge) handleIMAPEvent(event imapEvents.Event) {
 		}).Info("Received IMAP ID")

 		if event.IMAPID.Name != "" && event.IMAPID.Version != "" {
-			bridge.identifier.SetClient(event.IMAPID.Name, event.IMAPID.Version)
+			bridge.setUserAgent(event.IMAPID.Name, event.IMAPID.Version)
+		}
+
+	case imapEvents.LoginFailed:
+		logrus.WithFields(logrus.Fields{
+			"sessionID": event.SessionID,
+			"username":  event.Username,
+			"pkg":       "imap",
+		}).Error("Incorrect login credentials.")
+		bridge.publish(events.IMAPLoginFailed{Username: event.Username})
+
+	case imapEvents.Login:
+		if strings.Contains(bridge.GetCurrentUserAgent(), useragent.DefaultUserAgent) {
+			bridge.setUserAgent(useragent.UnknownClient, useragent.DefaultVersion)
 		}
 	}
 }

-func getGluonDir(encVault *vault.Vault) (string, error) {
-	if err := os.MkdirAll(encVault.GetGluonCacheDir(), 0o700); err != nil {
-		return "", fmt.Errorf("failed to create gluon dir: %w", err)
-	}
-
-	return encVault.GetGluonCacheDir(), nil
-}
-
 func ApplyGluonCachePathSuffix(basePath string) string {
 	return filepath.Join(basePath, "backend", "store")
 }
@ -261,7 +100,6 @@ func ApplyGluonConfigPathSuffix(basePath string) string {
 	return filepath.Join(basePath, "backend", "db")
 }

-// nolint:funlen
 func newIMAPServer(
 	gluonCacheDir, gluonConfigDir string,
 	version *semver.Version,
@ -270,6 +108,8 @@ func newIMAPServer(
 	logClient, logServer bool,
 	eventCh chan<- imapEvents.Event,
 	tasks *async.Group,
+	uidValidityGenerator imap.UIDValidityGenerator,
+	panicHandler async.PanicHandler,
 ) (*gluon.Server, error) {
 	gluonCacheDir = ApplyGluonCachePathSuffix(gluonCacheDir)
 	gluonConfigDir = ApplyGluonConfigPathSuffix(gluonConfigDir)
@ -313,6 +153,8 @@ func newIMAPServer(
 		gluon.WithLogger(imapClientLog, imapServerLog),
 		getGluonVersionInfo(version),
 		gluon.WithReporter(reporter),
+		gluon.WithUIDValidityGenerator(uidValidityGenerator),
+		gluon.WithPanicHandler(panicHandler),
 	)
 	if err != nil {
 		return nil, err
@ -348,7 +190,7 @@ func (*storeBuilder) New(path, userID string, passphrase []byte) (store.Store, e
 	return store.NewOnDiskStore(
 		filepath.Join(path, userID),
 		passphrase,
-		store.WithCompressor(new(store.GZipCompressor)),
+		store.WithFallback(fallback_v0.NewOnDiskStoreV0WithCompressor(&fallback_v0.GZipCompressor{})),
 	)
 }

--- a/internal/bridge/migration.go
+++ b/internal/bridge/migration.go
@ -0,0 +1,55 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package bridge
+
+import (
+	"strings"
+
+	"github.com/ProtonMail/gluon/reporter"
+	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
+	"github.com/sirupsen/logrus"
+)
+
+func (bridge *Bridge) databaseResyncNeeded() bool {
+	if strings.HasPrefix(bridge.lastVersion.String(), "3.4.0") &&
+		strings.HasPrefix(bridge.curVersion.String(), "3.4.1") {
+		logrus.WithFields(logrus.Fields{
+			"lastVersion": bridge.lastVersion.String(),
+			"currVersion": bridge.curVersion.String(),
+		}).Warning("Database re-synchronisation needed")
+		return true
+	}
+	return false
+}
+
+func (bridge *Bridge) migrateUser(vault *vault.User) {
+	if bridge.databaseResyncNeeded() {
+		if err := bridge.reporter.ReportMessage("Database need to be re-sync for migration."); err != nil {
+			logrus.WithError(err).Error("Failed to report database re-sync for migration.")
+		}
+		if err := vault.ClearSyncStatus(); err != nil {
+			logrus.WithError(err).Error("Failed reset to SyncStatus.")
+			if err2 := bridge.reporter.ReportMessageWithContext("Failed to reset SyncStatus for Database migration.",
+				reporter.Context{
+					"error": err,
+				}); err2 != nil {
+				logrus.WithError(err2).Error("Failed to report reset SyncStatus error.")
+			}
+		}
+	}
+}
--- a/internal/bridge/mocks.go
+++ b/internal/bridge/mocks.go
@ -24,6 +24,7 @@ type Mocks struct {

 	CrashHandler *mocks.MockPanicHandler
 	Reporter     *mocks.MockReporter
+	Heartbeat    *mocks.MockHeartbeatManager
 }

 func NewMocks(tb testing.TB, version, minAuto *semver.Version) *Mocks {
@ -39,13 +40,17 @@ func NewMocks(tb testing.TB, version, minAuto *semver.Version) *Mocks {

 		CrashHandler: mocks.NewMockPanicHandler(ctl),
 		Reporter:     mocks.NewMockReporter(ctl),
+		Heartbeat:    mocks.NewMockHeartbeatManager(ctl),
 	}

 	// When getting the TLS issue channel, we want to return the test channel.
 	mocks.TLSReporter.EXPECT().GetTLSIssueCh().Return(mocks.TLSIssueCh).AnyTimes()

-	// This is called at he end of any go-routine:
-	mocks.CrashHandler.EXPECT().HandlePanic().AnyTimes()
+	// This is called at the end of any go-routine:
+	mocks.CrashHandler.EXPECT().HandlePanic(gomock.Any()).AnyTimes()
+
+	// this is called at start of heartbeat process.
+	mocks.Heartbeat.EXPECT().IsTelemetryAvailable(gomock.Any()).AnyTimes()

 	return mocks
 }
@ -139,13 +144,13 @@ func (testUpdater *TestUpdater) SetLatestVersion(version, minAuto *semver.Versio
 	}
 }

-func (testUpdater *TestUpdater) GetVersionInfo(ctx context.Context, downloader updater.Downloader, channel updater.Channel) (updater.VersionInfo, error) {
+func (testUpdater *TestUpdater) GetVersionInfo(_ context.Context, _ updater.Downloader, _ updater.Channel) (updater.VersionInfo, error) {
 	testUpdater.lock.RLock()
 	defer testUpdater.lock.RUnlock()

 	return testUpdater.latest, nil
 }

-func (testUpdater *TestUpdater) InstallUpdate(ctx context.Context, downloader updater.Downloader, update updater.VersionInfo) error {
+func (testUpdater *TestUpdater) InstallUpdate(_ context.Context, _ updater.Downloader, _ updater.VersionInfo) error {
 	return nil
 }
--- a/internal/bridge/mocks/async_mocks.go
+++ b/internal/bridge/mocks/async_mocks.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/ProtonMail/proton-bridge/v3/internal/async (interfaces: PanicHandler)
+// Source: github.com/ProtonMail/gluon/async (interfaces: PanicHandler)

 // Package mocks is a generated GoMock package.
 package mocks
@ -34,13 +34,13 @@ func (m *MockPanicHandler) EXPECT() *MockPanicHandlerMockRecorder {
 }

 // HandlePanic mocks base method.
-func (m *MockPanicHandler) HandlePanic() {
+func (m *MockPanicHandler) HandlePanic(arg0 interface{}) {
 	m.ctrl.T.Helper()
-	m.ctrl.Call(m, "HandlePanic")
+	m.ctrl.Call(m, "HandlePanic", arg0)
 }

 // HandlePanic indicates an expected call of HandlePanic.
-func (mr *MockPanicHandlerMockRecorder) HandlePanic() *gomock.Call {
+func (mr *MockPanicHandlerMockRecorder) HandlePanic(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HandlePanic", reflect.TypeOf((*MockPanicHandler)(nil).HandlePanic))
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HandlePanic", reflect.TypeOf((*MockPanicHandler)(nil).HandlePanic), arg0)
 }
--- a/internal/bridge/mocks/telemetry_mocks.go
+++ b/internal/bridge/mocks/telemetry_mocks.go
@ -0,0 +1,93 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/ProtonMail/proton-bridge/v3/internal/telemetry (interfaces: HeartbeatManager)
+
+// Package mocks is a generated GoMock package.
+package mocks
+
+import (
+	context "context"
+	reflect "reflect"
+	time "time"
+
+	telemetry "github.com/ProtonMail/proton-bridge/v3/internal/telemetry"
+	gomock "github.com/golang/mock/gomock"
+)
+
+// MockHeartbeatManager is a mock of HeartbeatManager interface.
+type MockHeartbeatManager struct {
+	ctrl     *gomock.Controller
+	recorder *MockHeartbeatManagerMockRecorder
+}
+
+// MockHeartbeatManagerMockRecorder is the mock recorder for MockHeartbeatManager.
+type MockHeartbeatManagerMockRecorder struct {
+	mock *MockHeartbeatManager
+}
+
+// NewMockHeartbeatManager creates a new mock instance.
+func NewMockHeartbeatManager(ctrl *gomock.Controller) *MockHeartbeatManager {
+	mock := &MockHeartbeatManager{ctrl: ctrl}
+	mock.recorder = &MockHeartbeatManagerMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockHeartbeatManager) EXPECT() *MockHeartbeatManagerMockRecorder {
+	return m.recorder
+}
+
+// GetLastHeartbeatSent mocks base method.
+func (m *MockHeartbeatManager) GetLastHeartbeatSent() time.Time {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetLastHeartbeatSent")
+	ret0, _ := ret[0].(time.Time)
+	return ret0
+}
+
+// GetLastHeartbeatSent indicates an expected call of GetLastHeartbeatSent.
+func (mr *MockHeartbeatManagerMockRecorder) GetLastHeartbeatSent() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetLastHeartbeatSent", reflect.TypeOf((*MockHeartbeatManager)(nil).GetLastHeartbeatSent))
+}
+
+// IsTelemetryAvailable mocks base method.
+func (m *MockHeartbeatManager) IsTelemetryAvailable(arg0 context.Context) bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "IsTelemetryAvailable", arg0)
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// IsTelemetryAvailable indicates an expected call of IsTelemetryAvailable.
+func (mr *MockHeartbeatManagerMockRecorder) IsTelemetryAvailable(arg0 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IsTelemetryAvailable", reflect.TypeOf((*MockHeartbeatManager)(nil).IsTelemetryAvailable), arg0)
+}
+
+// SendHeartbeat mocks base method.
+func (m *MockHeartbeatManager) SendHeartbeat(arg0 context.Context, arg1 *telemetry.HeartbeatData) bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "SendHeartbeat", arg0, arg1)
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// SendHeartbeat indicates an expected call of SendHeartbeat.
+func (mr *MockHeartbeatManagerMockRecorder) SendHeartbeat(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SendHeartbeat", reflect.TypeOf((*MockHeartbeatManager)(nil).SendHeartbeat), arg0, arg1)
+}
+
+// SetLastHeartbeatSent mocks base method.
+func (m *MockHeartbeatManager) SetLastHeartbeatSent(arg0 time.Time) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "SetLastHeartbeatSent", arg0)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// SetLastHeartbeatSent indicates an expected call of SetLastHeartbeatSent.
+func (mr *MockHeartbeatManagerMockRecorder) SetLastHeartbeatSent(arg0 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetLastHeartbeatSent", reflect.TypeOf((*MockHeartbeatManager)(nil).SetLastHeartbeatSent), arg0)
+}
--- a/internal/bridge/refresh_test.go
+++ b/internal/bridge/refresh_test.go
@ -28,7 +28,6 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/bradenaw/juniper/iterator"
-	"github.com/emersion/go-imap/client"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/require"
 )
@ -57,6 +56,7 @@ func TestBridge_Refresh(t *testing.T) {
 			require.Equal(t, userID, (<-syncCh).UserID)
 		})

+		var uidValidities = make(map[string]uint32, len(names))
 		// If we then connect an IMAP client, it should see all the labels with UID validity of 1.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
 			mocks.Reporter.EXPECT().ReportMessageWithContext(gomock.Any(), gomock.Any()).AnyTimes()
@ -65,7 +65,7 @@ func TestBridge_Refresh(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)

-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -73,7 +73,7 @@ func TestBridge_Refresh(t *testing.T) {
 			for _, name := range names {
 				status, err := client.Select("Folders/"+name, false)
 				require.NoError(t, err)
-				require.Equal(t, uint32(1000), status.UidValidity)
+				uidValidities[name] = status.UidValidity
 			}
 		})

@ -98,7 +98,7 @@ func TestBridge_Refresh(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)

-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -106,7 +106,7 @@ func TestBridge_Refresh(t *testing.T) {
 			for _, name := range names {
 				status, err := client.Select("Folders/"+name, false)
 				require.NoError(t, err)
-				require.Equal(t, uint32(1001), status.UidValidity)
+				require.Greater(t, status.UidValidity, uidValidities[name])
 			}
 		})
 	})
--- a/internal/bridge/send_test.go
+++ b/internal/bridge/send_test.go
@ -34,7 +34,6 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/emersion/go-imap"
-	"github.com/emersion/go-imap/client"
 	"github.com/emersion/go-sasl"
 	"github.com/emersion/go-smtp"
 	"github.com/stretchr/testify/require"
@ -46,12 +45,17 @@ func TestBridge_Send(t *testing.T) {
 		require.NoError(t, err)

 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			smtpWaiter := waitForSMTPServerReady(bridge)
+			defer smtpWaiter.Done()
+
 			senderUserID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)

 			recipientUserID, err := bridge.LoginFull(ctx, "recipient", password, nil, nil)
 			require.NoError(t, err)

+			smtpWaiter.Wait()
+
 			senderInfo, err := bridge.GetUserInfo(senderUserID)
 			require.NoError(t, err)

@ -91,13 +95,13 @@ func TestBridge_Send(t *testing.T) {
 			}

 			// Connect the sender IMAP client.
-			senderIMAPClient, err := client.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			senderIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, senderIMAPClient.Login(senderInfo.Addresses[0], string(senderInfo.BridgePass)))
 			defer senderIMAPClient.Logout() //nolint:errcheck

 			// Connect the recipient IMAP client.
-			recipientIMAPClient, err := client.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			recipientIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, recipientIMAPClient.Login(recipientInfo.Addresses[0], string(recipientInfo.BridgePass)))
 			defer recipientIMAPClient.Logout() //nolint:errcheck
@ -135,19 +139,19 @@ func TestBridge_SendDraftFlags(t *testing.T) {
 		})

 		// Start the bridge.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Get the sender user info.
 			userInfo, err := bridge.QueryUserInfo(username)
 			require.NoError(t, err)

 			// Connect the sender IMAP client.
-			imapClient, err := client.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			imapClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Login(userInfo.Addresses[0], string(userInfo.BridgePass)))
 			defer imapClient.Logout() //nolint:errcheck

 			// The message to send.
-			const message = `Subject: Test\r\n\r\nHello world!`
+			message := fmt.Sprintf("From: %v\r\nDate: 01 Jan 1980 00:00:00 +0000\r\nSubject: Test\r\n\r\nHello world!", userInfo.Addresses[0])

 			// Save a draft.
 			require.NoError(t, imapClient.Append("Drafts", []string{imap.DraftFlag}, time.Now(), strings.NewReader(message)))
@ -245,13 +249,13 @@ func TestBridge_SendInvite(t *testing.T) {
 		})

 		// Start the bridge.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Get the sender user info.
 			userInfo, err := bridge.QueryUserInfo(username)
 			require.NoError(t, err)

 			// Connect the sender IMAP client.
-			imapClient, err := client.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			imapClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Login(userInfo.Addresses[0], string(userInfo.BridgePass)))
 			defer imapClient.Logout() //nolint:errcheck
@ -330,3 +334,187 @@ func TestBridge_SendInvite(t *testing.T) {
 		})
 	})
 }
+
+func TestBridge_SendAddTextBodyPartIfNotExists(t *testing.T) {
+	const messageMultipartWithoutText = `Content-Type: multipart/mixed;
+  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
+Subject: A new message
+Date: Mon, 13 Mar 2023 16:06:16 +0100
+
+
+--Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
+Content-Disposition: inline;
+  filename=Cat_August_2010-4.jpeg
+Content-Type: image/jpeg;
+  name="Cat_August_2010-4.jpeg"
+Content-Transfer-Encoding: base64
+
+SGVsbG8gd29ybGQ=
+
+--Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
+	`
+
+	const messageMultipartWithText = `Content-Type: multipart/mixed;
+  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
+Subject: A new message Part2 
+Date: Mon, 13 Mar 2023 16:06:16 +0100
+
+--Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
+Content-Disposition: inline;
+  filename=Cat_August_2010-4.jpeg
+Content-Type: image/jpeg;
+  name="Cat_August_2010-4.jpeg"
+Content-Transfer-Encoding: base64
+
+SGVsbG8gd29ybGQ=
+
+--Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
+Content-Type: text/html;charset=utf8
+Content-Transfer-Encoding: quoted-printable
+
+Hello world
+
+--Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
+`
+
+	const messageWithTextOnly = `Content-Type: text/plain;charset=utf8
+Content-Transfer-Encoding: quoted-printable
+Subject: A new message Part3
+Date: Mon, 13 Mar 2023 16:06:16 +0100
+
+Hello world
+
+`
+
+	const messageMultipartWithoutTextWithTextAttachment = `Content-Type: multipart/mixed;
+  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
+Subject: A new message Part4
+Date: Mon, 13 Mar 2023 16:06:16 +0100
+
+--Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
+Content-Type: text/plain; charset=UTF-8; name="text.txt"
+Content-Disposition: attachment; filename="text.txt"
+Content-Transfer-Encoding: base64
+
+SGVsbG8gd29ybGQK
+
+--Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
+`
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		_, _, err := s.CreateUser("recipient", password)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			smtpWaiter := waitForSMTPServerReady(bridge)
+			defer smtpWaiter.Done()
+
+			senderUserID, err := bridge.LoginFull(ctx, username, password, nil, nil)
+			require.NoError(t, err)
+
+			recipientUserID, err := bridge.LoginFull(ctx, "recipient", password, nil, nil)
+			require.NoError(t, err)
+
+			senderInfo, err := bridge.GetUserInfo(senderUserID)
+			require.NoError(t, err)
+
+			recipientInfo, err := bridge.GetUserInfo(recipientUserID)
+			require.NoError(t, err)
+
+			messages := []string{
+				messageMultipartWithoutText,
+				messageMultipartWithText,
+				messageWithTextOnly,
+				messageMultipartWithoutTextWithTextAttachment,
+			}
+
+			smtpWaiter.Wait()
+
+			for _, m := range messages {
+				// Dial the server.
+				client, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
+				require.NoError(t, err)
+				defer client.Close() //nolint:errcheck
+
+				// Upgrade to TLS.
+				require.NoError(t, client.StartTLS(&tls.Config{InsecureSkipVerify: true}))
+
+				// Authorize with SASL LOGIN.
+				require.NoError(t, client.Auth(sasl.NewLoginClient(
+					senderInfo.Addresses[0],
+					string(senderInfo.BridgePass)),
+				))
+
+				// Send the message.
+				require.NoError(t, client.SendMail(
+					senderInfo.Addresses[0],
+					[]string{recipientInfo.Addresses[0]},
+					strings.NewReader(m),
+				))
+			}
+
+			// Connect the sender IMAP client.
+			senderIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			require.NoError(t, err)
+			require.NoError(t, senderIMAPClient.Login(senderInfo.Addresses[0], string(senderInfo.BridgePass)))
+			defer senderIMAPClient.Logout() //nolint:errcheck
+
+			// Connect the recipient IMAP client.
+			recipientIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			require.NoError(t, err)
+			require.NoError(t, recipientIMAPClient.Login(recipientInfo.Addresses[0], string(recipientInfo.BridgePass)))
+			defer recipientIMAPClient.Logout() //nolint:errcheck
+
+			require.Eventually(t, func() bool {
+				messages, err := clientFetch(senderIMAPClient, `Sent`, imap.FetchBodyStructure)
+				require.NoError(t, err)
+				require.Equal(t, 4, len(messages))
+
+				// messages may not be in order
+				for _, message := range messages {
+					switch {
+					case message.Envelope.Subject == "A new message":
+						// The message that was sent should now include an empty text/plain body part since there was none
+						// in the original message.
+						require.Equal(t, 2, len(message.BodyStructure.Parts))
+
+						require.Equal(t, "text", message.BodyStructure.Parts[0].MIMEType)
+						require.Equal(t, "plain", message.BodyStructure.Parts[0].MIMESubType)
+						require.Equal(t, uint32(0), message.BodyStructure.Parts[0].Size)
+						require.Equal(t, "image", message.BodyStructure.Parts[1].MIMEType)
+						require.Equal(t, "jpeg", message.BodyStructure.Parts[1].MIMESubType)
+
+					case message.Envelope.Subject == "A new message Part2":
+						// This message already has a text body, should be unchanged
+						require.Equal(t, 2, len(message.BodyStructure.Parts))
+
+						require.Equal(t, "image", message.BodyStructure.Parts[1].MIMEType)
+						require.Equal(t, "jpeg", message.BodyStructure.Parts[1].MIMESubType)
+						require.Equal(t, "text", message.BodyStructure.Parts[0].MIMEType)
+						require.Equal(t, "html", message.BodyStructure.Parts[0].MIMESubType)
+
+					case message.Envelope.Subject == "A new message Part3":
+						// This message already has a text body, should be unchanged
+						require.Equal(t, 0, len(message.BodyStructure.Parts))
+
+						require.Equal(t, "text", message.BodyStructure.MIMEType)
+						require.Equal(t, "plain", message.BodyStructure.MIMESubType)
+
+					case message.Envelope.Subject == "A new message Part4":
+						// The message that was sent should now include an empty text/plain body part since even though
+						// there was only a text/plain attachment in the original message.
+						require.Equal(t, 2, len(message.BodyStructure.Parts))
+
+						require.Equal(t, "text", message.BodyStructure.Parts[0].MIMEType)
+						require.Equal(t, "plain", message.BodyStructure.Parts[0].MIMESubType)
+						require.Equal(t, uint32(0), message.BodyStructure.Parts[0].Size)
+						require.Equal(t, "text", message.BodyStructure.Parts[1].MIMEType)
+						require.Equal(t, "plain", message.BodyStructure.Parts[1].MIMESubType)
+						require.Equal(t, "attachment", message.BodyStructure.Parts[1].Disposition)
+					}
+				}
+
+				return true
+			}, 10*time.Second, 100*time.Millisecond)
+		})
+	})
+}
--- a/internal/bridge/sentry_test.go
+++ b/internal/bridge/sentry_test.go
@ -36,6 +36,9 @@ import (
 func TestBridge_Report(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(b)
+			defer imapWaiter.Done()
+
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()

@ -51,6 +54,8 @@ func TestBridge_Report(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)

+			imapWaiter.Wait()
+
 			// Dial the IMAP port.
 			conn, err := net.Dial("tcp", fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
--- a/internal/bridge/server_manager.go
+++ b/internal/bridge/server_manager.go
@ -0,0 +1,696 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package bridge
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"path/filepath"
+
+	"github.com/ProtonMail/gluon"
+	"github.com/ProtonMail/gluon/connector"
+	"github.com/ProtonMail/gluon/logging"
+	"github.com/ProtonMail/proton-bridge/v3/internal/events"
+	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
+	"github.com/ProtonMail/proton-bridge/v3/internal/user"
+	"github.com/ProtonMail/proton-bridge/v3/pkg/cpc"
+	"github.com/emersion/go-smtp"
+	"github.com/sirupsen/logrus"
+)
+
+// ServerManager manages the IMAP & SMTP servers and their listeners.
+type ServerManager struct {
+	requests *cpc.CPC
+
+	imapServer   *gluon.Server
+	imapListener net.Listener
+
+	smtpServer   *smtp.Server
+	smtpListener net.Listener
+
+	loadedUserCount int
+}
+
+func newServerManager() *ServerManager {
+	return &ServerManager{
+		requests: cpc.NewCPC(),
+	}
+}
+
+func (sm *ServerManager) Init(bridge *Bridge) error {
+	imapServer, err := createIMAPServer(bridge)
+	if err != nil {
+		return err
+	}
+
+	smtpServer := createSMTPServer(bridge)
+
+	sm.imapServer = imapServer
+	sm.smtpServer = smtpServer
+
+	bridge.tasks.Once(func(ctx context.Context) {
+		logging.DoAnnotated(ctx, func(ctx context.Context) {
+			sm.run(ctx, bridge)
+		}, logging.Labels{
+			"service": "server-manager",
+		})
+	})
+
+	return nil
+}
+
+func (sm *ServerManager) CloseServers(ctx context.Context) error {
+	defer sm.requests.Close()
+	_, err := sm.requests.Send(ctx, &smRequestClose{})
+
+	return err
+}
+
+func (sm *ServerManager) RestartIMAP(ctx context.Context) error {
+	_, err := sm.requests.Send(ctx, &smRequestRestartIMAP{})
+
+	return err
+}
+
+func (sm *ServerManager) RestartSMTP(ctx context.Context) error {
+	_, err := sm.requests.Send(ctx, &smRequestRestartSMTP{})
+
+	return err
+}
+
+func (sm *ServerManager) AddIMAPUser(ctx context.Context, user *user.User) error {
+	_, err := sm.requests.Send(ctx, &smRequestAddIMAPUser{user: user})
+
+	return err
+}
+
+func (sm *ServerManager) RemoveIMAPUser(ctx context.Context, user *user.User, withData bool) error {
+	_, err := sm.requests.Send(ctx, &smRequestRemoveIMAPUser{
+		user:     user,
+		withData: withData,
+	})
+
+	return err
+}
+
+func (sm *ServerManager) SetGluonDir(ctx context.Context, gluonDir string) error {
+	_, err := sm.requests.Send(ctx, &smRequestSetGluonDir{
+		dir: gluonDir,
+	})
+
+	return err
+}
+
+func (sm *ServerManager) AddGluonUser(ctx context.Context, conn connector.Connector, passphrase []byte) (string, error) {
+	reply, err := cpc.SendTyped[string](ctx, sm.requests, &smRequestAddGluonUser{
+		conn:       conn,
+		passphrase: passphrase,
+	})
+
+	return reply, err
+}
+
+func (sm *ServerManager) RemoveGluonUser(ctx context.Context, gluonID string) error {
+	_, err := sm.requests.Send(ctx, &smRequestRemoveGluonUser{
+		userID: gluonID,
+	})
+
+	return err
+}
+
+func (sm *ServerManager) run(ctx context.Context, bridge *Bridge) {
+	eventCh, cancel := bridge.GetEvents()
+	defer cancel()
+
+	for {
+		select {
+		case <-ctx.Done():
+			sm.handleClose(ctx, bridge)
+			return
+
+		case evt := <-eventCh:
+			switch evt.(type) {
+			case events.ConnStatusDown:
+				logrus.Info("Server Manager, network down stopping listeners")
+				if err := sm.closeSMTPServer(bridge); err != nil {
+					logrus.WithError(err).Error("Failed to close SMTP server")
+				}
+
+				if err := sm.stopIMAPListener(bridge); err != nil {
+					logrus.WithError(err)
+				}
+			case events.ConnStatusUp:
+				logrus.Info("Server Manager, network up starting listeners")
+				sm.handleLoadedUserCountChange(ctx, bridge)
+			}
+
+		case request, ok := <-sm.requests.ReceiveCh():
+			if !ok {
+				return
+			}
+
+			switch r := request.Value().(type) {
+			case *smRequestClose:
+				sm.handleClose(ctx, bridge)
+				request.Reply(ctx, nil, nil)
+				return
+
+			case *smRequestRestartSMTP:
+				err := sm.restartSMTP(bridge)
+				request.Reply(ctx, nil, err)
+
+			case *smRequestRestartIMAP:
+				err := sm.restartIMAP(ctx, bridge)
+				request.Reply(ctx, nil, err)
+
+			case *smRequestAddIMAPUser:
+				err := sm.handleAddIMAPUser(ctx, r.user)
+				request.Reply(ctx, nil, err)
+				if err == nil {
+					sm.loadedUserCount++
+					sm.handleLoadedUserCountChange(ctx, bridge)
+				}
+
+			case *smRequestRemoveIMAPUser:
+				err := sm.handleRemoveIMAPUser(ctx, r.user, r.withData)
+				request.Reply(ctx, nil, err)
+				if err == nil {
+					sm.loadedUserCount--
+					sm.handleLoadedUserCountChange(ctx, bridge)
+				}
+
+			case *smRequestSetGluonDir:
+				err := sm.handleSetGluonDir(ctx, bridge, r.dir)
+				request.Reply(ctx, nil, err)
+
+			case *smRequestAddGluonUser:
+				id, err := sm.handleAddGluonUser(ctx, r.conn, r.passphrase)
+				request.Reply(ctx, id, err)
+
+			case *smRequestRemoveGluonUser:
+				err := sm.handleRemoveGluonUser(ctx, r.userID)
+				request.Reply(ctx, nil, err)
+			}
+		}
+	}
+}
+
+func (sm *ServerManager) handleLoadedUserCountChange(ctx context.Context, bridge *Bridge) {
+	logrus.Infof("Validating Listener State %v", sm.loadedUserCount)
+	if sm.shouldStartServers() {
+		if sm.imapListener == nil {
+			if err := sm.serveIMAP(ctx, bridge); err != nil {
+				logrus.WithError(err).Error("Failed to start IMAP server")
+			}
+		}
+
+		if sm.smtpListener == nil {
+			if err := sm.restartSMTP(bridge); err != nil {
+				logrus.WithError(err).Error("Failed to start SMTP server")
+			}
+		}
+	} else {
+		if sm.imapListener != nil {
+			if err := sm.stopIMAPListener(bridge); err != nil {
+				logrus.WithError(err).Error("Failed to stop IMAP server")
+			}
+		}
+
+		if sm.smtpListener != nil {
+			if err := sm.closeSMTPServer(bridge); err != nil {
+				logrus.WithError(err).Error("Failed to stop SMTP server")
+			}
+		}
+	}
+}
+
+func (sm *ServerManager) handleClose(ctx context.Context, bridge *Bridge) {
+	// Close the IMAP server.
+	if err := sm.closeIMAPServer(ctx, bridge); err != nil {
+		logrus.WithError(err).Error("Failed to close IMAP server")
+	}
+
+	// Close the SMTP server.
+	if err := sm.closeSMTPServer(bridge); err != nil {
+		logrus.WithError(err).Error("Failed to close SMTP server")
+	}
+}
+
+func (sm *ServerManager) handleAddIMAPUser(ctx context.Context, user *user.User) error {
+	if sm.imapServer == nil {
+		return fmt.Errorf("no imap server instance running")
+	}
+
+	imapConn, err := user.NewIMAPConnectors()
+	if err != nil {
+		return fmt.Errorf("failed to create IMAP connectors: %w", err)
+	}
+
+	for addrID, imapConn := range imapConn {
+		log := logrus.WithFields(logrus.Fields{
+			"userID": user.ID(),
+			"addrID": addrID,
+		})
+
+		if gluonID, ok := user.GetGluonID(addrID); ok {
+			log.WithField("gluonID", gluonID).Info("Loading existing IMAP user")
+
+			// Load the user, checking whether the DB was newly created.
+			isNew, err := sm.imapServer.LoadUser(ctx, imapConn, gluonID, user.GluonKey())
+			if err != nil {
+				return fmt.Errorf("failed to load IMAP user: %w", err)
+			}
+
+			if isNew {
+				// If the DB was newly created, clear the sync status; gluon's DB was not found.
+				logrus.Warn("IMAP user DB was newly created, clearing sync status")
+
+				// Remove the user from IMAP so we can clear the sync status.
+				if err := sm.imapServer.RemoveUser(ctx, gluonID, false); err != nil {
+					return fmt.Errorf("failed to remove IMAP user: %w", err)
+				}
+
+				// Clear the sync status -- we need to resync all messages.
+				if err := user.ClearSyncStatus(); err != nil {
+					return fmt.Errorf("failed to clear sync status: %w", err)
+				}
+
+				// Add the user back to the IMAP server.
+				if isNew, err := sm.imapServer.LoadUser(ctx, imapConn, gluonID, user.GluonKey()); err != nil {
+					return fmt.Errorf("failed to add IMAP user: %w", err)
+				} else if isNew {
+					panic("IMAP user should already have a database")
+				}
+			} else if status := user.GetSyncStatus(); !status.HasLabels {
+				// Otherwise, the DB already exists -- if the labels are not yet synced, we need to re-create the DB.
+				if err := sm.imapServer.RemoveUser(ctx, gluonID, true); err != nil {
+					return fmt.Errorf("failed to remove old IMAP user: %w", err)
+				}
+
+				if err := user.RemoveGluonID(addrID, gluonID); err != nil {
+					return fmt.Errorf("failed to remove old IMAP user ID: %w", err)
+				}
+
+				gluonID, err := sm.imapServer.AddUser(ctx, imapConn, user.GluonKey())
+				if err != nil {
+					return fmt.Errorf("failed to add IMAP user: %w", err)
+				}
+
+				if err := user.SetGluonID(addrID, gluonID); err != nil {
+					return fmt.Errorf("failed to set IMAP user ID: %w", err)
+				}
+
+				log.WithField("gluonID", gluonID).Info("Re-created IMAP user")
+			}
+		} else {
+			log.Info("Creating new IMAP user")
+
+			gluonID, err := sm.imapServer.AddUser(ctx, imapConn, user.GluonKey())
+			if err != nil {
+				return fmt.Errorf("failed to add IMAP user: %w", err)
+			}
+
+			if err := user.SetGluonID(addrID, gluonID); err != nil {
+				return fmt.Errorf("failed to set IMAP user ID: %w", err)
+			}
+
+			log.WithField("gluonID", gluonID).Info("Created new IMAP user")
+		}
+	}
+
+	// Trigger a sync for the user, if needed.
+	user.TriggerSync()
+
+	return nil
+}
+
+func (sm *ServerManager) handleRemoveIMAPUser(ctx context.Context, user *user.User, withData bool) error {
+	if sm.imapServer == nil {
+		return fmt.Errorf("no imap server instance running")
+	}
+
+	logrus.WithFields(logrus.Fields{
+		"userID":   user.ID(),
+		"withData": withData,
+	}).Debug("Removing IMAP user")
+
+	for addrID, gluonID := range user.GetGluonIDs() {
+		if err := sm.imapServer.RemoveUser(ctx, gluonID, withData); err != nil {
+			return fmt.Errorf("failed to remove IMAP user: %w", err)
+		}
+
+		if withData {
+			if err := user.RemoveGluonID(addrID, gluonID); err != nil {
+				return fmt.Errorf("failed to remove IMAP user ID: %w", err)
+			}
+		}
+	}
+
+	return nil
+}
+
+func createIMAPServer(bridge *Bridge) (*gluon.Server, error) {
+	gluonDataDir, err := bridge.GetGluonDataDir()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get Gluon Database directory: %w", err)
+	}
+
+	return newIMAPServer(
+		bridge.vault.GetGluonCacheDir(),
+		gluonDataDir,
+		bridge.curVersion,
+		bridge.tlsConfig,
+		bridge.reporter,
+		bridge.logIMAPClient,
+		bridge.logIMAPServer,
+		bridge.imapEventCh,
+		bridge.tasks,
+		bridge.uidValidityGenerator,
+		bridge.panicHandler,
+	)
+}
+
+func createSMTPServer(bridge *Bridge) *smtp.Server {
+	return newSMTPServer(bridge, bridge.tlsConfig, bridge.logSMTP)
+}
+
+func (sm *ServerManager) closeSMTPServer(bridge *Bridge) error {
+	// We close the listener ourselves even though it's also closed by smtpServer.Close().
+	// This is because smtpServer.Serve() is called in a separate goroutine and might be executed
+	// after we've already closed the server. However, go-smtp has a bug; it blocks on the listener
+	// even after the server has been closed. So we close the listener ourselves to unblock it.
+
+	if sm.smtpListener != nil {
+		logrus.Info("Closing SMTP Listener")
+		if err := sm.smtpListener.Close(); err != nil {
+			return fmt.Errorf("failed to close SMTP listener: %w", err)
+		}
+
+		sm.smtpListener = nil
+	}
+
+	if sm.smtpServer != nil {
+		logrus.Info("Closing SMTP server")
+		if err := sm.smtpServer.Close(); err != nil {
+			logrus.WithError(err).Debug("Failed to close SMTP server (expected -- we close the listener ourselves)")
+		}
+
+		sm.smtpServer = nil
+
+		bridge.publish(events.SMTPServerStopped{})
+	}
+
+	return nil
+}
+
+func (sm *ServerManager) closeIMAPServer(ctx context.Context, bridge *Bridge) error {
+	if sm.imapListener != nil {
+		logrus.Info("Closing IMAP Listener")
+
+		if err := sm.imapListener.Close(); err != nil {
+			return fmt.Errorf("failed to close IMAP listener: %w", err)
+		}
+
+		sm.imapListener = nil
+
+		bridge.publish(events.IMAPServerStopped{})
+	}
+
+	if sm.imapServer != nil {
+		logrus.Info("Closing IMAP server")
+		if err := sm.imapServer.Close(ctx); err != nil {
+			return fmt.Errorf("failed to close IMAP server: %w", err)
+		}
+
+		sm.imapServer = nil
+	}
+
+	return nil
+}
+
+func (sm *ServerManager) restartIMAP(ctx context.Context, bridge *Bridge) error {
+	logrus.Info("Restarting IMAP server")
+
+	if sm.imapListener != nil {
+		if err := sm.imapListener.Close(); err != nil {
+			return fmt.Errorf("failed to close IMAP listener: %w", err)
+		}
+
+		sm.imapListener = nil
+
+		bridge.publish(events.IMAPServerStopped{})
+	}
+
+	if sm.shouldStartServers() {
+		return sm.serveIMAP(ctx, bridge)
+	}
+
+	return nil
+}
+
+func (sm *ServerManager) restartSMTP(bridge *Bridge) error {
+	logrus.Info("Restarting SMTP server")
+
+	if err := sm.closeSMTPServer(bridge); err != nil {
+		return fmt.Errorf("failed to close SMTP: %w", err)
+	}
+
+	bridge.publish(events.SMTPServerStopped{})
+
+	sm.smtpServer = newSMTPServer(bridge, bridge.tlsConfig, bridge.logSMTP)
+
+	if sm.shouldStartServers() {
+		return sm.serveSMTP(bridge)
+	}
+
+	return nil
+}
+
+func (sm *ServerManager) serveSMTP(bridge *Bridge) error {
+	port, err := func() (int, error) {
+		logrus.WithFields(logrus.Fields{
+			"port": bridge.vault.GetSMTPPort(),
+			"ssl":  bridge.vault.GetSMTPSSL(),
+		}).Info("Starting SMTP server")
+
+		smtpListener, err := newListener(bridge.vault.GetSMTPPort(), bridge.vault.GetSMTPSSL(), bridge.tlsConfig)
+		if err != nil {
+			return 0, fmt.Errorf("failed to create SMTP listener: %w", err)
+		}
+
+		sm.smtpListener = smtpListener
+
+		bridge.tasks.Once(func(context.Context) {
+			if err := sm.smtpServer.Serve(smtpListener); err != nil {
+				logrus.WithError(err).Info("SMTP server stopped")
+			}
+		})
+
+		if err := bridge.vault.SetSMTPPort(getPort(smtpListener.Addr())); err != nil {
+			return 0, fmt.Errorf("failed to store SMTP port in vault: %w", err)
+		}
+
+		return getPort(smtpListener.Addr()), nil
+	}()
+
+	if err != nil {
+		bridge.publish(events.SMTPServerError{
+			Error: err,
+		})
+
+		return err
+	}
+
+	bridge.publish(events.SMTPServerReady{
+		Port: port,
+	})
+
+	return nil
+}
+
+func (sm *ServerManager) serveIMAP(ctx context.Context, bridge *Bridge) error {
+	port, err := func() (int, error) {
+		if sm.imapServer == nil {
+			return 0, fmt.Errorf("no IMAP server instance running")
+		}
+
+		logrus.WithFields(logrus.Fields{
+			"port": bridge.vault.GetIMAPPort(),
+			"ssl":  bridge.vault.GetIMAPSSL(),
+		}).Info("Starting IMAP server")
+
+		imapListener, err := newListener(bridge.vault.GetIMAPPort(), bridge.vault.GetIMAPSSL(), bridge.tlsConfig)
+		if err != nil {
+			return 0, fmt.Errorf("failed to create IMAP listener: %w", err)
+		}
+
+		sm.imapListener = imapListener
+
+		if err := sm.imapServer.Serve(ctx, sm.imapListener); err != nil {
+			return 0, fmt.Errorf("failed to serve IMAP: %w", err)
+		}
+
+		if err := bridge.vault.SetIMAPPort(getPort(imapListener.Addr())); err != nil {
+			return 0, fmt.Errorf("failed to store IMAP port in vault: %w", err)
+		}
+
+		return getPort(imapListener.Addr()), nil
+	}()
+
+	if err != nil {
+		bridge.publish(events.IMAPServerError{
+			Error: err,
+		})
+
+		return err
+	}
+
+	bridge.publish(events.IMAPServerReady{
+		Port: port,
+	})
+
+	return nil
+}
+
+func (sm *ServerManager) stopIMAPListener(bridge *Bridge) error {
+	logrus.Info("Stopping IMAP listener")
+	if sm.imapListener != nil {
+		if err := sm.imapListener.Close(); err != nil {
+			return err
+		}
+
+		sm.imapListener = nil
+
+		bridge.publish(events.IMAPServerStopped{})
+	}
+
+	return nil
+}
+
+func (sm *ServerManager) handleSetGluonDir(ctx context.Context, bridge *Bridge, newGluonDir string) error {
+	return safe.RLockRet(func() error {
+		currentGluonDir := bridge.GetGluonCacheDir()
+		newGluonDir = filepath.Join(newGluonDir, "gluon")
+		if newGluonDir == currentGluonDir {
+			return fmt.Errorf("new gluon dir is the same as the old one")
+		}
+
+		if err := sm.closeIMAPServer(context.Background(), bridge); err != nil {
+			return fmt.Errorf("failed to close IMAP: %w", err)
+		}
+
+		sm.loadedUserCount = 0
+
+		if err := bridge.moveGluonCacheDir(currentGluonDir, newGluonDir); err != nil {
+			logrus.WithError(err).Error("failed to move GluonCacheDir")
+
+			if err := bridge.vault.SetGluonDir(currentGluonDir); err != nil {
+				return fmt.Errorf("failed to revert GluonCacheDir: %w", err)
+			}
+		}
+
+		bridge.heartbeat.SetCacheLocation(newGluonDir)
+
+		gluonDataDir, err := bridge.GetGluonDataDir()
+		if err != nil {
+			return fmt.Errorf("failed to get Gluon Database directory: %w", err)
+		}
+
+		imapServer, err := newIMAPServer(
+			bridge.vault.GetGluonCacheDir(),
+			gluonDataDir,
+			bridge.curVersion,
+			bridge.tlsConfig,
+			bridge.reporter,
+			bridge.logIMAPClient,
+			bridge.logIMAPServer,
+			bridge.imapEventCh,
+			bridge.tasks,
+			bridge.uidValidityGenerator,
+			bridge.panicHandler,
+		)
+		if err != nil {
+			return fmt.Errorf("failed to create new IMAP server: %w", err)
+		}
+
+		sm.imapServer = imapServer
+		for _, bridgeUser := range bridge.users {
+			if err := sm.handleAddIMAPUser(ctx, bridgeUser); err != nil {
+				return fmt.Errorf("failed to add users to new IMAP server: %w", err)
+			}
+			sm.loadedUserCount++
+		}
+
+		if sm.shouldStartServers() {
+			if err := sm.serveIMAP(ctx, bridge); err != nil {
+				return fmt.Errorf("failed to serve IMAP: %w", err)
+			}
+		}
+
+		return nil
+	}, bridge.usersLock)
+}
+
+func (sm *ServerManager) handleAddGluonUser(ctx context.Context, conn connector.Connector, passphrase []byte) (string, error) {
+	if sm.imapServer == nil {
+		return "", fmt.Errorf("no imap server instance running")
+	}
+
+	return sm.imapServer.AddUser(ctx, conn, passphrase)
+}
+
+func (sm *ServerManager) handleRemoveGluonUser(ctx context.Context, userID string) error {
+	if sm.imapServer == nil {
+		return fmt.Errorf("no imap server instance running")
+	}
+
+	return sm.imapServer.RemoveUser(ctx, userID, true)
+}
+
+func (sm *ServerManager) shouldStartServers() bool {
+	return sm.loadedUserCount >= 1
+}
+
+type smRequestClose struct{}
+
+type smRequestRestartIMAP struct{}
+
+type smRequestRestartSMTP struct{}
+
+type smRequestAddIMAPUser struct {
+	user *user.User
+}
+
+type smRequestRemoveIMAPUser struct {
+	user     *user.User
+	withData bool
+}
+
+type smRequestSetGluonDir struct {
+	dir string
+}
+
+type smRequestAddGluonUser struct {
+	conn       connector.Connector
+	passphrase []byte
+}
+
+type smRequestRemoveGluonUser struct {
+	userID string
+}
--- a/internal/bridge/server_manager_test.go
+++ b/internal/bridge/server_manager_test.go
@ -0,0 +1,179 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package bridge_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/ProtonMail/go-proton-api"
+	"github.com/ProtonMail/go-proton-api/server"
+	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
+	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
+	"github.com/ProtonMail/proton-bridge/v3/internal/events"
+	"github.com/stretchr/testify/require"
+)
+
+func TestServerManager_NoLoadedUsersNoServers(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			_, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+			require.Error(t, err)
+		})
+	})
+}
+
+func TestServerManager_ServersStartAfterFirstConnectedUser(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(bridge)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(bridge)
+			defer smtpWaiter.Done()
+
+			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
+			require.NoError(t, err)
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+		})
+	})
+}
+
+func TestServerManager_ServersStopsAfterUserLogsOut(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(bridge)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(bridge)
+			defer smtpWaiter.Done()
+
+			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
+			require.NoError(t, err)
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			imapWaiterStopped := waitForIMAPServerStopped(bridge)
+			defer imapWaiterStopped.Done()
+
+			require.NoError(t, bridge.LogoutUser(ctx, userID))
+
+			imapWaiterStopped.Wait()
+		})
+	})
+}
+
+func TestServerManager_ServersDoNotStopWhenThereIsStillOneActiveUser(t *testing.T) {
+	otherPassword := []byte("bar")
+	otherUser := "foo"
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		_, _, err := s.CreateUser(otherUser, otherPassword)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(bridge)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(bridge)
+			defer smtpWaiter.Done()
+
+			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
+			require.NoError(t, err)
+
+			userIDOther, err := bridge.LoginFull(ctx, otherUser, otherPassword, nil, nil)
+			require.NoError(t, err)
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			evtCh, cancel := bridge.GetEvents(events.UserDeauth{})
+			defer cancel()
+
+			require.NoError(t, s.RevokeUser(userIDOther))
+
+			waitForEvent(t, evtCh, events.UserDeauth{})
+
+			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+			require.NoError(t, err)
+			require.NoError(t, imapClient.Logout())
+		})
+	})
+}
+
+func TestServerManager_ServersStartIfAtLeastOneUserIsLoggedIn(t *testing.T) {
+	otherPassword := []byte("bar")
+	otherUser := "foo"
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		userIDOther, _, err := s.CreateUser(otherUser, otherPassword)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
+			require.NoError(t, err)
+
+			_, err = bridge.LoginFull(ctx, otherUser, otherPassword, nil, nil)
+			require.NoError(t, err)
+		})
+
+		require.NoError(t, s.RevokeUser(userIDOther))
+
+		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+			require.NoError(t, err)
+			require.NoError(t, imapClient.Logout())
+		})
+	})
+}
+
+func TestServerManager_NetworkLossStopsServers(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(bridge)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(bridge)
+			defer smtpWaiter.Done()
+
+			imapWaiterStop := waitForIMAPServerStopped(bridge)
+			defer imapWaiterStop.Done()
+
+			smtpWaiterStop := waitForSMTPServerStopped(bridge)
+			defer smtpWaiterStop.Done()
+
+			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
+			require.NoError(t, err)
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			netCtl.Disable()
+
+			imapWaiterStop.Wait()
+			smtpWaiterStop.Wait()
+
+			netCtl.Enable()
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+		})
+	})
+}
--- a/internal/bridge/settings.go
+++ b/internal/bridge/settings.go
@ -22,14 +22,11 @@ import (
 	"fmt"
 	"net"
 	"os"
-	"path/filepath"

 	"github.com/Masterminds/semver/v3"
-	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/updater"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
-	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/sirupsen/logrus"
 )

@ -48,6 +45,8 @@ func (bridge *Bridge) SetKeychainApp(helper string) error {
 		return err
 	}

+	bridge.heartbeat.SetKeyChainPref(helper)
+
 	return vault.SetHelper(vaultDir, helper)
 }

@ -55,7 +54,7 @@ func (bridge *Bridge) GetIMAPPort() int {
 	return bridge.vault.GetIMAPPort()
 }

-func (bridge *Bridge) SetIMAPPort(newPort int) error {
+func (bridge *Bridge) SetIMAPPort(ctx context.Context, newPort int) error {
 	if newPort == bridge.vault.GetIMAPPort() {
 		return nil
 	}
@ -64,14 +63,16 @@ func (bridge *Bridge) SetIMAPPort(newPort int) error {
 		return err
 	}

-	return bridge.restartIMAP()
+	bridge.heartbeat.SetIMAPPort(newPort)
+
+	return bridge.restartIMAP(ctx)
 }

 func (bridge *Bridge) GetIMAPSSL() bool {
 	return bridge.vault.GetIMAPSSL()
 }

-func (bridge *Bridge) SetIMAPSSL(newSSL bool) error {
+func (bridge *Bridge) SetIMAPSSL(ctx context.Context, newSSL bool) error {
 	if newSSL == bridge.vault.GetIMAPSSL() {
 		return nil
 	}
@ -80,14 +81,16 @@ func (bridge *Bridge) SetIMAPSSL(newSSL bool) error {
 		return err
 	}

-	return bridge.restartIMAP()
+	bridge.heartbeat.SetIMAPConnectionMode(newSSL)
+
+	return bridge.restartIMAP(ctx)
 }

 func (bridge *Bridge) GetSMTPPort() int {
 	return bridge.vault.GetSMTPPort()
 }

-func (bridge *Bridge) SetSMTPPort(newPort int) error {
+func (bridge *Bridge) SetSMTPPort(ctx context.Context, newPort int) error {
 	if newPort == bridge.vault.GetSMTPPort() {
 		return nil
 	}
@ -96,14 +99,16 @@ func (bridge *Bridge) SetSMTPPort(newPort int) error {
 		return err
 	}

-	return bridge.restartSMTP()
+	bridge.heartbeat.SetSMTPPort(newPort)
+
+	return bridge.restartSMTP(ctx)
 }

 func (bridge *Bridge) GetSMTPSSL() bool {
 	return bridge.vault.GetSMTPSSL()
 }

-func (bridge *Bridge) SetSMTPSSL(newSSL bool) error {
+func (bridge *Bridge) SetSMTPSSL(ctx context.Context, newSSL bool) error {
 	if newSSL == bridge.vault.GetSMTPSSL() {
 		return nil
 	}
@ -112,7 +117,9 @@ func (bridge *Bridge) SetSMTPSSL(newSSL bool) error {
 		return err
 	}

-	return bridge.restartSMTP()
+	bridge.heartbeat.SetSMTPConnectionMode(newSSL)
+
+	return bridge.restartSMTP(ctx)
 }

 func (bridge *Bridge) GetGluonCacheDir() string {
@ -124,54 +131,7 @@ func (bridge *Bridge) GetGluonDataDir() (string, error) {
 }

 func (bridge *Bridge) SetGluonDir(ctx context.Context, newGluonDir string) error {
-	return safe.RLockRet(func() error {
-		currentGluonDir := bridge.GetGluonCacheDir()
-		newGluonDir = filepath.Join(newGluonDir, "gluon")
-		if newGluonDir == currentGluonDir {
-			return fmt.Errorf("new gluon dir is the same as the old one")
-		}
-
-		if err := bridge.stopEventLoops(); err != nil {
-			return err
-		}
-		defer func() {
-			err := bridge.startEventLoops(ctx)
-			if err != nil {
-				panic(err)
-			}
-		}()
-
-		if err := bridge.moveGluonCacheDir(currentGluonDir, newGluonDir); err != nil {
-			logrus.WithError(err).Error("failed to move GluonCacheDir")
-			if err := bridge.vault.SetGluonDir(currentGluonDir); err != nil {
-				panic(err)
-			}
-		}
-
-		gluonDataDir, err := bridge.GetGluonDataDir()
-		if err != nil {
-			panic(fmt.Errorf("failed to get Gluon Database directory: %w", err))
-		}
-
-		imapServer, err := newIMAPServer(
-			bridge.vault.GetGluonCacheDir(),
-			gluonDataDir,
-			bridge.curVersion,
-			bridge.tlsConfig,
-			bridge.reporter,
-			bridge.logIMAPClient,
-			bridge.logIMAPServer,
-			bridge.imapEventCh,
-			bridge.tasks,
-		)
-		if err != nil {
-			panic(fmt.Errorf("failed to create new IMAP server: %w", err))
-		}
-
-		bridge.imapServer = imapServer
-
-		return nil
-	}, bridge.usersLock)
+	return bridge.serverManager.SetGluonDir(ctx, newGluonDir)
 }

 func (bridge *Bridge) moveGluonCacheDir(oldGluonDir, newGluonDir string) error {
@ -191,34 +151,6 @@ func (bridge *Bridge) moveGluonCacheDir(oldGluonDir, newGluonDir string) error {
 	return nil
 }

-func (bridge *Bridge) stopEventLoops() error {
-	if err := bridge.closeIMAP(context.Background()); err != nil {
-		return fmt.Errorf("failed to close IMAP: %w", err)
-	}
-
-	if err := bridge.closeSMTP(); err != nil {
-		return fmt.Errorf("failed to close SMTP: %w", err)
-	}
-	return nil
-}
-
-func (bridge *Bridge) startEventLoops(ctx context.Context) error {
-	for _, user := range bridge.users {
-		if err := bridge.addIMAPUser(ctx, user); err != nil {
-			return fmt.Errorf("failed to add users to new IMAP server: %w", err)
-		}
-	}
-
-	if err := bridge.serveIMAP(); err != nil {
-		panic(fmt.Errorf("failed to serve IMAP: %w", err))
-	}
-
-	if err := bridge.serveSMTP(); err != nil {
-		panic(fmt.Errorf("failed to serve SMTP: %w", err))
-	}
-	return nil
-}
-
 func (bridge *Bridge) GetProxyAllowed() bool {
 	return bridge.vault.GetProxyAllowed()
 }
@ -230,6 +162,8 @@ func (bridge *Bridge) SetProxyAllowed(allowed bool) error {
 		bridge.proxyCtl.DisallowProxy()
 	}

+	bridge.heartbeat.SetDoh(allowed)
+
 	return bridge.vault.SetProxyAllowed(allowed)
 }

@ -243,6 +177,8 @@ func (bridge *Bridge) SetShowAllMail(show bool) error {
 			user.SetShowAllMail(show)
 		}

+		bridge.heartbeat.SetShowAllMail(show)
+
 		return bridge.vault.SetShowAllMail(show)
 	}, bridge.usersLock)
 }
@ -256,6 +192,8 @@ func (bridge *Bridge) SetAutostart(autostart bool) error {
 		if err := bridge.vault.SetAutostart(autostart); err != nil {
 			return err
 		}
+
+		bridge.heartbeat.SetAutoStart(autostart)
 	}

 	var err error
@ -276,6 +214,10 @@ func (bridge *Bridge) SetAutostart(autostart bool) error {
 	return err
 }

+func (bridge *Bridge) GetUpdateRollout() float64 {
+	return bridge.vault.GetUpdateRollout()
+}
+
 func (bridge *Bridge) GetAutoUpdate() bool {
 	return bridge.vault.GetAutoUpdate()
 }
@ -289,11 +231,28 @@ func (bridge *Bridge) SetAutoUpdate(autoUpdate bool) error {
 		return err
 	}

+	bridge.heartbeat.SetAutoUpdate(autoUpdate)
+
 	bridge.goUpdate()

 	return nil
 }

+func (bridge *Bridge) GetTelemetryDisabled() bool {
+	return bridge.vault.GetTelemetryDisabled()
+}
+
+func (bridge *Bridge) SetTelemetryDisabled(isDisabled bool) error {
+	if err := bridge.vault.SetTelemetryDisabled(isDisabled); err != nil {
+		return err
+	}
+	// If telemetry is re-enabled locally, try to send the heartbeat.
+	if !isDisabled {
+		defer bridge.goHeartbeat()
+	}
+	return nil
+}
+
 func (bridge *Bridge) GetUpdateChannel() updater.Channel {
 	return bridge.vault.GetUpdateChannel()
 }
@ -307,6 +266,8 @@ func (bridge *Bridge) SetUpdateChannel(channel updater.Channel) error {
 		return err
 	}

+	bridge.heartbeat.SetBeta(channel)
+
 	bridge.goUpdate()

 	return nil
@ -332,11 +293,15 @@ func (bridge *Bridge) SetColorScheme(colorScheme string) error {
 	return bridge.vault.SetColorScheme(colorScheme)
 }

+// FactoryReset deletes all users, wipes the vault, and deletes all files.
+// Note: it does not clear the keychain. The only entry in the keychain is the vault password,
+// which we need at next startup to decrypt the vault.
 func (bridge *Bridge) FactoryReset(ctx context.Context) {
+	useTelemetry := !bridge.GetTelemetryDisabled()
 	// Delete all the users.
 	safe.Lock(func() {
 		for _, user := range bridge.users {
-			bridge.logoutUser(ctx, user, true, true)
+			bridge.logoutUser(ctx, user, true, true, useTelemetry)
 		}
 	}, bridge.usersLock)

@ -348,22 +313,10 @@ func (bridge *Bridge) FactoryReset(ctx context.Context) {
 		logrus.WithError(err).Error("Failed to reset vault")
 	}

-	// Then delete all files.
-	if err := bridge.locator.Clear(); err != nil {
+	// Lastly, delete all files except the vault.
+	if err := bridge.locator.Clear(bridge.vault.Path()); err != nil {
 		logrus.WithError(err).Error("Failed to clear data paths")
 	}
-
-	// Lastly clear the keychain.
-	vaultDir, err := bridge.locator.ProvideSettingsPath()
-	if err != nil {
-		logrus.WithError(err).Error("Failed to get vault dir")
-	} else if helper, err := vault.GetHelper(vaultDir); err != nil {
-		logrus.WithError(err).Error("Failed to get keychain helper")
-	} else if keychain, err := keychain.NewKeychain(helper, constants.KeyChainName); err != nil {
-		logrus.WithError(err).Error("Failed to get keychain")
-	} else if err := keychain.Clear(); err != nil {
-		logrus.WithError(err).Error("Failed to clear keychain")
-	}
 }

 func getPort(addr net.Addr) int {
--- a/internal/bridge/settings_test.go
+++ b/internal/bridge/settings_test.go
@ -57,7 +57,7 @@ func TestBridge_Settings_IMAPPort(t *testing.T) {
 			curPort := bridge.GetIMAPPort()

 			// Set the port to 1144.
-			require.NoError(t, bridge.SetIMAPPort(1144))
+			require.NoError(t, bridge.SetIMAPPort(ctx, 1144))

 			// Get the new setting.
 			require.Equal(t, 1144, bridge.GetIMAPPort())
@ -75,7 +75,7 @@ func TestBridge_Settings_IMAPSSL(t *testing.T) {
 			require.False(t, bridge.GetIMAPSSL())

 			// Enable IMAP SSL.
-			require.NoError(t, bridge.SetIMAPSSL(true))
+			require.NoError(t, bridge.SetIMAPSSL(ctx, true))

 			// Get the new setting.
 			require.True(t, bridge.GetIMAPSSL())
@ -89,7 +89,7 @@ func TestBridge_Settings_SMTPPort(t *testing.T) {
 			curPort := bridge.GetSMTPPort()

 			// Set the port to 1024.
-			require.NoError(t, bridge.SetSMTPPort(1024))
+			require.NoError(t, bridge.SetSMTPPort(ctx, 1024))

 			// Get the new setting.
 			require.Equal(t, 1024, bridge.GetSMTPPort())
@ -107,7 +107,7 @@ func TestBridge_Settings_SMTPSSL(t *testing.T) {
 			require.False(t, bridge.GetSMTPSSL())

 			// Enable SMTP SSL.
-			require.NoError(t, bridge.SetSMTPSSL(true))
+			require.NoError(t, bridge.SetSMTPSSL(ctx, true))

 			// Get the new setting.
 			require.True(t, bridge.GetSMTPSSL())
--- a/internal/bridge/smtp.go
+++ b/internal/bridge/smtp.go
@ -20,69 +20,16 @@ package bridge
 import (
 	"context"
 	"crypto/tls"
-	"fmt"
-
-	"github.com/ProtonMail/proton-bridge/v3/internal/logging"

 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
+	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/emersion/go-sasl"
 	"github.com/emersion/go-smtp"
 	"github.com/sirupsen/logrus"
 )

-func (bridge *Bridge) serveSMTP() error {
-	logrus.Info("Starting SMTP server")
-
-	smtpListener, err := newListener(bridge.vault.GetSMTPPort(), bridge.vault.GetSMTPSSL(), bridge.tlsConfig)
-	if err != nil {
-		return fmt.Errorf("failed to create SMTP listener: %w", err)
-	}
-
-	bridge.smtpListener = smtpListener
-
-	bridge.tasks.Once(func(context.Context) {
-		if err := bridge.smtpServer.Serve(smtpListener); err != nil {
-			logrus.WithError(err).Info("SMTP server stopped")
-		}
-	})
-
-	if err := bridge.vault.SetSMTPPort(getPort(smtpListener.Addr())); err != nil {
-		return fmt.Errorf("failed to store SMTP port in vault: %w", err)
-	}
-
-	return nil
-}
-
-func (bridge *Bridge) restartSMTP() error {
-	logrus.Info("Restarting SMTP server")
-
-	if err := bridge.closeSMTP(); err != nil {
-		return fmt.Errorf("failed to close SMTP: %w", err)
-	}
-
-	bridge.smtpServer = newSMTPServer(bridge, bridge.tlsConfig, bridge.logSMTP)
-
-	return bridge.serveSMTP()
-}
-
-// We close the listener ourselves even though it's also closed by smtpServer.Close().
-// This is because smtpServer.Serve() is called in a separate goroutine and might be executed
-// after we've already closed the server. However, go-smtp has a bug; it blocks on the listener
-// even after the server has been closed. So we close the listener ourselves to unblock it.
-func (bridge *Bridge) closeSMTP() error {
-	logrus.Info("Closing SMTP server")
-
-	if bridge.smtpListener != nil {
-		if err := bridge.smtpListener.Close(); err != nil {
-			return fmt.Errorf("failed to close SMTP listener: %w", err)
-		}
-	}
-
-	if err := bridge.smtpServer.Close(); err != nil {
-		logrus.WithError(err).Debug("Failed to close SMTP server (expected -- we close the listener ourselves)")
-	}
-
-	return nil
+func (bridge *Bridge) restartSMTP(ctx context.Context) error {
+	return bridge.serverManager.RestartSMTP(ctx)
 }

 func newSMTPServer(bridge *Bridge, tlsConfig *tls.Config, logSMTP bool) *smtp.Server {
--- a/internal/bridge/smtp_backend.go
+++ b/internal/bridge/smtp_backend.go
@ -18,11 +18,15 @@
 package bridge

 import (
+	"context"
 	"fmt"
 	"io"
+	"strings"

 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
+	"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
 	"github.com/emersion/go-smtp"
+	"github.com/sirupsen/logrus"
 )

 type smtpBackend struct {
@ -54,10 +58,29 @@ func (s *smtpSession) AuthPlain(username, password string) error {
 			s.userID = user.ID()
 			s.authID = addrID

+			if strings.Contains(s.Bridge.GetCurrentUserAgent(), useragent.DefaultUserAgent) {
+				s.Bridge.setUserAgent(useragent.UnknownClient, useragent.DefaultVersion)
+			}
+
+			user.SendConfigStatusSuccess(context.Background())
+
 			return nil
 		}

-		return fmt.Errorf("invalid username or password")
+		logrus.WithFields(logrus.Fields{
+			"username": username,
+			"pkg":      "smtp",
+		}).Error("Incorrect login credentials.")
+		err := fmt.Errorf("invalid username or password")
+		for _, user := range s.users {
+			for _, mail := range user.Emails() {
+				if mail == username {
+					user.ReportConfigStatusFailure(err.Error())
+					return err
+				}
+			}
+		}
+		return err
 	}, s.usersLock)
 }

@ -71,7 +94,7 @@ func (s *smtpSession) Logout() error {
 	return nil
 }

-func (s *smtpSession) Mail(from string, opts *smtp.MailOptions) error {
+func (s *smtpSession) Mail(from string, _ *smtp.MailOptions) error {
 	s.from = from
 	return nil
 }
@ -85,7 +108,7 @@ func (s *smtpSession) Rcpt(to string) error {
 }

 func (s *smtpSession) Data(r io.Reader) error {
-	return safe.RLockRet(func() error {
+	err := safe.RLockRet(func() error {
 		user, ok := s.users[s.userID]
 		if !ok {
 			return ErrNoSuchUser
@ -93,4 +116,10 @@ func (s *smtpSession) Data(r io.Reader) error {

 		return user.SendMail(s.authID, s.from, s.to, r)
 	}, s.usersLock)
+
+	if err != nil {
+		logrus.WithField("pkg", "smtp").WithError(err).Error("Send mail failed.")
+	}
+
+	return err
 }
--- a/internal/bridge/sync_test.go
+++ b/internal/bridge/sync_test.go
@ -28,6 +28,7 @@ import (
 	"testing"
 	"time"

+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gluon/rfc822"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
@ -79,7 +80,7 @@ func TestBridge_Sync(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)

-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -111,15 +112,6 @@ func TestBridge_Sync(t *testing.T) {
 				info, err := b.GetUserInfo(userID)
 				require.NoError(t, err)
 				require.True(t, info.State == bridge.Connected)
-
-				client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
-				require.NoError(t, err)
-				require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
-				defer func() { _ = client.Logout() }()
-
-				status, err := client.Select(`Folders/folder`, false)
-				require.NoError(t, err)
-				require.Less(t, status.Messages, uint32(numMsg))
 			}

 			// Remove the network limit, allowing the sync to finish.
@ -135,7 +127,7 @@ func TestBridge_Sync(t *testing.T) {
 				require.NoError(t, err)
 				require.True(t, info.State == bridge.Connected)

-				client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+				client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 				require.NoError(t, err)
 				require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 				defer func() { _ = client.Logout() }()
@ -186,7 +178,7 @@ func _TestBridge_Sync_BadMessage(t *testing.T) { //nolint:unused,deadcode
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)

-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -272,15 +264,6 @@ func TestBridge_SyncWithOngoingEvents(t *testing.T) {
 				info, err := b.GetUserInfo(userID)
 				require.NoError(t, err)
 				require.True(t, info.State == bridge.Connected)
-
-				client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
-				require.NoError(t, err)
-				require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
-				defer func() { _ = client.Logout() }()
-
-				status, err := client.Select(`Folders/folder`, false)
-				require.NoError(t, err)
-				require.Less(t, status.Messages, uint32(numMsg))
 			}

 			// Create a new mailbox and move that last 1/3 of the messages into it to simulate user
@ -310,7 +293,7 @@ func TestBridge_SyncWithOngoingEvents(t *testing.T) {
 				require.NoError(t, err)
 				require.True(t, info.State == bridge.Connected)

-				client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+				client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 				require.NoError(t, err)
 				require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 				defer func() { _ = client.Logout() }()
@ -351,7 +334,7 @@ func withClient(ctx context.Context, t *testing.T, s *server.Server, username st
 	fn(ctx, c)
 }

-func clientFetch(client *client.Client, mailbox string) ([]*imap.Message, error) {
+func clientFetch(client *client.Client, mailbox string, extraItems ...imap.FetchItem) ([]*imap.Message, error) {
 	status, err := client.Select(mailbox, false)
 	if err != nil {
 		return nil, err
@ -363,10 +346,13 @@ func clientFetch(client *client.Client, mailbox string) ([]*imap.Message, error)

 	resCh := make(chan *imap.Message)

+	fetchItems := []imap.FetchItem{imap.FetchFlags, imap.FetchEnvelope, imap.FetchUid, imap.FetchBodyStructure, "BODY.PEEK[]"}
+	fetchItems = append(fetchItems, extraItems...)
+
 	go func() {
 		if err := client.Fetch(
 			&imap.SeqSet{Set: []imap.Seq{{Start: 1, Stop: status.Messages}}},
-			[]imap.FetchItem{imap.FetchFlags, imap.FetchEnvelope, imap.FetchUid, "BODY.PEEK[]"},
+			fetchItems,
 			resCh,
 		); err != nil {
 			panic(err)
@ -413,6 +399,10 @@ func createNumMessages(ctx context.Context, t *testing.T, c *proton.Client, addr
 }

 func createMessages(ctx context.Context, t *testing.T, c *proton.Client, addrID, labelID string, messages ...[]byte) []string {
+	return createMessagesWithFlags(ctx, t, c, addrID, labelID, 0, messages...)
+}
+
+func createMessagesWithFlags(ctx context.Context, t *testing.T, c *proton.Client, addrID, labelID string, flags proton.MessageFlag, messages ...[]byte) []string {
 	user, err := c.GetUser(ctx)
 	require.NoError(t, err)

@ -425,13 +415,20 @@ func createMessages(ctx context.Context, t *testing.T, c *proton.Client, addrID,
 	keyPass, err := salt.SaltForKey(password, user.Keys.Primary().ID)
 	require.NoError(t, err)

-	_, addrKRs, err := proton.Unlock(user, addr, keyPass)
+	_, addrKRs, err := proton.Unlock(user, addr, keyPass, async.NoopPanicHandler{})
 	require.NoError(t, err)

 	_, ok := addrKRs[addrID]
 	require.True(t, ok)

-	res, err := stream.Collect(ctx, c.ImportMessages(
+	var msgFlags proton.MessageFlag
+	if flags == 0 {
+		msgFlags = proton.MessageFlagReceived
+	} else {
+		msgFlags = flags
+	}
+
+	str, err := c.ImportMessages(
 		ctx,
 		addrKRs[addrID],
 		runtime.NumCPU(),
@ -441,12 +438,15 @@ func createMessages(ctx context.Context, t *testing.T, c *proton.Client, addrID,
 				Metadata: proton.ImportMetadata{
 					AddressID: addrID,
 					LabelIDs:  []string{labelID},
-					Flags:     proton.MessageFlagReceived,
+					Flags:     msgFlags,
 				},
 				Message: message,
 			}
 		})...,
-	))
+	)
+	require.NoError(t, err)
+
+	res, err := stream.Collect(ctx, str)
 	require.NoError(t, err)

 	return xslices.Map(res, func(res proton.ImportRes) string {
--- a/internal/bridge/sync_unix_test.go
+++ b/internal/bridge/sync_unix_test.go
@ -0,0 +1,82 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+//go:build !windows
+
+package bridge_test
+
+import (
+	"context"
+	"syscall"
+	"testing"
+
+	"github.com/ProtonMail/go-proton-api"
+	"github.com/ProtonMail/go-proton-api/server"
+	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
+	"github.com/ProtonMail/proton-bridge/v3/internal/events"
+	"github.com/stretchr/testify/require"
+)
+
+// Disabled due to flakyness.
+func _TestBridge_SyncExistsWithErrorWhenTooManyFilesAreOpen(t *testing.T) { //nolint:unused
+	var rlimitCurrent syscall.Rlimit
+
+	require.NoError(t, syscall.Getrlimit(syscall.RLIMIT_NOFILE, &rlimitCurrent))
+
+	// Restore RLimit for Process at the end of this test
+	defer func() {
+		require.NoError(t, syscall.Setrlimit(syscall.RLIMIT_NOFILE, &rlimitCurrent))
+	}()
+
+	rlimit := syscall.Rlimit{
+		Max: 100,
+		Cur: 100,
+	}
+
+	require.NoError(t, syscall.Setrlimit(syscall.RLIMIT_NOFILE, &rlimit))
+
+	numMsg := 1 << 8
+
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		userID, addrID, err := s.CreateUser("imap", password)
+		require.NoError(t, err)
+
+		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
+		require.NoError(t, err)
+
+		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
+			createNumMessages(ctx, t, c, addrID, labelID, numMsg)
+		})
+
+		// The initial user should be fully synced.
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			syncCh, done := bridge.GetEvents(events.SyncFailed{})
+			defer done()
+
+			userID, err := bridge.LoginFull(ctx, "imap", password, nil, nil)
+			require.NoError(t, err)
+
+			evt := <-syncCh
+			switch e := evt.(type) {
+			case events.SyncFailed:
+				require.Equal(t, userID, e.UserID)
+			default:
+				require.Fail(t, "Expected events.SyncFailed{}")
+			}
+		})
+	}, server.WithTLS(false))
+}
--- a/internal/bridge/tls.go
+++ b/internal/bridge/tls.go
@ -18,5 +18,9 @@
 package bridge

 func (bridge *Bridge) GetBridgeTLSCert() ([]byte, []byte) {
-	return bridge.vault.GetBridgeTLSCert(), bridge.vault.GetBridgeTLSKey()
+	return bridge.vault.GetBridgeTLSCert()
+}
+
+func (bridge *Bridge) SetBridgeTLSCertPath(certPath, keyPath string) error {
+	return bridge.vault.SetBridgeTLSCertPath(certPath, keyPath)
 }
--- a/internal/bridge/types.go
+++ b/internal/bridge/types.go
@ -28,9 +28,10 @@ type Locator interface {
 	ProvideLogsPath() (string, error)
 	ProvideGluonCachePath() (string, error)
 	ProvideGluonDataPath() (string, error)
+	ProvideStatsPath() (string, error)
 	GetLicenseFilePath() string
 	GetDependencyLicensesLink() string
-	Clear() error
+	Clear(...string) error
 }

 type Identifier interface {
@ -38,6 +39,8 @@ type Identifier interface {
 	HasClient() bool
 	SetClient(name, version string)
 	SetPlatform(platform string)
+	SetClientString(client string)
+	GetClientString() string
 }

 type ProxyController interface {
--- a/internal/bridge/updates.go
+++ b/internal/bridge/updates.go
@ -32,19 +32,7 @@ func (bridge *Bridge) CheckForUpdates() {
 }

 func (bridge *Bridge) InstallUpdate(version updater.VersionInfo) {
-	log := logrus.WithFields(logrus.Fields{
-		"version": version.Version,
-		"current": bridge.curVersion,
-		"channel": bridge.vault.GetUpdateChannel(),
-	})
-
-	select {
-	case bridge.installCh <- installJob{version: version, silent: false}:
-		log.Info("The update will be installed manually")
-
-	default:
-		log.Info("An update is already being installed")
-	}
+	bridge.installCh <- installJob{version: version, silent: false}
 }

 func (bridge *Bridge) handleUpdate(version updater.VersionInfo) {
@ -89,17 +77,7 @@ func (bridge *Bridge) handleUpdate(version updater.VersionInfo) {

 	default:
 		safe.RLock(func() {
-			if version.Version.GreaterThan(bridge.newVersion) {
-				log.Info("An update is available")
-
-				select {
-				case bridge.installCh <- installJob{version: version, silent: true}:
-					log.Info("The update will be installed silently")
-
-				default:
-					log.Info("An update is already being installed")
-				}
-			}
+			bridge.installCh <- installJob{version: version, silent: true}
 		}, bridge.newVersionLock)
 	}
 }
@ -117,6 +95,12 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 			"channel": bridge.vault.GetUpdateChannel(),
 		})

+		if !job.version.Version.GreaterThan(bridge.newVersion) {
+			return
+		}
+
+		log.WithField("silent", job.silent).Info("An update is available")
+
 		bridge.publish(events.UpdateAvailable{
 			Version:    job.version,
 			Compatible: true,
@ -142,6 +126,7 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 				Silent:  job.silent,
 				Error:   err,
 			})
+
 		default:
 			log.Info("The update was installed successfully")

--- a/internal/bridge/user.go
+++ b/internal/bridge/user.go
@ -23,9 +23,10 @@ import (
 	"fmt"
 	"runtime"

+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gluon/imap"
+	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/go-proton-api"
-	"github.com/ProtonMail/proton-bridge/v3/internal/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
@ -228,7 +229,7 @@ func (bridge *Bridge) LogoutUser(ctx context.Context, userID string) error {
 			return ErrNoSuchUser
 		}

-		bridge.logoutUser(ctx, user, true, false)
+		bridge.logoutUser(ctx, user, true, false, false)

 		bridge.publish(events.UserLoggedOut{
 			UserID: userID,
@ -248,7 +249,7 @@ func (bridge *Bridge) DeleteUser(ctx context.Context, userID string) error {
 		}

 		if user, ok := bridge.users[userID]; ok {
-			bridge.logoutUser(ctx, user, true, true)
+			bridge.logoutUser(ctx, user, true, true, !bridge.GetTelemetryDisabled())
 		}

 		if err := bridge.vault.DeleteUser(userID); err != nil {
@ -294,6 +295,68 @@ func (bridge *Bridge) SetAddressMode(ctx context.Context, userID string, mode va
 			AddressMode: mode,
 		})

+		var splitMode = false
+		for _, user := range bridge.users {
+			if user.GetAddressMode() == vault.SplitMode {
+				splitMode = true
+				break
+			}
+		}
+		bridge.heartbeat.SetSplitMode(splitMode)
+
+		return nil
+	}, bridge.usersLock)
+}
+
+// SendBadEventUserFeedback passes the feedback to the given user.
+func (bridge *Bridge) SendBadEventUserFeedback(_ context.Context, userID string, doResync bool) error {
+	logrus.WithField("userID", userID).WithField("doResync", doResync).Info("Passing bad event feedback to user")
+
+	return safe.LockRet(func() error {
+		ctx := context.Background()
+
+		user, ok := bridge.users[userID]
+		if !ok {
+			if rerr := bridge.reporter.ReportMessageWithContext(
+				"Failed to handle event: feedback failed: no such user",
+				reporter.Context{"user_id": userID},
+			); rerr != nil {
+				logrus.WithError(rerr).Error("Failed to report feedback failure")
+			}
+
+			return ErrNoSuchUser
+		}
+
+		if doResync {
+			if rerr := bridge.reporter.ReportMessageWithContext(
+				"Failed to handle event: feedback resync",
+				reporter.Context{"user_id": userID},
+			); rerr != nil {
+				logrus.WithError(rerr).Error("Failed to report feedback failure")
+			}
+
+			if err := bridge.addIMAPUser(ctx, user); err != nil {
+				return fmt.Errorf("failed to add IMAP user: %w", err)
+			}
+
+			user.BadEventFeedbackResync(ctx)
+
+			return nil
+		}
+
+		if rerr := bridge.reporter.ReportMessageWithContext(
+			"Failed to handle event: feedback logout",
+			reporter.Context{"user_id": userID},
+		); rerr != nil {
+			logrus.WithError(rerr).Error("Failed to report feedback failure")
+		}
+
+		bridge.logoutUser(ctx, user, true, false, false)
+
+		bridge.publish(events.UserLoggedOut{
+			UserID: userID,
+		})
+
 		return nil
 	}, bridge.usersLock)
 }
@ -345,7 +408,7 @@ func (bridge *Bridge) loadUsers(ctx context.Context) error {
 			return nil
 		}

-		log.Info("Loading connected user")
+		log.WithField("mode", user.AddressMode()).Info("Loading connected user")

 		bridge.publish(events.UserLoading{
 			UserID: user.UserID(),
@ -380,6 +443,7 @@ func (bridge *Bridge) loadUser(ctx context.Context, user *vault.User) error {
 				logrus.WithError(err).Warn("Failed to clear user secrets")
 			}
 		}
+
 		return fmt.Errorf("failed to create API client: %w", err)
 	}

@ -455,15 +519,25 @@ func (bridge *Bridge) addUserWithVault(
 	apiUser proton.User,
 	vault *vault.User,
 ) error {
+	statsPath, err := bridge.locator.ProvideStatsPath()
+	if err != nil {
+		return fmt.Errorf("failed to get Statistics directory: %w", err)
+	}
+
+	// re-set SyncStatus if database need to be re-synced for migration.
+	bridge.migrateUser(vault)
+
 	user, err := user.New(
 		ctx,
 		vault,
 		client,
 		bridge.reporter,
 		apiUser,
-		bridge.crashHandler,
-		bridge.vault.SyncWorkers(),
+		bridge.panicHandler,
 		bridge.vault.GetShowAllMail(),
+		bridge.vault.GetMaxSyncMemory(),
+		statsPath,
+		bridge,
 	)
 	if err != nil {
 		return fmt.Errorf("failed to create user: %w", err)
@ -495,7 +569,7 @@ func (bridge *Bridge) addUserWithVault(
 	// As such, if we find this ID in the context, we should use it to update our user agent.
 	client.AddPreRequestHook(func(_ *resty.Client, r *resty.Request) error {
 		if imapID, ok := imap.GetIMAPIDFromContext(r.Context()); ok {
-			bridge.identifier.SetClient(imapID.Name, imapID.Version)
+			bridge.setUserAgent(imapID.Name, imapID.Version)
 		}

 		return nil
@ -504,8 +578,12 @@ func (bridge *Bridge) addUserWithVault(
 	// Finally, save the user in the bridge.
 	safe.Lock(func() {
 		bridge.users[apiUser.ID] = user
+		bridge.heartbeat.SetNbAccount(len(bridge.users))
 	}, bridge.usersLock)

+	// As we need at least one user to send heartbeat, try to send it.
+	defer bridge.goHeartbeat()
+
 	return nil
 }

@ -516,35 +594,18 @@ func (bridge *Bridge) newVaultUser(
 	authUID, authRef string,
 	saltedKeyPass []byte,
 ) (*vault.User, bool, error) {
-	if !bridge.vault.HasUser(apiUser.ID) {
-		user, err := bridge.vault.AddUser(apiUser.ID, apiUser.Name, apiUser.Email, authUID, authRef, saltedKeyPass)
-		if err != nil {
-			return nil, false, fmt.Errorf("failed to add user to vault: %w", err)
-		}
-
-		return user, true, nil
-	}
-
-	user, err := bridge.vault.NewUser(apiUser.ID)
-	if err != nil {
-		return nil, false, err
-	}
-
-	if err := user.SetAuth(authUID, authRef); err != nil {
-		return nil, false, err
-	}
-
-	if err := user.SetKeyPass(saltedKeyPass); err != nil {
-		return nil, false, err
-	}
-
-	return user, false, nil
+	return bridge.vault.GetOrAddUser(apiUser.ID, apiUser.Name, apiUser.Email, authUID, authRef, saltedKeyPass)
 }

 // logout logs out the given user, optionally logging them out from the API too.
-func (bridge *Bridge) logoutUser(ctx context.Context, user *user.User, withAPI, withData bool) {
+func (bridge *Bridge) logoutUser(ctx context.Context, user *user.User, withAPI, withData, withTelemetry bool) {
 	defer delete(bridge.users, user.ID())

+	// if this is actually a remove account
+	if withData && withAPI {
+		user.SendConfigStatusAbort(ctx, withTelemetry)
+	}
+
 	logrus.WithFields(logrus.Fields{
 		"userID":   user.ID(),
 		"withAPI":  withAPI,
@ -559,6 +620,8 @@ func (bridge *Bridge) logoutUser(ctx context.Context, user *user.User, withAPI,
 		logrus.WithError(err).Error("Failed to logout user")
 	}

+	bridge.heartbeat.SetNbAccount(len(bridge.users))
+
 	user.Close()
 }

--- a/internal/bridge/user_event_test.go
+++ b/internal/bridge/user_event_test.go
@ -20,18 +20,24 @@ package bridge_test
 import (
 	"context"
 	"fmt"
+	"net"
 	"net/http"
+	"net/mail"
 	"strings"
 	"sync/atomic"
 	"testing"
 	"time"

+	"github.com/ProtonMail/gluon/async"
+	"github.com/ProtonMail/gluon/rfc822"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
+	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
+	"github.com/bradenaw/juniper/stream"
 	"github.com/bradenaw/juniper/xslices"
 	"github.com/emersion/go-imap"
 	"github.com/emersion/go-imap/client"
@ -40,7 +46,7 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func TestBridge_User_BadMessage_BadEvent(t *testing.T) {
+func TestBridge_User_RefreshEvent(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
 		userID, addrID, err := s.CreateUser("user", password)
@ -49,54 +55,136 @@ func TestBridge_User_BadMessage_BadEvent(t *testing.T) {
 		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 		require.NoError(t, err)

+		var messageIDs []string
+
 		// Create 10 messages for the user.
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
-			createNumMessages(ctx, t, c, addrID, labelID, 10)
+			messageIDs = createNumMessages(ctx, t, c, addrID, labelID, 10)
 		})

 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
+		})

-			var messageIDs []string
+		// Remove a message
+		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+			require.NoError(t, c.DeleteMessage(ctx, messageIDs[0]))
+		})

-			// Create 10 more messages for the user, generating events.
+		require.NoError(t, s.RefreshUser(userID, proton.RefreshMail))
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			syncCh, closeCh := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
+
+			require.Equal(t, userID, (<-syncCh).UserID)
+			closeCh()
+
+			userContinueEventProcess(ctx, t, s, bridge)
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
-				messageIDs = createNumMessages(ctx, t, c, addrID, labelID, 10)
+				createNumMessages(ctx, t, c, addrID, labelID, 10)
 			})

-			// If bridge attempts to sync the new messages, it should get a BadRequest error.
-			doBadRequest := true
-			s.AddStatusHook(func(req *http.Request) (int, bool) {
-				if !doBadRequest {
-					return 0, false
-				}
-
-				if xslices.Index(xslices.Map(messageIDs, func(messageID string) string {
-					return "/mail/v4/messages/" + messageID
-				}), req.URL.Path) < 0 {
-					return 0, false
-				}
-
-				return http.StatusBadRequest, true
-			})
-
-			userReceiveBadErrorAndLogout(t, bridge, mocks)
-
-			// Remove messages
-			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
-				require.NoError(t, c.DeleteMessage(ctx, messageIDs...))
-			})
-			doBadRequest = false
-
-			// Login again
-			_, err := bridge.LoginFull(ctx, "user", password, nil, nil)
-			require.NoError(t, err)
-
 			userContinueEventProcess(ctx, t, s, bridge)
 		})
 	})
 }

+func TestBridge_User_BadMessage_BadEvent(t *testing.T) {
+	t.Run("Resync", test_badMessage_badEvent(func(t *testing.T, ctx context.Context, bridge *bridge.Bridge, badUserID string) {
+		// User feedback is resync
+		require.NoError(t, bridge.SendBadEventUserFeedback(ctx, badUserID, true))
+
+		// Wait for sync to finish
+		syncCh, closeCh := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
+		require.Equal(t, badUserID, (<-syncCh).UserID)
+		closeCh()
+	}))
+
+	t.Run("LogoutAndLogin", test_badMessage_badEvent(func(t *testing.T, ctx context.Context, bridge *bridge.Bridge, badUserID string) {
+		logoutCh, closeCh := chToType[events.Event, events.UserLoggedOut](bridge.GetEvents(events.UserLoggedOut{}))
+
+		// User feedback is logout
+		require.NoError(t, bridge.SendBadEventUserFeedback(ctx, badUserID, false))
+
+		require.Equal(t, badUserID, (<-logoutCh).UserID)
+		closeCh()
+
+		// The user will eventually be logged out due to the bad request errors.
+		require.Eventually(t, func() bool {
+			return len(bridge.GetUserIDs()) == 1 && len(getConnectedUserIDs(t, bridge)) == 0
+		}, 100*user.EventPeriod, user.EventPeriod)
+
+		// Login again
+		_, err := bridge.LoginFull(ctx, "user", password, nil, nil)
+		require.NoError(t, err)
+	}))
+}
+
+func test_badMessage_badEvent(userFeedback func(t *testing.T, ctx context.Context, bridge *bridge.Bridge, badUserID string)) func(t *testing.T) {
+	return func(t *testing.T) {
+		withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+			// Create a user.
+			userID, addrID, err := s.CreateUser("user", password)
+			require.NoError(t, err)
+
+			labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
+			require.NoError(t, err)
+
+			// Create 10 messages for the user.
+			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+				createNumMessages(ctx, t, c, addrID, labelID, 10)
+			})
+
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				smtpWaiter := waitForSMTPServerReady(bridge)
+				defer smtpWaiter.Done()
+
+				userLoginAndSync(ctx, t, bridge, "user", password)
+
+				var messageIDs []string
+
+				// Create 10 more messages for the user, generating events.
+				withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+					messageIDs = createNumMessages(ctx, t, c, addrID, labelID, 10)
+				})
+
+				// If bridge attempts to sync the new messages, it should get a BadRequest error.
+				doBadRequest := true
+				s.AddStatusHook(func(req *http.Request) (int, bool) {
+					if !doBadRequest {
+						return 0, false
+					}
+
+					if xslices.Index(xslices.Map(messageIDs[0:5], func(messageID string) string {
+						return "/mail/v4/messages/" + messageID
+					}), req.URL.Path) < 0 {
+						return 0, false
+					}
+
+					return http.StatusBadRequest, true
+				})
+
+				badUserID := userReceivesBadError(t, bridge, mocks)
+
+				// Remove messages, make response OK again
+				withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+					require.NoError(t, c.DeleteMessage(ctx, messageIDs[0:5]...))
+				})
+				doBadRequest = false
+
+				userFeedback(t, ctx, bridge, badUserID)
+
+				smtpWaiter.Wait()
+
+				userContinueEventProcess(ctx, t, s, bridge)
+			})
+		})
+	}
+}
+
 func TestBridge_User_BadMessage_NoBadEvent(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
@ -109,16 +197,20 @@ func TestBridge_User_BadMessage_NoBadEvent(t *testing.T) {
 		})

 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			smtpWaiter := waitForSMTPServerReady(bridge)
+			defer smtpWaiter.Done()
+
 			userLoginAndSync(ctx, t, bridge, "user", password)

 			var messageIDs []string

+			// Create 10 more messages for the user, generating events.
+			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+				messageIDs = createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
+			})
+
 			// If bridge attempts to sync the new messages, it should get a BadRequest error.
 			s.AddStatusHook(func(req *http.Request) (int, bool) {
-				if len(messageIDs) < 3 {
-					return 0, false
-				}
-
 				if strings.Contains(req.URL.Path, "/mail/v4/messages/"+messageIDs[2]) {
 					return http.StatusUnprocessableEntity, true
 				}
@ -126,16 +218,12 @@ func TestBridge_User_BadMessage_NoBadEvent(t *testing.T) {
 				return 0, false
 			})

-			// Create 10 more messages for the user, generating events.
-			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
-				messageIDs = createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
-			})
-
 			// Remove messages
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				require.NoError(t, c.DeleteMessage(ctx, messageIDs...))
 			})

+			smtpWaiter.Wait()
 			userContinueEventProcess(ctx, t, s, bridge)
 		})
 	})
@ -249,6 +337,24 @@ func TestBridge_User_AddressEvents_NoBadEvent(t *testing.T) {
 	})
 }

+func TestBridge_User_AddressEventUpdatedForAddressThatDoesNotExist_NoBadEvent(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a user.
+		userID, _, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			userLoginAndSync(ctx, t, bridge, "user", password)
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			_, err := s.CreateAddressAsUpdate(userID, "another@pm.me", password)
+			require.NoError(t, err)
+			userContinueEventProcess(ctx, t, s, bridge)
+		})
+	})
+}
+
 func TestBridge_User_Network_NoBadEvents(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		retVal := int32(0)
@ -295,6 +401,462 @@ func TestBridge_User_Network_NoBadEvents(t *testing.T) {
 	})
 }

+func TestBridge_User_DropConn_NoBadEvent(t *testing.T) {
+	l, err := net.Listen("tcp", "127.0.0.1:0")
+	require.NoError(t, err)
+
+	dropListener := proton.NewListener(l, proton.NewDropConn)
+	defer func() { _ = dropListener.Close() }()
+
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a user.
+		_, addrID, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+
+		// Create 10 messages for the user.
+		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+			createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			var count int32
+			// The first 10 times bridge attempts to sync any of the messages, drop the connection.
+			s.AddStatusHook(func(req *http.Request) (int, bool) {
+				if strings.Contains(req.URL.Path, "/mail/v4/messages") {
+					if atomic.AddInt32(&count, 1) < 10 {
+						dropListener.DropAll()
+					}
+				}
+
+				return 0, false
+			})
+			userLoginAndSync(ctx, t, bridge, "user", password)
+
+			mocks.Reporter.EXPECT().ReportMessageWithContext(gomock.Any(), gomock.Any()).AnyTimes()
+
+			// Create 10 more messages for the user, generating events.
+			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+				createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
+			})
+
+			info, err := bridge.QueryUserInfo("user")
+			require.NoError(t, err)
+
+			cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+			require.NoError(t, err)
+			require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
+			defer func() { _ = cli.Logout() }()
+
+			// The IMAP client will eventually see 20 messages.
+			require.Eventually(t, func() bool {
+				status, err := cli.Status("INBOX", []imap.StatusItem{imap.StatusMessages})
+				return err == nil && status.Messages == 20
+			}, 10*time.Second, 100*time.Millisecond)
+		})
+	}, server.WithListener(dropListener))
+}
+
+func TestBridge_User_UpdateDraft(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a bridge user.
+		_, _, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+
+		// Initially sync the user.
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			userLoginAndSync(ctx, t, bridge, "user", password)
+		})
+
+		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+			user, err := c.GetUser(ctx)
+			require.NoError(t, err)
+
+			addrs, err := c.GetAddresses(ctx)
+			require.NoError(t, err)
+
+			salts, err := c.GetSalts(ctx)
+			require.NoError(t, err)
+
+			keyPass, err := salts.SaltForKey(password, user.Keys.Primary().ID)
+			require.NoError(t, err)
+
+			_, addrKRs, err := proton.Unlock(user, addrs, keyPass, async.NoopPanicHandler{})
+			require.NoError(t, err)
+
+			// Create a draft (generating a "create draft message" event).
+			draft, err := c.CreateDraft(ctx, addrKRs[addrs[0].ID], proton.CreateDraftReq{
+				Message: proton.DraftTemplate{
+					Subject:  "subject",
+					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
+					Body:     "body",
+					MIMEType: rfc822.TextPlain,
+				},
+			})
+			require.NoError(t, err)
+			require.Empty(t, draft.ReplyTos)
+
+			// Process those events
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				userContinueEventProcess(ctx, t, s, bridge)
+			})
+
+			// Update the draft (generating an "update draft message" event).
+			draft2, err := c.UpdateDraft(ctx, draft.ID, addrKRs[addrs[0].ID], proton.UpdateDraftReq{
+				Message: proton.DraftTemplate{
+					Subject:  "subject 2",
+					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
+					Body:     "body 2",
+					MIMEType: rfc822.TextPlain,
+				},
+			})
+			require.NoError(t, err)
+			require.Empty(t, draft2.ReplyTos)
+		})
+	})
+}
+
+func TestBridge_User_UpdateDraftAndCreateOtherMessage(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a bridge user.
+		_, _, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+
+		// Initially sync the user.
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			userLoginAndSync(ctx, t, bridge, "user", password)
+		})
+
+		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+			user, err := c.GetUser(ctx)
+			require.NoError(t, err)
+
+			addrs, err := c.GetAddresses(ctx)
+			require.NoError(t, err)
+
+			salts, err := c.GetSalts(ctx)
+			require.NoError(t, err)
+
+			keyPass, err := salts.SaltForKey(password, user.Keys.Primary().ID)
+			require.NoError(t, err)
+
+			_, addrKRs, err := proton.Unlock(user, addrs, keyPass, async.NoopPanicHandler{})
+			require.NoError(t, err)
+
+			// Create a draft (generating a "create draft message" event).
+			draft, err := c.CreateDraft(ctx, addrKRs[addrs[0].ID], proton.CreateDraftReq{
+				Message: proton.DraftTemplate{
+					Subject:  "subject",
+					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
+					Body:     "body",
+					MIMEType: rfc822.TextPlain,
+				},
+			})
+			require.NoError(t, err)
+
+			// Process those events
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				userContinueEventProcess(ctx, t, s, bridge)
+			})
+
+			// Update the draft (generating an "update draft message" event).
+			require.NoError(t, getErr(c.UpdateDraft(ctx, draft.ID, addrKRs[addrs[0].ID], proton.UpdateDraftReq{
+				Message: proton.DraftTemplate{
+					Subject:  "subject 2",
+					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
+					Body:     "body 2",
+					MIMEType: rfc822.TextPlain,
+				},
+			})))
+
+			// Import a message (generating a "create message" event).
+			str, err := c.ImportMessages(ctx, addrKRs[addrs[0].ID], 1, 1, proton.ImportReq{
+				Metadata: proton.ImportMetadata{
+					AddressID: addrs[0].ID,
+					Flags:     proton.MessageFlagReceived,
+				},
+				Message: []byte("From: someone@example.com\r\nTo: blabla@example.com\r\n\r\nhello"),
+			})
+			require.NoError(t, err)
+
+			res, err := stream.Collect(ctx, str)
+			require.NoError(t, err)
+
+			// Process those events.
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				userContinueEventProcess(ctx, t, s, bridge)
+			})
+
+			// Update the imported message (generating an "update message" event).
+			require.NoError(t, c.MarkMessagesUnread(ctx, res[0].MessageID))
+
+			// Process those events.
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				userContinueEventProcess(ctx, t, s, bridge)
+			})
+		})
+	})
+}
+
+func TestBridge_User_SendDraftRemoveDraftFlag(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a bridge user.
+		_, _, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+
+		// Initially sync the user.
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			userLoginAndSync(ctx, t, bridge, "user", password)
+		})
+
+		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+			user, err := c.GetUser(ctx)
+			require.NoError(t, err)
+
+			addrs, err := c.GetAddresses(ctx)
+			require.NoError(t, err)
+
+			salts, err := c.GetSalts(ctx)
+			require.NoError(t, err)
+
+			keyPass, err := salts.SaltForKey(password, user.Keys.Primary().ID)
+			require.NoError(t, err)
+
+			_, addrKRs, err := proton.Unlock(user, addrs, keyPass, async.NoopPanicHandler{})
+			require.NoError(t, err)
+
+			// Create a draft (generating a "create draft message" event).
+			draft, err := c.CreateDraft(ctx, addrKRs[addrs[0].ID], proton.CreateDraftReq{
+				Message: proton.DraftTemplate{
+					Subject:  "subject",
+					ToList:   []*mail.Address{{Address: addrs[0].Email}},
+					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
+					Body:     "body",
+					MIMEType: rfc822.TextPlain,
+				},
+			})
+			require.NoError(t, err)
+
+			// Process those events
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				userContinueEventProcess(ctx, t, s, bridge)
+
+				info, err := bridge.QueryUserInfo("user")
+				require.NoError(t, err)
+
+				cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+				require.NoError(t, err)
+				require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
+				defer func() { _ = cli.Logout() }()
+
+				messages, err := clientFetch(cli, "Drafts")
+				require.NoError(t, err)
+				require.Len(t, messages, 1)
+				require.Contains(t, messages[0].Flags, imap.DraftFlag)
+			})
+
+			// Send the draft (generating an "update message" event).
+			{
+				pubKeys, recType, err := c.GetPublicKeys(ctx, addrs[0].Email)
+				require.NoError(t, err)
+				require.Equal(t, recType, proton.RecipientTypeInternal)
+
+				var req proton.SendDraftReq
+
+				require.NoError(t, req.AddTextPackage(addrKRs[addrs[0].ID], "body", rfc822.TextPlain, map[string]proton.SendPreferences{
+					addrs[0].Email: {
+						Encrypt:          true,
+						PubKey:           must(crypto.NewKeyRing(must(crypto.NewKeyFromArmored(pubKeys[0].PublicKey)))),
+						SignatureType:    proton.DetachedSignature,
+						EncryptionScheme: proton.InternalScheme,
+						MIMEType:         rfc822.TextPlain,
+					},
+				}, nil))
+
+				require.NoError(t, getErr(c.SendDraft(ctx, draft.ID, req)))
+			}
+
+			// Process those events; the draft will move to the sent folder and lose the draft flag.
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				userContinueEventProcess(ctx, t, s, bridge)
+
+				info, err := bridge.QueryUserInfo("user")
+				require.NoError(t, err)
+
+				cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+				require.NoError(t, err)
+				require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
+				defer func() { _ = cli.Logout() }()
+
+				messages, err := clientFetch(cli, "Sent")
+				require.NoError(t, err)
+				require.Len(t, messages, 1)
+				require.NotContains(t, messages[0].Flags, imap.DraftFlag)
+			})
+		})
+	})
+}
+
+func TestBridge_User_DisableEnableAddress(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a user.
+		userID, _, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+
+		// Create an additional address for the user.
+		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			require.NoError(t, getErr(bridge.LoginFull(ctx, "user", password, nil, nil)))
+
+			// Initially we should list the address.
+			info, err := bridge.QueryUserInfo("user")
+			require.NoError(t, err)
+			require.Contains(t, info.Addresses, "alias@"+s.GetDomain())
+		})
+
+		// Disable the address.
+		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+			require.NoError(t, c.DisableAddress(ctx, aliasID))
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			// Eventually we shouldn't list the address.
+			require.Eventually(t, func() bool {
+				info, err := bridge.QueryUserInfo("user")
+				require.NoError(t, err)
+
+				return xslices.Index(info.Addresses, "alias@"+s.GetDomain()) < 0
+			}, 5*time.Second, 100*time.Millisecond)
+		})
+
+		// Enable the address.
+		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+			require.NoError(t, c.EnableAddress(ctx, aliasID))
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			// Eventually we should list the address.
+			require.Eventually(t, func() bool {
+				info, err := bridge.QueryUserInfo("user")
+				require.NoError(t, err)
+
+				return xslices.Index(info.Addresses, "alias@"+s.GetDomain()) >= 0
+			}, 5*time.Second, 100*time.Millisecond)
+		})
+	})
+}
+
+func TestBridge_User_CreateDisabledAddress(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a user.
+		userID, _, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+
+		// Create an additional address for the user.
+		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password)
+		require.NoError(t, err)
+
+		// Immediately disable the address.
+		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
+			require.NoError(t, c.DisableAddress(ctx, aliasID))
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			require.NoError(t, getErr(bridge.LoginFull(ctx, "user", password, nil, nil)))
+
+			// Initially we shouldn't list the address.
+			info, err := bridge.QueryUserInfo("user")
+			require.NoError(t, err)
+			require.NotContains(t, info.Addresses, "alias@"+s.GetDomain())
+		})
+	})
+}
+
+func TestBridge_User_HandleParentLabelRename(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			imapWaiter := waitForIMAPServerReady(bridge)
+			defer imapWaiter.Done()
+
+			smtpWaiter := waitForSMTPServerReady(bridge)
+			defer smtpWaiter.Done()
+
+			require.NoError(t, getErr(bridge.LoginFull(ctx, username, password, nil, nil)))
+
+			info, err := bridge.QueryUserInfo(username)
+			require.NoError(t, err)
+
+			imapWaiter.Wait()
+			smtpWaiter.Wait()
+
+			cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+			require.NoError(t, err)
+			require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
+			defer func() { _ = cli.Logout() }()
+
+			withClient(ctx, t, s, username, password, func(ctx context.Context, c *proton.Client) {
+				parentName := uuid.NewString()
+				childName := uuid.NewString()
+
+				// Create a folder.
+				parentLabel, err := c.CreateLabel(ctx, proton.CreateLabelReq{
+					Name:  parentName,
+					Type:  proton.LabelTypeFolder,
+					Color: "#f66",
+				})
+				require.NoError(t, err)
+
+				// Wait for the parent folder to be created.
+				require.Eventually(t, func() bool {
+					return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
+						return mailbox.Name == fmt.Sprintf("Folders/%v", parentName)
+					}) >= 0
+				}, 100*user.EventPeriod, user.EventPeriod)
+
+				// Create a subfolder.
+				childLabel, err := c.CreateLabel(ctx, proton.CreateLabelReq{
+					Name:     childName,
+					Type:     proton.LabelTypeFolder,
+					Color:    "#f66",
+					ParentID: parentLabel.ID,
+				})
+				require.NoError(t, err)
+				require.Equal(t, parentLabel.ID, childLabel.ParentID)
+
+				// Wait for the parent folder to be created.
+				require.Eventually(t, func() bool {
+					return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
+						return mailbox.Name == fmt.Sprintf("Folders/%v/%v", parentName, childName)
+					}) >= 0
+				}, 100*user.EventPeriod, user.EventPeriod)
+
+				newParentName := uuid.NewString()
+
+				// Rename the parent folder.
+				require.NoError(t, getErr(c.UpdateLabel(ctx, parentLabel.ID, proton.UpdateLabelReq{
+					Color: "#f66",
+					Name:  newParentName,
+				})))
+
+				// Wait for the parent folder to be renamed.
+				require.Eventually(t, func() bool {
+					return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
+						return mailbox.Name == fmt.Sprintf("Folders/%v", newParentName)
+					}) >= 0
+				}, 100*user.EventPeriod, user.EventPeriod)
+
+				// Wait for the child folder to be renamed.
+				require.Eventually(t, func() bool {
+					return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
+						return mailbox.Name == fmt.Sprintf("Folders/%v/%v", newParentName, childName)
+					}) >= 0
+				}, 100*user.EventPeriod, user.EventPeriod)
+			})
+		})
+	})
+}
+
 // userLoginAndSync logs in user and waits until user is fully synced.
 func userLoginAndSync(
 	ctx context.Context,
@ -311,21 +873,24 @@ func userLoginAndSync(
 	require.Equal(t, userID, (<-syncCh).UserID)
 }

-func userReceiveBadErrorAndLogout(
+func userReceivesBadError(
 	t *testing.T,
 	bridge *bridge.Bridge,
 	mocks *bridge.Mocks,
-) {
+) (userID string) {
+	badEventCh, closeCh := bridge.GetEvents(events.UserBadEvent{})
+
 	// The user will continue to process events and will receive bad request errors.
 	mocks.Reporter.EXPECT().ReportMessageWithContext(gomock.Any(), gomock.Any()).MinTimes(1)

-	// The user will eventually be logged out due to the bad request errors.
-	require.Eventually(t, func() bool {
-		return len(bridge.GetUserIDs()) == 1 && len(getConnectedUserIDs(t, bridge)) == 0
-	}, 100*user.EventPeriod, user.EventPeriod)
+	badEvent, ok := (<-badEventCh).(events.UserBadEvent)
+	require.True(t, ok)
+
+	closeCh()
+
+	return badEvent.UserID
 }

-// userContinueEventProcess checks that user will continue to process events and will not receive any bad request errors.
 func userContinueEventProcess(
 	ctx context.Context,
 	t *testing.T,
@ -335,10 +900,10 @@ func userContinueEventProcess(
 	info, err := bridge.QueryUserInfo("user")
 	require.NoError(t, err)

-	client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+	cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 	require.NoError(t, err)
-	require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
-	defer func() { _ = client.Logout() }()
+	require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
+	defer func() { _ = cli.Logout() }()

 	randomLabel := uuid.NewString()

@ -353,8 +918,21 @@ func userContinueEventProcess(

 	// Wait for the label to be created.
 	require.Eventually(t, func() bool {
-		return xslices.IndexFunc(clientList(client), func(mailbox *imap.MailboxInfo) bool {
+		return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
 			return mailbox.Name == "Labels/"+randomLabel
 		}) >= 0
 	}, 100*user.EventPeriod, user.EventPeriod)
 }
+
+func eventuallyDial(addr string) (cli *client.Client, err error) {
+	var sleep = 1 * time.Second
+	for i := 0; i < 5; i++ {
+		cli, err := client.Dial(addr)
+		if err == nil {
+			return cli, nil
+		}
+		time.Sleep(sleep)
+		sleep *= 2
+	}
+	return nil, fmt.Errorf("after 5 attempts, last error: %s", err)
+}
--- a/internal/bridge/user_events.go
+++ b/internal/bridge/user_events.go
@ -22,6 +22,7 @@ import (
 	"fmt"

 	"github.com/ProtonMail/gluon/reporter"
+	"github.com/ProtonMail/proton-bridge/v3/internal"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
@ -36,9 +37,14 @@ func (bridge *Bridge) handleUserEvent(ctx context.Context, user *user.User, even
 			return fmt.Errorf("failed to handle user address created event: %w", err)
 		}

-	case events.UserAddressUpdated:
-		if err := bridge.handleUserAddressUpdated(ctx, user, event); err != nil {
-			return fmt.Errorf("failed to handle user address updated event: %w", err)
+	case events.UserAddressEnabled:
+		if err := bridge.handleUserAddressEnabled(ctx, user, event); err != nil {
+			return fmt.Errorf("failed to handle user address enabled event: %w", err)
+		}
+
+	case events.UserAddressDisabled:
+		if err := bridge.handleUserAddressDisabled(ctx, user, event); err != nil {
+			return fmt.Errorf("failed to handle user address disabled event: %w", err)
 		}

 	case events.UserAddressDeleted:
@ -47,7 +53,7 @@ func (bridge *Bridge) handleUserEvent(ctx context.Context, user *user.User, even
 		}

 	case events.UserRefreshed:
-		if err := bridge.handleUserRefreshed(ctx, user); err != nil {
+		if err := bridge.handleUserRefreshed(ctx, user, event); err != nil {
 			return fmt.Errorf("failed to handle user refreshed event: %w", err)
 		}

@ -55,69 +61,97 @@ func (bridge *Bridge) handleUserEvent(ctx context.Context, user *user.User, even
 		bridge.handleUserDeauth(ctx, user)

 	case events.UserBadEvent:
-		bridge.handleUserBadEvent(ctx, user, event.Error)
+		bridge.handleUserBadEvent(ctx, user, event)
+
+	case events.UncategorizedEventError:
+		bridge.handleUncategorizedErrorEvent(event)
 	}

 	return nil
 }

 func (bridge *Bridge) handleUserAddressCreated(ctx context.Context, user *user.User, event events.UserAddressCreated) error {
-	if user.GetAddressMode() == vault.SplitMode {
-		if bridge.imapServer == nil {
-			return fmt.Errorf("no imap server instance running")
-		}
+	if user.GetAddressMode() == vault.CombinedMode {
+		return nil
+	}

-		gluonID, err := bridge.imapServer.AddUser(ctx, user.NewIMAPConnector(event.AddressID), user.GluonKey())
-		if err != nil {
-			return fmt.Errorf("failed to add user to IMAP server: %w", err)
-		}
+	gluonID, err := bridge.serverManager.AddGluonUser(ctx, user.NewIMAPConnector(event.AddressID), user.GluonKey())
+	if err != nil {
+		return fmt.Errorf("failed to add user to IMAP server: %w", err)
+	}

-		if err := user.SetGluonID(event.AddressID, gluonID); err != nil {
-			return fmt.Errorf("failed to set gluon ID: %w", err)
-		}
+	if err := user.SetGluonID(event.AddressID, gluonID); err != nil {
+		return fmt.Errorf("failed to set gluon ID: %w", err)
 	}

 	return nil
 }

-// GODT-1948: Handle addresses that have been disabled!
-func (bridge *Bridge) handleUserAddressUpdated(_ context.Context, user *user.User, _ events.UserAddressUpdated) error {
-	switch user.GetAddressMode() {
-	case vault.CombinedMode:
-		return fmt.Errorf("not implemented")
+func (bridge *Bridge) handleUserAddressEnabled(ctx context.Context, user *user.User, event events.UserAddressEnabled) error {
+	if user.GetAddressMode() == vault.CombinedMode {
+		return nil
+	}

-	case vault.SplitMode:
-		return fmt.Errorf("not implemented")
+	gluonID, err := bridge.serverManager.AddGluonUser(ctx, user.NewIMAPConnector(event.AddressID), user.GluonKey())
+	if err != nil {
+		return fmt.Errorf("failed to add user to IMAP server: %w", err)
+	}
+
+	if err := user.SetGluonID(event.AddressID, gluonID); err != nil {
+		return fmt.Errorf("failed to set gluon ID: %w", err)
+	}
+
+	return nil
+}
+
+func (bridge *Bridge) handleUserAddressDisabled(ctx context.Context, user *user.User, event events.UserAddressDisabled) error {
+	if user.GetAddressMode() == vault.CombinedMode {
+		return nil
+	}
+
+	gluonID, ok := user.GetGluonID(event.AddressID)
+	if !ok {
+		return fmt.Errorf("gluon ID not found for address %s", event.AddressID)
+	}
+
+	if err := bridge.serverManager.RemoveGluonUser(ctx, gluonID); err != nil {
+		return fmt.Errorf("failed to remove user from IMAP server: %w", err)
+	}
+
+	if err := user.RemoveGluonID(event.AddressID, gluonID); err != nil {
+		return fmt.Errorf("failed to remove gluon ID for address: %w", err)
 	}

 	return nil
 }

 func (bridge *Bridge) handleUserAddressDeleted(ctx context.Context, user *user.User, event events.UserAddressDeleted) error {
-	if user.GetAddressMode() == vault.SplitMode {
-		if bridge.imapServer == nil {
-			return fmt.Errorf("no imap server instance running")
-		}
+	if user.GetAddressMode() == vault.CombinedMode {
+		return nil
+	}

-		gluonID, ok := user.GetGluonID(event.AddressID)
-		if !ok {
-			return fmt.Errorf("gluon ID not found for address %s", event.AddressID)
-		}
+	gluonID, ok := user.GetGluonID(event.AddressID)
+	if !ok {
+		return fmt.Errorf("gluon ID not found for address %s", event.AddressID)
+	}

-		if err := bridge.imapServer.RemoveUser(ctx, gluonID, true); err != nil {
-			return fmt.Errorf("failed to remove user from IMAP server: %w", err)
-		}
+	if err := bridge.serverManager.handleRemoveGluonUser(ctx, gluonID); err != nil {
+		return fmt.Errorf("failed to remove user from IMAP server: %w", err)
+	}

-		if err := user.RemoveGluonID(event.AddressID, gluonID); err != nil {
-			return fmt.Errorf("failed to remove gluon ID for address: %w", err)
-		}
+	if err := user.RemoveGluonID(event.AddressID, gluonID); err != nil {
+		return fmt.Errorf("failed to remove gluon ID for address: %w", err)
 	}

 	return nil
 }

-func (bridge *Bridge) handleUserRefreshed(ctx context.Context, user *user.User) error {
+func (bridge *Bridge) handleUserRefreshed(ctx context.Context, user *user.User, event events.UserRefreshed) error {
 	return safe.RLockRet(func() error {
+		if event.CancelEventPool {
+			user.CancelSyncAndEventPoll()
+		}
+
 		if err := bridge.removeIMAPUser(ctx, user, true); err != nil {
 			return fmt.Errorf("failed to remove IMAP user: %w", err)
 		}
@ -132,18 +166,38 @@ func (bridge *Bridge) handleUserRefreshed(ctx context.Context, user *user.User)

 func (bridge *Bridge) handleUserDeauth(ctx context.Context, user *user.User) {
 	safe.Lock(func() {
-		bridge.logoutUser(ctx, user, false, false)
+		bridge.logoutUser(ctx, user, false, false, false)
+		user.ReportConfigStatusFailure("User deauth.")
 	}, bridge.usersLock)
 }

-func (bridge *Bridge) handleUserBadEvent(ctx context.Context, user *user.User, err error) {
+func (bridge *Bridge) handleUserBadEvent(_ context.Context, user *user.User, event events.UserBadEvent) {
 	safe.Lock(func() {
 		if rerr := bridge.reporter.ReportMessageWithContext("Failed to handle event", reporter.Context{
-			"error": err,
+			"user_id":      user.ID(),
+			"old_event_id": event.OldEventID,
+			"new_event_id": event.NewEventID,
+			"event_info":   event.EventInfo,
+			"error":        event.Error,
+			"error_type":   internal.ErrCauseType(event.Error),
 		}); rerr != nil {
 			logrus.WithError(rerr).Error("Failed to report failed event handling")
 		}

-		bridge.logoutUser(ctx, user, true, false)
+		user.CancelSyncAndEventPoll()
+
+		// Disable IMAP user
+		if err := bridge.removeIMAPUser(context.Background(), user, false); err != nil {
+			logrus.WithError(err).Error("Failed to remove IMAP user")
+		}
 	}, bridge.usersLock)
 }
+
+func (bridge *Bridge) handleUncategorizedErrorEvent(event events.UncategorizedEventError) {
+	if rerr := bridge.reporter.ReportMessageWithContext("Failed to handle due to uncategorized error", reporter.Context{
+		"error_type": internal.ErrCauseType(event.Error),
+		"error":      event.Error,
+	}); rerr != nil {
+		logrus.WithError(rerr).Error("Failed to report failed event handling")
+	}
+}
--- a/internal/bridge/user_test.go
+++ b/internal/bridge/user_test.go
@ -20,16 +20,16 @@ package bridge_test
 import (
 	"context"
 	"fmt"
+	"net"
+	"net/http"
 	"testing"
 	"time"

 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
-	mocksPkg "github.com/ProtonMail/proton-bridge/v3/internal/bridge/mocks"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
-	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/require"
 )

@ -61,6 +61,50 @@ func TestBridge_Login(t *testing.T) {
 	})
 }

+func TestBridge_Login_DropConn(t *testing.T) {
+	l, err := net.Listen("tcp", "127.0.0.1:0")
+	require.NoError(t, err)
+
+	dropListener := proton.NewListener(l, proton.NewDropConn)
+	defer func() { _ = dropListener.Close() }()
+
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			// Login the user.
+			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
+			require.NoError(t, err)
+
+			// The user is now connected.
+			require.Equal(t, []string{userID}, bridge.GetUserIDs())
+			require.Equal(t, []string{userID}, getConnectedUserIDs(t, bridge))
+		})
+
+		// Whether to allow the user to be created.
+		var allowUser bool
+
+		s.AddStatusHook(func(req *http.Request) (int, bool) {
+			// Drop any request to the users endpoint.
+			if !allowUser && req.URL.Path == "/core/v4/users" {
+				dropListener.DropAll()
+			}
+
+			// After the ping request, allow the user to be created.
+			if req.URL.Path == "/tests/ping" {
+				allowUser = true
+			}
+
+			return 0, false
+		})
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			// The user is eventually connected.
+			require.Eventually(t, func() bool {
+				return len(bridge.GetUserIDs()) == 1 && len(getConnectedUserIDs(t, bridge)) == 1
+			}, 5*time.Second, 100*time.Millisecond)
+		})
+	}, server.WithListener(dropListener))
+}
+
 func TestBridge_LoginTwice(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
@ -632,11 +676,6 @@ func TestBridge_UserInfo_Alias(t *testing.T) {
 func TestBridge_User_Refresh(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
-			mocks.Reporter.EXPECT().ReportMessageWithContext(
-				gomock.Eq("Warning: refresh occurred"),
-				mocksPkg.NewRefreshContextMatcher(proton.RefreshAll),
-			).Return(nil)
-
 			// Get a channel of sync started events.
 			syncStartCh, done := chToType[events.Event, events.SyncStarted](bridge.GetEvents(events.SyncStarted{}))
 			defer done()
@ -662,7 +701,26 @@ func TestBridge_User_Refresh(t *testing.T) {
 	})
 }

+func TestBridge_User_GetAddresses(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a user.
+		userID, _, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+		addrID2, err := s.CreateAddress(userID, "user@external.com", []byte("password"))
+		require.NoError(t, err)
+		require.NoError(t, s.ChangeAddressType(userID, addrID2, proton.AddressTypeExternal))
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			userLoginAndSync(ctx, t, bridge, "user", password)
+			info, err := bridge.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.Equal(t, 1, len(info.Addresses))
+			require.Equal(t, info.Addresses[0], "user@proton.local")
+		})
+	})
+}
+
 // getErr returns the error that was passed to it.
-func getErr[T any](val T, err error) error {
+func getErr[T any](_ T, err error) error {
 	return err
 }
--- a/internal/certs/cert_store_darwin.go
+++ b/internal/certs/cert_store_darwin.go
@ -17,69 +17,140 @@

 package certs

-import (
-	"os"
+/*
+#cgo CFLAGS: -x objective-c
+#cgo LDFLAGS: -framework Foundation -framework Security
+#import <Foundation/Foundation.h>
+#import <Security/Security.h>

-	"golang.org/x/sys/execabs"
+
+int installTrustedCert(char const *bytes, unsigned long long length) {
+	if (length == 0) {
+		return errSecInvalidData;
+	}
+
+	NSData *der = [NSData dataWithBytes:bytes length:length];
+
+	// Step 1. Import the certificate in the keychain.
+	SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef) der);
+	NSDictionary* addQuery = @{
+		(id)kSecValueRef: (__bridge id) cert,
+		(id)kSecClass: (id)kSecClassCertificate,
+	};
+
+	OSStatus status = SecItemAdd((__bridge CFDictionaryRef) addQuery, NULL);
+	if ((errSecSuccess != status) && (errSecDuplicateItem != status)) {
+		CFRelease(cert);
+		return status;
+	}
+
+	// Step 2. Set the trust for the certificate.
+	SecPolicyRef policy = SecPolicyCreateSSL(true, NULL); // we limit our trust to SSL
+	NSDictionary *trustSettings = @{
+		(id)kSecTrustSettingsResult: [NSNumber numberWithInt:kSecTrustSettingsResultTrustRoot],
+		(id)kSecTrustSettingsPolicy: (__bridge id) policy,
+	};
+	status = SecTrustSettingsSetTrustSettings(cert, kSecTrustSettingsDomainUser, (__bridge CFTypeRef)(trustSettings));
+	CFRelease(policy);
+	CFRelease(cert);
+
+	return status;
+}
+
+
+int removeTrustedCert(char const *bytes, unsigned long long length) {
+	if (0 == length) {
+		return errSecInvalidData;
+	}
+
+	NSData *der = [NSData dataWithBytes: bytes length: length];
+	SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef) der);
+
+	// Step 1. Unset the trust for the certificate.
+	SecPolicyRef policy = SecPolicyCreateSSL(true, NULL);
+	NSDictionary * trustSettings = @{
+		(id)kSecTrustSettingsResult: [NSNumber numberWithInt:kSecTrustSettingsResultUnspecified],
+		(id)kSecTrustSettingsPolicy: (__bridge id) policy,
+	};
+	OSStatus status = SecTrustSettingsSetTrustSettings(cert, kSecTrustSettingsDomainUser, (__bridge CFTypeRef)(trustSettings));
+	CFRelease(policy);
+	if (errSecSuccess != status) {
+		CFRelease(cert);
+		return status;
+	}
+
+	// Step 2. Remove the certificate from the keychain.
+	NSDictionary *query = @{ (id)kSecClass: (id)kSecClassCertificate,
+							 (id)kSecMatchItemList: @[(__bridge id)cert],
+							 (id)kSecMatchLimit: (id)kSecMatchLimitOne,
+						   };
+	status = SecItemDelete((__bridge CFDictionaryRef) query);
+
+	CFRelease(cert);
+	return status;
+}
+*/
+import "C"
+
+import (
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"unsafe"
 )

+// some of the error codes returned by Apple's Security framework.
+const (
+	errSecSuccess            = 0
+	errAuthorizationCanceled = -60006
+)
+
+// certPEMToDER converts a certificate in PEM format to DER format, which is the format required by Apple's Security framework.
+func certPEMToDER(certPEM []byte) ([]byte, error) {
+	block, left := pem.Decode(certPEM)
+	if block == nil {
+		return []byte{}, errors.New("invalid PEM certificate")
+	}
+
+	if len(left) > 0 {
+		return []byte{}, errors.New("trailing data found at the end of a PEM certificate")
+	}
+
+	return block.Bytes, nil
+}
+
 func installCert(certPEM []byte) error {
-	name, err := writeToTempFile(certPEM)
+	certDER, err := certPEMToDER(certPEM)
 	if err != nil {
 		return err
 	}

-	return addTrustedCert(name)
+	p := C.CBytes(certDER)
+	defer C.free(unsafe.Pointer(p)) //nolint:unconvert
+
+	errCode := C.installTrustedCert((*C.char)(p), (C.ulonglong)(len(certDER)))
+	switch errCode {
+	case errSecSuccess:
+		return nil
+	case errAuthorizationCanceled:
+		return fmt.Errorf("the user cancelled the authorization dialog")
+	default:
+		return fmt.Errorf("could not install certification into keychain (error %v)", errCode)
+	}
 }

 func uninstallCert(certPEM []byte) error {
-	name, err := writeToTempFile(certPEM)
+	certDER, err := certPEMToDER(certPEM)
 	if err != nil {
 		return err
 	}

-	return removeTrustedCert(name)
-}
+	p := C.CBytes(certDER)
+	defer C.free(unsafe.Pointer(p)) //nolint:unconvert

-func addTrustedCert(certPath string) error {
-	return execabs.Command( //nolint:gosec
-		"/usr/bin/security",
-		"execute-with-privileges",
-		"/usr/bin/security",
-		"add-trusted-cert",
-		"-d",
-		"-r", "trustRoot",
-		"-p", "ssl",
-		"-k", "/Library/Keychains/System.keychain",
-		certPath,
-	).Run()
-}
-
-func removeTrustedCert(certPath string) error {
-	return execabs.Command( //nolint:gosec
-		"/usr/bin/security",
-		"execute-with-privileges",
-		"/usr/bin/security",
-		"remove-trusted-cert",
-		"-d",
-		certPath,
-	).Run()
-}
-
-// writeToTempFile writes the given data to a temporary file and returns the path.
-func writeToTempFile(data []byte) (string, error) {
-	f, err := os.CreateTemp("", "tls")
-	if err != nil {
-		return "", err
+	if errCode := C.removeTrustedCert((*C.char)(p), (C.ulonglong)(len(certDER))); errCode != 0 {
+		return fmt.Errorf("could not install certificate from keychain (error %v)", errCode)
 	}

-	if _, err := f.Write(data); err != nil {
-		return "", err
-	}
-
-	if err := f.Close(); err != nil {
-		return "", err
-	}
-
-	return f.Name(), nil
+	return nil
 }
--- a/internal/certs/cert_store_darwin_test.go
+++ b/internal/certs/cert_store_darwin_test.go
@ -0,0 +1,44 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+//go:build darwin
+
+package certs
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+// This test implies human interactions to enter password and is disabled by default.
+func _TestTrustedCertsDarwin(t *testing.T) { //nolint:unused
+	template, err := NewTLSTemplate()
+	require.NoError(t, err)
+
+	certPEM, _, err := GenerateCert(template)
+	require.NoError(t, err)
+
+	require.Error(t, installCert([]byte{0}))   // Cannot install an invalid cert.
+	require.Error(t, uninstallCert(certPEM))   // Cannot uninstall a cert that is not installed.
+	require.NoError(t, installCert(certPEM))   // Can install a valid cert.
+	require.NoError(t, installCert(certPEM))   // Can install an already installed cert.
+	require.NoError(t, uninstallCert(certPEM)) // Can uninstall an installed cert.
+	require.Error(t, uninstallCert(certPEM))   // Cannot uninstall an already uninstalled cert.
+	require.NoError(t, installCert(certPEM))   // Can reinstall an uninstalled cert.
+	require.NoError(t, uninstallCert(certPEM)) // Can uninstall a reinstalled cert.
+}
--- a/internal/clientconfig/applemail.go
+++ b/internal/clientconfig/applemail.go
@ -70,9 +70,11 @@ func prepareMobileConfig(
 	password []byte,
 ) *mobileconfig.Config {
 	return &mobileconfig.Config{
-		DisplayName:  username,
-		EmailAddress: addresses,
-		Identifier:   "protonmail " + username + strconv.FormatInt(time.Now().Unix(), 10),
+		DisplayName:        username,
+		EmailAddress:       addresses,
+		AccountName:        username,
+		AccountDescription: username,
+		Identifier:         "protonmail " + username + strconv.FormatInt(time.Now().Unix(), 10),
 		IMAP: &mobileconfig.IMAP{
 			Hostname: hostname,
 			Port:     imapPort,
@ -98,6 +100,8 @@ func saveConfigTemporarily(mc *mobileconfig.Config) (fname string, err error) {

 	// Make sure the temporary file is deleted.
 	go func() {
+		defer recover() //nolint:errcheck
+
 		<-time.After(10 * time.Minute)
 		_ = os.RemoveAll(dir)
 	}()
--- a/internal/configstatus/config_status.go
+++ b/internal/configstatus/config_status.go
@ -0,0 +1,221 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"strconv"
+	"time"
+
+	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
+	"github.com/sirupsen/logrus"
+)
+
+const version = "1.0.0"
+
+func LoadConfigurationStatus(filepath string) (*ConfigurationStatus, error) {
+	status := ConfigurationStatus{
+		FilePath: filepath,
+		DataLock: safe.NewRWMutex(),
+		Data:     &ConfigurationStatusData{},
+	}
+
+	if _, err := os.Stat(filepath); err == nil {
+		if err := status.Load(); err == nil {
+			return &status, nil
+		}
+		logrus.WithError(err).Warn("Cannot load configuration status file. Reset it.")
+	}
+
+	status.Data.init()
+	if err := status.Save(); err != nil {
+		return &status, err
+	}
+	return &status, nil
+}
+
+func (status *ConfigurationStatus) Load() error {
+	bytes, err := os.ReadFile(status.FilePath)
+	if err != nil {
+		return err
+	}
+
+	var metadata MetadataOnly
+	if err := json.Unmarshal(bytes, &metadata); err != nil {
+		return err
+	}
+
+	if metadata.Metadata.Version != version {
+		return fmt.Errorf("unsupported configstatus file version %s", metadata.Metadata.Version)
+	}
+
+	return json.Unmarshal(bytes, status.Data)
+}
+
+func (status *ConfigurationStatus) Save() error {
+	temp := status.FilePath + "_temp"
+	f, err := os.Create(temp) //nolint:gosec
+	if err != nil {
+		return err
+	}
+	enc := json.NewEncoder(f)
+	enc.SetIndent("", "  ")
+	err = enc.Encode(status.Data)
+	if err := f.Close(); err != nil {
+		logrus.WithError(err).Error("Error while closing configstatus file.")
+	}
+	if err != nil {
+		return err
+	}
+
+	return os.Rename(temp, status.FilePath)
+}
+
+func (status *ConfigurationStatus) IsPending() bool {
+	status.DataLock.RLock()
+	defer status.DataLock.RUnlock()
+
+	return !status.Data.DataV1.PendingSince.IsZero()
+}
+
+func (status *ConfigurationStatus) IsFromFailure() bool {
+	status.DataLock.RLock()
+	defer status.DataLock.RUnlock()
+
+	return status.Data.DataV1.FailureDetails != ""
+}
+
+func (status *ConfigurationStatus) ApplySuccess() error {
+	status.DataLock.Lock()
+	defer status.DataLock.Unlock()
+
+	status.Data.init()
+	status.Data.DataV1.PendingSince = time.Time{}
+	return status.Save()
+}
+
+func (status *ConfigurationStatus) ApplyFailure(err string) error {
+	status.DataLock.Lock()
+	defer status.DataLock.Unlock()
+
+	status.Data.init()
+	status.Data.DataV1.FailureDetails = err
+	return status.Save()
+}
+
+func (status *ConfigurationStatus) ApplyProgress() error {
+	status.DataLock.Lock()
+	defer status.DataLock.Unlock()
+
+	status.Data.DataV1.LastProgress = time.Now()
+	return status.Save()
+}
+
+func (status *ConfigurationStatus) RecordLinkClicked(link uint) error {
+	status.DataLock.Lock()
+	defer status.DataLock.Unlock()
+
+	if !status.Data.hasLinkClicked(link) {
+		status.Data.setClickedLink(link)
+		return status.Save()
+	}
+	return nil
+}
+
+func (status *ConfigurationStatus) ReportClicked() error {
+	status.DataLock.Lock()
+	defer status.DataLock.Unlock()
+
+	if !status.Data.DataV1.ReportClick {
+		status.Data.DataV1.ReportClick = true
+		return status.Save()
+	}
+	return nil
+}
+
+func (status *ConfigurationStatus) ReportSent() error {
+	status.DataLock.Lock()
+	defer status.DataLock.Unlock()
+
+	if !status.Data.DataV1.ReportSent {
+		status.Data.DataV1.ReportSent = true
+		return status.Save()
+	}
+	return nil
+}
+
+func (status *ConfigurationStatus) AutoconfigUsed(client string) error {
+	status.DataLock.Lock()
+	defer status.DataLock.Unlock()
+
+	if client != status.Data.DataV1.Autoconf {
+		status.Data.DataV1.Autoconf = client
+		return status.Save()
+	}
+	return nil
+}
+
+func (status *ConfigurationStatus) Remove() error {
+	status.DataLock.Lock()
+	defer status.DataLock.Unlock()
+	return os.Remove(status.FilePath)
+}
+
+func (data *ConfigurationStatusData) init() {
+	data.Metadata = Metadata{
+		Version: version,
+	}
+	data.DataV1.PendingSince = time.Now()
+	data.DataV1.LastProgress = time.Time{}
+	data.DataV1.Autoconf = ""
+	data.DataV1.ClickedLink = 0
+	data.DataV1.ReportSent = false
+	data.DataV1.ReportClick = false
+	data.DataV1.FailureDetails = ""
+}
+
+func (data *ConfigurationStatusData) setClickedLink(pos uint) {
+	data.DataV1.ClickedLink |= 1 << pos
+}
+
+func (data *ConfigurationStatusData) hasLinkClicked(pos uint) bool {
+	val := data.DataV1.ClickedLink & (1 << pos)
+	return val > 0
+}
+
+func (data *ConfigurationStatusData) clickedLinkToString() string {
+	var str = ""
+	var first = true
+	for i := 0; i < 64; i++ {
+		if data.hasLinkClicked(uint(i)) {
+			if !first {
+				str += ","
+			} else {
+				first = false
+				str += "["
+			}
+			str += strconv.Itoa(i)
+		}
+	}
+	if str != "" {
+		str += "]"
+	}
+	return str
+}
--- a/internal/configstatus/config_status_test.go
+++ b/internal/configstatus/config_status_test.go
@ -0,0 +1,252 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus_test
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConfigStatus_init_virgin(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+	require.Equal(t, "1.0.0", config.Data.Metadata.Version)
+
+	require.Equal(t, false, config.Data.DataV1.PendingSince.IsZero())
+	require.Equal(t, true, config.Data.DataV1.LastProgress.IsZero())
+
+	require.Equal(t, "", config.Data.DataV1.Autoconf)
+	require.Equal(t, uint64(0), config.Data.DataV1.ClickedLink)
+	require.Equal(t, false, config.Data.DataV1.ReportSent)
+	require.Equal(t, false, config.Data.DataV1.ReportClick)
+	require.Equal(t, "", config.Data.DataV1.FailureDetails)
+}
+
+func TestConfigStatus_init_existing(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	var data = configstatus.ConfigurationStatusData{
+		Metadata: configstatus.Metadata{Version: "1.0.0"},
+		DataV1:   configstatus.DataV1{Autoconf: "Mr TBird"},
+	}
+	require.NoError(t, dumpConfigStatusInFile(&data, file))
+
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, "1.0.0", config.Data.Metadata.Version)
+	require.Equal(t, "Mr TBird", config.Data.DataV1.Autoconf)
+}
+
+func TestConfigStatus_init_bad_version(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	var data = configstatus.ConfigurationStatusData{
+		Metadata: configstatus.Metadata{Version: "2.0.0"},
+		DataV1:   configstatus.DataV1{Autoconf: "Mr TBird"},
+	}
+	require.NoError(t, dumpConfigStatusInFile(&data, file))
+
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, "1.0.0", config.Data.Metadata.Version)
+	require.Equal(t, "", config.Data.DataV1.Autoconf)
+}
+
+func TestConfigStatus_IsPending(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, true, config.IsPending())
+	config.Data.DataV1.PendingSince = time.Time{}
+	require.Equal(t, false, config.IsPending())
+}
+
+func TestConfigStatus_IsFromFailure(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, false, config.IsFromFailure())
+	config.Data.DataV1.FailureDetails = "test"
+	require.Equal(t, true, config.IsFromFailure())
+}
+
+func TestConfigStatus_ApplySuccess(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, true, config.IsPending())
+	require.NoError(t, config.ApplySuccess())
+	require.Equal(t, false, config.IsPending())
+
+	config2, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
+	require.Equal(t, true, config2.Data.DataV1.PendingSince.IsZero())
+	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
+	require.Equal(t, "", config2.Data.DataV1.Autoconf)
+	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
+	require.Equal(t, false, config2.Data.DataV1.ReportSent)
+	require.Equal(t, false, config2.Data.DataV1.ReportClick)
+	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
+}
+
+func TestConfigStatus_ApplyFailure(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+	require.NoError(t, config.ApplySuccess())
+
+	require.NoError(t, config.ApplyFailure("Big Failure"))
+	require.Equal(t, true, config.IsFromFailure())
+	require.Equal(t, true, config.IsPending())
+
+	config2, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
+	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
+	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
+	require.Equal(t, "", config2.Data.DataV1.Autoconf)
+	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
+	require.Equal(t, false, config2.Data.DataV1.ReportSent)
+	require.Equal(t, false, config2.Data.DataV1.ReportClick)
+	require.Equal(t, "Big Failure", config2.Data.DataV1.FailureDetails)
+}
+
+func TestConfigStatus_ApplyProgress(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, true, config.IsPending())
+	require.Equal(t, true, config.Data.DataV1.LastProgress.IsZero())
+
+	require.NoError(t, config.ApplyProgress())
+
+	config2, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
+	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
+	require.Equal(t, false, config2.Data.DataV1.LastProgress.IsZero())
+	require.Equal(t, "", config2.Data.DataV1.Autoconf)
+	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
+	require.Equal(t, false, config2.Data.DataV1.ReportSent)
+	require.Equal(t, false, config2.Data.DataV1.ReportClick)
+	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
+}
+
+func TestConfigStatus_RecordLinkClicked(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, uint64(0), config.Data.DataV1.ClickedLink)
+	require.NoError(t, config.RecordLinkClicked(0))
+	require.Equal(t, uint64(1), config.Data.DataV1.ClickedLink)
+	require.NoError(t, config.RecordLinkClicked(1))
+	require.Equal(t, uint64(3), config.Data.DataV1.ClickedLink)
+
+	config2, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
+	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
+	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
+	require.Equal(t, "", config2.Data.DataV1.Autoconf)
+	require.Equal(t, uint64(3), config2.Data.DataV1.ClickedLink)
+	require.Equal(t, false, config2.Data.DataV1.ReportSent)
+	require.Equal(t, false, config2.Data.DataV1.ReportClick)
+	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
+}
+
+func TestConfigStatus_ReportClicked(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, false, config.Data.DataV1.ReportClick)
+	require.NoError(t, config.ReportClicked())
+	require.Equal(t, true, config.Data.DataV1.ReportClick)
+
+	config2, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
+	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
+	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
+	require.Equal(t, "", config2.Data.DataV1.Autoconf)
+	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
+	require.Equal(t, false, config2.Data.DataV1.ReportSent)
+	require.Equal(t, true, config2.Data.DataV1.ReportClick)
+	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
+}
+
+func TestConfigStatus_ReportSent(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, false, config.Data.DataV1.ReportSent)
+	require.NoError(t, config.ReportSent())
+	require.Equal(t, true, config.Data.DataV1.ReportSent)
+
+	config2, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
+	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
+	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
+	require.Equal(t, "", config2.Data.DataV1.Autoconf)
+	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
+	require.Equal(t, true, config2.Data.DataV1.ReportSent)
+	require.Equal(t, false, config2.Data.DataV1.ReportClick)
+	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
+}
+
+func dumpConfigStatusInFile(data *configstatus.ConfigurationStatusData, file string) error {
+	f, err := os.Create(file)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = f.Close() }()
+
+	return json.NewEncoder(f).Encode(data)
+}
--- a/internal/configstatus/configuration_abort.go
+++ b/internal/configstatus/configuration_abort.go
@ -0,0 +1,57 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus
+
+import (
+	"strconv"
+	"time"
+)
+
+type ConfigAbortValues struct {
+	Duration int `json:"duration"`
+}
+
+type ConfigAbortDimensions struct {
+	ReportClick string `json:"report_click"`
+	ReportSent  string `json:"report_sent"`
+	ClickedLink string `json:"clicked_link"`
+}
+
+type ConfigAbortData struct {
+	MeasurementGroup string
+	Event            string
+	Values           ConfigSuccessValues
+	Dimensions       ConfigSuccessDimensions
+}
+
+type ConfigAbortBuilder struct{}
+
+func (*ConfigAbortBuilder) New(data *ConfigurationStatusData) ConfigAbortData {
+	return ConfigAbortData{
+		MeasurementGroup: "bridge.any.configuration",
+		Event:            "bridge_config_abort",
+		Values: ConfigSuccessValues{
+			Duration: int(time.Since(data.DataV1.PendingSince).Minutes()),
+		},
+		Dimensions: ConfigSuccessDimensions{
+			ReportClick: strconv.FormatBool(data.DataV1.ReportClick),
+			ReportSent:  strconv.FormatBool(data.DataV1.ReportSent),
+			ClickedLink: data.clickedLinkToString(),
+		},
+	}
+}
--- a/internal/configstatus/configuration_abort_test.go
+++ b/internal/configstatus/configuration_abort_test.go
@ -0,0 +1,75 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus_test
+
+import (
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConfigurationAbort_default(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	var builder = configstatus.ConfigAbortBuilder{}
+	req := builder.New(config.Data)
+
+	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
+	require.Equal(t, "bridge_config_abort", req.Event)
+	require.Equal(t, 0, req.Values.Duration)
+	require.Equal(t, "false", req.Dimensions.ReportClick)
+	require.Equal(t, "false", req.Dimensions.ReportSent)
+	require.Equal(t, "", req.Dimensions.ClickedLink)
+}
+
+func TestConfigurationAbort_fed(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	var data = configstatus.ConfigurationStatusData{
+		Metadata: configstatus.Metadata{Version: "1.0.0"},
+		DataV1: configstatus.DataV1{
+			PendingSince:   time.Now().Add(-10 * time.Minute),
+			LastProgress:   time.Time{},
+			Autoconf:       "Mr TBird",
+			ClickedLink:    42,
+			ReportSent:     false,
+			ReportClick:    true,
+			FailureDetails: "Not an error",
+		},
+	}
+	require.NoError(t, dumpConfigStatusInFile(&data, file))
+
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	var builder = configstatus.ConfigAbortBuilder{}
+	req := builder.New(config.Data)
+
+	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
+	require.Equal(t, "bridge_config_abort", req.Event)
+	require.Equal(t, 10, req.Values.Duration)
+	require.Equal(t, "true", req.Dimensions.ReportClick)
+	require.Equal(t, "false", req.Dimensions.ReportSent)
+	require.Equal(t, "[1,3,5]", req.Dimensions.ClickedLink)
+}
--- a/internal/configstatus/configuration_progress.go
+++ b/internal/configstatus/configuration_progress.go
@ -0,0 +1,60 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus
+
+import "time"
+
+type ConfigProgressValues struct {
+	NbDay          int `json:"nb_day"`
+	NbDaySinceLast int `json:"nb_day_since_last"`
+}
+
+type ConfigProgressData struct {
+	MeasurementGroup string
+	Event            string
+	Values           ConfigProgressValues
+	Dimensions       struct{}
+}
+
+type ConfigProgressBuilder struct{}
+
+func (*ConfigProgressBuilder) New(data *ConfigurationStatusData) ConfigProgressData {
+	return ConfigProgressData{
+		MeasurementGroup: "bridge.any.configuration",
+		Event:            "bridge_config_progress",
+		Values: ConfigProgressValues{
+			NbDay:          numberOfDay(time.Now(), data.DataV1.PendingSince),
+			NbDaySinceLast: numberOfDay(time.Now(), data.DataV1.LastProgress),
+		},
+	}
+}
+
+func numberOfDay(now, prev time.Time) int {
+	if now.IsZero() || prev.IsZero() {
+		return 1
+	}
+	if now.Year() > prev.Year() {
+		if now.YearDay() > prev.YearDay() {
+			return 365 + (now.YearDay() - prev.YearDay())
+		}
+		return (prev.YearDay() + now.YearDay()) - 365
+	} else if now.YearDay() > prev.YearDay() {
+		return now.YearDay() - prev.YearDay()
+	}
+	return 0
+}
--- a/internal/configstatus/configuration_progress_test.go
+++ b/internal/configstatus/configuration_progress_test.go
@ -0,0 +1,71 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus_test
+
+import (
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConfigurationProgress_default(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	var builder = configstatus.ConfigProgressBuilder{}
+	req := builder.New(config.Data)
+
+	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
+	require.Equal(t, "bridge_config_progress", req.Event)
+	require.Equal(t, 0, req.Values.NbDay)
+	require.Equal(t, 1, req.Values.NbDaySinceLast)
+}
+
+func TestConfigurationProgress_fed(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	var data = configstatus.ConfigurationStatusData{
+		Metadata: configstatus.Metadata{Version: "1.0.0"},
+		DataV1: configstatus.DataV1{
+			PendingSince:   time.Now().AddDate(0, 0, -5),
+			LastProgress:   time.Now().AddDate(0, 0, -2),
+			Autoconf:       "Mr TBird",
+			ClickedLink:    42,
+			ReportSent:     false,
+			ReportClick:    true,
+			FailureDetails: "Not an error",
+		},
+	}
+	require.NoError(t, dumpConfigStatusInFile(&data, file))
+
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	var builder = configstatus.ConfigProgressBuilder{}
+	req := builder.New(config.Data)
+
+	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
+	require.Equal(t, "bridge_config_progress", req.Event)
+	require.Equal(t, 5, req.Values.NbDay)
+	require.Equal(t, 2, req.Values.NbDaySinceLast)
+}
--- a/internal/configstatus/configuration_recovery.go
+++ b/internal/configstatus/configuration_recovery.go
@ -0,0 +1,61 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus
+
+import (
+	"strconv"
+	"time"
+)
+
+type ConfigRecoveryValues struct {
+	Duration int `json:"duration"`
+}
+
+type ConfigRecoveryDimensions struct {
+	Autoconf       string `json:"autoconf"`
+	ReportClick    string `json:"report_click"`
+	ReportSent     string `json:"report_sent"`
+	ClickedLink    string `json:"clicked_link"`
+	FailureDetails string `json:"failure_details"`
+}
+
+type ConfigRecoveryData struct {
+	MeasurementGroup string
+	Event            string
+	Values           ConfigRecoveryValues
+	Dimensions       ConfigRecoveryDimensions
+}
+
+type ConfigRecoveryBuilder struct{}
+
+func (*ConfigRecoveryBuilder) New(data *ConfigurationStatusData) ConfigRecoveryData {
+	return ConfigRecoveryData{
+		MeasurementGroup: "bridge.any.configuration",
+		Event:            "bridge_config_recovery",
+		Values: ConfigRecoveryValues{
+			Duration: int(time.Since(data.DataV1.PendingSince).Minutes()),
+		},
+		Dimensions: ConfigRecoveryDimensions{
+			Autoconf:       data.DataV1.Autoconf,
+			ReportClick:    strconv.FormatBool(data.DataV1.ReportClick),
+			ReportSent:     strconv.FormatBool(data.DataV1.ReportSent),
+			ClickedLink:    data.clickedLinkToString(),
+			FailureDetails: data.DataV1.FailureDetails,
+		},
+	}
+}
--- a/internal/configstatus/configuration_recovery_test.go
+++ b/internal/configstatus/configuration_recovery_test.go
@ -0,0 +1,79 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus_test
+
+import (
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConfigurationRecovery_default(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	var builder = configstatus.ConfigRecoveryBuilder{}
+	req := builder.New(config.Data)
+
+	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
+	require.Equal(t, "bridge_config_recovery", req.Event)
+	require.Equal(t, 0, req.Values.Duration)
+	require.Equal(t, "", req.Dimensions.Autoconf)
+	require.Equal(t, "false", req.Dimensions.ReportClick)
+	require.Equal(t, "false", req.Dimensions.ReportSent)
+	require.Equal(t, "", req.Dimensions.ClickedLink)
+	require.Equal(t, "", req.Dimensions.FailureDetails)
+}
+
+func TestConfigurationRecovery_fed(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	var data = configstatus.ConfigurationStatusData{
+		Metadata: configstatus.Metadata{Version: "1.0.0"},
+		DataV1: configstatus.DataV1{
+			PendingSince:   time.Now().Add(-10 * time.Minute),
+			LastProgress:   time.Time{},
+			Autoconf:       "Mr TBird",
+			ClickedLink:    42,
+			ReportSent:     false,
+			ReportClick:    true,
+			FailureDetails: "Not an error",
+		},
+	}
+	require.NoError(t, dumpConfigStatusInFile(&data, file))
+
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	var builder = configstatus.ConfigRecoveryBuilder{}
+	req := builder.New(config.Data)
+
+	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
+	require.Equal(t, "bridge_config_recovery", req.Event)
+	require.Equal(t, 10, req.Values.Duration)
+	require.Equal(t, "Mr TBird", req.Dimensions.Autoconf)
+	require.Equal(t, "true", req.Dimensions.ReportClick)
+	require.Equal(t, "false", req.Dimensions.ReportSent)
+	require.Equal(t, "[1,3,5]", req.Dimensions.ClickedLink)
+	require.Equal(t, "Not an error", req.Dimensions.FailureDetails)
+}
--- a/internal/configstatus/configuration_success.go
+++ b/internal/configstatus/configuration_success.go
@ -0,0 +1,59 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus
+
+import (
+	"strconv"
+	"time"
+)
+
+type ConfigSuccessValues struct {
+	Duration int `json:"duration"`
+}
+
+type ConfigSuccessDimensions struct {
+	Autoconf    string `json:"autoconf"`
+	ReportClick string `json:"report_click"`
+	ReportSent  string `json:"report_sent"`
+	ClickedLink string `json:"clicked_link"`
+}
+
+type ConfigSuccessData struct {
+	MeasurementGroup string
+	Event            string
+	Values           ConfigSuccessValues
+	Dimensions       ConfigSuccessDimensions
+}
+
+type ConfigSuccessBuilder struct{}
+
+func (*ConfigSuccessBuilder) New(data *ConfigurationStatusData) ConfigSuccessData {
+	return ConfigSuccessData{
+		MeasurementGroup: "bridge.any.configuration",
+		Event:            "bridge_config_success",
+		Values: ConfigSuccessValues{
+			Duration: int(time.Since(data.DataV1.PendingSince).Minutes()),
+		},
+		Dimensions: ConfigSuccessDimensions{
+			Autoconf:    data.DataV1.Autoconf,
+			ReportClick: strconv.FormatBool(data.DataV1.ReportClick),
+			ReportSent:  strconv.FormatBool(data.DataV1.ReportSent),
+			ClickedLink: data.clickedLinkToString(),
+		},
+	}
+}
--- a/internal/configstatus/configuration_success_test.go
+++ b/internal/configstatus/configuration_success_test.go
@ -0,0 +1,77 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus_test
+
+import (
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConfigurationSuccess_default(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	var builder = configstatus.ConfigSuccessBuilder{}
+	req := builder.New(config.Data)
+
+	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
+	require.Equal(t, "bridge_config_success", req.Event)
+	require.Equal(t, 0, req.Values.Duration)
+	require.Equal(t, "", req.Dimensions.Autoconf)
+	require.Equal(t, "false", req.Dimensions.ReportClick)
+	require.Equal(t, "false", req.Dimensions.ReportSent)
+	require.Equal(t, "", req.Dimensions.ClickedLink)
+}
+
+func TestConfigurationSuccess_fed(t *testing.T) {
+	dir := t.TempDir()
+	file := filepath.Join(dir, "dummy.json")
+	var data = configstatus.ConfigurationStatusData{
+		Metadata: configstatus.Metadata{Version: "1.0.0"},
+		DataV1: configstatus.DataV1{
+			PendingSince:   time.Now().Add(-10 * time.Minute),
+			LastProgress:   time.Time{},
+			Autoconf:       "Mr TBird",
+			ClickedLink:    42,
+			ReportSent:     false,
+			ReportClick:    true,
+			FailureDetails: "Not an error",
+		},
+	}
+	require.NoError(t, dumpConfigStatusInFile(&data, file))
+
+	config, err := configstatus.LoadConfigurationStatus(file)
+	require.NoError(t, err)
+
+	var builder = configstatus.ConfigSuccessBuilder{}
+	req := builder.New(config.Data)
+
+	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
+	require.Equal(t, "bridge_config_success", req.Event)
+	require.Equal(t, 10, req.Values.Duration)
+	require.Equal(t, "Mr TBird", req.Dimensions.Autoconf)
+	require.Equal(t, "true", req.Dimensions.ReportClick)
+	require.Equal(t, "false", req.Dimensions.ReportSent)
+	require.Equal(t, "[1,3,5]", req.Dimensions.ClickedLink)
+}
--- a/internal/configstatus/types_config_status.go
+++ b/internal/configstatus/types_config_status.go
@ -0,0 +1,56 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package configstatus
+
+import (
+	"time"
+
+	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
+)
+
+const ProgressCheckInterval = time.Hour
+
+type Metadata struct {
+	Version string `json:"version"`
+}
+
+type MetadataOnly struct {
+	Metadata Metadata `json:"metadata"`
+}
+
+type DataV1 struct {
+	PendingSince   time.Time `json:"pending_since"`
+	LastProgress   time.Time `json:"last_progress"`
+	Autoconf       string    `json:"auto_conf"`
+	ClickedLink    uint64    `json:"clicked_link"`
+	ReportSent     bool      `json:"report_sent"`
+	ReportClick    bool      `json:"report_click"`
+	FailureDetails string    `json:"failure_details"`
+}
+
+type ConfigurationStatusData struct {
+	Metadata Metadata `json:"metadata"`
+	DataV1   DataV1   `json:"dataV1"`
+}
+
+type ConfigurationStatus struct {
+	FilePath string
+	DataLock safe.RWMutex
+
+	Data *ConfigurationStatusData
+}
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@ -33,9 +33,12 @@ var (
 	// Version of the build.
 	Version = "0.0.0"

-	// Revision is current hash of the build.
+	// Revision is build time commit hash.
 	Revision = ""

+	// Tag is build time git describe.
+	Tag = ""
+
 	// BuildTime stamp of the build.
 	BuildTime = ""

@ -44,6 +47,9 @@ var (

 	// DSNSentry client keys to be able to report crashes to Sentry.
 	DSNSentry = ""
+
+	// BuildEnv tags used at build time.
+	BuildEnv = ""
 )

 const (
--- a/internal/crash/handler.go
+++ b/internal/crash/handler.go
@ -38,14 +38,16 @@ func (h *Handler) AddRecoveryAction(action RecoveryAction) *Handler {
 	return h
 }

-func (h *Handler) HandlePanic() {
+func (h *Handler) HandlePanic(r interface{}) {
 	sentry.SkipDuringUnwind()

-	if r := recover(); r != nil {
-		for _, action := range h.actions {
-			if err := action(r); err != nil {
-				logrus.WithError(err).Error("Failed to execute recovery action")
-			}
+	if r == nil {
+		return
+	}
+
+	for _, action := range h.actions {
+		if err := action(r); err != nil {
+			logrus.WithError(err).Error("Failed to execute recovery action")
 		}
 	}
 }
--- a/internal/crash/handler_test.go
+++ b/internal/crash/handler_test.go
@ -21,38 +21,41 @@ import (
 	"fmt"
 	"testing"

+	"github.com/ProtonMail/gluon/async"
 	"github.com/stretchr/testify/assert"
 )

 func TestHandler(t *testing.T) {
-	var s string
+	assert.NotPanics(t, func() {
+		var s string

-	h := NewHandler(
-		func(r interface{}) error {
-			s += fmt.Sprintf("1: %v\n", r)
-			return nil
-		},
-		func(r interface{}) error {
-			s += fmt.Sprintf("2: %v\n", r)
-			return nil
-		},
-	)
+		h := NewHandler(
+			func(r interface{}) error {
+				s += fmt.Sprintf("1: %v\n", r)
+				return nil
+			},
+			func(r interface{}) error {
+				s += fmt.Sprintf("2: %v\n", r)
+				return nil
+			},
+		)

-	h.
-		AddRecoveryAction(func(r interface{}) error {
-			s += fmt.Sprintf("3: %v\n", r)
-			return nil
-		}).
-		AddRecoveryAction(func(r interface{}) error {
-			s += fmt.Sprintf("4: %v\n", r)
-			return nil
-		})
+		h.
+			AddRecoveryAction(func(r interface{}) error {
+				s += fmt.Sprintf("3: %v\n", r)
+				return nil
+			}).
+			AddRecoveryAction(func(r interface{}) error {
+				s += fmt.Sprintf("4: %v\n", r)
+				return nil
+			})

-	defer func() {
-		assert.Equal(t, "1: thing\n2: thing\n3: thing\n4: thing\n", s)
-	}()
+		defer func() {
+			assert.Equal(t, "1: thing\n2: thing\n3: thing\n4: thing\n", s)
+		}()

-	defer h.HandlePanic()
+		defer async.HandlePanic(h)

-	panic("thing")
+		panic("thing")
+	})
 }
--- a/internal/dialer/dialer_proxy.go
+++ b/internal/dialer/dialer_proxy.go
@ -24,6 +24,7 @@ import (
 	"sync"
 	"time"

+	"github.com/ProtonMail/gluon/async"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@ -40,17 +41,20 @@ type ProxyTLSDialer struct {
 	allowProxy       bool
 	proxyProvider    *proxyProvider
 	proxyUseDuration time.Duration
+
+	panicHandler async.PanicHandler
 }

 // NewProxyTLSDialer constructs a dialer which provides a proxy-managing layer on top of an underlying dialer.
-func NewProxyTLSDialer(dialer TLSDialer, hostURL string) *ProxyTLSDialer {
+func NewProxyTLSDialer(dialer TLSDialer, hostURL string, panicHandler async.PanicHandler) *ProxyTLSDialer {
 	return &ProxyTLSDialer{
 		dialer:           dialer,
 		locker:           sync.RWMutex{},
 		directAddress:    formatAsAddress(hostURL),
 		proxyAddress:     formatAsAddress(hostURL),
-		proxyProvider:    newProxyProvider(dialer, hostURL, DoHProviders),
+		proxyProvider:    newProxyProvider(dialer, hostURL, DoHProviders, panicHandler),
 		proxyUseDuration: proxyUseDuration,
+		panicHandler:     panicHandler,
 	}
 }

@ -129,6 +133,8 @@ func (d *ProxyTLSDialer) switchToReachableServer() error {
 	// This means we want to disable it again in 24 hours.
 	if d.proxyAddress == d.directAddress {
 		go func() {
+			defer async.HandlePanic(d.panicHandler)
+
 			<-time.After(d.proxyUseDuration)

 			d.locker.Lock()
--- a/internal/dialer/dialer_proxy_provider.go
+++ b/internal/dialer/dialer_proxy_provider.go
@ -24,6 +24,7 @@ import (
 	"sync"
 	"time"

+	"github.com/ProtonMail/gluon/async"
 	"github.com/go-resty/resty/v2"
 	"github.com/miekg/dns"
 	"github.com/pkg/errors"
@ -67,11 +68,13 @@ type proxyProvider struct {
 	canReachTimeout     time.Duration

 	lastLookup time.Time // The time at which we last attempted to find a proxy.
+
+	panicHandler async.PanicHandler
 }

 // newProxyProvider creates a new proxyProvider that queries the given DoH providers
 // to retrieve DNS records for the given query string.
-func newProxyProvider(dialer TLSDialer, hostURL string, providers []string) (p *proxyProvider) {
+func newProxyProvider(dialer TLSDialer, hostURL string, providers []string, panicHandler async.PanicHandler) (p *proxyProvider) {
 	p = &proxyProvider{
 		dialer:              dialer,
 		hostURL:             hostURL,
@ -80,6 +83,7 @@ func newProxyProvider(dialer TLSDialer, hostURL string, providers []string) (p *
 		cacheRefreshTimeout: proxyCacheRefreshTimeout,
 		dohTimeout:          proxyDoHTimeout,
 		canReachTimeout:     proxyCanReachTimeout,
+		panicHandler:        panicHandler,
 	}

 	// Use the default DNS lookup method; this can be overridden if necessary.
@ -89,6 +93,8 @@ func newProxyProvider(dialer TLSDialer, hostURL string, providers []string) (p *
 }

 // findReachableServer returns a working API server (either proxy or standard API).
+//
+//nolint:nakedret
 func (p *proxyProvider) findReachableServer() (proxy string, err error) {
 	logrus.Debug("Trying to find a reachable server")

@ -109,11 +115,13 @@ func (p *proxyProvider) findReachableServer() (proxy string, err error) {
 	wg.Add(2)

 	go func() {
+		defer async.HandlePanic(p.panicHandler)
 		defer wg.Done()
 		apiReachable = p.canReach(p.hostURL)
 	}()

 	go func() {
+		defer async.HandlePanic(p.panicHandler)
 		defer wg.Done()
 		err = p.refreshProxyCache()
 	}()
@ -150,6 +158,8 @@ func (p *proxyProvider) refreshProxyCache() error {
 	resultChan := make(chan []string)

 	go func() {
+		defer async.HandlePanic(p.panicHandler)
+
 		for _, provider := range p.providers {
 			if proxies, err := p.dohLookup(ctx, p.query, provider); err == nil {
 				resultChan <- proxies
@ -196,6 +206,8 @@ func (p *proxyProvider) canReach(url string) bool {
 // It looks up DNS TXT records for the given query URL using the given DoH provider.
 // It returns a list of all found TXT records.
 // If the whole process takes more than proxyDoHTimeout then an error is returned.
+//
+//nolint:nakedret
 func (p *proxyProvider) defaultDoHLookup(ctx context.Context, query, dohProvider string) (data []string, err error) {
 	ctx, cancel := context.WithTimeout(ctx, p.dohTimeout)
 	defer cancel()
@ -203,6 +215,7 @@ func (p *proxyProvider) defaultDoHLookup(ctx context.Context, query, dohProvider
 	dataChan, errChan := make(chan []string), make(chan error)

 	go func() {
+		defer async.HandlePanic(p.panicHandler)
 		// Build new DNS request in RFC1035 format.
 		dnsRequest := new(dns.Msg).SetQuestion(dns.Fqdn(query), dns.TypeTXT)

--- a/internal/dialer/dialer_proxy_provider_test.go
+++ b/internal/dialer/dialer_proxy_provider_test.go
@ -23,6 +23,7 @@ import (
 	"testing"
 	"time"

+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
 	r "github.com/stretchr/testify/require"
 )
@ -31,7 +32,7 @@ func TestProxyProvider_FindProxy(t *testing.T) {
 	proxy := getTrustedServer()
 	defer closeServer(proxy)

-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
 	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{proxy.URL}, nil }

 	url, err := p.findReachableServer()
@ -47,7 +48,7 @@ func TestProxyProvider_FindProxy_ChooseReachableProxy(t *testing.T) {
 	unreachableProxy := getTrustedServer()
 	closeServer(unreachableProxy)

-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
 	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) {
 		return []string{reachableProxy.URL, unreachableProxy.URL}, nil
 	}
@ -68,7 +69,7 @@ func TestProxyProvider_FindProxy_ChooseTrustedProxy(t *testing.T) {
 	checker := NewTLSPinChecker(TrustedAPIPins)
 	dialer := NewPinningTLSDialer(NewBasicTLSDialer(""), reporter, checker)

-	p := newProxyProvider(dialer, "", []string{"not used"})
+	p := newProxyProvider(dialer, "", []string{"not used"}, async.NoopPanicHandler{})
 	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) {
 		return []string{untrustedProxy.URL, trustedProxy.URL}, nil
 	}
@ -85,7 +86,7 @@ func TestProxyProvider_FindProxy_FailIfNoneReachable(t *testing.T) {
 	unreachableProxy2 := getTrustedServer()
 	closeServer(unreachableProxy2)

-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
 	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) {
 		return []string{unreachableProxy1.URL, unreachableProxy2.URL}, nil
 	}
@ -105,7 +106,7 @@ func TestProxyProvider_FindProxy_FailIfNoneTrusted(t *testing.T) {
 	checker := NewTLSPinChecker(TrustedAPIPins)
 	dialer := NewPinningTLSDialer(NewBasicTLSDialer(""), reporter, checker)

-	p := newProxyProvider(dialer, "", []string{"not used"})
+	p := newProxyProvider(dialer, "", []string{"not used"}, async.NoopPanicHandler{})
 	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) {
 		return []string{untrustedProxy1.URL, untrustedProxy2.URL}, nil
 	}
@ -115,7 +116,7 @@ func TestProxyProvider_FindProxy_FailIfNoneTrusted(t *testing.T) {
 }

 func TestProxyProvider_FindProxy_RefreshCacheTimeout(t *testing.T) {
-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
 	p.cacheRefreshTimeout = 1 * time.Second
 	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { time.Sleep(2 * time.Second); return nil, nil }

@ -132,7 +133,7 @@ func TestProxyProvider_FindProxy_CanReachTimeout(t *testing.T) {
 	}))
 	defer closeServer(slowProxy)

-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
 	p.canReachTimeout = 1 * time.Second
 	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{slowProxy.URL}, nil }

@ -144,7 +145,7 @@ func TestProxyProvider_FindProxy_CanReachTimeout(t *testing.T) {
 }

 func TestProxyProvider_DoHLookup_Quad9(t *testing.T) {
-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{Quad9Provider, GoogleProvider})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{Quad9Provider, GoogleProvider}, async.NoopPanicHandler{})

 	records, err := p.dohLookup(context.Background(), proxyQuery, Quad9Provider)
 	r.NoError(t, err)
@ -155,7 +156,7 @@ func TestProxyProvider_DoHLookup_Quad9(t *testing.T) {
 // port filter. Basic functionality should be covered by other tests. Keeping
 // code here to be able to run it locally if needed.
 func DISABLEDTestProxyProviderDoHLookupQuad9Port(t *testing.T) {
-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{Quad9Provider, GoogleProvider})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{Quad9Provider, GoogleProvider}, async.NoopPanicHandler{})

 	records, err := p.dohLookup(context.Background(), proxyQuery, Quad9PortProvider)
 	r.NoError(t, err)
@ -163,7 +164,7 @@ func DISABLEDTestProxyProviderDoHLookupQuad9Port(t *testing.T) {
 }

 func TestProxyProvider_DoHLookup_Google(t *testing.T) {
-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{Quad9Provider, GoogleProvider})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{Quad9Provider, GoogleProvider}, async.NoopPanicHandler{})

 	records, err := p.dohLookup(context.Background(), proxyQuery, GoogleProvider)
 	r.NoError(t, err)
@ -173,7 +174,7 @@ func TestProxyProvider_DoHLookup_Google(t *testing.T) {
 func TestProxyProvider_DoHLookup_FindProxy(t *testing.T) {
 	skipIfProxyIsSet(t)

-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{Quad9Provider, GoogleProvider})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{Quad9Provider, GoogleProvider}, async.NoopPanicHandler{})

 	url, err := p.findReachableServer()
 	r.NoError(t, err)
@ -183,7 +184,7 @@ func TestProxyProvider_DoHLookup_FindProxy(t *testing.T) {
 func TestProxyProvider_DoHLookup_FindProxyFirstProviderUnreachable(t *testing.T) {
 	skipIfProxyIsSet(t)

-	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"https://unreachable", Quad9Provider, GoogleProvider})
+	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"https://unreachable", Quad9Provider, GoogleProvider}, async.NoopPanicHandler{})

 	url, err := p.findReachableServer()
 	r.NoError(t, err)
--- a/internal/dialer/dialer_proxy_test.go
+++ b/internal/dialer/dialer_proxy_test.go
@ -25,6 +25,7 @@ import (
 	"testing"
 	"time"

+	"github.com/ProtonMail/gluon/async"
 	"github.com/stretchr/testify/require"
 )

@ -141,8 +142,8 @@ func TestProxyDialer_UseProxy(t *testing.T) {
 	trustedProxy := getTrustedServer()
 	defer closeServer(trustedProxy)

-	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders)
-	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "")
+	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders, async.NoopPanicHandler{})
+	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "", async.NoopPanicHandler{})
 	d.proxyProvider = provider
 	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{trustedProxy.URL}, nil }

@ -159,8 +160,8 @@ func TestProxyDialer_UseProxy_MultipleTimes(t *testing.T) {
 	proxy3 := getTrustedServer()
 	defer closeServer(proxy3)

-	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders)
-	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "")
+	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders, async.NoopPanicHandler{})
+	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "", async.NoopPanicHandler{})
 	d.proxyProvider = provider
 	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{proxy1.URL}, nil }

@ -189,8 +190,8 @@ func TestProxyDialer_UseProxy_RevertAfterTime(t *testing.T) {
 	trustedProxy := getTrustedServer()
 	defer closeServer(trustedProxy)

-	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders)
-	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "")
+	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders, async.NoopPanicHandler{})
+	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "", async.NoopPanicHandler{})
 	d.proxyProvider = provider
 	d.proxyUseDuration = time.Second

@ -212,8 +213,8 @@ func TestProxyDialer_UseProxy_RevertAfterTime(t *testing.T) {
 func TestProxyDialer_UseProxy_RevertIfProxyStopsWorkingAndOriginalAPIIsReachable(t *testing.T) {
 	trustedProxy := getTrustedServer()

-	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders)
-	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "")
+	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders, async.NoopPanicHandler{})
+	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "", async.NoopPanicHandler{})
 	d.proxyProvider = provider
 	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{trustedProxy.URL}, nil }

@ -242,8 +243,8 @@ func TestProxyDialer_UseProxy_FindSecondAlternativeIfFirstFailsAndAPIIsStillBloc
 	proxy2 := getTrustedServer()
 	defer closeServer(proxy2)

-	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders)
-	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "")
+	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders, async.NoopPanicHandler{})
+	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "", async.NoopPanicHandler{})
 	d.proxyProvider = provider
 	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{proxy1.URL, proxy2.URL}, nil }

--- a/internal/errors.go
+++ b/internal/errors.go
@ -0,0 +1,38 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package internal
+
+import (
+	"errors"
+	"fmt"
+)
+
+// ErrCause returns the cause of the error, the inner-most error in the wrapped chain.
+func ErrCause(err error) error {
+	cause := err
+
+	for errors.Unwrap(cause) != nil {
+		cause = errors.Unwrap(cause)
+	}
+
+	return cause
+}
+
+func ErrCauseType(err error) string {
+	return fmt.Sprintf("%T", ErrCause(err))
+}
--- a/internal/events/address.go
+++ b/internal/events/address.go
@ -35,6 +35,30 @@ func (event UserAddressCreated) String() string {
 	return fmt.Sprintf("UserAddressCreated: UserID: %s, AddressID: %s, Email: %s", event.UserID, event.AddressID, logging.Sensitive(event.Email))
 }

+type UserAddressEnabled struct {
+	eventBase
+
+	UserID    string
+	AddressID string
+	Email     string
+}
+
+func (event UserAddressEnabled) String() string {
+	return fmt.Sprintf("UserAddressEnabled: UserID: %s, AddressID: %s, Email: %s", event.UserID, event.AddressID, logging.Sensitive(event.Email))
+}
+
+type UserAddressDisabled struct {
+	eventBase
+
+	UserID    string
+	AddressID string
+	Email     string
+}
+
+func (event UserAddressDisabled) String() string {
+	return fmt.Sprintf("UserAddressDisabled: UserID: %s, AddressID: %s, Email: %s", event.UserID, event.AddressID, logging.Sensitive(event.Email))
+}
+
 type UserAddressUpdated struct {
 	eventBase

--- a/internal/events/serve.go
+++ b/internal/events/serve.go
@ -0,0 +1,76 @@
+// Copyright (c) 2023 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package events
+
+import "fmt"
+
+type IMAPServerReady struct {
+	eventBase
+
+	Port int
+}
+
+func (event IMAPServerReady) String() string {
+	return fmt.Sprintf("IMAPServerReady: Port %d", event.Port)
+}
+
+type IMAPServerStopped struct {
+	eventBase
+}
+
+func (event IMAPServerStopped) String() string {
+	return "IMAPServerStopped"
+}
+
+type IMAPServerError struct {
+	eventBase
+
+	Error error
+}
+
+func (event IMAPServerError) String() string {
+	return fmt.Sprintf("IMAPServerError: %v", event.Error)
+}
+
+type SMTPServerReady struct {
+	eventBase
+
+	Port int
+}
+
+func (event SMTPServerReady) String() string {
+	return fmt.Sprintf("SMTPServerReady: Port %d", event.Port)
+}
+
+type SMTPServerStopped struct {
+	eventBase
+}
+
+func (event SMTPServerStopped) String() string {
+	return "SMTPServerStopped"
+}
+
+type SMTPServerError struct {
+	eventBase
+
+	Error error
+}
+
+func (event SMTPServerError) String() string {
+	return fmt.Sprintf("SMTPServerError: %v", event.Error)
+}
--- a/internal/events/user.go
+++ b/internal/events/user.go
@ -103,12 +103,23 @@ func (event UserDeauth) String() string {
 type UserBadEvent struct {
 	eventBase

-	UserID string
-	Error  error
+	UserID     string
+	OldEventID string
+	NewEventID string
+	EventInfo  string
+
+	Error error
 }

 func (event UserBadEvent) String() string {
-	return fmt.Sprintf("UserBadEvent: UserID: %s, Error: %s", event.UserID, event.Error)
+	return fmt.Sprintf(
+		"UserBadEvent: UserID: %s, OldEventID: %s, NewEventID: %s, EventInfo: %v, Error: %s",
+		event.UserID,
+		event.OldEventID,
+		event.NewEventID,
+		event.EventInfo,
+		event.Error,
+	)
 }

 // UserDeleted is emitted when a user has been deleted.
@ -137,7 +148,8 @@ func (event UserChanged) String() string {
 type UserRefreshed struct {
 	eventBase

-	UserID string
+	UserID          string
+	CancelEventPool bool
 }

 func (event UserRefreshed) String() string {
@ -156,3 +168,37 @@ type AddressModeChanged struct {
 func (event AddressModeChanged) String() string {
 	return fmt.Sprintf("AddressModeChanged: UserID: %s, AddressMode: %s", event.UserID, event.AddressMode)
 }
+
+// UsedSpaceChanged is emitted when the storage space used by the user has changed.
+type UsedSpaceChanged struct {
+	eventBase
+
+	UserID string
+
+	UsedSpace int
+}
+
+func (event UsedSpaceChanged) String() string {
+	return fmt.Sprintf("UsedSpaceChanged: UserID: %s, UsedSpace: %v", event.UserID, event.UsedSpace)
+}
+
+type IMAPLoginFailed struct {
+	eventBase
+
+	Username string
+}
+
+func (event IMAPLoginFailed) String() string {
+	return fmt.Sprintf("IMAPLoginFailed: Username: %s", event.Username)
+}
+
+type UncategorizedEventError struct {
+	eventBase
+
+	UserID string
+	Error  error
+}
+
+func (event UncategorizedEventError) String() string {
+	return fmt.Sprintf("UncategorizedEventError: UserID: %s, Source:%T, Error: %s", event.UserID, event.Error, event.Error)
+}
--- a/internal/focus/client.go
+++ b/internal/focus/client.go
@ -21,22 +21,25 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"path/filepath"

 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/proton-bridge/v3/internal/focus/proto"
+	"github.com/ProtonMail/proton-bridge/v3/internal/service"
 	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/protobuf/types/known/emptypb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
 )

 // TryRaise tries to raise the application by dialing the focus service.
 // It returns true if the service is running and the application was told to raise.
-func TryRaise() bool {
+func TryRaise(settingsPath string) bool {
 	var raised bool

-	if err := withClientConn(context.Background(), func(ctx context.Context, client proto.FocusClient) error {
-		if _, err := client.Raise(ctx, &emptypb.Empty{}); err != nil {
+	if err := withClientConn(context.Background(), settingsPath, func(ctx context.Context, client proto.FocusClient) error {
+		if _, err := client.Raise(ctx, &wrapperspb.StringValue{Value: "TryRaise"}); err != nil {
 			return fmt.Errorf("failed to call client.Raise: %w", err)
 		}

@ -53,10 +56,10 @@ func TryRaise() bool {

 // TryVersion tries to determine the version of the running application instance.
 // It returns the version and true if the version could be determined.
-func TryVersion() (*semver.Version, bool) {
+func TryVersion(settingsPath string) (*semver.Version, bool) {
 	var version *semver.Version

-	if err := withClientConn(context.Background(), func(ctx context.Context, client proto.FocusClient) error {
+	if err := withClientConn(context.Background(), settingsPath, func(ctx context.Context, client proto.FocusClient) error {
 		raw, err := client.Version(ctx, &emptypb.Empty{})
 		if err != nil {
 			return fmt.Errorf("failed to call client.Version: %w", err)
@ -78,10 +81,15 @@ func TryVersion() (*semver.Version, bool) {
 	return version, true
 }

-func withClientConn(ctx context.Context, fn func(context.Context, proto.FocusClient) error) error {
+func withClientConn(ctx context.Context, settingsPath string, fn func(context.Context, proto.FocusClient) error) error {
+	var config = service.Config{}
+	err := config.Load(filepath.Join(settingsPath, serverConfigFileName))
+	if err != nil {
+		return err
+	}
 	cc, err := grpc.DialContext(
 		ctx,
-		net.JoinHostPort(Host, fmt.Sprint(Port)),
+		net.JoinHostPort(Host, fmt.Sprint(config.Port)),
 		grpc.WithTransportCredentials(insecure.NewCredentials()),
 	)
 	if err != nil {
--- a/internal/focus/focus_test.go
+++ b/internal/focus/focus_test.go
@ -18,19 +18,25 @@
 package focus

 import (
+	"os"
 	"testing"

 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/stretchr/testify/require"
 )

 func TestFocus_Raise(t *testing.T) {
+	tmpDir := t.TempDir()
+	locations := locations.New(newTestLocationsProvider(tmpDir), "config-name")
 	// Start the focus service.
-	service, err := NewService(semver.MustParse("1.2.3"))
+	service, err := NewService(locations, semver.MustParse("1.2.3"), nil)
 	require.NoError(t, err)

+	settingsFolder, err := locations.ProvideSettingsPath()
+	require.NoError(t, err)
 	// Try to dial it, it should succeed.
-	require.True(t, TryRaise())
+	require.True(t, TryRaise(settingsFolder))

 	// The service should report a raise call.
 	<-service.GetRaiseCh()
@ -39,16 +45,60 @@ func TestFocus_Raise(t *testing.T) {
 	service.Close()

 	// Try to dial it, it should fail.
-	require.False(t, TryRaise())
+	require.False(t, TryRaise(settingsFolder))
 }

 func TestFocus_Version(t *testing.T) {
+	tmpDir := t.TempDir()
+	locations := locations.New(newTestLocationsProvider(tmpDir), "config-name")
 	// Start the focus service.
-	_, err := NewService(semver.MustParse("1.2.3"))
+	_, err := NewService(locations, semver.MustParse("1.2.3"), nil)
+	require.NoError(t, err)
+
+	settingsFolder, err := locations.ProvideSettingsPath()
 	require.NoError(t, err)

 	// Try to dial it, it should succeed.
-	version, ok := TryVersion()
+	version, ok := TryVersion(settingsFolder)
 	require.True(t, ok)
 	require.Equal(t, "1.2.3", version.String())
 }
+
+type TestLocationsProvider struct {
+	config, data, cache string
+}
+
+func newTestLocationsProvider(dir string) *TestLocationsProvider {
+	config, err := os.MkdirTemp(dir, "config")
+	if err != nil {
+		panic(err)
+	}
+
+	data, err := os.MkdirTemp(dir, "data")
+	if err != nil {
+		panic(err)
+	}
+
+	cache, err := os.MkdirTemp(dir, "cache")
+	if err != nil {
+		panic(err)
+	}
+
+	return &TestLocationsProvider{
+		config: config,
+		data:   data,
+		cache:  cache,
+	}
+}
+
+func (provider *TestLocationsProvider) UserConfig() string {
+	return provider.config
+}
+
+func (provider *TestLocationsProvider) UserData() string {
+	return provider.data
+}
+
+func (provider *TestLocationsProvider) UserCache() string {
+	return provider.cache
+}
--- a/internal/focus/proto/focus.pb.go
+++ b/internal/focus/proto/focus.pb.go
@ -18,7 +18,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.0
-// 	protoc        v3.21.3
+// 	protoc        v3.21.12
 // source: focus.proto

 package proto
@ -27,6 +27,7 @@ import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
 	reflect "reflect"
 	sync "sync"
 )
@ -91,22 +92,24 @@ var file_focus_proto_rawDesc = []byte{
 	0x0a, 0x0b, 0x66, 0x6f, 0x63, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x66,
 	0x6f, 0x63, 0x75, 0x73, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x22, 0x2b, 0x0a, 0x0f, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
 	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x32, 0x7b,
-	0x0a, 0x05, 0x46, 0x6f, 0x63, 0x75, 0x73, 0x12, 0x37, 0x0a, 0x05, 0x52, 0x61, 0x69, 0x73, 0x65,
-	0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79,
-	0x12, 0x39, 0x0a, 0x07, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d,
-	0x70, 0x74, 0x79, 0x1a, 0x16, 0x2e, 0x66, 0x6f, 0x63, 0x75, 0x73, 0x2e, 0x56, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x3d, 0x5a, 0x3b, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x6e,
-	0x4d, 0x61, 0x69, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x6e, 0x2d, 0x62, 0x72, 0x69, 0x64,
-	0x67, 0x65, 0x2f, 0x76, 0x33, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x66,
-	0x6f, 0x63, 0x75, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x32, 0x81,
+	0x01, 0x0a, 0x05, 0x46, 0x6f, 0x63, 0x75, 0x73, 0x12, 0x3d, 0x0a, 0x05, 0x52, 0x61, 0x69, 0x73,
+	0x65, 0x12, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a,
+	0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x39, 0x0a, 0x07, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x16, 0x2e, 0x66, 0x6f, 0x63,
+	0x75, 0x73, 0x2e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x42, 0x3d, 0x5a, 0x3b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
+	0x2f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x6e, 0x4d, 0x61, 0x69, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x6e, 0x2d, 0x62, 0x72, 0x69, 0x64, 0x67, 0x65, 0x2f, 0x76, 0x33, 0x2f, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x66, 0x6f, 0x63, 0x75, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
@ -123,13 +126,14 @@ func file_focus_proto_rawDescGZIP() []byte {

 var file_focus_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
 var file_focus_proto_goTypes = []interface{}{
-	(*VersionResponse)(nil), // 0: focus.VersionResponse
-	(*emptypb.Empty)(nil),   // 1: google.protobuf.Empty
+	(*VersionResponse)(nil),        // 0: focus.VersionResponse
+	(*wrapperspb.StringValue)(nil), // 1: google.protobuf.StringValue
+	(*emptypb.Empty)(nil),          // 2: google.protobuf.Empty
 }
 var file_focus_proto_depIdxs = []int32{
-	1, // 0: focus.Focus.Raise:input_type -> google.protobuf.Empty
-	1, // 1: focus.Focus.Version:input_type -> google.protobuf.Empty
-	1, // 2: focus.Focus.Raise:output_type -> google.protobuf.Empty
+	1, // 0: focus.Focus.Raise:input_type -> google.protobuf.StringValue
+	2, // 1: focus.Focus.Version:input_type -> google.protobuf.Empty
+	2, // 2: focus.Focus.Raise:output_type -> google.protobuf.Empty
 	0, // 3: focus.Focus.Version:output_type -> focus.VersionResponse
 	2, // [2:4] is the sub-list for method output_type
 	0, // [0:2] is the sub-list for method input_type
--- a/internal/focus/proto/focus.proto
+++ b/internal/focus/proto/focus.proto
@ -18,6 +18,7 @@
 syntax = "proto3";

 import "google/protobuf/empty.proto";
+import "google/protobuf/wrappers.proto";

 option go_package = "github.com/ProtonMail/proton-bridge/v3/internal/focus/proto";

@ -27,7 +28,7 @@ package focus; // ignored by Go, used as namespace name in C++.
 //  Service Declaration
 //**********************************************************************************************************************≠––
 service Focus {
-  rpc Raise(google.protobuf.Empty) returns (google.protobuf.Empty);
+  rpc Raise(google.protobuf.StringValue) returns (google.protobuf.Empty);
  rpc Version(google.protobuf.Empty) returns (VersionResponse);
 }

--- a/internal/focus/proto/focus_grpc.pb.go
+++ b/internal/focus/proto/focus_grpc.pb.go
@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.21.3
+// - protoc             v3.21.12
 // source: focus.proto

 package proto
@ -12,6 +12,7 @@ import (
 	codes "google.golang.org/grpc/codes"
 	status "google.golang.org/grpc/status"
 	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
 )

 // This is a compile-time assertion to ensure that this generated file
@ -23,7 +24,7 @@ const _ = grpc.SupportPackageIsVersion7
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type FocusClient interface {
-	Raise(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error)
+	Raise(ctx context.Context, in *wrapperspb.StringValue, opts ...grpc.CallOption) (*emptypb.Empty, error)
 	Version(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*VersionResponse, error)
 }

@ -35,7 +36,7 @@ func NewFocusClient(cc grpc.ClientConnInterface) FocusClient {
 	return &focusClient{cc}
 }

-func (c *focusClient) Raise(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+func (c *focusClient) Raise(ctx context.Context, in *wrapperspb.StringValue, opts ...grpc.CallOption) (*emptypb.Empty, error) {
 	out := new(emptypb.Empty)
 	err := c.cc.Invoke(ctx, "/focus.Focus/Raise", in, out, opts...)
 	if err != nil {
@ -57,7 +58,7 @@ func (c *focusClient) Version(ctx context.Context, in *emptypb.Empty, opts ...gr
 // All implementations must embed UnimplementedFocusServer
 // for forward compatibility
 type FocusServer interface {
-	Raise(context.Context, *emptypb.Empty) (*emptypb.Empty, error)
+	Raise(context.Context, *wrapperspb.StringValue) (*emptypb.Empty, error)
 	Version(context.Context, *emptypb.Empty) (*VersionResponse, error)
 	mustEmbedUnimplementedFocusServer()
 }
@ -66,7 +67,7 @@ type FocusServer interface {
 type UnimplementedFocusServer struct {
 }

-func (UnimplementedFocusServer) Raise(context.Context, *emptypb.Empty) (*emptypb.Empty, error) {
+func (UnimplementedFocusServer) Raise(context.Context, *wrapperspb.StringValue) (*emptypb.Empty, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Raise not implemented")
 }
 func (UnimplementedFocusServer) Version(context.Context, *emptypb.Empty) (*VersionResponse, error) {
@ -86,7 +87,7 @@ func RegisterFocusServer(s grpc.ServiceRegistrar, srv FocusServer) {
 }

 func _Focus_Raise_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(emptypb.Empty)
+	in := new(wrapperspb.StringValue)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
@ -98,7 +99,7 @@ func _Focus_Raise_Handler(srv interface{}, ctx context.Context, dec func(interfa
 		FullMethod: "/focus.Focus/Raise",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(FocusServer).Raise(ctx, req.(*emptypb.Empty))
+		return srv.(FocusServer).Raise(ctx, req.(*wrapperspb.StringValue))
 	}
 	return interceptor(ctx, in, info, handler)
 }
--- a/internal/focus/service.go
+++ b/internal/focus/service.go
@ -24,17 +24,19 @@ import (
 	"net"

 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/focus/proto"
+	"github.com/ProtonMail/proton-bridge/v3/internal/service"
 	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
 	"google.golang.org/protobuf/types/known/emptypb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
 )

-// Host is the local host to listen on.
-const Host = "127.0.0.1"
-
-// Port is the port to listen on.
-var Port = 1042 // nolint:gochecknoglobals
+const (
+	Host                 = "127.0.0.1"
+	serverConfigFileName = "grpcFocusServerConfig.json"
+)

 // Service is a gRPC service that can be used to raise the application.
 type Service struct {
@ -43,40 +45,62 @@ type Service struct {
 	server  *grpc.Server
 	raiseCh chan struct{}
 	version *semver.Version
+
+	log          *logrus.Entry
+	panicHandler async.PanicHandler
 }

 // NewService creates a new focus service.
 // It listens on the local host and port 1042 (by default).
-func NewService(version *semver.Version) (*Service, error) {
-	service := &Service{
-		server:  grpc.NewServer(),
-		raiseCh: make(chan struct{}, 1),
-		version: version,
+func NewService(locator service.Locator, version *semver.Version, panicHandler async.PanicHandler) (*Service, error) {
+	serv := &Service{
+		server:       grpc.NewServer(),
+		raiseCh:      make(chan struct{}, 1),
+		version:      version,
+		log:          logrus.WithField("pkg", "focus/service"),
+		panicHandler: panicHandler,
 	}

-	proto.RegisterFocusServer(service.server, service)
+	proto.RegisterFocusServer(serv.server, serv)

-	if listener, err := net.Listen("tcp", net.JoinHostPort(Host, fmt.Sprint(Port))); err != nil {
-		logrus.WithError(err).Warn("Failed to start focus service")
+	if listener, err := net.Listen("tcp", net.JoinHostPort(Host, fmt.Sprint(0))); err != nil {
+		serv.log.WithError(err).Warn("Failed to start focus service")
 	} else {
+		config := service.Config{}
+		// retrieve the port assigned by the system, so that we can put it in the config file.
+		address, ok := listener.Addr().(*net.TCPAddr)
+		if !ok {
+			return nil, fmt.Errorf("could not retrieve gRPC service listener address")
+		}
+		config.Port = address.Port
+		if path, err := service.SaveGRPCServerConfigFile(locator, &config, serverConfigFileName); err != nil {
+			serv.log.WithError(err).WithField("path", path).Warn("Could not write focus gRPC service config file")
+		} else {
+			serv.log.WithField("path", path).Info("Successfully saved gRPC Focus service config file")
+		}
+
 		go func() {
-			if err := service.server.Serve(listener); err != nil {
+			defer async.HandlePanic(serv.panicHandler)
+
+			if err := serv.server.Serve(listener); err != nil {
 				fmt.Printf("failed to serve: %v", err)
 			}
 		}()
 	}

-	return service, nil
+	return serv, nil
 }

 // Raise implements the gRPC FocusService interface; it raises the application.
-func (service *Service) Raise(context.Context, *emptypb.Empty) (*emptypb.Empty, error) {
+func (service *Service) Raise(_ context.Context, reason *wrapperspb.StringValue) (*emptypb.Empty, error) {
+	service.log.WithField("Reason", reason.Value).Debug("Raise")
 	service.raiseCh <- struct{}{}
 	return &emptypb.Empty{}, nil
 }

 // Version implements the gRPC FocusService interface; it returns the version of the service.
 func (service *Service) Version(context.Context, *emptypb.Empty) (*proto.VersionResponse, error) {
+	service.log.Debug("Version")
 	return &proto.VersionResponse{
 		Version: service.version.Original(),
 	}, nil
@ -90,6 +114,8 @@ func (service *Service) GetRaiseCh() <-chan struct{} {
 // Close closes the service.
 func (service *Service) Close() {
 	go func() {
+		defer async.HandlePanic(service.panicHandler)
+
 		// we do this in a goroutine, as on Windows, the gRPC shutdown may take minutes if something tries to
 		// interact with it in an invalid way (e.g. HTTP GET request from a Qt QNetworkManager instance).
 		service.server.Stop()
--- a/internal/frontend/.gitignore
+++ b/internal/frontend/.gitignore
@ -10,5 +10,5 @@ rcc_cgo_*.go
 *.qmlc

 # Generated file
-bridge-gui/bridge-gui/Version.h
+bridge-gui/bridge-gui/BuildConfig.h
 bridge-gui/bridge-gui/Resources.rc
--- a/internal/frontend/bridge-gui/FindQt.cmake
+++ b/internal/frontend/bridge-gui/FindQt.cmake
@ -1,8 +1,8 @@
-find_program(QMAKE_EXE "qmake")
+find_program(QMAKE_EXE NAMES "qmake" "qmake6")
 if (NOT QMAKE_EXE)
-    message(FATAL_ERROR "Could not locate qmake executable, make sur you have Qt 6 installed in that qmake is in your PATH environment variable.")
+    message(FATAL_ERROR "Could not locate qmake executable, make sure you have Qt 6 installed in that qmake is in your PATH environment variable.")
 endif()
 message(STATUS "Found qmake at ${QMAKE_EXE}")
 execute_process(COMMAND "${QMAKE_EXE}" -query QT_INSTALL_PREFIX OUTPUT_VARIABLE QT_DIR OUTPUT_STRIP_TRAILING_WHITESPACE)

-set(CMAKE_PREFIX_PATH  ${QT_DIR} ${CMAKE_PREFIX_PATH})
+set(CMAKE_PREFIX_PATH  ${QT_DIR} ${CMAKE_PREFIX_PATH})
--- a/internal/frontend/bridge-gui/bridge-gui-tester/.lldbinit
+++ b/internal/frontend/bridge-gui/bridge-gui-tester/.lldbinit
@ -0,0 +1,4 @@
+# The following fix an issue happening using LLDB with OpenSSL 3.1 on ARM64 architecture. (GODT-2680)
+# WARNING: this file is ignored if you do not enable reading lldb config from cwd in ~/.lldbinit (`settings set target.load-cwd-lldbinit true`)
+settings set platform.plugin.darwin.ignored-exceptions EXC_BAD_INSTRUCTION
+process handle SIGILL -n false -p true -s false
--- a/internal/frontend/bridge-gui/bridge-gui-tester/GRPCQtProxy.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui-tester/GRPCQtProxy.cpp
@ -39,6 +39,7 @@ void GRPCQtProxy::connectSignals() {
    connect(this, &GRPCQtProxy::setIsAutostartOnReceived, &settingsTab, &SettingsTab::setIsAutostartOn);
    connect(this, &GRPCQtProxy::setIsBetaEnabledReceived, &settingsTab, &SettingsTab::setIsBetaEnabled);
    connect(this, &GRPCQtProxy::setIsAllMailVisibleReceived, &settingsTab, &SettingsTab::setIsAllMailVisible);
+    connect(this, &GRPCQtProxy::setIsTelemetryDisabledReceived, &settingsTab, &SettingsTab::setIsTelemetryDisabled);
    connect(this, &GRPCQtProxy::setColorSchemeNameReceived, &settingsTab, &SettingsTab::setColorSchemeName);
    connect(this, &GRPCQtProxy::reportBugReceived, &settingsTab, &SettingsTab::setBugReport);
    connect(this, &GRPCQtProxy::exportTLSCertificatesReceived, &settingsTab, &SettingsTab::exportTLSCertificates);
@ -53,6 +54,7 @@ void GRPCQtProxy::connectSignals() {
    connect(this, &GRPCQtProxy::logoutUserReceived, &usersTab, &UsersTab::logoutUser);
    connect(this, &GRPCQtProxy::setUserSplitModeReceived, &usersTab, &UsersTab::setUserSplitMode);
    connect(this, &GRPCQtProxy::configureUserAppleMailReceived, &usersTab, &UsersTab::configureUserAppleMail);
+    connect(this, &GRPCQtProxy::sendBadEventUserFeedbackReceived, &usersTab, &UsersTab::processBadEventUserFeedback);
 }


@ -88,6 +90,13 @@ void GRPCQtProxy::setIsAllMailVisible(bool visible) {
 }


+//****************************************************************************************************************************************************
+/// \param[in] isDisabled Is telemetry disabled?
+//****************************************************************************************************************************************************
+void GRPCQtProxy::setIsTelemetryDisabled(bool isDisabled) {
+    emit setIsTelemetryDisabledReceived(isDisabled);
+}
+
 //****************************************************************************************************************************************************
 /// \param[in] name The color scheme.
 //****************************************************************************************************************************************************
@ -178,6 +187,15 @@ void GRPCQtProxy::setUserSplitMode(QString const &userID, bool makeItActive) {
 }


+//****************************************************************************************************************************************************
+/// \param[in] userID The userID.
+/// \param[in] doResync Did the user request a resync?
+//****************************************************************************************************************************************************
+void GRPCQtProxy::sendBadEventUserFeedback(QString const &userID, bool doResync) {
+    emit sendBadEventUserFeedbackReceived(userID, doResync);
+}
+
+
 //****************************************************************************************************************************************************
 /// \param[in] userID The userID.
 //****************************************************************************************************************************************************
--- a/internal/frontend/bridge-gui/bridge-gui-tester/GRPCQtProxy.h
+++ b/internal/frontend/bridge-gui/bridge-gui-tester/GRPCQtProxy.h
@ -41,6 +41,7 @@ public: // member functions.
    void setIsAutostartOn(bool on); ///< Forwards a SetIsAutostartOn call via a Qt signal.
    void setIsBetaEnabled(bool enabled); ///< Forwards a SetIsBetaEnabled call via a Qt signal.
    void setIsAllMailVisible(bool visible); ///< Forwards a SetIsAllMailVisible call via a Qt signal.
+    void setIsTelemetryDisabled(bool isDisabled); ///< Forwards a SetIsTelemetryDisabled call via a Qt signal.
    void setColorSchemeName(QString const &name); ///< Forward a SetColorSchemeName call via a Qt Signal
    void reportBug(QString const &osType, QString const &osVersion, QString const &emailClient, QString const &address,
        QString const &description, bool includeLogs); ///< Forwards a ReportBug call via a Qt signal.
@ -52,6 +53,7 @@ public: // member functions.
    void setDiskCachePath(QString const &path); ///< Forwards a setDiskCachePath call via a Qt signal.
    void setIsAutomaticUpdateOn(bool on); ///< Forwards a SetIsAutomaticUpdateOn call via a Qt signal.
    void setUserSplitMode(QString const &userID, bool makeItActive); ///< Forwards a setUserSplitMode call via a Qt signal.
+    void sendBadEventUserFeedback(QString const &userID, bool doResync); ///< Forwards a sendBadEventUserFeedback call via a Qt signal.
    void logoutUser(QString const &userID); ///< Forwards a logoutUser call via a Qt signal.
    void removeUser(QString const &userID); ///< Forwards a removeUser call via a Qt signal.
    void configureUserAppleMail(QString const &userID, QString const &address); ///< Forwards a configureUserAppleMail call via a Qt signal.
@ -61,6 +63,7 @@ signals:
    void setIsAutostartOnReceived(bool on); ///< Forwards a SetIsAutostartOn call via a Qt signal.
    void setIsBetaEnabledReceived(bool enabled); ///< Forwards a SetIsBetaEnabled call via a Qt signal.
    void setIsAllMailVisibleReceived(bool enabled); ///< Forwards a SetIsBetaEnabled call via a Qt signal.
+    void setIsTelemetryDisabledReceived(bool isDisabled); ///< Forwards a SetIsTelemetryDisabled call via a Qt signal.
    void setColorSchemeNameReceived(QString const &name); ///< Forward a SetColorScheme call via a Qt Signal
    void reportBugReceived(QString const &osType, QString const &osVersion, QString const &emailClient, QString const &address,
        QString const &description, bool includeLogs); ///< Signal for the ReportBug gRPC call
@ -72,6 +75,7 @@ signals:
    void setDiskCachePathReceived(QString const &path); ///< Signal for the setDiskCachePath gRPC call.
    void setIsAutomaticUpdateOnReceived(bool on); ///< Signal for the SetIsAutomaticUpdateOn gRPC call.
    void setUserSplitModeReceived(QString const &userID, bool makeItActive); ///< Signal for the SetUserSplitModeReceived gRPC call.
+    void sendBadEventUserFeedbackReceived(QString const &userID, bool doResync); ///< Signal for the SendBadEventUserFeedback gRPC call.
    void logoutUserReceived(QString const &userID); ///< Signal for the LogoutUserReceived gRPC call.
    void removeUserReceived(QString const &userID); ///< Signal for the RemoveUserReceived gRPC call.
    void configureUserAppleMailReceived(QString const &userID, QString const &address); ///< Signal for the ConfigureAppleMail gRPC call.
--- a/internal/frontend/bridge-gui/bridge-gui-tester/GRPCServerWorker.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui-tester/GRPCServerWorker.cpp
@ -20,6 +20,7 @@
 #include "Cert.h"
 #include "GRPCService.h"
 #include <bridgepp/Exception/Exception.h>
+#include <bridgepp/BridgeUtils.h>
 #include <bridgepp/GRPC/GRPCUtils.h>
 #include <bridgepp/GRPC/GRPCConfig.h>

@ -33,7 +34,6 @@ using namespace grpc;
 //****************************************************************************************************************************************************
 GRPCServerWorker::GRPCServerWorker(QObject *parent)
    : Worker(parent) {
-
 }


@ -81,7 +81,7 @@ void GRPCServerWorker::run() {

        config.port = port;
        QString err;
-        if (!config.save(grpcServerConfigPath(), &err)) {
+        if (!config.save(grpcServerConfigPath(bridgepp::userConfigDir()), &err)) {
            throw Exception(QString("Could not save gRPC server config. %1").arg(err));
        }

--- a/Show More
+++ b/Show More