chore: Alcantara Bridge 3.11.1 changelog.

fix(BRIDGE-70): hotfix for blocked smtp/imap port causing bridge to quit
chore: Alcantara Bridge 3.11.0 changelog.
2024-05-16 15:12:56 +02:00 · 2024-05-16 09:51:32 +02:00 · 2024-04-23 17:07:24 +02:00 · 2024-04-23 15:58:22 +02:00 · 2024-04-22 10:37:47 +02:00 · 2024-04-22 09:27:43 +02:00
811 changed files with 63643 additions and 63036 deletions
--- a/.gitignore
+++ b/.gitignore
@ -41,3 +41,7 @@ cmake-build-*/
 # Doxygen doc files
 _doc/
 # gRPC auto-generated C++ source files
 *.pb.cc
 *.pb.h
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -16,7 +16,9 @@
 # along with ProtonMail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 ---
-image: harbor.protontech.ch/docker.io/library/golang:1.18
+default:
  tags:
    - shared-small
 variables:
  GOPRIVATE: gitlab.protontech.ch
@ -30,207 +32,10 @@ stages:
  - test
  - build
-.rules-branch-and-MR-always:
+include:
-  rules:
+  - local: ci/setup.yml
-    - if: $CI_COMMIT_BRANCH ||  $CI_PIPELINE_SOURCE == "merge_request_event"
+  - local: ci/rules.yml
-      when: always
+  - local: ci/env.yml
-      allow_failure: false
+  - local: ci/test.yml
-    - when: never
+  - local: ci/build.yml
 .rules-branch-and-MR-manual:
  rules:
    - if: $CI_COMMIT_BRANCH ||  $CI_PIPELINE_SOURCE == "merge_request_event"
      when: manual
      allow_failure: true
    - when: never
 .rules-branch-manual-MR-always:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
      when: always
      allow_failure: false
    - if: $CI_COMMIT_BRANCH
      when: manual
      allow_failure: true
    - when: never
 # Stage: TEST
 lint:
  stage: test
  extends:
    - .rules-branch-and-MR-always
  script:
    - make lint
  tags:
    - medium
 test-linux:
  stage: test
  extends:
    - .rules-branch-manual-MR-always
  script:
    - make test
  tags:
    - medium
 test-linux-race:
  stage: test
  extends:
    - .rules-branch-and-MR-manual
  script:
    - make test-race
  tags:
    - medium
 test-integration:
  stage: test
  extends:
    - .rules-branch-manual-MR-always
  script:
    - make test-integration
  tags:
    - large
 test-integration-race:
  stage: test
  extends:
    - .rules-branch-and-MR-manual
  script:
    - make test-integration-race
  tags:
    - large
 dependency-updates:
  stage: test
  script:
    - make updates
 # Stage: BUILD
 .build-base:
  stage: build
  needs: ["lint"]
  rules:
    # GODT-1833: use `=~ /qa/` after mac and windows runners are fixed
    - if: $CI_JOB_NAME =~ /build-linux-qa/  && $CI_PIPELINE_SOURCE == "merge_request_event"
      when: always
      allow_failure: false
    - if: $CI_COMMIT_BRANCH || $CI_PIPELINE_SOURCE == "merge_request_event"
      when: manual
      allow_failure: true
    - when: never
  before_script:
    - mkdir -p .cache/bin
    - export PATH=$(pwd)/.cache/bin:$PATH
    - export GOPATH="$CI_PROJECT_DIR/.cache"
    - export PATH=$PATH:$QT6DIR/bin
    - $(git config --global -l | grep -o 'url.*gitlab.protontech.ch.*insteadof' | xargs -L 1 git config --global --unset &> /dev/null) || echo "nothing to remove"
    - git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
  script:
    - make build
    - git diff && git diff-index --quiet HEAD
    - make vault-editor
  artifacts:
    # Note: The latest artifacts for refs are locked against deletion, and kept
    # regardless of the expiry time. Introduced in GitLab 13.0 behind a
    # disabled feature flag, and made the default behavior in GitLab 13.4.
    expire_in: 1 day
    when: always
    paths:
      - bridge_*.tgz
      - vault-editor
  tags:
    - large
 build-linux:
  extends: .build-base
  image: gitlab.protontech.ch:4567/go/bridge-internal:qt6
  variables:
    VCPKG_DEFAULT_BINARY_CACHE: ${CI_PROJECT_DIR}/.cache
  cache:
    key: linux-vcpkg
    paths:
      - .cache
    when: 'always'
  artifacts:
    name: "bridge-linux-$CI_COMMIT_SHORT_SHA"
 build-linux-qa:
  extends: build-linux
  variables:
    BUILD_TAGS: "build_qa"
  artifacts:
    name: "bridge-linux-qa-$CI_COMMIT_SHORT_SHA"
 .build-darwin-base:
  extends: .build-base
  before_script:
    - export PATH=/usr/local/bin:$PATH
    - export PATH=/usr/local/opt/git/bin:$PATH
    - export PATH=/usr/local/opt/make/libexec/gnubin:$PATH
    - export PATH=/usr/local/opt/go@1.13/bin:$PATH
    - export PATH=/usr/local/opt/gnu-sed/libexec/gnubin:$PATH
    - export GOPATH=~/go
    - export PATH=$GOPATH/bin:$PATH
    - export CGO_CPPFLAGS='-Wno-error -Wno-nullability-completeness -Wno-expansion-to-defined -Wno-builtin-requires-header'
    - $(git config --global -l | grep -o 'url.*gitlab.protontech.ch.*insteadof' | xargs -L 1 git config --global --unset &> /dev/null) || echo "nothing to remove"
    - git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
  script:
    - go version
    - make build-nogui
    - git diff && git diff-index --quiet HEAD
    - make vault-editor
  cache: {}
  tags:
    - macOS
 build-darwin:
  extends: .build-darwin-base
  artifacts:
    name: "bridge-darwin-$CI_COMMIT_SHORT_SHA"
 build-darwin-qa:
  extends: .build-darwin-base
  variables:
    BUILD_TAGS: "build_qa"
  artifacts:
    name: "bridge-darwin-qa-$CI_COMMIT_SHORT_SHA"
 .build-windows-base:
  extends: .build-base
  before_script:
    - export GOROOT=/c/Go1.18/
    - export PATH=$GOROOT/bin:$PATH
    - export GOARCH=amd64
    - export GOPATH=~/go18
    - export GO111MODULE=on
    - export PATH="${GOPATH}/bin:${PATH}"
    - export MSYSTEM=
    - export QT6DIR=/c/grrrQt/6.3.1/msvc2019_64
    - export PATH=$PATH:${QT6DIR}/bin
    - export PATH="/c/Program Files/Microsoft Visual Studio/2022/Community/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/bin:$PATH"
    - $(git config --global -l | grep -o 'url.*gitlab.protontech.ch.*insteadof' | xargs -L 1 git config --global --unset &> /dev/null) || echo "nothing to remove"
    - git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
  script:
    - make build-nogui
    - git diff && git diff-index --quiet HEAD
    - make vault-editor
  tags:
    - windows-bridge
 build-windows:
  extends: .build-windows-base
  artifacts:
    name: "bridge-windows-$CI_COMMIT_SHORT_SHA"
 build-windows-qa:
  extends: .build-windows-base
  variables:
    BUILD_TAGS: "build_qa"
  artifacts:
    name: "bridge-windows-qa-$CI_COMMIT_SHORT_SHA"
 # TODO: PUT BACK ALL THE JOBS! JUST DID THIS FOR NOW TO GET CI WORKING AGAIN...
--- a/.golangci.yml
+++ b/.golangci.yml
@ -23,7 +23,6 @@ issues:
    - path: _test\.go
      linters:
        - dupl
        - funlen
        - gochecknoglobals
        - gochecknoinits
        - gosec
@ -32,7 +31,14 @@ issues:
    - path: test
      linters:
        - dupl
-        - funlen
+        - gochecknoglobals
        - gochecknoinits
        - gosec
        - goconst
        - dogsled
    - path: utils/smtp-send
      linters:
        - dupl
        - gochecknoglobals
        - gochecknoinits
        - gosec
@ -50,21 +56,17 @@ linters:
  disable-all: true
  enable:
    - deadcode          # Finds unused code [fast: true, auto-fix: false]
    - errcheck          # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases [fast: true, auto-fix: false]
    - gosimple          # Linter for Go source code that specializes in simplifying a code [fast: true, auto-fix: false]
    - govet             # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string [fast: true, auto-fix: false]
    - ineffassign       # Detects when assignments to existing variables are not used [fast: true, auto-fix: false]
    - staticcheck       # Staticcheck is a go vet on steroids, applying a ton of static analysis checks [fast: true, auto-fix: false]
    - structcheck       # Finds unused struct fields [fast: true, auto-fix: false]
    - typecheck         # Like the front-end of a Go compiler, parses and type-checks Go code [fast: true, auto-fix: false]
    - unused            # Checks Go code for unused constants, variables, functions and types [fast: false, auto-fix: false]
    - varcheck          # Finds unused global variables and constants [fast: true, auto-fix: false]
    - bodyclose         # checks whether HTTP response body is closed successfully [fast: true, auto-fix: false]
-    - depguard          # Go linter that checks if package imports are in a list of acceptable packages [fast: true, auto-fix: false]
+    #- depguard          # Go linter that checks if package imports are in a list of acceptable packages [fast: true, auto-fix: false]
    - dogsled           # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f()) [fast: true, auto-fix: false]
    - dupl              # Tool for code clone detection [fast: true, auto-fix: false]
    - funlen            # Tool for detection of long functions [fast: true, auto-fix: false]
    - gochecknoglobals  # Checks that no globals are present in Go code [fast: true, auto-fix: false]
    - gochecknoinits    # Checks that no init functions are present in Go code [fast: true, auto-fix: false]
    - goconst           # Finds repeated strings that could be replaced by a constant [fast: true, auto-fix: false]
@ -122,3 +124,8 @@ linters:
    # - testpackage       # linter that makes you use a separate _test package [fast: true, auto-fix: false]
    # - thelper           # thelper detects golang test helpers without t.Helper() call and checks the consistency of test helpers [fast: false, auto-fix: false]
    # - wrapcheck         # Checks that errors returned from external packages are wrapped [fast: false, auto-fix: false]
    # Deprecated:
    # - structcheck       # Finds unused struct fields [fast: true, auto-fix: false] deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused.
    # - deadcode          # Finds unused code [fast: true, auto-fix: false] deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused.
    # - varcheck          # Finds unused global variables and constants [fast: true, auto-fix: false] deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused.
--- a/BUILDS.md
+++ b/BUILDS.md
@ -3,20 +3,23 @@
 ## Prerequisites
 * 64-bit OS:
    - the go-rfc5322 module cannot currently be compiled for 32-bit OSes
-* Go 1.18
+* Go 1.21.6
 * Bash with basic build utils: make, gcc, sed, find, grep, ...
  - For Windows, it is recommended to use MinGW 64bit shell from [MSYS2](https://www.msys2.org/)
-* GCC (linux), msvc (windows) or Xcode (macOS)
+* GCC (Linux), msvc (Windows) or Xcode (macOS)
-* Windres (windows)
+* Windres (Windows)
-* libglvnd and libsecret development files (linux)
+* libglvnd and libsecret development files (Linux)
 * pkg-config (Linux)
 * cmake, ninja-build and Qt 6.4.3 are required to build the graphical user interface. On Linux, 
 the Mesa OpenGL development files are also needed.
 To enable the sending of crash reports using Sentry please set the
-`main.DSNSentry` value with the client key of your sentry project before build.
+`DSN_SENTRY` environment variable with the client key of your sentry project before build.
 Otherwise, the sending of crash reports will be disabled.
 ## Build
 In order to build Bridge app with Qt interface we are using
-[Qt 6.3](https://doc.qt.io/qt-6/gettingstarted.html).
+[Qt 6.4.3](https://doc.qt.io/qt-6/gettingstarted.html).
 Please note that qmake path must be in your `PATH` to ensure Qt to be found.
 Also, before you start build **on Windows**, please unset the `MSYSTEM` variable
--- a/COPYING_NOTES.md
+++ b/COPYING_NOTES.md
@ -26,7 +26,6 @@ Proton Mail Bridge includes the following 3rd party software:
 * [gluon](https://github.com/ProtonMail/gluon) available under [license](https://github.com/ProtonMail/gluon/blob/master/LICENSE) 
 * [go-autostart](https://github.com/ProtonMail/go-autostart) available under [license](https://github.com/ProtonMail/go-autostart/blob/master/LICENSE) 
 * [go-proton-api](https://github.com/ProtonMail/go-proton-api) available under [license](https://github.com/ProtonMail/go-proton-api/blob/master/LICENSE) 
 * [go-rfc5322](https://github.com/ProtonMail/go-rfc5322) available under [license](https://github.com/ProtonMail/go-rfc5322/blob/master/LICENSE) 
 * [gopenpgp](https://github.com/ProtonMail/gopenpgp/v2) available under [license](https://github.com/ProtonMail/gopenpgp/v2/blob/master/LICENSE) 
 * [goquery](https://github.com/PuerkitoBio/goquery) available under [license](https://github.com/PuerkitoBio/goquery/blob/master/LICENSE) 
 * [ishell](https://github.com/abiosoft/ishell) available under [license](https://github.com/abiosoft/ishell/blob/master/LICENSE) 
@ -41,25 +40,27 @@ Proton Mail Bridge includes the following 3rd party software:
 * [go-message](https://github.com/emersion/go-message) available under [license](https://github.com/emersion/go-message/blob/master/LICENSE) 
 * [go-sasl](https://github.com/emersion/go-sasl) available under [license](https://github.com/emersion/go-sasl/blob/master/LICENSE) 
 * [go-smtp](https://github.com/emersion/go-smtp) available under [license](https://github.com/emersion/go-smtp/blob/master/LICENSE) 
 * [go-vcard](https://github.com/emersion/go-vcard) available under [license](https://github.com/emersion/go-vcard/blob/master/LICENSE) 
 * [color](https://github.com/fatih/color) available under [license](https://github.com/fatih/color/blob/master/LICENSE) 
 * [sentry-go](https://github.com/getsentry/sentry-go) available under [license](https://github.com/getsentry/sentry-go/blob/master/LICENSE) 
 * [resty](https://github.com/go-resty/resty/v2) available under [license](https://github.com/go-resty/resty/v2/blob/master/LICENSE) 
 * [go-json](https://github.com/goccy/go-json) available under [license](https://github.com/goccy/go-json/blob/master/LICENSE) 
 * [dbus](https://github.com/godbus/dbus) available under [license](https://github.com/godbus/dbus/blob/master/LICENSE) 
 * [mock](https://github.com/golang/mock) available under [license](https://github.com/golang/mock/blob/master/LICENSE) 
 * [go-cmp](https://github.com/google/go-cmp) available under [license](https://github.com/google/go-cmp/blob/master/LICENSE) 
 * [uuid](https://github.com/google/uuid) available under [license](https://github.com/google/uuid/blob/master/LICENSE) 
 * [go-multierror](https://github.com/hashicorp/go-multierror) available under [license](https://github.com/hashicorp/go-multierror/blob/master/LICENSE) 
 * [html2text](https://github.com/jaytaylor/html2text) available under [license](https://github.com/jaytaylor/html2text/blob/master/LICENSE) 
 * [go-locale](https://github.com/jeandeaual/go-locale) available under [license](https://github.com/jeandeaual/go-locale/blob/master/LICENSE) 
 * [go-keychain](https://github.com/keybase/go-keychain) available under [license](https://github.com/keybase/go-keychain/blob/master/LICENSE) 
 * [dns](https://github.com/miekg/dns) available under [license](https://github.com/miekg/dns/blob/master/LICENSE) 
 * [memory](https://github.com/pbnjay/memory) available under [license](https://github.com/pbnjay/memory/blob/master/LICENSE) 
 * [errors](https://github.com/pkg/errors) available under [license](https://github.com/pkg/errors/blob/master/LICENSE) 
 * [profile](https://github.com/pkg/profile) available under [license](https://github.com/pkg/profile/blob/master/LICENSE) 
 * [logrus](https://github.com/sirupsen/logrus) available under [license](https://github.com/sirupsen/logrus/blob/master/LICENSE) 
 * [testify](https://github.com/stretchr/testify) available under [license](https://github.com/stretchr/testify/blob/master/LICENSE) 
 * [cli](https://github.com/urfave/cli/v2) available under [license](https://github.com/urfave/cli/v2/blob/master/LICENSE) 
 * [msgpack](https://github.com/vmihailenco/msgpack/v5) available under [license](https://github.com/vmihailenco/msgpack/v5/blob/master/LICENSE) 
-* [goleak](https://go.uber.org/goleak)
+* [goleak](https://go.uber.org/goleak) available under [license](https://pkg.go.dev/go.uber.org/goleak?tab=licenses) 
 * [exp](https://golang.org/x/exp) available under [license](https://cs.opensource.google/go/x/exp/+/master:LICENSE) 
 * [net](https://golang.org/x/net) available under [license](https://cs.opensource.google/go/x/net/+/master:LICENSE) 
 * [sys](https://golang.org/x/sys) available under [license](https://cs.opensource.google/go/x/sys/+/master:LICENSE) 
@ -67,17 +68,14 @@ Proton Mail Bridge includes the following 3rd party software:
 * [grpc](https://google.golang.org/grpc) available under [license](https://github.com/grpc/grpc-go/blob/master/LICENSE) 
 * [protobuf](https://google.golang.org/protobuf) available under [license](https://github.com/protocolbuffers/protobuf/blob/main/LICENSE) 
 * [plist](https://howett.net/plist) available under [license](https://github.com/DHowett/go-plist/blob/main/LICENSE) 
 * [atlas](https://ariga.io/atlas)
 * [ent](https://entgo.io/ent)
 * [bcrypt](https://github.com/ProtonMail/bcrypt) available under [license](https://github.com/ProtonMail/bcrypt/blob/master/LICENSE) 
 * [go-crypto](https://github.com/ProtonMail/go-crypto) available under [license](https://github.com/ProtonMail/go-crypto/blob/master/LICENSE) 
 * [go-mime](https://github.com/ProtonMail/go-mime) available under [license](https://github.com/ProtonMail/go-mime/blob/master/LICENSE) 
 * [go-srp](https://github.com/ProtonMail/go-srp) available under [license](https://github.com/ProtonMail/go-srp/blob/master/LICENSE) 
 * [readline](https://github.com/abiosoft/readline) available under [license](https://github.com/abiosoft/readline/blob/master/LICENSE) 
 * [levenshtein](https://github.com/agext/levenshtein) available under [license](https://github.com/agext/levenshtein/blob/master/LICENSE) 
 * [cascadia](https://github.com/andybalholm/cascadia) available under [license](https://github.com/andybalholm/cascadia/blob/master/LICENSE) 
-* [antlr](https://github.com/antlr/antlr4/runtime/Go/antlr) available under [license](https://github.com/antlr/antlr4/runtime/Go/antlr/blob/master/LICENSE) 
+* [sonic](https://github.com/bytedance/sonic) available under [license](https://github.com/bytedance/sonic/blob/master/LICENSE) 
-* [go-textseg](https://github.com/apparentlymart/go-textseg/v13) available under [license](https://github.com/apparentlymart/go-textseg/v13/blob/master/LICENSE) 
+* [base64x](https://github.com/chenzhuoyu/base64x) available under [license](https://github.com/chenzhuoyu/base64x/blob/master/LICENSE) 
 * [test](https://github.com/chzyer/test) available under [license](https://github.com/chzyer/test/blob/master/LICENSE) 
 * [circl](https://github.com/cloudflare/circl) available under [license](https://github.com/cloudflare/circl/blob/master/LICENSE) 
 * [go-md2man](https://github.com/cpuguy83/go-md2man/v2) available under [license](https://github.com/cpuguy83/go-md2man/v2/blob/master/LICENSE) 
@ -87,51 +85,55 @@ Proton Mail Bridge includes the following 3rd party software:
 * [go-spew](https://github.com/davecgh/go-spew) available under [license](https://github.com/davecgh/go-spew/blob/master/LICENSE) 
 * [go-windows](https://github.com/elastic/go-windows) available under [license](https://github.com/elastic/go-windows/blob/master/LICENSE) 
 * [go-textwrapper](https://github.com/emersion/go-textwrapper) available under [license](https://github.com/emersion/go-textwrapper/blob/master/LICENSE) 
-* [go-vcard](https://github.com/emersion/go-vcard) available under [license](https://github.com/emersion/go-vcard/blob/master/LICENSE) 
+* [fgprof](https://github.com/felixge/fgprof) available under [license](https://github.com/felixge/fgprof/blob/master/LICENSE) 
 * [go-shlex](https://github.com/flynn-archive/go-shlex) available under [license](https://github.com/flynn-archive/go-shlex/blob/master/LICENSE) 
 * [mimetype](https://github.com/gabriel-vasile/mimetype) available under [license](https://github.com/gabriel-vasile/mimetype/blob/master/LICENSE) 
 * [sse](https://github.com/gin-contrib/sse) available under [license](https://github.com/gin-contrib/sse/blob/master/LICENSE) 
 * [gin](https://github.com/gin-gonic/gin) available under [license](https://github.com/gin-gonic/gin/blob/master/LICENSE) 
 * [inflect](https://github.com/go-openapi/inflect) available under [license](https://github.com/go-openapi/inflect/blob/master/LICENSE) 
 * [locales](https://github.com/go-playground/locales) available under [license](https://github.com/go-playground/locales/blob/master/LICENSE) 
 * [universal-translator](https://github.com/go-playground/universal-translator) available under [license](https://github.com/go-playground/universal-translator/blob/master/LICENSE) 
 * [validator](https://github.com/go-playground/validator/v10) available under [license](https://github.com/go-playground/validator/v10/blob/master/LICENSE) 
 * [go-json](https://github.com/goccy/go-json) available under [license](https://github.com/goccy/go-json/blob/master/LICENSE) 
 * [uuid](https://github.com/gofrs/uuid) available under [license](https://github.com/gofrs/uuid/blob/master/LICENSE) 
 * [protobuf](https://github.com/golang/protobuf) available under [license](https://github.com/golang/protobuf/blob/master/LICENSE) 
 * [pprof](https://github.com/google/pprof) available under [license](https://github.com/google/pprof/blob/master/LICENSE) 
 * [errwrap](https://github.com/hashicorp/errwrap) available under [license](https://github.com/hashicorp/errwrap/blob/master/LICENSE) 
 * [go-immutable-radix](https://github.com/hashicorp/go-immutable-radix) available under [license](https://github.com/hashicorp/go-immutable-radix/blob/master/LICENSE) 
 * [go-memdb](https://github.com/hashicorp/go-memdb) available under [license](https://github.com/hashicorp/go-memdb/blob/master/LICENSE) 
 * [golang-lru](https://github.com/hashicorp/golang-lru) available under [license](https://github.com/hashicorp/golang-lru/blob/master/LICENSE) 
 * [hcl](https://github.com/hashicorp/hcl/v2) available under [license](https://github.com/hashicorp/hcl/v2/blob/master/LICENSE) 
 * [multierror](https://github.com/joeshaw/multierror) available under [license](https://github.com/joeshaw/multierror/blob/master/LICENSE) 
 * [go](https://github.com/json-iterator/go) available under [license](https://github.com/json-iterator/go/blob/master/LICENSE) 
 * [cpuid](https://github.com/klauspost/cpuid/v2) available under [license](https://github.com/klauspost/cpuid/v2/blob/master/LICENSE) 
 * [go-urn](https://github.com/leodido/go-urn) available under [license](https://github.com/leodido/go-urn/blob/master/LICENSE) 
 * [go-colorable](https://github.com/mattn/go-colorable) available under [license](https://github.com/mattn/go-colorable/blob/master/LICENSE) 
 * [go-isatty](https://github.com/mattn/go-isatty) available under [license](https://github.com/mattn/go-isatty/blob/master/LICENSE) 
 * [go-runewidth](https://github.com/mattn/go-runewidth) available under [license](https://github.com/mattn/go-runewidth/blob/master/LICENSE) 
 * [go-sqlite3](https://github.com/mattn/go-sqlite3) available under [license](https://github.com/mattn/go-sqlite3/blob/master/LICENSE) 
 * [go-wordwrap](https://github.com/mitchellh/go-wordwrap) available under [license](https://github.com/mitchellh/go-wordwrap/blob/master/LICENSE) 
 * [concurrent](https://github.com/modern-go/concurrent) available under [license](https://github.com/modern-go/concurrent/blob/master/LICENSE) 
 * [reflect2](https://github.com/modern-go/reflect2) available under [license](https://github.com/modern-go/reflect2/blob/master/LICENSE) 
 * [tablewriter](https://github.com/olekukonko/tablewriter) available under [license](https://github.com/olekukonko/tablewriter/blob/master/LICENSE) 
 * [go-toml](https://github.com/pelletier/go-toml/v2) available under [license](https://github.com/pelletier/go-toml/v2/blob/master/LICENSE) 
 * [lz4](https://github.com/pierrec/lz4/v4) available under [license](https://github.com/pierrec/lz4/v4/blob/master/LICENSE) 
 * [go-difflib](https://github.com/pmezard/go-difflib) available under [license](https://github.com/pmezard/go-difflib/blob/master/LICENSE) 
 * [procfs](https://github.com/prometheus/procfs) available under [license](https://github.com/prometheus/procfs/blob/master/LICENSE) 
 * [uniseg](https://github.com/rivo/uniseg) available under [license](https://github.com/rivo/uniseg/blob/master/LICENSE) 
 * [blackfriday](https://github.com/russross/blackfriday/v2) available under [license](https://github.com/russross/blackfriday/v2/blob/master/LICENSE) 
 * [pflag](https://github.com/spf13/pflag) available under [license](https://github.com/spf13/pflag/blob/master/LICENSE) 
 * [bom](https://github.com/ssor/bom) available under [license](https://github.com/ssor/bom/blob/master/LICENSE) 
 * [golang-asm](https://github.com/twitchyliquid64/golang-asm) available under [license](https://github.com/twitchyliquid64/golang-asm/blob/master/LICENSE) 
 * [codec](https://github.com/ugorji/go/codec) available under [license](https://github.com/ugorji/go/codec/blob/master/LICENSE) 
 * [tagparser](https://github.com/vmihailenco/tagparser/v2) available under [license](https://github.com/vmihailenco/tagparser/v2/blob/master/LICENSE) 
 * [smetrics](https://github.com/xrash/smetrics) available under [license](https://github.com/xrash/smetrics/blob/master/LICENSE) 
-* [go-cty](https://github.com/zclconf/go-cty) available under [license](https://github.com/zclconf/go-cty/blob/master/LICENSE) 
+* [go-ordered-json](https://gitlab.com/c0b/go-ordered-json)
 * [arch](https://golang.org/x/arch) available under [license](https://cs.opensource.google/go/x/arch/+/master:LICENSE) 
 * [crypto](https://golang.org/x/crypto) available under [license](https://cs.opensource.google/go/x/crypto/+/master:LICENSE) 
 * [mod](https://golang.org/x/mod) available under [license](https://cs.opensource.google/go/x/mod/+/master:LICENSE) 
 * [sync](https://golang.org/x/sync) available under [license](https://cs.opensource.google/go/x/sync/+/master:LICENSE) 
 * [tools](https://golang.org/x/tools) available under [license](https://cs.opensource.google/go/x/tools/+/master:LICENSE) 
-* [genproto](https://google.golang.org/genproto)
+* [genproto](https://google.golang.org/genproto) available under [license](https://pkg.go.dev/google.golang.org/genproto?tab=licenses) 
-gopkg.in/yaml.v2
+* [yaml](https://gopkg.in/yaml.v3) available under [license](https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE) 
 gopkg.in/yaml.v3
 * [docker-credential-helpers](https://github.com/ProtonMail/docker-credential-helpers) available under [license](https://github.com/ProtonMail/docker-credential-helpers/blob/master/LICENSE) 
 * [go-message](https://github.com/ProtonMail/go-message) available under [license](https://github.com/ProtonMail/go-message/blob/master/LICENSE) 
 * [go-smtp](https://github.com/ProtonMail/go-smtp) available under [license](https://github.com/ProtonMail/go-smtp/blob/master/LICENSE) 
 * [resty](https://github.com/LBeernaertProton/resty/v2) available under [license](https://github.com/LBeernaertProton/resty/v2/blob/master/LICENSE) 
 * [go-keychain](https://github.com/cuthix/go-keychain) available under [license](https://github.com/cuthix/go-keychain/blob/master/LICENSE) 
 <!-- END AUTOGEN -->
--- a/Changelog.md
+++ b/Changelog.md
@ -1,8 +1,728 @@
-# Proton Mail Bridge and Import-Export app Changelog
+# Proton Mail Bridge Changelog
 Changelog [format](http://keepachangelog.com/en/1.0.0/)
-## [Bridge 3.0.15/16] Perth Narrows
+
 ## Alcantara Bridge 3.11.1
 ### Fixed
 * BRIDGE-70: Hotfix for blocked smtp/imap port causing bridge to quit.
 ## Alcantara Bridge 3.11.0
 ### Added
 * GODT-3185: Report cases which leads to wrong address key used.
 ### Changed
 * BRIDGE-14: HV3 implementation.
 * BRIDGE-15: Certificate install is now also done during Outlook setup on macOS.
 * GODT-3146: Start servers on startup, keep running even when no users are active.
 * BRIDGE-19: Update checksum validation use warning instead of error on non-existing files.
 ### Fixed
 * BRIDGE-8: Fix bridge double sessionID issue in logs.
 * BRIDGE-7: Modify keychain test on macOS.
 * BRIDGE-4: Logs not being created when invalid flag is passed.
 * BRIDGE-5: Add tooltip to tray icon.
 * GODT-3163: Filter MBOX format delimiter.
 ## Zaehringen Bridge 3.10.0
 ### Added
 * GODT-3199: Add package log field.
 * GODT-3220: Add more test scenarios.
 ### Changed
 * GODT-3193: Preserve attachment encoding.
 * GODT-3214: Encrypt only with primary key.
 * GODT-2662: Use tart runner for darwin jobs.
 * GODT-1602: Test: run integration tests against black 🖤.
 * GODT-3257: Test: quad9 provider test not working on CI.
 ### Fixed
 * GODT-3290: Fix test failing because of leap day.
 ## Ypsilon Bridge 3.9.1
 ### Fixed
 * GODT-3235: Update bridge update key.
 ## Ypsilon Bridge 3.9.0
 ### Added
 * GODT-3230: Scripts for removing Bridge from device.
 * GODT-3195: Add OS info to the log.
 * GODT-3156: Add time zone info to the bridge log.
 * GODT-3162: Test: Add test scenarios for KB article suggestions.
 * Test: Add scenarios for checking messages sent from Web Client.
 * GODT-3162: Test: Add step definition for checking KB article suggestions.
 ### Changed
 * GODT-3160: Bump version Go 1.21.6.
 * GODT-3160: Load pipeline env from bridge internal.
 * GODT-3052: Test: Replace attachments and inline content in feature tests with the smallest valid versions.
 * GODT-3155: Customize log formatter for easier parsing.
 * GODT-3172: Detect missing keychain item.
 * GODT-3172: Do not list, just retrieve vault key.
 * Log the message received time when handling message creation event.
 * Set log as artefact for all integration test.
 * Get better logging arround keychain list initialisation.
 ### Fixed
 * GODT-3229: Escape reserved XML characters in Apple configuration profile.
 * GODT-3228: Get rid of fork of docker-credential-helpers.
 * GODT-3176: Assume inline if content id is present.
 * GODT-3160: Ignore non-called vulnerabilities.
 * GODT-3160: Updated external dependencies reported by govulncheck.
 * GODT-3203: Crash in chunkDivide.
 * Fix for SMTP connection mode toggle in bridge-gui-tester.
 * GODT-3183: Fix database indices.
 * GODT-3187: Fix numberOfDay computation when changing year and day.
 * GODT-3188: Happy new year.
 ## Xikou Bridge 3.8.2
 ### Fixed
 * GODT-3235: Update bridge update key.
 ## Xikou Bridge 3.8.1
 ### Added
 * GODT-3121: Suggest relevant KB articles in the in-app bug report form.
 * GODT-2001: Add govulncheck to scan for vulnerabilities.
 ### Changed
 * Keep nighlty-job log as artifact.
 * Test: Improve TestMetadata_JobCorrectlyFinishesAfterCancel.
 ### Fixed
 * GODT-3153: Do not take into account full address when hasing messages.
 ## Xikou Bridge 3.8.0
 ### Added
 * Test: Add test scenarios to add an /Answered flag to a replied message and revert.
 * GODT-3046: Added links to KB in error messages.
 * Test(GODT-3113): Inline HTML message and HTML attachment is getting altered.
 * Test(GODT-3124): Attempt to fix 401 during login.
 ### Changed
 * GODT-3134: Br tag triggers installer.
 * Added update events to bridge GUI tester.
 ### Fixed
 * GODT-3142: Pass br tag if available.
 * GODT-3151: Fix feature test with non modified HTML part.
 * GODT-3151: Only modify HTML Meta content if UTF-8 charset override is needed.
 * GODT-2851: Add empty text part if no text part when importing multipart.
 * GODT-3102: Distinguish Vault Decryption from Serialization Errors.
 * GODT-3124: Handling of sync child jobs.
 * GODT-3148: Bump go-sysinfo to get rid of linker warning on macOS Sonoma.
 * GODT-3124: Flaky tests.
 * GODT-3022: Handle multipart/related on fake server.
 * GODT-3133: Fix GetSystemLanguage.
 * GODT-3124: Race condition in sync task waiter.
 * GODT-3124: Race conditions reported by race check.
 * GODT-2797: Encode attached key name and use same pubkey name as web-app.
 * Fix case of IMAP login error.
 * GODT-3132: Do not allow sending on disabled accounts.
 * GODT-3046: fix typo spotted during KB article review.
 * GODT-3129: Bad Event during after address order change.
 * GODT-3117: Improve GetAllContacts and GetAllContactsEmail.
 ## Wakato Bridge 3.7.1
 ### Added
 * Test(GODT-2740): Sending Plain text messages to internal recipient.
 * Test(GODT-2892): Create fake log file.
 * GODT-3122: Added test, changed interface for accessing display name.
 ### Changed
 * Remove debug prints.
 * GODT-2576: Forward and $Forward Flag Support.
 * GODT-3053: Use smaller bridge window on small screens.
 * GODT-3113: Only force UTF-8 charset for HTML part when needed.
 * GODT-3113: Do not render HTML for attachment.
 * GODT-3112: Replaced error message when bridge exists prematurely. Added a link to support form.
 * GODT-2947: Remove 'blame it on the weather' error part from go-smtp.
 * GODT-3010: Log MimeType parsing issue.
 * GODT-3104: Added log entry for cert install status on startup on macOS.
 * GODT-2277: Move Keychain helpers creation in main.
 ### Fixed
 * GODT-3054: Only delete drafts after message has been Sent.
 * GODT-2576: Correctly handle Forwarded messages from Thunderbird.
 * GODT-3122: Use display name as 'Email Account Name' in macOS profile.
 * GODT-3125: Heartbeat crash on exit.
 * GODT-2617: Validate user can send from the SMTP sender address.
 * GODT-3123: Trigger bad event on empty EventID on existing accounts.
 * GODT-3118: Do not reset EventID when migrating sync settings.
 * GODT-3116: Panic on closed channel.
 * GODT-1623: Throttle SMTP failed requests.
 * GODT-3047: Fixed 'disk full' error message.
 * GODT-3054: Delete draft create from reply.
 * GODT-3048: WKD Policy behavior.
 ## Wakato Bridge 3.7.0
 ### Added
 * Test(GODT-1224): Add testing around package creation.
 * Add debug_assemble binary.
 * Test(GODT-2723): Add importing a message with remote content.
 * Test(GODT-2737): Sending HTML messages to internal.
 * Test(GODT-3036): Keep inline attachment order on GPA Fake Server.
 * GODT-3015: Add simple algorithm to deal with multiple attachment for bug report.
 * Test: make message structure check more verbose.
 * Test: Add test around account settings.
 ### Changed
 * GODT-3097: Warn about PGPInline encryption scheme which will be deprecated.
 * Test: Support multiple users when waiting for sync event.
 * Test: Update fake server with defautl draft content-type and test it.
 * Test: be less aggressive while checking for message structure.
 * GODT-2996: Set password fields to hidden when resetting the login form.
 * GODT-2990: Change runner tags.
 * GODT-2835: Bump GPA adding support for AsyncAttachments for BugReport +...
 * GODT-2940: Allow 3 attempts for mailbox password.
 * GODT-3095: Update GOpenPGP.
 ### Fixed
 * GODT-3106: Broken import route.
 * GODT-3041: Fix Invalid Or Missing message signature during send.
 * GODT-3087: Exclude attachment content-disposition part when determining...
 * GODT-2887: Inline images with Apple Mail.
 * GODT-3100: Fix issue where a fatal error that bubble up to cli.Run() is not written in the log file.
 * GODT-3094: Clean up old update files on bridge startup.
 * GODT-3012: Fix multipart request retries.
 * GODT-2935: Do not allow parentID into drafts.
 * GODT-2935: Correct error message when draft fails to create.
 * GODT-2970: Correctly handle rename of Inbox.
 * GODT-2969: Prevent duration corruption for config status event.
 * Fixed type in QA installer CI job name.
 * GODT-3019: Fix title of main window when no account is connected.
 * GODT-3013: IMAP service getting "stuck".
 * GODT-2966: Allow permissive parsing of MediaType parameters for import.
 * GODT-2966: Add more test regarding quoted/unquoted filename in attachment.
 * GODT-2490: Fix sync progress not being reset when toggling split mode.
 * GODT-2515: Customized notification of unavailable keychain on macOS.
 ## Vasco da Gama Bridge 3.6.1
 ### Fixed
 * GODT-3033: Unable to receive new mail.
 ## Umshiang Bridge 3.5.4
 ### Fixed
 * GODT-3033: Unable to receive new mail.
 ## Vasco da Gama Bridge 3.6.0
 ### Added
 * GODT-2762: Setup wizard.
 * GODT-2772: Setup wizard content.
 * GODT-2769: Setup Wizard architecture.
 * GODT-2767: Setup Wizard foundations.
 * GODT-2725: Implement receive message step with expected structure exposed.
 ### Changed
 * GODT-2960: Added content in empty view when there is no account.
 * GODT-2771: Cert related tools for macOS.
 * GODT-2770: Proof of concept for web view as a tool window and overlay (not used).
 * GODT-2916: Split Decryption from Message Building.
 * GODT-2597: Implement contact specific settings in integration tests.
 * GODT-2664: Trigger QA installer.
 ### Fixed
 * GODT-2992: Fix link in 'no account view' in main window after 2FA or TOTP are cancelled.
 * GODT-2989: Allow to send bug report when no account connected.
 * GODT-2988: Fix setup wizard KB links.
 * GODT-2968: Use proper base64 encoded string even for bad password test.
 * GODT-2965: Fix multipart/mixed testdata + structure parsing steps related to this.
 * GODT-2932: Fix syncing not being reported in GUI.
 * GODT-2967: Tray menu entries close the setup wizard when needed.
 * GODT-2212: Preserver Header order in message building.
 * Fixed missing GoOs gRPC call in bridge-gui-tester.
 * GODT-2929: Message dedup with different text transfer encoding.
 ## Umshiang Bridge 3.5.3
 ### Changed
 * GODT-3004: Update gopenpgp and dependencies.
 ## Umshiang Bridge 3.5.2
 ### Fixed
 * GODT-3003: Ensure IMAP State is reset after vault corruption.
 * GODT-3001: Only create system labels during system label sync.
 ## Umshiang Bridge 3.5.1
 ### Fixed
 * GODT-2963: Use multi error to report file removal errors.
 * GODT-2956: Restore old deletion rules.
 * GODT-2951: Negative WaitGroup Counter.
 * GODT-2590: Fix send on closed channel.
 * GODT-2949: Fix close of close channel in event service.
 ## Umshiang Bridge 3.5.0
 ### Added
 * GODT-2734: Add testing steps to modify account settings.
 * GODT-2746: Integration tests for reporting a problem.
 * GODT-2891: Allow message create & delete during sync.
 * GODT-2848: Decouple IMAP service from Event Loop.
 * Add trace profiling option.
 * GODT-2829: New Sync Service.
 * Test: oss-fuzz support for fuzzing.
 * GODT-2799: SMTP Service.
 * GODT-2800: User Event Service.
 * GODT-2801: Identity Service.
 * GODT-2802: IMAP Serivce.
 * GODT-2788: Add preview to bug report validation and JSON file validator.
 * GODT-2803: Bridge Database access.
 ### Changed
 * GODT-2909: Remove Timeout on event publish.
 * GODT-2913: Reduce the number of configuration failure detected.
 * GODT-2828: Increase sync progress report frequency.
 * Test: Fix TestBridge_SyncWithOnGoingEvents.
 * GODT-2871: Is telemetry enabled as service.
 * Test(GODT-2873): Wait for Gluon Watcher to finish.
 * Test(GODT-2744): Add integration tests for moving messages (with MOVE support).
 * Test(GODT-2872): Fix nightly job.
 * Test(GODT-2742): Add more integration tests regarding drafts.
 * GODT-2787: Force Scrollview to top when re-opening questions set.
 * GODT-2787: Tweaking Bug Report form with last Review.
 * Ci(GODT-2717): Create a job that will run on schedule.
 * GODT-2787: Fix vertical alignement on CategoryItem.
 * GODT-2842: Implement Bug Report Fallback notification.
 * Chore(GODT-2848): Simplify User Event Service.
 * GODT-2808: Apply comment from Bug Report content review.
 * Test(GODT-2743): Sync high number of messages.
 * GODT-2814: Standalone Server Manager.
 * GODT-2808: Initial list of categories and questions.
 * GODT-2787: Replace the PathTracker by a more visual NavigationIndicator.
 * GODT-2816: Wait until mandatory fields are filled then fill body and title.
 * GODT-2794: Clear cached answers when report is sent.
 * GODT-2793: Feed the bug report body with the answered questions.
 * GODT-2791: Parse the Bug Report Flow description file and ensure forward compatibility (GODT-2789).
 * GODT-2821: Display questions in one page.
 * GODT-2786: Init bug report flow description file.
 * GODT-2792: Implement display of question set for bug report.
 * Use qmlformat on qml files, and removed deprecated tests.
 ### Fixed
 * GODT-2828: Fix negative report time.
 * GODT-2828: Fix sync progress report after restart.
 * GODT-2867: Do not crash on timeout or context cancel.
 * GODT-2693: Duplicate messages in sent folder.
 * GODT-2867: Get attachment returns API error on network problem.
 * GODT-2805: Ignore Contact Group Labels.
 * GODT-2866: Add 429/5xx Retry to Event Service.
 * GODT-2855: Fix for text overlapping in settings view.
 * Test: Verify leaks at end of WithEnv.
 * Test: Fix event registration in TestBridge_SyncWithOngoingEvents.
 * Test: Fix deadlock in chToType.
 * GODT-2865: Add error on failed unlock.
 * GODT-2857: Do not check changed values in clear recent flag.
 * GODT-2827: Restore ticker to event poller.
 * Test: TestBridge_SendAddTextBodyPartIfNotExists eventually fix.
 * GODT-2813: Write new vault to temporary file first.
 * GODT-2807: Fix issue where sessionID would not be removed from command-line on restart by bridge-gui.
 * GODT-2687: Tabs after header field colon.
 * GODT-2764: Allow perma-delete for messages which still have labels.
 * GODT-2693: Fix message appearing twice after sent.
 * GODT-2781: Try to remove stale lock file before failing in checkSingleInstance.
 * GODT-2780: Fix 'QSystemTrayIcon::setVisible: No Icon set' warning in bridge-gui log on startup.
 * GODT-2778: Fix login screen being disabled after an 'already logged in' error.
 * Fix typos found by codespell.
 * GODT-2577: Answered flag should only be applied to replied messages.
 ## Trift Bridge 3.4.1
 ### Fixed
 * GODT-2859: Trigger user resync while updating from 3.4.0 to 3.4.1.
 * GODT-2833: Fix migration of message flags.
 * GODT-2759: Use examine rather than select for fetching.
 ## Trift Bridge 3.4.0
 ### Added
 ### Changed
 * Test: Add require.Eventually to TestBridge_UserAgentFromSMTPClient.
 * Test: Add smtp-send utility.
 * GODT-2759: Check for oprhan messages.
 * GODT-2759: Add prompt to download missing messages for analysis.
 * GODT-2759: CLI debug commands.
 * Remove gRPC auto-generated C++ source files.
 * Test: Force all unit test to use minimum sync spec.
 * Test: Force sync limits to minimum with env variable.
 * GODT-2691: Close logrus output file on exit.
 * GODT-2522: New Gluon database layout.
 * GODT-2678: When internet is off, do not display status dot icon for the user in the context menu.
 * GODT-2686: Change the orientation of the expand/collapse arrow for Advanced settings.
 * Test(GODT-2636): Add step for sending from EML.
 * Log failed message ids during sync.
 * GODT-2510: Remove Ent.
 * Test(GODT-2600): Changing state (read/unread, starred/unstarred) of a message in integration tests.
 * GODT-2703: Got rid of account details dialog with Apple Mail autoconf.
 * GODT-2685: Update to bug report log attachment logic.
 * GODT-2690: Update sentry reporting in GUI for new log file naming.
 * GODT-2668: Implemented new log retention policy.
 * Test(GODT-2683): Save Draft without "Date" & "From" in headers.
 * GODT-2666: Feat(GODT-2667): introduce sessionID in bridge.
 * GODT-2660: Calculate bridge coverage and refactor CI yaml file.
 * Fix dependency_license script to handle dot formated version.
 ### Fixed
 * GODT-2812: Fix rare sync deadlock.
 * GODT-2822: Better handling 429 during sync and event loop.
 * GODT-2763: Missing Answered flag on Sync and Message Create.
 * GODT-2758: Fix panic in SetFlagsOnMessages.
 * GODT-2578: Refresh literals appended to Sent folder.
 * GODT-2753: Vault test now check that value auto-assigned is first available port.
 * GODT-2522: Handle migration with unreferenced db values.
 * GODT-2670: Allow missing whitespace after header field colon.
 * GODT-2653: Only log when err is not nil.
 * GODT-2680: Fix for C++ debugger not working on ARM64 because of OpenSSL 3.1.
 * GODT-2675: Update GPA to applye togin-gonic/gin patch + update COPYING_NOTES.
 ## Stone Bridge 3.3.2
 ### Fixed
 * GODT-2782: Filter all labels when doing perma delete check.
 ## Stone Bridge 3.3.1
 ### Changed
 * GODT-2707: Set bridge-gui default log level to 'debug'.
 * GODT-2674: Add more logs during update failed.
 * GODT-2750: Disable raise on main window when a notification is clicked on Linux.
 * GODT-2709: Remove the config status file when user is removed.
 * GODT-2748: Log calls that cause main window to show, with reason.
 * GODT-2705: Added log entries for focus service on client and server sides.
 * GODT-2712: Feed config_status with user action while pending.
 * GODT-2728: Remove the sentry report for gRPC event stream interruptions in bridge-gui.
 * GODT-2715: Add Unitary test for configStatus event.
 * GODT-2715: Add Functional test for configStatus telemetry event.
 * Disable windows runner.
 * GODT-2714: Apply PR comments.
 * GODT-2714: Set Configuration Status to Failure and send Recovery event when issue is solved.
 * GODT-2713: Send config_progress event once a day if the configuration is stucked in pending for more than a day.
 * GODT-2711: Send config_abort event on User removal.
 * GODT-2710: Send config success on IMAP/SMTP connection..
 * GODT-2716: Make Configuration Statistics persistent.
 * GODT-2709: Init Configuration status.
 * Log errors on failed message Downloads.
 ### Fixed
 * GODT-2774: Only check telemetry availability for the current user.
 * GODT-2774: Add external context to telemetry tasks.
 * GODT-2774: Add context to Authorize in `gluon.Connector`.
 * GODT-2726: Fix Parsing of Details field in GPA error message.
 * GODT-2708: Fix dimensions event format + handling of ReportClicked event.
 * GODT-2756: Fix for 'Settings' context menu opening the 'Help' page.
 ## Stone Bridge 3.3.0
 ### Changed
 * GODT-2653: Log API error details on Message import and send.
 * GODT-2655: Display internal build time tag in log and GUI.
 * Add error logs when messages fail to build during sync.
 * GODT-2673: Use NoClient as UserAgent without any client connected and...
 * GODT-2648: Make win build work on AWS machine.
 * Disable building of bridgepp-test app in build script.
 * GODT-2631: Bump go to 1.20.
 * GODT-2639: Enhance sentry init log.
 * GODT-2161: Auto-submit 2FA.
 * Bump Gluon for GODT-2595, GODT-2634 and GODT-2619.
 * Test: Fix TestBridge_Report.
 * Extend the timeout for integration test form 20m to 30.
 * Improve CPC code.
 * GODT-2585: Only Start IMAP/SMTP once one user is loaded.
 * GODT-2585: Server Manager.
 * GODT-2585: Add CPC utility.
 * GODT-2621: Display pop up warning when IMAP login fails because user is locked (connecting).
 * Set default log level to Debug.
 * GODT-2520: Update error message for free users.
 * Test: Disable sync open files test.
 * GODT-2346: Treat external address as disabled one.
 * GODT-2610: Re-use previous password when removing and adding back account.
 * GODT-2611: Bridge CLI exits on the first SIGINT / Ctrl+C.
 * GODT-2540: Make icon loading failure behavior consistent.
 * GODT-2540: Pop-up notification error icon is loaded on startup.
 * GODT-2540: Notify user of wrong IMAP password.
 ### Fixed
 * GODT-2683: Only validate messages that are not appended to Drafts.
 * GODT-2683: Reduce message checks when appending into Drafts.
 * Fix linter errors.
 * GODT-2669: Display sentry ID in bridge init log.
 * GODT-2672: Fix context cancelled when IMAP/SMTP parameters change is in progress.
 * GODT-2650: Fix crash during header serialization.
 * GODT-2437: Fix lint, test + bump Gluon with silenced report.
 * GODT-2437: Silence harmless report to sentry.
 * GODT-2649: Clean up cache files after failed connector create (Gluon).
 * GODT-2638: Validate messages before import.
 * GODT-2646: Bump GPA and Gluon dependency after CIRCL upgrade.
 * GODT-2454: Only Send status update if transaction succeeded.
 * Test: fix flaky tests.
 * GODT-2628: Attempt to fix closed channel panic on logout.
 * GODT-2627: Properly handle recording of message with Bcc fields.
 * GODT-2627: Fix crash on closed channel.
 * GODT-2307: Removed deprecated macOS security framework function.
 * GODT-2637: Fix address parser error due to trailing separator.
 * GODT-2635: Ensure Bridge can be compiled with GCC 13.
 * GODT-2626: Handle rare crash due to missing address update ch.
 * GODT-2626: Server Events should not be merged.
 * GODT-2606: Improve Vault concurrency scopes.
 * GODT-2623: Log IMAP/SMTP login failure as error.
 * GODT-2527: Cleanup 503 test since handled by GPA.
 * GODT-2613: Install the TLS certificate in the user keychain.
 * GODT-2618: Crash when address does not have unlocked keyring.
 * GODT-2616: Silence out of Order UID report.
 * Update Gluon for async.Group.Do() fix.
 * Upgraded golangci-lint v1.52.2 and fixed all issues.
 * GODT-2464: Filter attachment name from content-type parameter to not send it twice to the API.
 ## [Bridge 3.2.0] Rialto
 ### Added
 * GODT-2552, GODT-2553, GODT-2555, GODT-2556: Add telemetry.
 * GODT-2575: Add dev info to cookies.
 ### Changed
 * GODT-2598: Map Message Size Error to Gluon Error.
 * GODT-2569: Support multiple externalID matching if we send one of it when looking for parentID.
 * GODT-2576: Connector can send any flags to Gluon.
 * GODT-2496: Bump gopenPGP to 2.7.1-proton.
 * GODT-2517: Replace status window with native tray icon context menu.
 * GODT-2586: Two-columns layout for account details.
 * GODT-2580: Updated link to support website in GUI.
 * GODT-2239: Bridgepp worker/overseer unit tests.
 * GODT-2538: Implement smart picking of default IMAP/SMTP ports.
 * GODT-2502: Improve logs.
 * GODT-2551: Store and Recover Last User Agent from Vault.
 * GODT-2550: Verify IMAP ID is set properly.
 * GODT-2554: Compute telemetry availability from API UserSettings.
 * Add missing double quotes in test.
 * GODT-2239: Unit tests for BridgeUtils.cpp in bridgepp.
 * Replace go-rfc5322 with gluon's rfc5322 parser.
 * GODT-2483: Install cert without external tool on macOS.
 ### Fixed
 * GODT-2625: Update Bridge pubkey for updates.
 * GODT-2620: Avoid stalls in case of panic in gluon.
 * GODT-2615: Remove keyboard shortcut for tray icon context menu on Windows and Linux.
 * GODT-2596: Fix bug when trying to generate Sentry report and there is not log.
 * GODT-1374: Fix tray icon DPI change handling.
 * GODT-2589: Update BUILDS.md.
 * GODT-2581: Update outdated link to bridge homepage in CLI 'manual' command.
 * GODT-2337: Filter reply-to on draft.
 * GODT-2550: Announce IMAP ID Capability.
 * GODT-2574: Fix label/unlabel of large amounts of messages.
 * GODT-2573: Handle invalid header fields in message.
 * GODT-2573: Crash on null update.
 * GODT-2407: Replace invalid email addresses with empty for new Drafts.
 ## [Bridge 3.1.3] Quebec
 ### Changed
 * GODT-2616: Silence UID of order report.
 * GODT-2614: Handle failed update during sync.
 ## [Bridge 3.1.2] Quebec
 ### Changed
 * GODT-2582 Dedup recovered messages folder.
 ## [Bridge 3.1.1] Quebec
 ### Fixed
 * GODT-2500: Fix handler passing.
 ## [Bridge 3.1.0] Quebec
 ### Changed
 * GODT-2523: Use software QML rendering backend by default on Windows.
 * GODT-2500: Reorganise async methods.
 * GODT-2500: Add panic handlers everywhere.
 * GODT-2511: Add bridge-gui switches to permanently select the QML rendering backend.
 * GODT-2509: Migrate TLS cert from v1/v2 location during upgrade to v3.
 * GODT-2487: Add windows test job and worker.
 * Update GPA to include detailed error messages.
 * GODT-2479: Ensure messages always have a text body part.
 * GODT-2482: More attachment to relevant exceptions.
 * GODT-2224: Refactor bridge sync to use less memory.
 * GODT-2448: Supported Answered flag.
 * GODT-2382: Added bridge-gui settings file with 'UseSoftwareRenderer' value.
 * GODT-2411: Allow qmake executable to be named qmake6.
 * GODT-2273: Menu with "Close window" and "Quit Bridge" button in main window.
 * GODT-2261: Sync progress in GUI.
 * GODT-2385: Gluon cache fallback.
 * GODT-2366: Handle failed message updates as creates.
 * GODT-2201: Bump Gluon to use pure Go IMAP parser.
 * GODT-2374: Import TLS certs via shell.
 * GODT-2361: Bump GPA to use simple encrypter.
 * GODT-1264: Constraint on Scheduled mailbox in connector + Integration tests.
 * GODT-1264: Creation and visibility of the 'Scheduled' system label.
 * GODT-2283: Limit max import size to 30MB (bump GPA to v0.4.0).
 * GODT-2352: Only copy resource file when needed.
 * GODT-2352: Use go-build-finalize macro to build vault-editor for both mac arch.
 * GODT-2278: Properly override server_name for go.
 * GODT-2255: Randomize the focus service port.
 * GODT-2144: Handle IMAP/SMTP server errors via event stream.
 * GODT-2144: Delay IMAP/SMTP server start until all users are loaded.
 * GODT-2295: Notifications for IMAP login when signed out.
 * GODT-2278: Improve sentry logs.
 * GODT-2289: UIDValidity as Timestamp.
 ### Fixed
 * GODT-2505: Show notification only for cases when user needs to do actions.
 * GODT-2516: Log error when the vault key cannot be created/loaded from the keychain.
 * GODT-2526: Fix high memory usage with fetch/search.
 * GODT-2514: Apply Retry-After to 503.
 * GODT-2524: Preserve old vault values.
 * GODT-2508: Handle Address Updated for none-existing address.
 * GODT-2504: Fix missing attachments in imported message.
 * GODT-2513: Scanner Crash in Gluon.
 * GODT-2512: Catch unhandled API errors.
 * GODT-2507: Memory consumption bug.
 * GODT-2497: Do not report EOF and network errors.
 * GODT-2481: Fix DBUS Secert Service.
 * GODT-2455: Upper limit for number of merged events.
 * GODT-2480: Do not override X-Original-Date with invalid Date.
 * GODT-2473: Fix handling of complex mime types.
 * GODT-2469: Fix sentry revision hash for cmake on windows.
 * GODT-2424: Sync Builder Message Split.
 * GODT-2419: Use connector.ErrOperationNotAllowed.
 * GODT-2418: Ensure child folders are updated when parent is.
 * GODT-1945: Handle disabled addresses correctly.
 * GODT-2390: Add reports for uncaught json and net.opErr.
 * GODT-2393: Improved handling of unrecoverable error.
 * GODT-2394: Bump Gluon for golang.org/x/text DoS risk.
 * GODT-2387: Ensure vault can be unlocked after factory reset.
 * GODT-2389: Close bridge on exception and add max termination wait time.
 * GODT-2201: Add missing rfc5322.CharsetReader initialization.
 * GODT-1804: Preserve MIME parameters when uploading attachments.
 * GODT-2312: Used space is properly updated.
 * GODT-2319: Seed the math/rand RNG on app startup.
 * GODT-2272: Use shorter filename for gRPC file socket.
 * GODT-2318: Remove gluon DB if label sync was incomplete.
 * GODT-2326: Only run sync after addIMAPUser().
 * GODT-2323: Fix Expunge not issued for move.
 * GODT-2224: Properly handle context cancellation during sync.
 * GODT-2328: Ignore labels that aren't part of user label set.
 * GODT-2326: Fix potential Win32 API deadlock.
 * GODT-1804: Only promote content headers if non-empty.
 * GODT-2327: Remove unnecessary sync when changing address mode.
 * GODT-2343: Only poll after send if sync is complete.
 * GODT-2336: Recover from changed address order while bridge is down.
 * GODT-2347: Prevent updates from being dropped if goroutine doesn't start fast.
 * GODT-2351: Bump GPA to properly handle net.OpError and add tests.
 * GODT-2351: Bump GPA to automatically retry on net.OpError.
 * GODT-2365: Use predictable remote ID for placeholder mailboxes.
 * GODT-2381: Unset draft flag on sent messages.
 * GODT-2380: Only set external ID in header if non-empty.
 ## [Bridge 3.0.21] Perth Narrows
 ### Added
 * GODT-2509: Migrate TLS cert from v1/v2 location during upgrade to v3.
 ### Changed
 * GODT-2516: log error when the vault key cannot be created/loaded from the keychain.
 ### Fixed
 * GODT-2501: Remove additional .desktop file.
 * GODT-2513: Crash in scanner.
 * GODT-2481: Fix DBUS Secert Service.
 * GODT-2512: Catch unhandled API errors.
 * GODT-2469: Fix sentry revision hash for cmake on windows.
 ## [Bridge 3.0.20] Perth Narrows
 ### Added
 * GODT-2442: Allow user to re-sync DB without logout.
 ### Changed
 * GODT-2419: Reduce sentry reports.
 * GODT-2458: Wait for both bridge and bridge-gui to be ended before restarting on crash.
 * GODT-2457: Include address if GetPublickKeys() error message.
 * GODT-2446: Attach logs to sentry reports for relevant bridge-gui exceptions.
 * GODT-2425: Out of sync messages and read status.
 * GODT-2435: Group report exception by message if exception message looks corrupted.
 * GODT-2356: Unify sentry release description and add more context to it.
 * GODT-2357: Hide DSN_SENTRY and use single setting point for DSN_SENTRY.
 * GODT-2444: Bad event info.
 * GODT-2447: Don't assume timestamp exists in log filename.
 * GODT-2333: Do not allow modifications to All Mail label.
 * GODT-2429: Do not report context cancel to sentry.
 ### Fixed
 * GODT-2467: elide long email addresses in 'bad event' QML notification dialog.
 * GODT-2449: fix bug in Bridge-GUI's Exception::what().
 * GODT-2427: Parsing header issues.
 * GODT-2426: Fix crash on user delete.
 * GODT-2417: Do not request gluon recovered message from API.
 ## [Bridge 3.0.19] Perth Narrows
 ### Fixed
 * GODT-2364: Wait and retry once if the gRPC service config file exists but cannot be opened.
 * GODT-2364: Added optional details to C++ exceptions.
 * GODT-2413: Use qEnvironmentVariable() instead of qgetenv().
 * GODT-2412: Don't treat context cancellation as BadEvent.
 * GODT-2404: Handle unexpected EOF.
 * GODT-2400: Allow state updates to be applied if command fails.
 * GODT-2399: Fix immediate message deletion during updates.
 * GODT-2390: Missing changes from previous commit.
 * GODT-2390: Add reports for uncaught json and net.opErr.
 * GODT-2414: Multiple deletion bug in WriteControlledStore.
 ## [Bridge 3.0.18] Perth Narrows
 ### Fixed
 * GODT-2392: Create message if gluon updateMessage returns `no such message`.
 * GODT-2391: Create draft if missing during message update on gluon side.
 ## [Bridge 3.0.16/17] Perth Narrows
 ### Fixed
 * GODT-2371: Continue, not return, when handling draft.
 ## [Bridge 3.0.15] Perth Narrows
 ### Changed
 * GODT-2355: Improve wording and actions on bad event.
@ -51,7 +771,7 @@ GODT-1804: Preserve MIME parameters when uploading attachments.
 * GODT-2223: Improve event handling.
 * GODT-2305: Detect missing gluon DB.
 * GODT-2291: Change gluon store default location from Cache to Data.
-* Other: Disable dialer test until badssl cert is bumbed.
+* Other: Disable dialer test until badssl cert is bumped.
 * GODT-2292: Updated BUILDS.md doc.
 * GODT-2258: suggest email as login when signing in via status window.
 * Other: Report corrupt and/or insecure vaults to sentry.
@ -331,7 +1051,7 @@ GODT-1804: Preserve MIME parameters when uploading attachments.
 ## [Bridge 2.4.6] Osney
 ### Changed
-* GODT-2019: When signing out and a single user is connecte* we do not go back to the welcome screen.
+* GODT-2019: When signing out and a single user is connected we do not go back to the welcome screen.
 * GODT-2071: Bridge-gui report error if an orphan bridge is detected.
 * GODT-2046: Bridge-gui log is included in optional archive sent with bug reports.
 * GODT-2039: Bridge monitors bridge-gui via its PID.
@ -485,7 +1205,7 @@ GODT-1804: Preserve MIME parameters when uploading attachments.
    * GODT-1260: Renaming.
    * GODT-1502: Rebranding: color and radius.
 * GODT-1549: Add notification when address list changes.
-* GODT-1560: Dependecy licenses update and link.
+* GODT-1560: Dependency licenses update and link.
 ### Changed
 * GODT-1543: Using one buffered event for off and on connection.
@ -582,7 +1302,7 @@ GODT-1537: Manual in-app update mechanism.
    * GODT-1338: GODT-1343 Help view buttons.
    * GODT-1340: Not crashing, user list updating in main thread.
    * GODT-1345: Adding panic handlers.
-    * GODT-1271: Fix Status margings.
+    * GODT-1271: Fix Status margins.
    * GODT-1320: Add loading property to each action within a notification.
    * GODT-1210: Add "free user" banner.
    * GODT-1314: Limit description field length within 150/800 bounds.
@ -624,7 +1344,7 @@ GODT-1537: Manual in-app update mechanism.
    * GODT-1381 Treat readonly folder as failure for cache on disk.
    * GODT-1431 Prevent watcher when not using disk on cache.
    * GODT-1381: Use in-memory cache in case local cache is unavailable.
-    * GODT-1356 GODT-1302: Cache on disk concurency and API retries.
+    * GODT-1356 GODT-1302: Cache on disk concurrency and API retries.
    * GODT-1332 Added tests for cache move functions.
    * GODT-1332: moved cache related functions to separate file.
    * GODT-1332 moving cache does not work on Windows.
@ -875,7 +1595,7 @@ GODT-1537: Manual in-app update mechanism.
 ### Fixed
 * GODT-1029 Fix tray icon not updating under certain conditions.
 * GODT-1062 Fix lost notification bar when window is closed.
-* GODT-1058 Install version after chaning channel right away only in case of downgrade.
+* GODT-1058 Install version after changing channel right away only in case of downgrade.
 * GODT-1073 Re-write autostart link on every start if turned on in preferences.
 * GODT-1055 Fix flaky empty trash test.
@ -965,7 +1685,7 @@ GODT-1537: Manual in-app update mechanism.
 * GODT-820 Added GUI notification on impossibility of update installation (both silent and manual).
 * GODT-870 Added GUI notification on error during silent update.
 * GODT-805 Added GUI notification on update available.
-* GODT-804 Added GUI notification on silent update installed (promt to restart).
+* GODT-804 Added GUI notification on silent update installed (prompt to restart).
 * GODT-275 Added option to disable autoupdates in settings (default autoupdate is enabled).
 * GODT-874 Added manual triggers to Updater module.
 * GODT-851 Added support of UID EXPUNGE.
@ -1289,7 +2009,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 ### Changed
 * GODT-360 Detect charset embedded in html/xml.
-* GODT-354 Do not label/unlabel messsages from `All Mail` folder.
+* GODT-354 Do not label/unlabel messages from `All Mail` folder.
 * GODT-388 Support for both bridge and import/export credentials by package users.
 * GODT-387 Store factory to make store optional.
 * GODT-386 Renamed bridge to general users and keep bridge only for bridge stuff.
@ -1454,13 +2174,13 @@ CSB-331 Fix sending error due to mixed case in sender address.
 * GODT-88 Run mbox sync in parallel when switch password mode (re-init not user).
 * GODT-95 Do not throw error when trying to create new mailbox in IMAP root.
 * GODT-75 Do not fail on unlabel inside delete.
-* #1095 always delete IMAP USER including wrong pasword.
+* #1095 always delete IMAP USER including wrong password.
 * Unique pmapi client userID (including #1098).
 * Using go.enmime@v0.6.1 snapshot.
 * Better detection of non-auth-error.
 * Reset `hasAuthChannel` during logout for proper login functionality (set up auth channel and unlock keys).
 * Allow `APPEND` messages without parsable email address in sender field.
-* #1060 avoid `Append` after internal message ID was found and message was copyed to mailbox using `MessageLabel`.
+* #1060 avoid `Append` after internal message ID was found and message was copied to mailbox using `MessageLabel`.
 * #1049 Basic usage of store in SMTP package to poll event loop during sending message.
 * #1050 pollNow waits for events to be processed.
 * #1047 Fix fetch of empty mailbox.
@ -1586,7 +2306,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 * #903 added http.Client timeout to not hang out forever.
 * Closing body after checking internet connection.
 * Pedantic lint for bridgeUtils.
-* Selected events are buffered and emited again when frontend loop is ready.
+* Selected events are buffered and emitted again when frontend loop is ready.
 * #890 implemented 2FA endpoint (auth split).
 * #888 TLS Cert.
    * Error bar and modal with explanation in GUI.
@ -1594,7 +2314,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
    * Add pinning to bridge (only for live API builds).
 * #887 #883:
 * Wait before clearing data.
- * Configer which provides pmapi.ClientConfig and app directories.
+ * Configure which provides pmapi.ClientConfig and app directories.
 * #861 restart after clear data.
 * Panic handler for all goroutines.
 * CD for linux.
@ -1642,7 +2362,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 * #882 unassign PMAPI client after logout and force to run garbage collector.
 * #880, #884, #885, #886 fix of informing user about outgoing non-encrypted e-mail.
 * #838 `Sirupsen` -> `sirupsen`.
-* #893 save panic report file everytime.
+* #893 save panic report file every time.
 * #880 fix of informing user about outgoing non-encrypted e-mail.
 * Fix aliases in split mode.
 * Fix decrypted data in log notification.
@ -1716,7 +2436,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 ### Changed
 * Fix custom message format.
-* #802 acumulated long lines while parsing body structure.
+* #802 accumulated long lines while parsing body structure.
 * Process `AddressEvent` before `MessageEvent`.
 * #791 updated crypto: fix wrong signature format.
 * #793 fix returning size.
@ -1738,7 +2458,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 ### Changed
 * #748 when charset missing assume utf8 and check the validity.
-* #750 before sync check that events are uptodate, if not poll events instead of sync.
+* #750 before sync check that events are up-to-date, if not poll events instead of sync.
 * Use pmapi with support of decrypted access token.
 * #750 Status is using DB status instead of API.
 * Format panic error as string instead of struct dump.
@ -1755,7 +2475,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 * Full version of program visible on release notes.
 ### Changed
-* #720 only one concurent DB sync.
+* #720 only one concurrent DB sync.
 * #720 sync every 3 pages.
 * #512 extending list of charsets go-pm-mime!4.
@ -1779,7 +2499,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 * Fix srp modulus issue with new `ProtonMail/crypto`.
 * Generate version files from main file.
 * Be able to set update set on build.
-* #597 check on start that certificat will be still valid after one month and generate new cert if not.
+* #597 check on start that certificate will be still valid after one month and generate new cert if not.
 * #597 extended certificate validity to 2 years.
 * Copyright 2019.
 * Exclude `protontech` repos from credits.
@ -1798,7 +2518,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 * #592 internal references are added only when not present already.
 * #592 field `Date` changed to m.Time only when wrong format or missing `Date`.
 * #645 pmapi#26 `Message.Flags` instead of `IsEncrypted`, `Type`, `IsReplied`, `IsRepliedAll`, `IsForwarded`.
-* DB: do not allow to put Body or Attachements to db.
+* DB: do not allow to put Body or Attachments to db.
 * #574 SMTP: can now send more than one email.
 * #671 Verbosity levels: `debug` (only bridge), `debug-client` (bridge and client communication), `debug-server` (bridge, whole SMTP/IMAP communication).
 * #644 Return rfc.size 0 or correct size of fetched body (stored in DB).
@ -1870,7 +2590,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 * Start with new versioning.
          1.1.0
-          | | `--- bug fix number (internal, irregular, beta relases)
+          | | `--- bug fix number (internal, irregular, beta releases)
          | `----- minor version (features, release once per month, live release, milestones)
          `------- major version (big changes, once per year, breaking changes, api force upgrade)
@ -1936,7 +2656,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
 * All `client.Do` errors are interpreted as connection issue.
 * Moved to internal gitlab.
 * Typo `frontend-qml`.
-* Better message for case when server is not reacheable.
+* Better message for case when server is not reachable.
 * Setting 1min timeout to IMAP connection.
 ### Changed
@ -1968,12 +2688,12 @@ CSB-331 Fix sending error due to mixed case in sender address.
 * Keychain format and function refactor.
 * Create crash file on panic with full trace.
 * Clear old data only in main process (no double keychain typing).
-* Create label udpate API route.
+* Create label update API route.
 * Selectable text in release notes.
 ### Added
 * Support sending to external PGP recipients.
-* Return error codes: `0: Ok`, `2: Frontend crashed`, `3: Bridge already running`, `4: Uknown argument`, `42: Restart application`.
+* Return error codes: `0: Ok`, `2: Frontend crashed`, `3: Bridge already running`, `4: Unknown argument`, `42: Restart application`.
 ### Release notes
 * Support of encryption to external PGP recipients using contacts created on beta.protonmail.com (see https://protonmail.com/blog/pgp-vulnerability-efail/ to understand the vulnerabilities that may be associated with sending to other PGP clients).
@ -1998,7 +2718,7 @@ CSB-331 Fix sending error due to mixed case in sender address.
    * Bug report window.
    * Checkbox and with label (only I/E).
    * Error dialog and Info tooltip (only I/E).
-    * Add user modal formating (colors, text).
+    * Add user modal formatting (colors, text).
    * Account view style.
    * Input box style (used in bug report).
    * Input field style (used in add account and change port).
--- a/118
+++ b/118
@ -1,17 +1,18 @@
 export GO111MODULE=on
 export CGO_ENABLED=1
 # By default, the target OS is the same as the host OS,
 # but this can be overridden by setting TARGET_OS to "windows"/"darwin"/"linux".
 GOOS:=$(shell go env GOOS)
 TARGET_CMD?=Desktop-Bridge
 TARGET_OS?=${GOOS}
-ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+ROOT_DIR:=$(realpath .)
 ## Build
 .PHONY: build build-gui build-nogui build-launcher versioner hasher
 # Keep version hardcoded so app build works also without Git repository.
-BRIDGE_APP_VERSION?=3.0.15+git
+BRIDGE_APP_VERSION?=3.11.1+git
 APP_VERSION:=${BRIDGE_APP_VERSION}
 APP_FULL_NAME:=Proton Mail Bridge
 APP_VENDOR:=Proton AG
@ -19,20 +20,26 @@ SRC_ICO:=bridge.ico
 SRC_ICNS:=Bridge.icns
 SRC_SVG:=bridge.svg
 EXE_NAME:=proton-bridge
-REVISION:=$(shell git rev-parse --short=10 HEAD)
+REVISION:=$(shell "${ROOT_DIR}/utils/get_revision.sh" rev)
 TAG:=$(shell "${ROOT_DIR}/utils/get_revision.sh" tag)
 BUILD_TIME:=$(shell date +%FT%T%z)
 MACOS_MIN_VERSION_ARM64=11.0
 MACOS_MIN_VERSION_AMD64=10.15
 BUILD_ENV?=dev
 BUILD_FLAGS:=-tags='${BUILD_TAGS}'
 BUILD_FLAGS_LAUNCHER:=${BUILD_FLAGS}
-BUILD_FLAGS_GUI:=-tags='${BUILD_TAGS} build_qt'
+GO_LDFLAGS:=$(addprefix -X github.com/ProtonMail/proton-bridge/v3/internal/constants., Version=${APP_VERSION} Revision=${REVISION} Tag=${TAG} BuildTime=${BUILD_TIME})
 GO_LDFLAGS:=$(addprefix -X github.com/ProtonMail/proton-bridge/v3/internal/constants., Version=${APP_VERSION} Revision=${REVISION} BuildTime=${BUILD_TIME})
 GO_LDFLAGS+=-X "github.com/ProtonMail/proton-bridge/v3/internal/constants.FullAppName=${APP_FULL_NAME}"
-ifneq "${BUILD_LDFLAGS}" ""
+ifneq "${DSN_SENTRY}" ""
-	GO_LDFLAGS+=${BUILD_LDFLAGS}
+	GO_LDFLAGS+=-X github.com/ProtonMail/proton-bridge/v3/internal/constants.DSNSentry=${DSN_SENTRY}
 endif
 ifneq "${BUILD_ENV}" ""
 	GO_LDFLAGS+=-X github.com/ProtonMail/proton-bridge/v3/internal/constants.BuildEnv=${BUILD_ENV}
 endif
 GO_LDFLAGS_LAUNCHER:=${GO_LDFLAGS}
 ifeq "${TARGET_OS}" "windows"
 	#GO_LDFLAGS+=-H=windowsgui # Disabled so we can inspect trace logs from the bridge for debugging.
@ -40,7 +47,6 @@ ifeq "${TARGET_OS}" "windows"
 endif
 BUILD_FLAGS+=-ldflags '${GO_LDFLAGS}'
 BUILD_FLAGS_GUI+=-ldflags "${GO_LDFLAGS}"
 BUILD_FLAGS_LAUNCHER+=-ldflags '${GO_LDFLAGS_LAUNCHER}'
 DEPLOY_DIR:=cmd/${TARGET_CMD}/deploy
 DIRNAME:=$(shell basename ${CURDIR})
@ -96,9 +102,9 @@ endif
 ifeq "${GOOS}" "windows"
 	go-build-finalize= \
-		powershell Copy-Item ${ROOT_DIR}/${RESOURCE_FILE} ${4}  && \
+		$(if $(4),cp "${ROOT_DIR}/${RESOURCE_FILE}" ${4}  &&,) \
-		$(call go-build,$(1),$(2),$(3)) && \
+		$(call go-build,$(1),$(2),$(3)) \
-		powershell Remove-Item ${4} -Force
+		$(if $(4), && rm -f ${4},)
 endif
 ${EXE_NAME}: gofiles  ${RESOURCE_FILE}
@ -112,7 +118,10 @@ versioner:
 	go build ${BUILD_FLAGS} -o versioner utils/versioner/main.go
 vault-editor:
-	go build -tags debug -o vault-editor utils/vault-editor/main.go
+	$(call go-build-finalize,-tags=debug,"vault-editor","./utils/vault-editor/main.go")
 bridge-rollout:
 	$(call go-build-finalize,, "bridge-rollout","./utils/bridge-rollout/bridge-rollout.go")
 hasher:
 	go build -o hasher utils/hasher/main.go
@ -154,9 +163,12 @@ ${EXE_TARGET}: check-build-essentials ${EXE_NAME}
 		BRIDGE_VENDOR="${APP_VENDOR}" \
 		BRIDGE_APP_VERSION=${APP_VERSION} \
 		BRIDGE_REVISION=${REVISION} \
-		BRIDGE_BUILD_TIME=${BUILD_TIME} \
+		BRIDGE_TAG=${TAG} \
 		BRIDGE_DSN_SENTRY=${DSN_SENTRY} \
 		BRIDGE_BUILD_TIME=${BUILD_TIME} \
 		BRIDGE_GUI_BUILD_CONFIG=Release \
-		BRIDGE_INSTALL_PATH=${ROOT_DIR}/${DEPLOY_DIR}/${GOOS} \
+		BRIDGE_BUILD_ENV=${BUILD_ENV} \
 		BRIDGE_INSTALL_PATH="${ROOT_DIR}/${DEPLOY_DIR}/${GOOS}" \
 		./build.sh install
 	mv "${ROOT_DIR}/${BRIDGE_EXE}" "$(ROOT_DIR)/${EXE_TARGET}"
@ -177,7 +189,7 @@ ${RESOURCE_FILE}: ./dist/info.rc ./dist/${SRC_ICO} .FORCE
 ## Dev dependencies
 .PHONY: install-devel-tools install-linter install-go-mod-outdated install-git-hooks
-LINTVER:="v1.50.0"
+LINTVER:="v1.55.2"
 LINTSRC:="https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh"
 install-dev-dependencies: install-devel-tools install-linter install-go-mod-outdated
@ -221,14 +233,28 @@ add-license:
 change-copyright-year:
 	./utils/missing_license.sh change-year
 GOCOVERAGE=-covermode=count -coverpkg=github.com/ProtonMail/proton-bridge/v3/internal/...,github.com/ProtonMail/proton-bridge/v3/pkg/...,
 GOCOVERDIR=-args -test.gocoverdir=$$PWD/coverage
 test: gofiles
-	go test -v -timeout=5m -p=1 -count=1 -coverprofile=/tmp/coverage.out -run=${TESTRUN} ./internal/... ./pkg/...
+	mkdir -p coverage/unit-${GOOS}
 	go test \
 		-v -timeout=20m -p=1 -count=1 \
 		${GOCOVERAGE} \
 		-run=${TESTRUN} ./internal/... ./pkg/... \
 		${GOCOVERDIR}/unit-${GOOS}
 test-race: gofiles
-	go test -v -timeout=30m -p=1 -count=1 -race -failfast -run=${TESTRUN} ./internal/... ./pkg/...
+	go test -v -timeout=40m -p=1 -count=1 -race -failfast -run=${TESTRUN} ./internal/... ./pkg/...
 test-integration: gofiles
-	go test -v -timeout=10m -p=1 -count=1 github.com/ProtonMail/proton-bridge/v3/tests
+	mkdir -p coverage/integration
 	go test \
 		-v -timeout=60m -p=1 -count=1 -tags=test_integration \
 		${GOCOVERAGE} \
 		github.com/ProtonMail/proton-bridge/v3/tests \
 		${GOCOVERDIR}/integration
 test-integration-debug: gofiles
 	dlv test github.com/ProtonMail/proton-bridge/v3/tests -- -test.v -test.timeout=10m -test.parallel=1 -test.count=1
@ -236,6 +262,22 @@ test-integration-debug: gofiles
 test-integration-race: gofiles
 	go test -v -timeout=60m -p=1 -count=1 -race -failfast github.com/ProtonMail/proton-bridge/v3/tests
 test-integration-nightly: gofiles
 	mkdir -p coverage/integration
 	go test \
 		-v -timeout=90m -p=1 -count=1 -tags=test_integration \
 		${GOCOVERAGE} \
 		github.com/ProtonMail/proton-bridge/v3/tests \
 		${GOCOVERDIR}/integration \
 		nightly
 fuzz: gofiles
 	go test -fuzz=FuzzUnmarshal 	 -parallel=4 -fuzztime=60s $(PWD)/internal/legacy/credentials
 	go test -fuzz=FuzzNewParser 	 -parallel=4 -fuzztime=60s $(PWD)/pkg/message/parser
 	go test -fuzz=FuzzReadHeaderBody -parallel=4 -fuzztime=60s $(PWD)/pkg/message
 	go test -fuzz=FuzzDecodeHeader 	 -parallel=4 -fuzztime=60s $(PWD)/pkg/mime
 	go test -fuzz=FuzzDecodeCharset  -parallel=4 -fuzztime=60s $(PWD)/pkg/mime
 bench:
 	go test -run '^$$' -bench=. -memprofile bench_mem.pprof -cpuprofile bench_cpu.pprof ./internal/store
 	go tool pprof -png -output bench_mem.png bench_mem.pprof
@ -247,11 +289,28 @@ coverage: test
 mocks:
 	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/bridge TLSReporter,ProxyController,Autostarter > tmp
 	mv tmp internal/bridge/mocks/mocks.go
-	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/async PanicHandler > internal/bridge/mocks/async_mocks.go
+	mockgen --package mocks github.com/ProtonMail/gluon/async PanicHandler > internal/bridge/mocks/async_mocks.go
 	mockgen --package mocks github.com/ProtonMail/gluon/reporter Reporter > internal/bridge/mocks/gluon_mocks.go
 	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/updater Downloader,Installer > internal/updater/mocks/mocks.go
 	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/telemetry HeartbeatManager > internal/telemetry/mocks/mocks.go
 	cp internal/telemetry/mocks/mocks.go internal/bridge/mocks/telemetry_mocks.go
 	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/services/userevents \
 EventSource,EventIDStore  > internal/services/userevents/mocks/mocks.go
 	mockgen --package userevents github.com/ProtonMail/proton-bridge/v3/internal/services/userevents \
 EventSubscriber,MessageEventHandler,LabelEventHandler,AddressEventHandler,RefreshEventHandler,UserEventHandler,UserUsedSpaceEventHandler > tmp
 	mv tmp internal/services/userevents/mocks_test.go
 	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/events EventPublisher \
 > internal/events/mocks/mocks.go
 	mockgen --package mocks github.com/ProtonMail/proton-bridge/v3/internal/services/useridentity IdentityProvider,Telemetry \
 > internal/services/useridentity/mocks/mocks.go
 	mockgen --self_package "github.com/ProtonMail/proton-bridge/v3/internal/services/syncservice" -package syncservice github.com/ProtonMail/proton-bridge/v3/internal/services/syncservice \
 ApplyStageInput,BuildStageInput,BuildStageOutput,DownloadStageInput,DownloadStageOutput,MetadataStageInput,MetadataStageOutput,\
 StateProvider,Regulator,UpdateApplier,MessageBuilder,APIClient,Reporter,DownloadRateModifier \
 > tmp
 	mv tmp internal/services/syncservice/mocks_test.go
 	mockgen --package mocks github.com/ProtonMail/gluon/connector IMAPStateWrite > internal/services/imapservice/mocks/mocks.go
-lint: gofiles lint-golang lint-license lint-dependencies lint-changelog
+lint: gofiles lint-golang lint-license lint-dependencies lint-changelog lint-bug-report
 lint-license:
 	./utils/missing_license.sh check
@ -267,12 +326,11 @@ lint-golang:
 	$(info linting with GOMAXPROCS=${GOMAXPROCS})
 	golangci-lint run ./...
-gobinsec: gobinsec-cache.yml build
+lint-bug-report:
-	gobinsec -wait -cache -config utils/gobinsec_conf.yml ${EXE_TARGET} ${DEPLOY_DIR}/${TARGET_OS}/${LAUNCHER_EXE}
+	python3 utils/validate_bug_report_file.py --file "internal/frontend/bridge-gui/bridge-gui/qml/Resources/bug_report_flow.json"
-gobinsec-cache.yml:
+lint-bug-report-preview:
-	./utils/gobinsec_update.sh
+	python3 utils/validate_bug_report_file.py --file "internal/frontend/bridge-gui/bridge-gui/qml/Resources/bug_report_flow.json" --preview
 	cp ./utils/gobinsec_update/gobinsec-cache-valid.yml ./gobinsec-cache.yml
 updates: install-go-mod-outdated
 	# Uncomment the "-ci" to fail the job if something can be updated.
@ -319,7 +377,11 @@ run-nogui: build-nogui clean-vendor gofiles
 	PROTONMAIL_ENV=dev ./${LAUNCHER_EXE} ${RUN_FLAGS} -c
 run-debug:
-	dlv debug ./cmd/Desktop-Bridge/main.go -- -l=debug
+	dlv debug \
 		--build-flags "-ldflags '-X github.com/ProtonMail/proton-bridge/v3/internal/constants.Version=3.1.0+git'" \
 		./cmd/Desktop-Bridge/main.go \
 		-- \
 		-n -l=trace
 ifeq "${TARGET_OS}" "windows"
 	EXE_SUFFIX=.exe
@ -340,7 +402,7 @@ clean-vendor:
 clean-gui:
 	cd internal/frontend/bridge-gui/ && \
-		rm -f Version.h && \
+		rm -f BuildConfig.h && \
 		rm -rf cmake-build-*/
 clean-vcpkg:
@ -363,6 +425,6 @@ clean: clean-vendor clean-gui clean-vcpkg
 .PHONY: generate
 generate:
 	go generate ./...
-	$(MAKE) add-license
+	$(MAKE) build
 .FORCE:
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 # Proton Mail Bridge and Import Export app
-Copyright (c) 2022 Proton AG
+Copyright (c) 2024 Proton AG
 This repository holds the Proton Mail Bridge and the Proton Mail Import-Export applications.
 For a detailed build information see [BUILDS](./BUILDS.md).
@ -48,9 +48,6 @@ major problems.
 ## Environment Variables
 ### Bridge application
 - `BRIDGESTRICTMODE`: tells bridge to turn on `bbolt`'s "strict mode" which checks the database after every `Commit`. Set to `1` to enable.
 ### Dev build or run
 - `APP_VERSION`: set the bridge app version used during testing or building
 - `PROTONMAIL_ENV`: when set to `dev` it is not using Sentry to report crashes
@ -70,25 +67,26 @@ There are now three types of system folders which Bridge recognises:
 |--------|-------------------------------------|-----------------------------------------------------|-------------------------------------|---------------------------------------|
 | config | %APPDATA%\protonmail\bridge-v3      | ~/Library/Application Support/protonmail/bridge-v3  | ~/.config/protonmail/bridge-v3      | $XDG_CONFIG_HOME/protonmail/bridge-v3 |
 | cache  | %LOCALAPPDATA%\protonmail\bridge-v3 | ~/Library/Caches/protonmail/bridge-v3               | ~/.cache/protonmail/bridge-v3       | $XDG_CACHE_HOME/protonmail/bridge-v3  |
-| data	 | %APPDATA%\protonmail\bridge-v3      | ~/Library/Application Support/protonmail/bridge-v3  | ~/.local/share/protonmail/bridge-v3 | $XDG_DATA_HOME/protonmail/bridge-v3   |
+| data	  | %APPDATA%\protonmail\bridge-v3      | ~/Library/Application Support/protonmail/bridge-v3  | ~/.local/share/protonmail/bridge-v3 | $XDG_DATA_HOME/protonmail/bridge-v3   |
 | temp   | %LOCALAPPDATA%\Temp                 | $TMPDIR if non-empty, else /tmp                     | $TMPDIR if non-empty, else /tmp     | $TMPDIR if non-empty, else /tmp       |
 ## Files
-|                       | Base Dir | Path                       |
+|                        | Base Dir | Path                       |
-|-----------------------|----------|----------------------------|
+|------------------------|----------|----------------------------|
-| bridge lock file      | cache    | bridge.lock                |
+| bridge lock file       | cache    | bridge.lock                |
-| bridge-gui lock file  | cache    | bridge-gui.lock            |
+| bridge-gui lock file   | cache    | bridge-gui.lock            |
-| vault                 | config   | vault.enc                  |
+| vault                  | config   | vault.enc                  |
-| gRPC server json      | config   | grpcServerConfig.json      |
+| gRPC server json       | config   | grpcServerConfig.json      |
-| gRPC client json      | config   | grpcClientConfig_<id>.json |
+| gRPC client json       | config   | grpcClientConfig_<id>.json |
-| Logs                  | data     | logs                       |
+| gRPC Focus server json | config   | grpcFocusServerConfig.json |
-| gluon DB              | data     | gluon/backend/db           |
+| Logs                   | data     | logs                       |
-| gluon messages        | sata     | gluon/backend/store        |
+| gluon DB               | data     | gluon/backend/db           |
-| Update files          | data     | updates                    |
+| gluon messages         | data     | gluon/backend/store        |
-| sentry cache          | data     | sentry_cache               |
+| Update files           | data     | updates                    |
-| Mac/Linux File Socket | temp     | bridge_{RANDOM_UUID}.sock  |
+| sentry cache           | data     | sentry_cache               |
 | Mac/Linux File Socket  | temp     | bridge{4_DIGITS}           |
--- a/ci/build.yml
+++ b/ci/build.yml
@ -0,0 +1,72 @@
 ---
 .script-build:
  stage: build
  needs: ["lint"]
  extends:
    - .rules-branch-and-MR-manual
  script:
    - which go && go version
    - which gcc && gcc --version
    - which qmake && qmake --version
    - git rev-parse --short=10 HEAD
    - make build
    - git diff && git diff-index --quiet HEAD
    - make vault-editor
    - make bridge-rollout
  artifacts:
    expire_in: 1 day
    when: always
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - bridge_*.tgz
      - vault-editor
      - bridge-rollout
 build-linux:
  extends:
    - .script-build
    - .env-linux-build
 build-linux-qa:
  extends:
    - build-linux
    - .rules-branch-manual-MR-and-devel-always
  variables:
    BUILD_TAGS: "build_qa"
 build-darwin:
  extends:
    - .script-build
    - .env-darwin
 build-darwin-qa:
  extends:
    - build-darwin
  variables:
    BUILD_TAGS: "build_qa"
 build-windows:
  extends:
    - .script-build
    - .env-windows
 build-windows-qa:
  extends:
    - build-windows
  variables:
    BUILD_TAGS: "build_qa"
 trigger-qa-installer:
  stage: build
  needs: ["lint"]
  extends:
    - .rules-br-tag-always-branch-and-MR-manual
  variables:
    APP: bridge
    WORKFLOW: build-all
    SRC_TAG: $CI_COMMIT_BRANCH
    TAG: $CI_COMMIT_TAG
    SRC_HASH: $CI_COMMIT_SHA
  trigger:
    project: "jcuth/bridge-release"
    branch: master
--- a/ci/env.yml
+++ b/ci/env.yml
@ -0,0 +1,59 @@
 ---
 .env-windows:
  extends:
    - .image-windows-virt-build
  before_script:
    - !reference [.before-script-windows-virt-build, before_script]
    - !reference [.before-script-git-config, before_script]
    - mkdir -p .cache/bin
    - export PATH=$(pwd)/.cache/bin:$PATH
    - export GOPATH="$CI_PROJECT_DIR/.cache"
  variables:
    GOARCH: amd64
    BRIDGE_SYNC_FORCE_MINIMUM_SPEC: 1
    VCPKG_DEFAULT_BINARY_CACHE: ${CI_PROJECT_DIR}/.cache
  cache:
    key: windows-vcpkg-go-0
    paths:
      - .cache
    when: 'always'
 .env-darwin:
  extends:
    - .image-darwin-build
  before_script:
    - !reference [.before-script-darwin-tart-build, before_script]
    - !reference [.before-script-git-config, before_script]
    - mkdir -p .cache/bin
    - export PATH=$(pwd)/.cache/bin:$PATH
    - export GOPATH="$CI_PROJECT_DIR/.cache"
  variables:
    BRIDGE_SYNC_FORCE_MINIMUM_SPEC: 1
    VCPKG_DEFAULT_BINARY_CACHE: ${CI_PROJECT_DIR}/.cache
  cache:
    key: darwin-go-and-vcpkg
    paths:
      - .cache
    when: 'always'
 .env-linux-build:
  extends:
    - .image-linux-build
  variables:
    VCPKG_DEFAULT_BINARY_CACHE: ${CI_PROJECT_DIR}/.cache
  cache:
    key: linux-vcpkg
    paths:
      - .cache
    when: 'always'
  before_script:
    - export BRIDGE_SYNC_FORCE_MINIMUM_SPEC=1
    - !reference [.before-script-git-config, before_script]
    - mkdir -p .cache/bin
    - export PATH=$(pwd)/.cache/bin:$PATH
    - export GOPATH="$CI_PROJECT_DIR/.cache"
  tags:
    - shared-large
--- a/ci/rules.yml
+++ b/ci/rules.yml
@ -0,0 +1,58 @@
 ---
 .rules-branch-and-MR-manual:
  rules:
    - if: $CI_COMMIT_BRANCH ||  $CI_PIPELINE_SOURCE == "merge_request_event"
      when: manual
      allow_failure: true
    - when: never
 .rules-branch-manual-MR-and-devel-always:
  rules:
    - if: $CI_COMMIT_BRANCH == "devel" || $CI_PIPELINE_SOURCE == "merge_request_event"
      when: always
      allow_failure: false
    - if: $CI_COMMIT_BRANCH
      when: manual
      allow_failure: true
    - when: never
 .rules-branch-manual-br-tag-and-MR-and-devel-always:
  rules:
    - if: $CI_COMMIT_BRANCH == "devel" || $CI_PIPELINE_SOURCE == "merge_request_event"
      when: always
      allow_failure: false
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_TAG =~ /^br-\d+/
      when: always
      allow_failure: false
    - if: $CI_COMMIT_BRANCH
      when: manual
      allow_failure: true
    - when: never
 .rules-branch-manual-scheduled-and-test-branch-always:
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule"
      when: always
      allow_failure: false
    - if: $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME=~ /^test/
      when: always
      allow_failure: false
    - if: $CI_COMMIT_BRANCH
      when: manual
      allow_failure: true
    - when: never
 .rules-br-tag-always-branch-and-MR-manual:
  rules:
    - if: $CI_PIPELINE_SOURCE == 'push' && $CI_COMMIT_BRANCH
      when: manual
      allow_failure: true
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
      when: manual
      allow_failure: true
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_TAG =~ /^br-\d+/
      when: always
    - when: never
--- a/ci/setup.yml
+++ b/ci/setup.yml
@ -0,0 +1,7 @@
 ---
 include:
  - project: 'go/bridge-internal'
    ref: 'master'
    file: 'ci/runners-setup.yml'
--- a/ci/test.yml
+++ b/ci/test.yml
@ -0,0 +1,152 @@
 ---
 lint:
  stage: test
  extends:
    - .image-linux-test
    - .rules-branch-manual-br-tag-and-MR-and-devel-always
  script:
    - make lint
  tags:
    - shared-medium
 lint-bug-report-preview:
  stage: test
  extends:
    - .image-linux-test
    - .rules-branch-and-MR-manual
  script:
    - make lint-bug-report-preview
  tags:
    - shared-medium
 .script-test:
  stage: test
  extends:
    - .rules-branch-manual-MR-and-devel-always
  script:
    - which go && go version
    - which gcc && gcc --version
    - make test
  artifacts:
    paths:
      - coverage/**
 test-linux:
  extends:
    - .image-linux-test
    - .script-test
  tags:
    - shared-large
 test-windows:
  extends:
    - .env-windows
    - .script-test
 test-darwin:
  extends:
    - .env-darwin
    - .script-test
 fuzz-linux:
  stage: test
  extends:
    - .image-linux-test
    - .rules-branch-manual-MR-and-devel-always
  script:
    - make fuzz
  tags:
    - shared-large
 test-linux-race:
  extends:
    - test-linux
    - .rules-branch-and-MR-manual
  script:
    - make test-race
 test-integration:
  extends:
    - test-linux
  script:
    - make test-integration | tee -a integration-job.log
  after_script:
    - |
      grep "Error: " integration-job.log
  artifacts:
    when: always
    paths:
      - integration-job.log
 test-integration-race:
  extends:
    - test-integration
    - .rules-branch-and-MR-manual
  script:
    - make test-integration-race | tee -a integration-race-job.log
  artifacts:
    when: always
    paths:
      - integration-race-job.log
 test-integration-nightly:
  extends:
    - test-integration
    - .rules-branch-manual-scheduled-and-test-branch-always
  needs:
    - test-integration
  script:
    - make test-integration-nightly | tee -a nightly-job.log
  after_script:
    - |
      grep "Error: " nightly-job.log
  artifacts:
    when: always
    paths:
      - nightly-job.log
 test-coverage:
  stage: test
  extends:
    - .image-linux-test
    - .rules-branch-manual-scheduled-and-test-branch-always
  script:
    - ./utils/coverage.sh
  coverage: '/total:.*\(statements\).*\d+\.\d+%/'
  needs:
    - test-linux
    - test-windows
    - test-darwin
    - test-integration
    - test-integration-nightly
  tags:
    - shared-small
  artifacts:
    paths:
      - coverage*
      - coverage/**
    when: 'always'
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage.xml
 go-vuln-check:
  extends:
    - .image-linux-test
    - .rules-branch-manual-MR-and-devel-always
  stage: test
  tags:
    - shared-medium
  script:
    - ./utils/govulncheck.sh
  artifacts:
    when: always
    paths:
      - vulns*
--- a/cmd/Desktop-Bridge/main.go
+++ b/cmd/Desktop-Bridge/main.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -19,11 +19,17 @@ package main
 import (
 	"os"
 	"runtime"
 	"strings"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/sentry"
 	"github.com/sirupsen/logrus"
 	"github.com/ProtonMail/proton-bridge/v3/internal/app"
 	"github.com/bradenaw/juniper/xslices"
 	"github.com/sirupsen/logrus"
 )
 /*
@ -44,7 +50,72 @@ import (
 */
 func main() {
-	if err := app.New().Run(xslices.Filter(os.Args, func(arg string) bool { return !strings.Contains(arg, "-psn_") })); err != nil {
+	appErr := app.New().Run(xslices.Filter(os.Args, func(arg string) bool { return !strings.Contains(arg, "-psn_") }))
-		logrus.Fatal(err)
+	if appErr != nil {
 		_ = app.WithLocations(func(l *locations.Locations) error {
 			logsPath, err := l.ProvideLogsPath()
 			if err != nil {
 				return err
 			}
 			// Get the session ID if its specified
 			var sessionID logging.SessionID
 			if flagVal, found := getFlagValue(os.Args, app.FlagSessionID); found {
 				sessionID = logging.SessionID(flagVal)
 			} else {
 				sessionID = logging.NewSessionID()
 			}
 			closer, err := logging.Init(
 				logsPath,
 				sessionID,
 				logging.BridgeShortAppName,
 				logging.DefaultMaxLogFileSize,
 				logging.DefaultPruningSize,
 				"",
 			)
 			if err != nil {
 				return err
 			}
 			defer func() {
 				_ = logging.Close(closer)
 			}()
 			logrus.
 				WithField("appName", constants.FullAppName).
 				WithField("version", constants.Version).
 				WithField("revision", constants.Revision).
 				WithField("tag", constants.Tag).
 				WithField("build", constants.BuildTime).
 				WithField("runtime", runtime.GOOS).
 				WithField("args", os.Args).
 				WithField("SentryID", sentry.GetProtectedHostname()).WithError(appErr).Error("Failed to initialize bridge")
 			return nil
 		})
 	}
 }
 // getFlagValue - obtains the value of a specified tag
 // The flag can be of the following form `-flag value`, `--flag value`, `-flag=value` or `--flags=value`.
 func getFlagValue(argList []string, flag string) (string, bool) {
 	eqPrefix1 := "-" + flag + "="
 	eqPrefix2 := "--" + flag + "="
 	for i := 0; i < len(argList); i++ {
 		arg := argList[i]
 		if strings.HasPrefix(arg, eqPrefix1) {
 			val := strings.TrimPrefix(arg, eqPrefix1)
 			return val, len(val) > 0
 		}
 		if strings.HasPrefix(arg, eqPrefix2) {
 			val := strings.TrimPrefix(arg, eqPrefix2)
 			return val, len(val) > 0
 		}
 		if (arg == "-"+flag || arg == "--"+flag) && i+1 < len(argList) {
 			return argList[i+1], true
 		}
 	}
 	return "", false
 }
--- a/cmd/Desktop-Bridge/main_test.go
+++ b/cmd/Desktop-Bridge/main_test.go
@ -0,0 +1,47 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 package main
 import (
 	"testing"
 	"github.com/stretchr/testify/require"
 )
 func TestGetFlagValue(t *testing.T) {
 	tests := []struct {
 		args     []string
 		flag     string
 		expected string
 	}{
 		{[]string{"session-id", ""}, "session-id", ""},
 		{[]string{"-session-id", ""}, "session-id", ""},
 		{[]string{"--session-id", ""}, "session-id", ""},
 		{[]string{"session-id", "test"}, "session-id", ""},
 		{[]string{"-session-id", "test"}, "session-id", "test"},
 		{[]string{"--session-id", "test"}, "session-id", "test"},
 		{[]string{"session-id=test"}, "session-id", ""},
 		{[]string{"-session-id=test"}, "session-id", "test"},
 		{[]string{"--session-id=test"}, "session-id", "test"},
 	}
 	for _, tt := range tests {
 		val, _ := getFlagValue(tt.args, tt.flag)
 		require.Equal(t, val, tt.expected)
 	}
 }
--- a/cmd/launcher/main.go
+++ b/cmd/launcher/main.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -18,13 +18,14 @@
 package main
 import (
-	"fmt"
+	"io"
 	"os"
 	"path/filepath"
 	"runtime"
 	"time"
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/crash"
@ -39,30 +40,36 @@ import (
 	"github.com/elastic/go-sysinfo/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"golang.org/x/sys/execabs"
 )
 const (
-	appName = "Proton Mail Launcher"
+	appName      = "Proton Mail Launcher"
-	exeName = "bridge"
+	exeName      = "bridge"
-	guiName = "bridge-gui"
+	guiName      = "bridge-gui"
 	launcherName = "launcher"
 	FlagCLI                 = "cli"
 	FlagCLIShort            = "c"
 	FlagNonInteractive      = "noninteractive"
 	FlagNonInteractiveShort = "n"
-	FlagLauncher            = "--launcher"
+	FlagLauncher            = "launcher"
-	FlagWait                = "--wait"
+	FlagWait                = "wait"
 	FlagSessionID           = "session-id"
 	HyphenatedFlagLauncher  = "--" + FlagLauncher
 	HyphenatedFlagWait      = "--" + FlagWait
 	HyphenatedFlagSessionID = "--" + FlagSessionID
 )
 func main() { //nolint:funlen
 	logrus.SetLevel(logrus.DebugLevel)
 	l := logrus.WithField("launcher_version", constants.Version)
-	reporter := sentry.NewReporter(appName, constants.Version, useragent.New())
+	reporter := sentry.NewReporter(appName, useragent.New())
 	crashHandler := crash.NewHandler(reporter.ReportException)
-	defer crashHandler.HandlePanic()
+	defer async.HandlePanic(crashHandler)
 	locationsProvider, err := locations.NewDefaultProvider(filepath.Join(constants.VendorName, constants.ConfigName))
 	if err != nil {
@ -75,12 +82,26 @@ func main() { //nolint:funlen
 	if err != nil {
 		l.WithError(err).Fatal("Failed to get logs path")
 	}
 	crashHandler.AddRecoveryAction(logging.DumpStackTrace(logsPath))
-	if err := logging.Init(logsPath, os.Getenv("VERBOSITY")); err != nil {
+	sessionID := logging.NewSessionID()
 	crashHandler.AddRecoveryAction(logging.DumpStackTrace(logsPath, sessionID, launcherName))
 	var closer io.Closer
 	if closer, err = logging.Init(
 		logsPath,
 		sessionID,
 		logging.LauncherShortAppName,
 		logging.DefaultMaxLogFileSize,
 		logging.NoPruning,
 		os.Getenv("VERBOSITY"),
 	); err != nil {
 		l.WithError(err).Fatal("Failed to setup logging")
 	}
 	defer func() {
 		_ = logging.Close(closer)
 	}()
 	updatesPath, err := locations.ProvideUpdatesPath()
 	if err != nil {
 		l.WithError(err).Fatal("Failed to get updates path")
@ -107,7 +128,7 @@ func main() { //nolint:funlen
 	args := os.Args[1:]
-	exe, err := getPathToUpdatedExecutable(filepath.Base(launcher), versioner, kr, reporter)
+	exe, err := getPathToUpdatedExecutable(filepath.Base(launcher), versioner, kr)
 	if err != nil {
 		exeToLaunch := guiName
 		if inCLIMode(args) {
@ -127,12 +148,14 @@ func main() { //nolint:funlen
 	l = l.WithField("exe_path", exe)
-	args, wait, mainExe := findAndStripWait(args)
+	args, wait, mainExes := findAndStripWait(args)
 	if wait {
-		waitForProcessToFinish(mainExe)
+		for _, mainExe := range mainExes {
 			waitForProcessToFinish(mainExe)
 		}
 	}
-	cmd := execabs.Command(exe, appendLauncherPath(launcher, args)...) //nolint:gosec
+	cmd := execabs.Command(exe, appendLauncherPath(launcher, appendOrModifySessionID(args, string(sessionID)))...) //nolint:gosec
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout
@ -154,19 +177,14 @@ func main() { //nolint:funlen
 // appendLauncherPath add launcher path if missing.
 func appendLauncherPath(path string, args []string) []string {
-	if !sliceContains(args, FlagLauncher) {
+	if !slices.Contains(args, HyphenatedFlagLauncher) {
 		res := append([]string{}, args...)
-		res = append(res, FlagLauncher, path)
+		res = append(res, HyphenatedFlagLauncher, path)
 		return res
 	}
 	return args
 }
 // sliceContains checks if a value is present in a list.
 func sliceContains[T comparable](list []T, s T) bool {
 	return xslices.Any(list, func(arg T) bool { return arg == s })
 }
 // inCLIMode detect if CLI mode is asked.
 func inCLIMode(args []string) bool {
 	return hasFlag(args, FlagCLI) || hasFlag(args, FlagCLIShort) || hasFlag(args, FlagNonInteractive) || hasFlag(args, FlagNonInteractiveShort)
@ -174,7 +192,12 @@ func inCLIMode(args []string) bool {
 // hasFlag checks if a flag is present in a list.
 func hasFlag(args []string, flag string) bool {
-	return xslices.Any(args, func(arg string) bool { return (arg == "-"+flag) || (arg == "--"+flag) })
+	return flagIndex(args, flag) >= 0
 }
 // flagIndex returns the position of the first occurrence of a flag int args, or -1 if the flag is not present.
 func flagIndex(args []string, flag string) int {
 	return slices.IndexFunc(args, func(arg string) bool { return (arg == "-"+flag) || (arg == "--"+flag) })
 }
 // findAndStrip check if a value is present in s list and remove all occurrences of the value from this list.
@ -186,35 +209,52 @@ func findAndStrip[T comparable](slice []T, v T) (strippedList []T, found bool) {
 }
 // findAndStripWait Check for waiter flag get its value and clean them both.
-func findAndStripWait(args []string) ([]string, bool, string) {
+func findAndStripWait(args []string) ([]string, bool, []string) {
 	res := append([]string{}, args...)
 	hasFlag := false
-	var value string
+	values := make([]string, 0)
 	for k, v := range res {
-		if v != FlagWait {
+		if v != HyphenatedFlagWait {
 			continue
 		}
 		if k+1 >= len(res) {
 			continue
 		}
 		hasFlag = true
-		value = res[k+1]
+		values = append(values, res[k+1])
 	}
 	if hasFlag {
-		res, _ = findAndStrip(res, FlagWait)
+		res, _ = findAndStrip(res, HyphenatedFlagWait)
-		res, _ = findAndStrip(res, value)
+		for _, v := range values {
 			res, _ = findAndStrip(res, v)
 		}
 	}
-	return res, hasFlag, value
+	return res, hasFlag, values
 }
 // return args with the sessionID flag and value added or modified. The original slice is not modified.
 func appendOrModifySessionID(args []string, sessionID string) []string {
 	index := flagIndex(args, FlagSessionID)
 	if index < 0 {
 		return append(args, HyphenatedFlagSessionID, sessionID)
 	}
 	if index == len(args)-1 {
 		return append(args, sessionID)
 	}
 	res := slices.Clone(args)
 	res[index+1] = sessionID
 	return res
 }
 func getPathToUpdatedExecutable(
 	name string,
 	ver *versioner.Versioner,
 	kr *crypto.KeyRing,
 	reporter *sentry.Reporter,
 ) (string, error) {
 	versions, err := ver.ListVersions()
 	if err != nil {
@ -236,10 +276,6 @@ func getPathToUpdatedExecutable(
 		if err := version.VerifyFiles(kr); err != nil {
 			vlog.WithError(err).Error("Files failed verification and will be removed")
 			if err := reporter.ReportMessage(fmt.Sprintf("version %v failed verification: %v", version, err)); err != nil {
 				vlog.WithError(err).Error("Failed to report corrupt update files")
 			}
 			if err := version.Remove(); err != nil {
 				vlog.WithError(err).Error("Failed to remove files")
 			}
--- a/cmd/launcher/main_test.go
+++ b/cmd/launcher/main_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -20,39 +20,62 @@ package main
 import (
 	"testing"
-	"github.com/bradenaw/juniper/xslices"
+	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/stretchr/testify/assert"
 )
 func TestSliceContains(t *testing.T) {
 	assert.True(t, sliceContains([]string{"a", "b", "c"}, "a"))
 	assert.True(t, sliceContains([]int{1, 2, 3}, 2))
 	assert.False(t, sliceContains([]string{"a", "b", "c"}, "A"))
 	assert.False(t, sliceContains([]int{1, 2, 3}, 4))
 	assert.False(t, sliceContains([]string{}, "a"))
 	assert.True(t, sliceContains([]string{"a", "a"}, "a"))
 }
 func TestFindAndStrip(t *testing.T) {
 	list := []string{"a", "b", "c", "c", "b", "c"}
 	result, found := findAndStrip(list, "a")
 	assert.True(t, found)
-	assert.True(t, xslices.Equal(result, []string{"b", "c", "c", "b", "c"}))
+	assert.Equal(t, result, []string{"b", "c", "c", "b", "c"})
 	result, found = findAndStrip(list, "c")
 	assert.True(t, found)
-	assert.True(t, xslices.Equal(result, []string{"a", "b", "b"}))
+	assert.Equal(t, result, []string{"a", "b", "b"})
 	result, found = findAndStrip([]string{"c", "c", "c"}, "c")
 	assert.True(t, found)
-	assert.True(t, xslices.Equal(result, []string{}))
+	assert.Equal(t, result, []string{})
 	result, found = findAndStrip(list, "A")
 	assert.False(t, found)
-	assert.True(t, xslices.Equal(result, list))
+	assert.Equal(t, result, list)
 	result, found = findAndStrip([]string{}, "a")
 	assert.False(t, found)
-	assert.True(t, xslices.Equal(result, []string{}))
+	assert.Equal(t, result, []string{})
 }
 func TestFindAndStripWait(t *testing.T) {
 	result, found, values := findAndStripWait([]string{"a", "b", "c"})
 	assert.False(t, found)
 	assert.Equal(t, result, []string{"a", "b", "c"})
 	assert.Equal(t, values, []string{})
 	result, found, values = findAndStripWait([]string{"a", "--wait", "b"})
 	assert.True(t, found)
 	assert.Equal(t, result, []string{"a"})
 	assert.Equal(t, values, []string{"b"})
 	result, found, values = findAndStripWait([]string{"a", "--wait", "b", "--wait", "c"})
 	assert.True(t, found)
 	assert.Equal(t, result, []string{"a"})
 	assert.Equal(t, values, []string{"b", "c"})
 	result, found, values = findAndStripWait([]string{"a", "--wait", "b", "--wait", "c", "--wait", "d"})
 	assert.True(t, found)
 	assert.Equal(t, result, []string{"a"})
 	assert.Equal(t, values, []string{"b", "c", "d"})
 }
 func TestAppendOrModifySessionID(t *testing.T) {
 	sessionID := string(logging.NewSessionID())
 	assert.Equal(t, appendOrModifySessionID(nil, sessionID), []string{"--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{}, sessionID), []string{"--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{"--cli"}, sessionID), []string{"--cli", "--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{"--cli", "--session-id"}, sessionID), []string{"--cli", "--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{"--cli", "--session-id"}, sessionID), []string{"--cli", "--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{"--session-id", "<oldID>", "--cli"}, sessionID), []string{"--session-id", sessionID, "--cli"})
 }
--- a/doc/communication.md
+++ b/doc/communication.md
@ -2,13 +2,13 @@
 ## First login and sync
-When user logs in to the bridge for the first time, immediatelly starts the first sync.
+When user logs in to the bridge for the first time, immediately starts the first sync.
 First sync downloads all headers of all e-mails and creates database to have proper UIDs
 and indexes for IMAP. See [database](database.md) for more information.
 By default, whenever it's possible, sync downloads only all e-mails maiblox which already
 have list of labels so we can construct all mailboxes (inbox, sent, trash, custom folders
-and lables) without need to download each e-mail headers many times.
+and labels) without need to download each e-mail headers many times.
 Note that we need to download also bodies to calculate size of the e-mail and set proper
 content type (clients uses content type for guess if e-mail contains attachment)--but only
@ -22,7 +22,7 @@ client right after adding account.
 When account is added to client, client start the sync. This sync will ask Bridge app
 for all headers (done quickly) and then starts to download all bodies and attachment.
-Unfortunatelly for some e-mail more than once if the same e-mail is in more mailboxes
+Unfortunately for some e-mail more than once if the same e-mail is in more mailboxes
 (e.g. inbox and all mail)--there is no way to tell over IMAP it's the same message.
 After successful login of client to IMAP, Bridge starts event loop. That periodicly ask
@ -37,7 +37,7 @@ sequenceDiagram
    Note right of B: Set up PM account<br/>by user
    loop First sync
-        B ->> S: Fetch body and attachements
+        B ->> S: Fetch body and attachments
        Note right of B: Build local database<br/>(e-mail UIDs)
    end
@ -58,8 +58,8 @@ sequenceDiagram
        C ->> B: IMAP SELECT directory
        C ->> B: IMAP SEARCH e-mails UIDs
        C ->> B: IMAP FETCH of e-mail UID
-        B ->> S: Fetch body and attachements
+        B ->> S: Fetch body and attachments
-        Note right of B: Decrypt message<br/>and attachement
+        Note right of B: Decrypt message<br/>and attachment
        B ->> C: IMAP response
    end
 ```
--- a/doc/updates.md
+++ b/doc/updates.md
@ -1,12 +1,12 @@
 # Update mechanism of Bridge
-There are mulitple options how to change version of application:
+There are multiple options how to change version of application:
 * Automatic in-app update
 * Manual in-app update
 * Manual install
 In-app update ends with restarting bridge into new version. Automatic in-app
-update is downloading, verifying and installing the new version immediatelly
+update is downloading, verifying and installing the new version immediately
 without user confirmation. For manual in-app update user needs to confirm first.
 Update is done from special update file published on website.
@ -25,7 +25,7 @@ The bridge is installed and executed differently for given OS:
 * macOS app does not use launcher
    * No launcher, only one executable
-    * In-App udpate replaces the bridge files in installation path directly
+    * In-App update replaces the bridge files in installation path directly
 ```mermaid
--- a/extern/vcpkg
+++ b/extern/vcpkg
--- a/go.mod
+++ b/go.mod
@ -1,125 +1,127 @@
 module github.com/ProtonMail/proton-bridge/v3
-go 1.18
+go 1.21
 require (
 	github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557
-	github.com/Masterminds/semver/v3 v3.1.1
+	github.com/Masterminds/semver/v3 v3.2.0
-	github.com/ProtonMail/gluon v0.14.2-0.20230207072331-53797c5aa3f6
+	github.com/ProtonMail/gluon v0.17.1-0.20240227105633-3734c7694bcd
 	github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a
-	github.com/ProtonMail/go-proton-api v0.3.1-0.20230209110241-fe7894c4931a
+	github.com/ProtonMail/go-proton-api v0.4.1-0.20240405124415-8f966ca60436
-	github.com/ProtonMail/go-rfc5322 v0.11.0
+	github.com/ProtonMail/gopenpgp/v2 v2.7.4-proton
-	github.com/ProtonMail/gopenpgp/v2 v2.4.10
+	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/PuerkitoBio/goquery v1.8.0
 	github.com/abiosoft/ishell v2.0.0+incompatible
 	github.com/allan-simon/go-singleinstance v0.0.0-20210120080615-d0997106ab37
-	github.com/bradenaw/juniper v0.8.0
+	github.com/bradenaw/juniper v0.12.0
 	github.com/cucumber/godog v0.12.5
 	github.com/cucumber/messages-go/v16 v16.0.1
-	github.com/docker/docker-credential-helpers v0.6.3
+	github.com/docker/docker-credential-helpers v0.8.1
-	github.com/elastic/go-sysinfo v1.8.1
+	github.com/elastic/go-sysinfo v1.11.2-0.20231129083954-35e55cd2a542
-	github.com/emersion/go-imap v1.2.1-0.20220429085312-746087b7a317
+	github.com/emersion/go-imap v1.2.1
 	github.com/emersion/go-imap-id v0.0.0-20190926060100-f94a56b9ecde
 	github.com/emersion/go-message v0.16.0
 	github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead
 	github.com/emersion/go-smtp v0.15.1-0.20221021114529-49b17434419d
 	github.com/emersion/go-vcard v0.0.0-20230331202150-f3d26859ccd3
 	github.com/fatih/color v1.13.0
 	github.com/getsentry/sentry-go v0.15.0
 	github.com/go-resty/resty/v2 v2.7.0
 	github.com/goccy/go-json v0.9.11
 	github.com/godbus/dbus v4.1.0+incompatible
 	github.com/golang/mock v1.6.0
 	github.com/google/go-cmp v0.5.9
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba
 	github.com/jeandeaual/go-locale v0.0.0-20220711133428-7de61946b173
 	github.com/keybase/go-keychain v0.0.0
 	github.com/miekg/dns v1.1.50
 	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58
 	github.com/pkg/errors v0.9.1
-	github.com/pkg/profile v1.6.0
+	github.com/pkg/profile v1.7.0
-	github.com/sirupsen/logrus v1.9.0
+	github.com/sirupsen/logrus v1.9.2
-	github.com/stretchr/testify v1.8.0
+	github.com/stretchr/testify v1.8.4
-	github.com/urfave/cli/v2 v2.20.3
+	github.com/urfave/cli/v2 v2.24.4
 	github.com/vmihailenco/msgpack/v5 v5.3.5
-	go.uber.org/goleak v1.2.0
+	go.uber.org/goleak v1.2.1
-	golang.org/x/exp v0.0.0-20221023144134-a1e5550cf13e
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	golang.org/x/net v0.1.0
+	golang.org/x/net v0.17.0
-	golang.org/x/sys v0.1.0
+	golang.org/x/sys v0.16.0
-	golang.org/x/text v0.4.0
+	golang.org/x/text v0.14.0
-	google.golang.org/grpc v1.50.1
+	google.golang.org/grpc v1.56.3
-	google.golang.org/protobuf v1.28.1
+	google.golang.org/protobuf v1.31.0
 	howett.net/plist v1.0.0
 )
 require (
 	ariga.io/atlas v0.7.0 // indirect
 	entgo.io/ent v0.11.2 // indirect
 	github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230717121622-edf196117233 // indirect
-	github.com/ProtonMail/go-mime v0.0.0-20220429130430-2192574d760f // indirect
+	github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
-	github.com/ProtonMail/go-srp v0.0.5 // indirect
+	github.com/ProtonMail/go-srp v0.0.7 // indirect
 	github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db // indirect
-	github.com/agext/levenshtein v1.2.3 // indirect
+	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/andybalholm/cascadia v1.3.1 // indirect
+	github.com/bytedance/sonic v1.9.1 // indirect
-	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/chzyer/test v1.0.0 // indirect
-	github.com/cloudflare/circl v1.2.0 // indirect
+	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/cronokirby/saferith v0.33.0 // indirect
 	github.com/cucumber/gherkin-go/v19 v19.0.3 // indirect
-	github.com/danieljoos/wincred v1.1.2 // indirect
+	github.com/danieljoos/wincred v1.2.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/elastic/go-windows v1.0.1 // indirect
 	github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 // indirect
-	github.com/emersion/go-vcard v0.0.0-20220507122617-d4056df0ec4a // indirect
+	github.com/felixge/fgprof v0.9.3 // indirect
 	github.com/flynn-archive/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/gin-gonic/gin v1.8.1 // indirect
+	github.com/gin-gonic/gin v1.9.1 // indirect
-	github.com/go-openapi/inflect v0.19.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/go-playground/validator/v10 v10.14.0 // indirect
-	github.com/go-playground/validator/v10 v10.11.1 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid v4.3.0+incompatible // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/pprof v0.0.0-20211214055906-6f57359322fd // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-memdb v1.3.3 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl/v2 v2.14.0 // indirect
 	github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/mattn/go-sqlite3 v1.14.15 // indirect
+	github.com/mattn/go-sqlite3 v1.14.17 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/pierrec/lz4/v4 v4.1.17 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rivo/uniseg v0.4.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
-	github.com/ugorji/go/codec v1.2.7 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	github.com/zclconf/go-cty v1.11.0 // indirect
+	gitlab.com/c0b/go-ordered-json v0.0.0-20201030195603-febf46534d5a // indirect
-	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
-	golang.org/x/sync v0.0.0-20220907140024-f12130a52804 // indirect
+	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/tools v0.1.13-0.20220804200503-81c7dc4e4efa // indirect
+	golang.org/x/sync v0.3.0 // indirect
-	google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 // indirect
+	golang.org/x/tools v0.6.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 replace (
-	github.com/docker/docker-credential-helpers => github.com/ProtonMail/docker-credential-helpers v1.1.0
+	github.com/emersion/go-message => github.com/ProtonMail/go-message v0.13.1-0.20230526094639-b62c999c85b7
-	github.com/emersion/go-message => github.com/ProtonMail/go-message v0.0.0-20210611055058-fabeff2ec753
+	github.com/emersion/go-smtp => github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865
-	github.com/keybase/go-keychain => github.com/cuthix/go-keychain v0.0.0-20220405075754-31e7cee908fe
+	github.com/go-resty/resty/v2 => github.com/LBeernaertProton/resty/v2 v2.0.0-20231129100320-dddf8030d93a
 	github.com/keybase/go-keychain => github.com/cuthix/go-keychain v0.0.0-20240103134243-0b6a41580b77
 )
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,3 @@
 ariga.io/atlas v0.7.0 h1:daEFdUsyNm7EHyzcMfjWwq/fVv48fCfad+dIGyobY1k=
 ariga.io/atlas v0.7.0/go.mod h1:ft47uSh5hWGDCmQC9DsztZg6Xk+KagM5Ts/mZYKb9JE=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@ -13,61 +11,57 @@ cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqCl
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-entgo.io/ent v0.11.2 h1:UM2/BUhF2FfsxPHRxLjQbhqJNaDdVlOwNIAMLs2jyto=
+fyne.io/fyne v1.4.2/go.mod h1:xL4c3WmpE/Tvz5CEm5vqsaizU/EeOCm9DYlL2GtTSiM=
 entgo.io/ent v0.11.2/go.mod h1:YGHEQnmmIUgtD5b1ICD5vg74dS3npkNnmC5K+0J+IHU=
 github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557 h1:l6surSnJ3RP4qA1qmKJ+hQn3UjytosdoG27WGjrDlVs=
 github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557/go.mod h1:sTrmvD/TxuypdOERsDOS7SndZg0rzzcCi1b6wQMXUYM=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
+github.com/Kodeworks/golang-image-ico v0.0.0-20141118225523-73f0f4cfade9/go.mod h1:7uhhqiBaR4CpN0k9rMjOtjpcfGd6DG2m04zQxKnWQ0I=
-github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
+github.com/LBeernaertProton/resty/v2 v2.0.0-20231129100320-dddf8030d93a h1:eQO/GF/+H8/9udc9QAgieFr+jr1tjXlJo35RAhsUbWY=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/LBeernaertProton/resty/v2 v2.0.0-20231129100320-dddf8030d93a/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A=
 github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/bcrypt v0.0.0-20210511135022-227b4adcab57/go.mod h1:HecWFHognK8GfRDGnFQbW/LiV7A3MX3gZVs45vk5h8I=
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs69zUkSzubzjBbL+cmOXgnmt9Fyd9ug=
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo=
-github.com/ProtonMail/docker-credential-helpers v1.1.0 h1:+kvUIpwWcbtP3WFv5sSvkFn/XLzSqPOB5AAthuk9xPk=
+github.com/ProtonMail/gluon v0.17.1-0.20240227105633-3734c7694bcd h1:AjJsf5xQGmZPg6GLn+wB+eBoGRopJlG70lQBfSyfX+M=
-github.com/ProtonMail/docker-credential-helpers v1.1.0/go.mod h1:mK0aBveCxhnQ756AmaTfXMZDeULvheYVhF/MWMErN5g=
+github.com/ProtonMail/gluon v0.17.1-0.20240227105633-3734c7694bcd/go.mod h1:Og5/Dz1MiGpCJn51XujZwxiLG7WzvvjE5PRpZBQmAHo=
 github.com/ProtonMail/gluon v0.14.2-0.20230207072331-53797c5aa3f6 h1:HR944ZH7lN6sCA9OJMTdyoH1IRU0dBjxQHc7W0vFVrg=
 github.com/ProtonMail/gluon v0.14.2-0.20230207072331-53797c5aa3f6/go.mod h1:z2AxLIiBCT1K+0OBHyaDI7AEaO5qI6/BEC2TE42vs4Q=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a h1:D+aZah+k14Gn6kmL7eKxoo/4Dr/lK3ChBcwce2+SQP4=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a/go.mod h1:oTGdE7/DlWIr23G0IKW3OXK9wZ5Hw1GGiaJFccTvZi4=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
+github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
-github.com/ProtonMail/go-crypto v0.0.0-20220822140716-1678d6eb0cbe/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121622-edf196117233 h1:bdoKdh0f66/lrgVfYlxw0aqISY/KOqXmFJyGt7rGmnc=
-github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErIPzRrnogAXYwSoU7txA977LjDGrbkewJbg=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121622-edf196117233/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
-github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
+github.com/ProtonMail/go-message v0.13.1-0.20230526094639-b62c999c85b7 h1:+j+Kd/DyZ/qGfMT9htAT7HxqIEbZHsatsx+m8AoV6fc=
-github.com/ProtonMail/go-message v0.0.0-20210611055058-fabeff2ec753 h1:I8IsYA297x0QLU80G5I6aLYUu3JYNSpo8j5fkXtFDW0=
+github.com/ProtonMail/go-message v0.13.1-0.20230526094639-b62c999c85b7/go.mod h1:NBAn21zgCJ/52WLDyed18YvYFm5tEoeDauubFqLokM4=
-github.com/ProtonMail/go-message v0.0.0-20210611055058-fabeff2ec753/go.mod h1:NBAn21zgCJ/52WLDyed18YvYFm5tEoeDauubFqLokM4=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
-github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f/go.mod h1:NYt+V3/4rEeDuaev/zw1zCq8uqVEuPHzDPo3OZrlGJ4=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
-github.com/ProtonMail/go-mime v0.0.0-20220429130430-2192574d760f h1:4IWzKjHzZxdrW9k4zl/qCwenOVHDbVDADPPHFLjs0Oc=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20240226161523-ec58ed7ea4b9 h1:tcQpGQljNsZmfuA6L4hAzio8/AIx5OXcU2JUdyX/qxw=
-github.com/ProtonMail/go-mime v0.0.0-20220429130430-2192574d760f/go.mod h1:qRZgbeASl2a9OwmsV85aWwRqic0NHPh+9ewGAzb4cgM=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20240226161523-ec58ed7ea4b9/go.mod h1:t+hb0BfkmZ9fpvzVRpHC7limoowym6ln/j0XL9a8DDw=
-github.com/ProtonMail/go-proton-api v0.3.1-0.20230209110241-fe7894c4931a h1:h9KLPt0HTCJjILYHREWCYnZv+1xaYmOVx/rxiT/1dIg=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20240405124415-8f966ca60436 h1:ej+W9+UQlb2owkT5arCegmUFkicwesMyFHgBp/wwNg8=
-github.com/ProtonMail/go-proton-api v0.3.1-0.20230209110241-fe7894c4931a/go.mod h1:JUo5IQG0hNuPRuDpOUsCOvtee6UjTEHHF1QN2i8RSos=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20240405124415-8f966ca60436/go.mod h1:t+hb0BfkmZ9fpvzVRpHC7limoowym6ln/j0XL9a8DDw=
-github.com/ProtonMail/go-rfc5322 v0.11.0 h1:o5Obrm4DpmQEffvgsVqG6S4BKwC1Wat+hYwjIp2YcCY=
+github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865 h1:EP1gnxLL5Z7xBSymE9nSTM27nRYINuvssAtDmG0suD8=
-github.com/ProtonMail/go-rfc5322 v0.11.0/go.mod h1:6oOKr0jXvpoE6pwTx/HukigQpX2J9WUf6h0auplrFTw=
+github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
-github.com/ProtonMail/go-srp v0.0.5 h1:xhUioxZgDbCnpo9JehyFhwwsn9JLWkUGfB0oiKXgiGg=
+github.com/ProtonMail/go-srp v0.0.7 h1:Sos3Qk+th4tQR64vsxGIxYpN3rdnG9Wf9K4ZloC1JrI=
-github.com/ProtonMail/go-srp v0.0.5/go.mod h1:06iYHtLXW8vjLtccWj++x3MKy65sIT8yZd7nrJF49rs=
+github.com/ProtonMail/go-srp v0.0.7/go.mod h1:giCp+7qRnMIcCvI6V6U3S1lDDXDQYx2ewJ6F/9wdlJk=
-github.com/ProtonMail/gopenpgp/v2 v2.4.10 h1:EYgkxzwmQvsa6kxxkgP1AwzkFqKHscF2UINxaSn6rdI=
+github.com/ProtonMail/gopenpgp/v2 v2.7.4-proton h1:8tqHYM6IGsdEc6Vxf1TWiwpHNj8yIEQNACPhxsDagrk=
-github.com/ProtonMail/gopenpgp/v2 v2.4.10/go.mod h1:CTRA7/toc/4DxDy5Du4hPDnIZnJvXSeQ8LsRTOUJoyc=
+github.com/ProtonMail/gopenpgp/v2 v2.7.4-proton/go.mod h1:omVkSsfPAhmptzPF/piMXb16wKIWUvVhZbVW7sJKh0A=
-github.com/PuerkitoBio/goquery v1.8.0 h1:PJTF7AmFCFKk1N6V6jmKfrNH9tV5pNE6lZMkG0gta/U=
+github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
-github.com/PuerkitoBio/goquery v1.8.0/go.mod h1:ypIiRMtY7COPGk+I/YbZLbxsxn9g5ejnI2HSMtkjZvI=
+github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
 github.com/abiosoft/ishell v2.0.0+incompatible h1:zpwIuEHc37EzrsIYah3cpevrIc8Oma7oZPxr03tlmmw=
 github.com/abiosoft/ishell v2.0.0+incompatible/go.mod h1:HQR9AqF2R3P4XXpMpI0NAzgHf/aS6+zVXRj14cVk9qg=
 github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db h1:CjPUSXOiYptLbTdr1RceuZgSFDQ7U15ITERUGrUORx8=
 github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db/go.mod h1:rB3B4rKii8V21ydCbIzH5hZiCQE7f5E9SzUb/ZZx530=
-github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
+github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/allan-simon/go-singleinstance v0.0.0-20210120080615-d0997106ab37 h1:28uU3TtuvQ6KRndxg9TrC868jBWmSKgh0GTXkACCXmA=
 github.com/allan-simon/go-singleinstance v0.0.0-20210120080615-d0997106ab37/go.mod h1:6AXRstqK+32jeFmw89QGL2748+dj34Av4xc/I9oo9BY=
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
-github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220816024939-bc8df83d7b9d/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
+github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
+github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
 github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
@ -75,19 +69,28 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
-github.com/bradenaw/juniper v0.8.0 h1:sdanLNdJbLjcLj993VYIwUHlUVkLzvgiD/x9O7cvvxk=
+github.com/bradenaw/juniper v0.12.0 h1:Q/7icpPQD1nH/La5DobQfNEtwyrBSiSu47jOQx7lJEM=
-github.com/bradenaw/juniper v0.8.0/go.mod h1:Z2B7aJlQ7xbfWsnMLROj5t/5FQ94/MkIdKC30J4WvzI=
+github.com/bradenaw/juniper v0.12.0/go.mod h1:Z2B7aJlQ7xbfWsnMLROj5t/5FQ94/MkIdKC30J4WvzI=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
 github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-github.com/cloudflare/circl v1.2.0 h1:NheeISPSUcYftKlfrLuOo4T62FkmD4t4jviLfFFYaec=
+github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
-github.com/cloudflare/circl v1.2.0/go.mod h1:Ch2UgYr6ti2KTtlejELlROl0YIYj7SLjAC8M+INXlMk=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@ -96,7 +99,6 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cronokirby/saferith v0.33.0 h1:TgoQlfsD4LIwx71+ChfRcIpjkw+RPOapDEVxa+LhwLo=
 github.com/cronokirby/saferith v0.33.0/go.mod h1:QKJhjoqUtBsXCAVEjw38mFqoi7DebT7kthcD7UzbnoA=
 github.com/cucumber/gherkin-go/v19 v19.0.3 h1:mMSKu1077ffLbTJULUfM5HPokgeBcIGboyeNUof1MdE=
@ -106,74 +108,90 @@ github.com/cucumber/godog v0.12.5/go.mod h1:u6SD7IXC49dLpPN35kal0oYEjsXZWee4pW6T
 github.com/cucumber/messages-go/v16 v16.0.0/go.mod h1:EJcyR5Mm5ZuDsKJnT2N9KRnBK30BGjtYotDKpwQ0v6g=
 github.com/cucumber/messages-go/v16 v16.0.1 h1:fvkpwsLgnIm0qugftrw2YwNlio+ABe2Iu94Ap8GMYIY=
 github.com/cucumber/messages-go/v16 v16.0.1/go.mod h1:EJcyR5Mm5ZuDsKJnT2N9KRnBK30BGjtYotDKpwQ0v6g=
-github.com/cuthix/go-keychain v0.0.0-20220405075754-31e7cee908fe h1:KRj3wdvA9yE92prNmOjS7x5DOqoyjxqdE30qnrmTasc=
+github.com/cuthix/go-keychain v0.0.0-20240103134243-0b6a41580b77 h1:sdB/yJMbubPQothFl6KYCOrMBRgy0pZbBXIWoJqSFLo=
-github.com/cuthix/go-keychain v0.0.0-20220405075754-31e7cee908fe/go.mod h1:ZoZU1fnBy3mOLWr3Pg+Y2+nTKtu6ypDte2kZg9HvSwY=
+github.com/cuthix/go-keychain v0.0.0-20240103134243-0b6a41580b77/go.mod h1:ZoZU1fnBy3mOLWr3Pg+Y2+nTKtu6ypDte2kZg9HvSwY=
-github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
+github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs=
-github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
+github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps=
 github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/elastic/go-sysinfo v1.8.1 h1:4Yhj+HdV6WjbCRgGdZpPJ8lZQlXZLKDAeIkmQ/VRvi4=
+github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/elastic/go-sysinfo v1.8.1/go.mod h1:JfllUnzoQV/JRYymbH3dO1yggI3mV2oTKSXsDHM+uIM=
+github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
 github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
 github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/elastic/go-sysinfo v1.11.2-0.20231129083954-35e55cd2a542 h1:IFTm6NBbfSgZCaeEzorQhH4T7ZERl4j+1u7oXWzmJcM=
 github.com/elastic/go-sysinfo v1.11.2-0.20231129083954-35e55cd2a542/go.mod h1:GKqR8bbMK/1ITnez9NIsIfXQr25aLhRJa7AfT8HpBFQ=
 github.com/elastic/go-windows v1.0.1 h1:AlYZOldA+UJ0/2nBuqWdo90GFCgG9xuyw9SYzGUtJm0=
 github.com/elastic/go-windows v1.0.1/go.mod h1:FoVvqWSun28vaDQPbj2Elfc0JahhPB7WQEGa3c814Ss=
-github.com/emersion/go-imap v1.2.1-0.20220429085312-746087b7a317 h1:i0cBrdFLm8A/3hWEjn/BwdXLBplFJoZtu63p7bjrmaI=
+github.com/emersion/go-imap v1.2.1 h1:+s9ZjMEjOB8NzZMVTM3cCenz2JrQIGGo5j1df19WjTA=
-github.com/emersion/go-imap v1.2.1-0.20220429085312-746087b7a317/go.mod h1:Qlx1FSx2FTxjnjWpIlVNEuX+ylerZQNFE5NsmKFSejY=
+github.com/emersion/go-imap v1.2.1/go.mod h1:Qlx1FSx2FTxjnjWpIlVNEuX+ylerZQNFE5NsmKFSejY=
 github.com/emersion/go-imap-id v0.0.0-20190926060100-f94a56b9ecde h1:43mBoVwooyLm1+1YVf5nvn1pSFWhw7rOpcrp1Jg/qk0=
 github.com/emersion/go-imap-id v0.0.0-20190926060100-f94a56b9ecde/go.mod h1:sPwp0FFboaK/bxsrUz1lNrDMUCsZUsKC5YuM4uRVRVs=
 github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
 github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead h1:fI1Jck0vUrXT8bnphprS1EoVRe2Q5CKCX8iDlpqjQ/Y=
 github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
 github.com/emersion/go-smtp v0.15.1-0.20221021114529-49b17434419d h1:hFRM6zCBSc+Xa0rBOqSlG6Qe9dKC/2vLhGAuZlWxTsc=
 github.com/emersion/go-smtp v0.15.1-0.20221021114529-49b17434419d/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
 github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 h1:IbFBtwoTQyw0fIM5xv1HF+Y+3ZijDR839WMulgxCcUY=
 github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594/go.mod h1:aqO8z8wPrjkscevZJFVE1wXJrLpC5LtJG7fqLOsPb2U=
-github.com/emersion/go-vcard v0.0.0-20220507122617-d4056df0ec4a h1:cltZpe6s0SJtqK5c/5y2VrIYi8BAtDM6qjmiGYqfTik=
+github.com/emersion/go-vcard v0.0.0-20230331202150-f3d26859ccd3 h1:hQ1wTMaKcGfobYRT88RM8NFNyX+IQHvagkm/tqViU98=
-github.com/emersion/go-vcard v0.0.0-20220507122617-d4056df0ec4a/go.mod h1:HMJKR5wlh/ziNp+sHEDV2ltblO4JD2+IdDOWtGcQBTM=
+github.com/emersion/go-vcard v0.0.0-20230331202150-f3d26859ccd3/go.mod h1:HMJKR5wlh/ziNp+sHEDV2ltblO4JD2+IdDOWtGcQBTM=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/felixge/fgprof v0.9.3 h1:VvyZxILNuCiUCSXtPtYmmtGvb65nqXh2QFWc0Wpf2/g=
 github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw=
 github.com/flynn-archive/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BMXYYRWTLOJKlh+lOBt6nUQgXAfB7oVIQt5cNreqSLI=
 github.com/flynn-archive/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:rZfgFAXFS/z/lEd6LJmf9HVZ1LkgYiHx5pHhV5DR16M=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fyne-io/mobile v0.1.2-0.20201127155338-06aeb98410cc/go.mod h1:/kOrWrZB6sasLbEy2JIvr4arEzQTXBTZGb3Y96yWbHY=
 github.com/fyne-io/mobile v0.1.2/go.mod h1:/kOrWrZB6sasLbEy2JIvr4arEzQTXBTZGb3Y96yWbHY=
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
 github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/getsentry/sentry-go v0.15.0 h1:CP9bmA7pralrVUedYZsmIHWpq/pBtXTSew7xvVpfLaA=
 github.com/getsentry/sentry-go v0.15.0/go.mod h1:RZPJKSw+adu8PBNygiri/A98FqVr2HtRckJk9XVxJ9I=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
-github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
+github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-gl/gl v0.0.0-20190320180904-bf2b1f2f34d7/go.mod h1:482civXOzJJCPzJ4ZOX/pwvXBWSnzD4OKMdH4ClKGbk=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200625191551-73d3c3675aa3/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
-github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
+github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
+github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
 github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
 github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
 github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
-github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4=
 github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gofrs/uuid v4.3.0+incompatible h1:CaSVZxm5B+7o45rtab4jC2G37WGYX1zQfuU2i6DSvnc=
 github.com/gofrs/uuid v4.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff/go.mod h1:wfqRWLHRBsRgkp5dmbG56SA0DmVtwrF5N3oPdI8t+Aw=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@ -185,8 +203,8 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@ -198,6 +216,8 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20211214055906-6f57359322fd h1:1FjCyPC+syAzJ5/2S8fqdZK1R22vvA0J7JZKcuOIQ7Y=
 github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@ -239,19 +259,22 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/hcl/v2 v2.14.0 h1:jX6+Q38Ly9zaAJlAjnFVyeNSNCKKW8D0wvyg7vij5Wc=
 github.com/hashicorp/hcl/v2 v2.14.0/go.mod h1:e4z5nxYlWNPdDSNYX+ph14EvWYMFm3eP0zIUqPc2jr0=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jackmordaunt/icns v0.0.0-20181231085925-4f16af745526/go.mod h1:UQkeMHVoNcyXYq9otUupF7/h/2tmHlhrS2zw7ZVvUqc=
 github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba h1:QFQpJdgbON7I0jr2hYW7Bs+XV0qjc3d5tZoDnRFnqTg=
 github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk=
 github.com/jeandeaual/go-locale v0.0.0-20220711133428-7de61946b173 h1:jOONCXyzHWM+ukp+weX77o//U3pMeOj62CNxChJLxIU=
 github.com/jeandeaual/go-locale v0.0.0-20220711133428-7de61946b173/go.mod h1:uO/uctjf8AcWhNfp5Ili6oPtyFrAoQXEtVY3N798VkQ=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 h1:rp+c0RAYOWj8l6qbCUTSiRLG/iKnW3K3/QfPPuSsBt4=
 github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/josephspurrier/goversioninfo v0.0.0-20200309025242-14b0ab84c6ca/go.mod h1:eJTEwMjXb7kZ633hO3Ln9mBUCOjX2+FlTljvpl9SYdE=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
@ -261,19 +284,22 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
 github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
+github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
+github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/lucor/goinfo v0.0.0-20200401173949-526b5363a13a/go.mod h1:ORP3/rB5IsulLEBwQZCJyyV6niqmI7P4EWSmkug+1Ng=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@ -282,13 +308,14 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
+github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
-github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
@ -297,8 +324,6 @@ github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceT
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
@ -310,21 +335,32 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
 github.com/nicksnyder/go-i18n/v2 v2.1.1/go.mod h1:d++QJC9ZVf7pa48qrsRWhMJ5pSHIPmS3OLqK1niyLxs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
 github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=
 github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg=
+github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
-github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
+github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
 github.com/pierrec/lz4/v4 v4.1.17 h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc=
 github.com/pierrec/lz4/v4 v4.1.17/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pingcap/errors v0.11.4/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/profile v1.6.0 h1:hUDfIISABYI59DyeB3OTay/HxSRwTQ8rB/H83k6r5dM=
+github.com/pkg/profile v1.7.0 h1:hnbDkaNWPCLMO9wGLdBFTIZvzDrDfBM2072E1S9gJkA=
-github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18=
+github.com/pkg/profile v1.7.0/go.mod h1:8Uer0jas47ZQMJ7VD+OHknK4YDY07LPUC6dEvqDjvNo=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
@ -336,28 +372,25 @@ github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7q
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
 github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
@ -372,28 +405,35 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564/go.mod h1:afMbS0qvv1m5tfENCwnOdZGOF8RGR/FsZ7bvBxQGZG4=
 github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9/go.mod h1:mvWM0+15UqyrFKqdRjY6LuAVJR0HOVhJlEgZ5JWtSWU=
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf h1:pvbZ0lM0XWPBqUKqFU8cmavspvIl9nulOYwdy6IFRRo=
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
-github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
-github.com/urfave/cli/v2 v2.20.3 h1:lOgGidH/N5loaigd9HjFsOIhXSTrzl7tBpHswZ428w4=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/urfave/cli/v2 v2.20.3/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI=
+github.com/urfave/cli/v2 v2.24.4 h1:0gyJJEBYtCV87zI/x2nZCPyDxD51K6xM8SkwjHFCNEU=
 github.com/urfave/cli/v2 v2.24.4/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
 github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
 github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
@ -401,57 +441,60 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/zclconf/go-cty v1.11.0 h1:726SxLdi2SDnjY+BStqB9J1hNp4+2WlzyXLuimibIe0=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zclconf/go-cty v1.11.0/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
+gitlab.com/c0b/go-ordered-json v0.0.0-20201030195603-febf46534d5a h1:DxppxFKRqJ8WD6oJ3+ZXKDY0iMONQDl5UTg2aTyHh8k=
 gitlab.com/c0b/go-ordered-json v0.0.0-20201030195603-febf46534d5a/go.mod h1:NREvu3a57BaK0R1+ztrEzHWiZAihohNLQ6trPxlIqZI=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
+go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
-go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
+go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
 golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20221023144134-a1e5550cf13e h1:SkwG94eNiiYJhbeDE018Grw09HIN/KB9NlRmZsrzfWs=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
-golang.org/x/exp v0.0.0-20221023144134-a1e5550cf13e/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mobile v0.0.0-20200801112145-973feb4309de/go.mod h1:skQtrUTUwhdJvXM/2KKJzY8pDgNr9I/FOMqDVRPBUS4=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.1.1-0.20191209134235-331c550502dd/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -466,14 +509,21 @@ golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -482,9 +532,12 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220907140024-f12130a52804 h1:0SH2R3f1b1VmIMG7BXbEZCBUu2dKmHschSmjqGUrW8A=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220907140024-f12130a52804/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -494,40 +547,65 @@ golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200720211630-cb9d2d5c5666/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5-0.20201125200606-c27b9fd57aec/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -541,16 +619,18 @@ golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190808195139-e713427fea3f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200117012304-6edc0a871e69/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200328031815-3db5fc6bac03/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.13-0.20220804200503-81c7dc4e4efa h1:uKcci2q7Qtp6nMTC/AAvfNUAldFtJuHWV9/5QWiypts=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.1.13-0.20220804200503-81c7dc4e4efa/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -573,20 +653,21 @@ google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 h1:K1zaaMdYBXRyX+cwFnxj7M6zwDyumLQMZ5xqwGvjreQ=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737/go.mod h1:2r/26NEF3bFmT3eC3aZreahSal0C3Shl8Gi6vyDYqOQ=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
+google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
-google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
+google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
@ -598,11 +679,9 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@ -612,3 +691,4 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
 howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
--- a/internal/app/app.go
+++ b/internal/app/app.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -19,27 +19,32 @@ package app
 import (
 	"fmt"
-	"math/rand"
+	"io"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
 	"os"
 	"path/filepath"
 	"runtime"
 	"time"
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/cookies"
 	"github.com/ProtonMail/proton-bridge/v3/internal/crash"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/focus"
 	"github.com/ProtonMail/proton-bridge/v3/internal/frontend/theme"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/sentry"
 	"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/restarter"
 	"github.com/elastic/go-sysinfo"
 	"github.com/pkg/profile"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v2"
@ -50,6 +55,9 @@ const (
 	flagCPUProfile      = "cpu-prof"
 	flagCPUProfileShort = "p"
 	flagTraceProfile      = "trace-prof"
 	flagTraceProfileShort = "t"
 	flagMemProfile      = "mem-prof"
 	flagMemProfileShort = "m"
@ -75,13 +83,15 @@ const (
 	flagNoWindow         = "no-window"
 	flagParentPID        = "parent-pid"
 	flagSoftwareRenderer = "software-renderer"
 	FlagSessionID        = "session-id"
 )
 const (
-	appUsage = "Proton Mail IMAP and SMTP Bridge"
+	appUsage     = "Proton Mail IMAP and SMTP Bridge"
 	appShortName = "bridge"
 )
-func New() *cli.App { //nolint:funlen
+func New() *cli.App {
 	app := cli.NewApp()
 	app.Name = constants.FullAppName
@ -92,6 +102,11 @@ func New() *cli.App { //nolint:funlen
 			Aliases: []string{flagCPUProfileShort},
 			Usage:   "Generate CPU profile",
 		},
 		&cli.BoolFlag{
 			Name:    flagTraceProfile,
 			Aliases: []string{flagTraceProfileShort},
 			Usage:   "Generate Trace profile",
 		},
 		&cli.BoolFlag{
 			Name:    flagMemProfile,
 			Aliases: []string{flagMemProfileShort},
@ -149,6 +164,10 @@ func New() *cli.App { //nolint:funlen
 			Hidden: true,
 			Value:  false,
 		},
 		&cli.StringFlag{
 			Name:   FlagSessionID,
 			Hidden: true,
 		},
 	}
 	app.Action = run
@ -156,10 +175,7 @@ func New() *cli.App { //nolint:funlen
 	return app
 }
-func run(c *cli.Context) error { //nolint:funlen
+func run(c *cli.Context) error {
 	// Seed the default RNG from the math/rand package.
 	rand.Seed(time.Now().UnixNano())
 	// Get the current bridge version.
 	version, err := semver.NewVersion(constants.Version)
 	if err != nil {
@ -170,7 +186,7 @@ func run(c *cli.Context) error { //nolint:funlen
 	identifier := useragent.New()
 	// Create a new Sentry client that will be used to report crashes etc.
-	reporter := sentry.NewReporter(constants.FullAppName, constants.Version, identifier)
+	reporter := sentry.NewReporter(constants.FullAppName, identifier)
 	// Determine the exe that should be used to restart/autostart the app.
 	// By default, this is the launcher, if used. Otherwise, we try to get
@ -185,14 +201,19 @@ func run(c *cli.Context) error { //nolint:funlen
 		exe = os.Args[0]
 	}
-	migrationErr := migrateOldVersions()
+	var logCloser io.Closer
 	defer func() {
 		_ = logging.Close(logCloser)
 	}()
-	// Run with profiling if requested.
+	// Restart the app if requested.
-	return withProfiler(c, func() error {
+	err = withRestarter(exe, func(restarter *restarter.Restarter) error {
-		// Restart the app if requested.
+		// Handle crashes with various actions.
-		return withRestarter(exe, func(restarter *restarter.Restarter) error {
+		return withCrashHandler(restarter, reporter, func(crashHandler *crash.Handler, quitCh <-chan struct{}) error {
-			// Handle crashes with various actions.
+			migrationErr := migrateOldVersions()
-			return withCrashHandler(restarter, reporter, func(crashHandler *crash.Handler, quitCh <-chan struct{}) error {
+
 			// Run with profiling if requested.
 			return withProfiler(c, func() error {
 				// Load the locations where we store our files.
 				return WithLocations(func(locations *locations.Locations) error {
 					// Migrate the keychain helper.
@ -201,59 +222,71 @@ func run(c *cli.Context) error { //nolint:funlen
 					}
 					// Initialize logging.
-					return withLogging(c, crashHandler, locations, func() error {
+					return withLogging(c, crashHandler, locations, func(closer io.Closer) error {
 						logCloser = closer
 						// If there was an error during migration, log it now.
 						if migrationErr != nil {
 							logrus.WithError(migrationErr).Error("Failed to migrate old app data")
 						}
 						// Ensure we are the only instance running.
-						return withSingleInstance(locations, version, func() error {
+						settings, err := locations.ProvideSettingsPath()
-							// Unlock the encrypted vault.
+						if err != nil {
-							return WithVault(locations, func(vault *vault.Vault, insecure, corrupt bool) error {
+							logrus.WithError(err).Error("Failed to get settings path")
-								// Report insecure vault.
+						}
 								if insecure {
 									_ = reporter.ReportMessageWithContext("Vault is insecure", map[string]interface{}{})
 								}
-								// Report corrupt vault.
+						return withSingleInstance(settings, locations.GetLockFile(), version, func() error {
-								if corrupt {
+							// Look for available keychains
-									_ = reporter.ReportMessageWithContext("Vault is corrupt", map[string]interface{}{})
+							return WithKeychainList(crashHandler, func(keychains *keychain.List) error {
-								}
+								// Unlock the encrypted vault.
-
+								return WithVault(locations, keychains, crashHandler, func(v *vault.Vault, insecure, corrupt bool) error {
-								if !vault.Migrated() {
+									if !v.Migrated() {
-									// Migrate old settings into the vault.
+										// Migrate old settings into the vault.
-									if err := migrateOldSettings(vault); err != nil {
+										if err := migrateOldSettings(v); err != nil {
-										logrus.WithError(err).Error("Failed to migrate old settings")
+											logrus.WithError(err).Error("Failed to migrate old settings")
 									}
 									// Migrate old accounts into the vault.
 									if err := migrateOldAccounts(locations, vault); err != nil {
 										logrus.WithError(err).Error("Failed to migrate old accounts")
 									}
 									// The vault has been migrated.
 									if err := vault.SetMigrated(); err != nil {
 										logrus.WithError(err).Error("Failed to mark vault as migrated")
 									}
 								}
 								// Load the cookies from the vault.
 								return withCookieJar(vault, func(cookieJar http.CookieJar) error {
 									// Create a new bridge instance.
 									return withBridge(c, exe, locations, version, identifier, crashHandler, reporter, vault, cookieJar, func(b *bridge.Bridge, eventCh <-chan events.Event) error {
 										if insecure {
 											logrus.Warn("The vault key could not be retrieved; the vault will not be encrypted")
 											b.PushError(bridge.ErrVaultInsecure)
 										}
-										if corrupt {
+										// Migrate old accounts into the vault.
-											logrus.Warn("The vault is corrupt and has been wiped")
+										if err := migrateOldAccounts(locations, keychains, v); err != nil {
-											b.PushError(bridge.ErrVaultCorrupt)
+											logrus.WithError(err).Error("Failed to migrate old accounts")
 										}
-										// Run the frontend.
+										// The vault has been migrated.
-										return runFrontend(c, crashHandler, restarter, locations, b, eventCh, quitCh, c.Int(flagParentPID))
+										if err := v.SetMigrated(); err != nil {
 											logrus.WithError(err).Error("Failed to mark vault as migrated")
 										}
 									}
 									logrus.WithFields(logrus.Fields{
 										"lastVersion": v.GetLastVersion().String(),
 										"showAllMail": v.GetShowAllMail(),
 										"updateCh":    v.GetUpdateChannel(),
 										"autoUpdate":  v.GetAutoUpdate(),
 										"rollout":     v.GetUpdateRollout(),
 										"DoH":         v.GetProxyAllowed(),
 									}).Info("Vault loaded")
 									// Load the cookies from the vault.
 									return withCookieJar(v, func(cookieJar http.CookieJar) error {
 										// Create a new bridge instance.
 										return withBridge(c, exe, locations, version, identifier, crashHandler, reporter, v, cookieJar, keychains, func(b *bridge.Bridge, eventCh <-chan events.Event) error {
 											if insecure {
 												logrus.Warn("The vault key could not be retrieved; the vault will not be encrypted")
 												b.PushError(bridge.ErrVaultInsecure)
 											}
 											if corrupt {
 												logrus.Warn("The vault is corrupt and has been wiped")
 												b.PushError(bridge.ErrVaultCorrupt)
 											}
 											// Remove old updates files
 											b.RemoveOldUpdates()
 											// Run the frontend.
 											return runFrontend(c, crashHandler, restarter, locations, b, eventCh, quitCh, c.Int(flagParentPID))
 										})
 									})
 								})
 							})
@ -263,18 +296,25 @@ func run(c *cli.Context) error { //nolint:funlen
 			})
 		})
 	})
 	// if an error occurs, it must be logged now because we're about to close the log file.
 	if err != nil {
 		logrus.Fatal(err)
 	}
 	return err
 }
 // If there's another instance already running, try to raise it and exit.
-func withSingleInstance(locations *locations.Locations, version *semver.Version, fn func() error) error {
+func withSingleInstance(settingPath, lockFile string, version *semver.Version, fn func() error) error {
 	logrus.Debug("Checking for other instances")
 	defer logrus.Debug("Single instance stopped")
-	lock, err := checkSingleInstance(locations.GetLockFile(), version)
+	lock, err := checkSingleInstance(settingPath, lockFile, version)
 	if err != nil {
 		logrus.Info("Another instance is already running; raising it")
-		if ok := focus.TryRaise(); !ok {
+		if ok := focus.TryRaise(settingPath); !ok {
 			return fmt.Errorf("another instance is already running but it could not be raised")
 		}
@ -293,7 +333,7 @@ func withSingleInstance(locations *locations.Locations, version *semver.Version,
 }
 // Initialize our logging system.
-func withLogging(c *cli.Context, crashHandler *crash.Handler, locations *locations.Locations, fn func() error) error {
+func withLogging(c *cli.Context, crashHandler *crash.Handler, locations *locations.Locations, fn func(closer io.Closer) error) error {
 	logrus.Debug("Initializing logging")
 	defer logrus.Debug("Logging stopped")
@ -306,23 +346,52 @@ func withLogging(c *cli.Context, crashHandler *crash.Handler, locations *locatio
 	logrus.WithField("path", logsPath).Debug("Received logs path")
 	// Initialize logging.
-	if err := logging.Init(logsPath, c.String(flagLogLevel)); err != nil {
+	sessionID := logging.NewSessionIDFromString(c.String(FlagSessionID))
 	var closer io.Closer
 	if closer, err = logging.Init(
 		logsPath,
 		sessionID,
 		logging.BridgeShortAppName,
 		logging.DefaultMaxLogFileSize,
 		logging.DefaultPruningSize,
 		c.String(flagLogLevel),
 	); err != nil {
 		return fmt.Errorf("could not initialize logging: %w", err)
 	}
 	// Ensure we dump a stack trace if we crash.
-	crashHandler.AddRecoveryAction(logging.DumpStackTrace(logsPath))
+	crashHandler.AddRecoveryAction(logging.DumpStackTrace(logsPath, sessionID, appShortName))
 	logrus.
 		WithField("appName", constants.FullAppName).
 		WithField("version", constants.Version).
 		WithField("revision", constants.Revision).
 		WithField("tag", constants.Tag).
 		WithField("build", constants.BuildTime).
 		WithField("runtime", runtime.GOOS).
 		WithField("args", os.Args).
 		WithField("SentryID", sentry.GetProtectedHostname()).
 		Info("Run app")
-	return fn()
+	now := time.Now()
 	logrus.
 		WithField("timeZone", now.Format("MST")).
 		WithField("offset", now.Format("-07:00:00")).
 		Info("Time zone info")
 	host, err := sysinfo.Host()
 	if err != nil {
 		logrus.WithError(err).Error("Could not retrieve operating system info")
 	} else {
 		osInfo := host.Info().OS
 		logrus.
 			WithField("name", osInfo.Name).
 			WithField("version", osInfo.Version).
 			WithField("build", osInfo.Build).
 			Info("Operating system info")
 	}
 	return fn(closer)
 }
 // WithLocations provides access to locations where we store our files.
@ -349,6 +418,11 @@ func withProfiler(c *cli.Context, fn func() error) error {
 		defer profile.Start(profile.CPUProfile, profile.ProfilePath(".")).Stop()
 	}
 	if c.Bool(flagTraceProfile) {
 		logrus.Debug("Running with Trace profiling")
 		defer profile.Start(profile.TraceProfile, profile.ProfilePath(".")).Stop()
 	}
 	if c.Bool(flagMemProfile) {
 		logrus.Debug("Running with memory profiling")
 		defer profile.Start(profile.MemProfile, profile.MemProfileAllocs, profile.ProfilePath(".")).Stop()
@ -374,7 +448,7 @@ func withCrashHandler(restarter *restarter.Restarter, reporter *sentry.Reporter,
 	defer logrus.Debug("Crash handler stopped")
 	crashHandler := crash.NewHandler(crash.ShowErrorNotification(constants.FullAppName))
-	defer crashHandler.HandlePanic()
+	defer async.HandlePanic(crashHandler)
 	// On crash, send crash report to Sentry.
 	crashHandler.AddRecoveryAction(reporter.ReportException)
@ -411,6 +485,10 @@ func withCookieJar(vault *vault.Vault, fn func(http.CookieJar) error) error {
 		return fmt.Errorf("could not create cookie jar: %w", err)
 	}
 	if err := setDeviceCookies(persister); err != nil {
 		return fmt.Errorf("could not set device cookies: %w", err)
 	}
 	// Persist the cookies to the vault when we close.
 	defer func() {
 		logrus.Debug("Persisting cookies")
@ -422,3 +500,29 @@ func withCookieJar(vault *vault.Vault, fn func(http.CookieJar) error) error {
 	return fn(persister)
 }
 // WithKeychainList init the list of usable keychains.
 func WithKeychainList(panicHandler async.PanicHandler, fn func(*keychain.List) error) error {
 	logrus.Debug("Creating keychain list")
 	defer logrus.Debug("Keychain list stop")
 	defer async.HandlePanic(panicHandler)
 	return fn(keychain.NewList())
 }
 func setDeviceCookies(jar *cookies.Jar) error {
 	url, err := url.Parse(constants.APIHost)
 	if err != nil {
 		return err
 	}
 	for name, value := range map[string]string{
 		"hhn": sentry.GetProtectedHostname(),
 		"tz":  sentry.GetTimeZone(),
 		"lng": sentry.GetSystemLang(),
 		"clr": string(theme.DefaultTheme()),
 	} {
 		jar.SetCookies(url, []*http.Cookie{{Name: name, Value: value, Secure: true}})
 	}
 	return nil
 }
--- a/internal/app/bridge.go
+++ b/internal/app/bridge.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -23,6 +23,7 @@ import (
 	"runtime"
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/go-autostart"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
@ -36,17 +37,16 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/internal/versioner"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v2"
 )
 const vaultSecretName = "bridge-vault-key"
 // deleteOldGoIMAPFiles Set with `-ldflags -X app.deleteOldGoIMAPFiles=true` to enable cleanup of old imap cache data.
 var deleteOldGoIMAPFiles bool //nolint:gochecknoglobals
-// withBridge creates creates and tears down the bridge.
+// withBridge creates and tears down the bridge.
-func withBridge( //nolint:funlen
+func withBridge(
 	c *cli.Context,
 	exe string,
 	locations *locations.Locations,
@ -56,6 +56,7 @@ func withBridge( //nolint:funlen
 	reporter *sentry.Reporter,
 	vault *vault.Vault,
 	cookieJar http.CookieJar,
 	keychains *keychain.List,
 	fn func(*bridge.Bridge, <-chan events.Event) error,
 ) error {
 	logrus.Debug("Creating bridge")
@ -79,7 +80,7 @@ func withBridge( //nolint:funlen
 	)
 	// Create a proxy dialer which switches to a proxy if the request fails.
-	proxyDialer := dialer.NewProxyTLSDialer(pinningDialer, constants.APIHost)
+	proxyDialer := dialer.NewProxyTLSDialer(pinningDialer, constants.APIHost, crashHandler)
 	// Create the autostarter.
 	autostarter := newAutostarter(exe)
@ -98,6 +99,7 @@ func withBridge( //nolint:funlen
 		autostarter,
 		updater,
 		version,
 		keychains,
 		// The API stuff.
 		constants.APIHost,
@ -110,6 +112,8 @@ func withBridge( //nolint:funlen
 		// Crash and report stuff
 		crashHandler,
 		reporter,
 		imap.DefaultEpochUIDValidityGenerator(),
 		nil,
 		// The logging stuff.
 		c.String(flagLogIMAP) == "client" || c.String(flagLogIMAP) == "all",
@ -155,7 +159,7 @@ func newUpdater(locations *locations.Locations) (*updater.Updater, error) {
 	}
 	return updater.NewUpdater(
-		updater.NewInstaller(versioner.New(updatesDir)),
+		versioner.New(updatesDir),
 		verifier,
 		constants.UpdateName,
 		runtime.GOOS,
--- a/internal/app/frontend.go
+++ b/internal/app/frontend.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -46,10 +46,11 @@ func runFrontend(
 	switch {
 	case c.Bool(flagCLI):
-		return bridgeCLI.New(bridge, restarter, eventCh).Loop()
+		return bridgeCLI.New(bridge, restarter, eventCh, crashHandler, quitCh).Loop()
 	case c.Bool(flagNonInteractive):
-		select {}
+		<-quitCh
 		return nil
 	case c.Bool(flagGRPC):
 		service, err := grpc.NewService(crashHandler, restarter, locations, bridge, eventCh, quitCh, !c.Bool(flagNoWindow), parentPID)
--- a/internal/app/migration.go
+++ b/internal/app/migration.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -43,7 +43,7 @@ import (
 // nolint:gosec
 func migrateKeychainHelper(locations *locations.Locations) error {
-	logrus.Info("Migrating keychain helper")
+	logrus.Trace("Checking if keychain helper needs to be migrated")
 	settings, err := locations.ProvideSettingsPath()
 	if err != nil {
@ -75,7 +75,11 @@ func migrateKeychainHelper(locations *locations.Locations) error {
 		return fmt.Errorf("failed to unmarshal old prefs file: %w", err)
 	}
-	return vault.SetHelper(settings, prefs.Helper)
+	err = vault.SetHelper(settings, prefs.Helper)
 	if err == nil {
 		logrus.Info("Keychain helper has been migrated")
 	}
 	return err
 }
 // nolint:gosec
@ -87,6 +91,11 @@ func migrateOldSettings(v *vault.Vault) error {
 		return fmt.Errorf("failed to get user config dir: %w", err)
 	}
 	return migrateOldSettingsWithDir(configDir, v)
 }
 // nolint:gosec
 func migrateOldSettingsWithDir(configDir string, v *vault.Vault) error {
 	b, err := os.ReadFile(filepath.Join(configDir, "protonmail", "bridge", "prefs.json"))
 	if errors.Is(err, fs.ErrNotExist) {
 		return nil
@ -94,10 +103,30 @@ func migrateOldSettings(v *vault.Vault) error {
 		return fmt.Errorf("failed to read old prefs file: %w", err)
 	}
-	return migratePrefsToVault(v, b)
+	if err := migratePrefsToVault(v, b); err != nil {
 		return fmt.Errorf("failed to migrate prefs to vault: %w", err)
 	}
 	logrus.Info("Migrating TLS certificate")
 	certPEM, err := os.ReadFile(filepath.Join(configDir, "protonmail", "bridge", "cert.pem"))
 	if errors.Is(err, fs.ErrNotExist) {
 		return nil
 	} else if err != nil {
 		return fmt.Errorf("failed to read old cert file: %w", err)
 	}
 	keyPEM, err := os.ReadFile(filepath.Join(configDir, "protonmail", "bridge", "key.pem"))
 	if errors.Is(err, fs.ErrNotExist) {
 		return nil
 	} else if err != nil {
 		return fmt.Errorf("failed to read old key file: %w", err)
 	}
 	return v.SetBridgeTLSCertKey(certPEM, keyPEM)
 }
-func migrateOldAccounts(locations *locations.Locations, v *vault.Vault) error {
+func migrateOldAccounts(locations *locations.Locations, keychains *keychain.List, v *vault.Vault) error {
 	logrus.Info("Migrating accounts")
 	settings, err := locations.ProvideSettingsPath()
@ -109,8 +138,7 @@ func migrateOldAccounts(locations *locations.Locations, v *vault.Vault) error {
 	if err != nil {
 		return fmt.Errorf("failed to get helper: %w", err)
 	}
-
+	keychain, err := keychain.NewKeychain(helper, "bridge", keychains.GetHelpers(), keychains.GetDefaultHelper())
 	keychain, err := keychain.NewKeychain(helper, "bridge")
 	if err != nil {
 		return fmt.Errorf("failed to create keychain: %w", err)
 	}
@ -187,7 +215,6 @@ func migrateOldAccount(userID string, store *credentials.Store, v *vault.Vault)
 	return nil
 }
 // nolint:funlen
 func migratePrefsToVault(vault *vault.Vault, b []byte) error {
 	var prefs struct {
 		IMAPPort int  `json:"user_port_imap,,string"`
@ -265,14 +292,6 @@ func migratePrefsToVault(vault *vault.Vault, b []byte) error {
 		errs = multierror.Append(errs, fmt.Errorf("failed to migrate show all mail: %w", err))
 	}
 	if err := vault.SetSyncWorkers(prefs.FetchWorkers); err != nil {
 		errs = multierror.Append(errs, fmt.Errorf("failed to migrate sync workers: %w", err))
 	}
 	if err := vault.SetSyncAttPool(prefs.AttachmentWorkers); err != nil {
 		errs = multierror.Append(errs, fmt.Errorf("failed to migrate sync attachment pool: %w", err))
 	}
 	if err := vault.SetCookies([]byte(prefs.Cookies)); err != nil {
 		errs = multierror.Append(errs, fmt.Errorf("failed to migrate cookies: %w", err))
 	}
--- a/internal/app/migration_test.go
+++ b/internal/app/migration_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -25,6 +25,7 @@ import (
 	"runtime"
 	"testing"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/cookies"
@ -34,57 +35,52 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/algo"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	dockerCredentials "github.com/docker/docker-credential-helpers/credentials"
 	"github.com/stretchr/testify/require"
 )
-func TestMigratePrefsToVault(t *testing.T) {
+func TestMigratePrefsToVaultWithKeys(t *testing.T) {
 	// Create a new vault.
-	vault, corrupt, err := vault.New(t.TempDir(), t.TempDir(), []byte("my secret key"))
+	vault, corrupt, err := vault.New(t.TempDir(), t.TempDir(), []byte("my secret key"), async.NoopPanicHandler{})
 	require.NoError(t, err)
-	require.False(t, corrupt)
+	require.NoError(t, corrupt)
 	// load the old prefs file.
-	b, err := os.ReadFile(filepath.Join("testdata", "prefs.json"))
+	configDir := filepath.Join("testdata", "with_keys")
 	require.NoError(t, err)
 	// Migrate the old prefs file to the new vault.
-	require.NoError(t, migratePrefsToVault(vault, b))
+	require.NoError(t, migrateOldSettingsWithDir(configDir, vault))
-	// Check that the IMAP and SMTP prefs are migrated.
+	// Check Json Settings
-	require.Equal(t, 2143, vault.GetIMAPPort())
+	validateJSONPrefs(t, vault)
 	require.Equal(t, 2025, vault.GetSMTPPort())
 	require.True(t, vault.GetSMTPSSL())
-	// Check that the update channel is migrated.
+	cert, key := vault.GetBridgeTLSCert()
-	require.True(t, vault.GetAutoUpdate())
+	// Check the keys were found and collected.
-	require.Equal(t, updater.EarlyChannel, vault.GetUpdateChannel())
+	require.Equal(t, "-----BEGIN CERTIFICATE-----", string(cert))
-	require.Equal(t, 0.4849529004202015, vault.GetUpdateRollout())
+	require.Equal(t, "-----BEGIN RSA PRIVATE KEY-----", string(key))
 }
-	// Check that the app settings have been migrated.
+func TestMigratePrefsToVaultWithoutKeys(t *testing.T) {
-	require.False(t, vault.GetFirstStart())
+	// Create a new vault.
-	require.Equal(t, "blablabla", vault.GetColorScheme())
+	vault, corrupt, err := vault.New(t.TempDir(), t.TempDir(), []byte("my secret key"), async.NoopPanicHandler{})
 	require.Equal(t, "2.3.0+git", vault.GetLastVersion().String())
 	require.True(t, vault.GetAutostart())
 	// Check that the other app settings have been migrated.
 	require.Equal(t, 16, vault.SyncWorkers())
 	require.Equal(t, 16, vault.SyncAttPool())
 	require.False(t, vault.GetProxyAllowed())
 	require.False(t, vault.GetShowAllMail())
 	// Check that the cookies have been migrated.
 	jar, err := cookiejar.New(nil)
 	require.NoError(t, err)
 	require.NoError(t, corrupt)
-	cookies, err := cookies.NewCookieJar(jar, vault)
+	// load the old prefs file.
-	require.NoError(t, err)
+	configDir := filepath.Join("testdata", "without_keys")
-	url, err := url.Parse("https://api.protonmail.ch")
+	// Migrate the old prefs file to the new vault.
-	require.NoError(t, err)
+	require.NoError(t, migrateOldSettingsWithDir(configDir, vault))
-	// There should be a cookie for the API.
+	// Migrate the old prefs file to the new vault.
-	require.NotEmpty(t, cookies.Cookies(url))
+	require.NoError(t, migrateOldSettingsWithDir(configDir, vault))
 	// Check Json Settings
 	validateJSONPrefs(t, vault)
 	// Check the keys were found and collected.
 	cert, key := vault.GetBridgeTLSCert()
 	require.NotEqual(t, []byte("-----BEGIN CERTIFICATE-----"), cert)
 	require.NotEqual(t, []byte("-----BEGIN RSA PRIVATE KEY-----"), key)
 }
 func TestKeychainMigration(t *testing.T) {
@ -101,7 +97,7 @@ func TestKeychainMigration(t *testing.T) {
 		oldCacheDir := filepath.Join(tmpDir, "protonmail", "bridge")
 		require.NoError(t, os.MkdirAll(oldCacheDir, 0o700))
-		oldPrefs, err := os.ReadFile(filepath.Join("testdata", "prefs.json"))
+		oldPrefs, err := os.ReadFile(filepath.Join("testdata", "without_keys", "protonmail", "bridge", "prefs.json"))
 		require.NoError(t, err)
 		require.NoError(t, os.WriteFile(
@ -136,11 +132,9 @@ func TestKeychainMigration(t *testing.T) {
 }
 func TestUserMigration(t *testing.T) {
-	keychainHelper := keychain.NewTestHelper()
+	kcl := keychain.NewTestKeychainsList()
-	keychain.Helpers["mock"] = func(string) (dockerCredentials.Helper, error) { return keychainHelper, nil }
+	kc, err := keychain.NewKeychain("mock", "bridge", kcl.GetHelpers(), kcl.GetDefaultHelper())
 	kc, err := keychain.NewKeychain("mock", "bridge")
 	require.NoError(t, err)
 	require.NoError(t, kc.Put("brokenID", "broken"))
@ -177,11 +171,11 @@ func TestUserMigration(t *testing.T) {
 	token, err := crypto.RandomToken(32)
 	require.NoError(t, err)
-	v, corrupt, err := vault.New(settingsFolder, settingsFolder, token)
+	v, corrupt, err := vault.New(settingsFolder, settingsFolder, token, async.NoopPanicHandler{})
 	require.NoError(t, err)
-	require.False(t, corrupt)
+	require.NoError(t, corrupt)
-	require.NoError(t, migrateOldAccounts(locations, v))
+	require.NoError(t, migrateOldAccounts(locations, kcl, v))
 	require.Equal(t, []string{wantCredentials.UserID}, v.GetUserIDs())
 	require.NoError(t, v.GetUser(wantCredentials.UserID, func(u *vault.User) {
@ -196,3 +190,38 @@ func TestUserMigration(t *testing.T) {
 		require.Equal(t, vault.CombinedMode, u.AddressMode())
 	}))
 }
 func validateJSONPrefs(t *testing.T, vault *vault.Vault) {
 	// Check that the IMAP and SMTP prefs are migrated.
 	require.Equal(t, 2143, vault.GetIMAPPort())
 	require.Equal(t, 2025, vault.GetSMTPPort())
 	require.True(t, vault.GetSMTPSSL())
 	// Check that the update channel is migrated.
 	require.True(t, vault.GetAutoUpdate())
 	require.Equal(t, updater.EarlyChannel, vault.GetUpdateChannel())
 	require.Equal(t, 0.4849529004202015, vault.GetUpdateRollout())
 	// Check that the app settings have been migrated.
 	require.False(t, vault.GetFirstStart())
 	require.Equal(t, "blablabla", vault.GetColorScheme())
 	require.Equal(t, "2.3.0+git", vault.GetLastVersion().String())
 	require.True(t, vault.GetAutostart())
 	// Check that the other app settings have been migrated.
 	require.False(t, vault.GetProxyAllowed())
 	require.False(t, vault.GetShowAllMail())
 	// Check that the cookies have been migrated.
 	jar, err := cookiejar.New(nil)
 	require.NoError(t, err)
 	cookies, err := cookies.NewCookieJar(jar, vault)
 	require.NoError(t, err)
 	url, err := url.Parse("https://api.protonmail.ch")
 	require.NoError(t, err)
 	// There should be a cookie for the API.
 	require.NotEmpty(t, cookies.Cookies(url))
 }
--- a/internal/app/singleinstance.go
+++ b/internal/app/singleinstance.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -34,17 +34,17 @@ import (
 //
 // For macOS and Linux when already running version is older than this instance
 // it will kill old and continue with this new bridge (i.e. no error returned).
-func checkSingleInstance(lockFilePath string, curVersion *semver.Version) (*os.File, error) {
+func checkSingleInstance(settingPath, lockFilePath string, curVersion *semver.Version) (*os.File, error) {
 	if lock, err := singleinstance.CreateLockFile(lockFilePath); err == nil {
 		logrus.WithField("path", lockFilePath).Debug("Created lock file; no other instance is running")
 		return lock, nil
 	}
-	logrus.Debug("Failed to create lock file; another instance is running")
+	logrus.Warn("Failed to create lock file; another instance is running")
 	// We couldn't create the lock file, so another instance is probably running.
 	// Check if it's an older version of the app.
-	lastVersion, ok := focus.TryVersion()
+	lastVersion, ok := focus.TryVersion(settingPath)
 	if !ok {
 		return nil, fmt.Errorf("failed to determine version of running instance")
 	}
--- a/internal/app/testdata/with_keys/protonmail/bridge/cert.pem
+++ b/internal/app/testdata/with_keys/protonmail/bridge/cert.pem
@ -0,0 +1 @@
 -----BEGIN CERTIFICATE-----
--- a/internal/app/testdata/with_keys/protonmail/bridge/key.pem
+++ b/internal/app/testdata/with_keys/protonmail/bridge/key.pem
@ -0,0 +1 @@
 -----BEGIN RSA PRIVATE KEY-----
--- a/internal/app/testdata/with_keys/protonmail/bridge/prefs.json
+++ b/internal/app/testdata/with_keys/protonmail/bridge/prefs.json
--- a/internal/app/testdata/without_keys/protonmail/bridge/prefs.json
+++ b/internal/app/testdata/without_keys/protonmail/bridge/prefs.json
@ -0,0 +1,31 @@
 {
 	"allow_proxy": "false",
 	"attachment_workers": "16",
 	"autostart": "true",
 	"autoupdate": "true",
 	"cache_compression": "true",
 	"cache_concurrent_read": "16",
 	"cache_concurrent_write": "16",
 	"cache_enabled": "true",
 	"cache_location": "/home/user/.config/protonmail/bridge/cache/c11/messages",
 	"cache_min_free_abs": "250000000",
 	"cache_min_free_rat": "",
 	"color_scheme": "blablabla",
 	"cookies": "{\"https://api.protonmail.ch\":[{\"Name\":\"Session-Id\",\"Value\":\"blablablablablablablablabla\",\"Path\":\"/\",\"Domain\":\"protonmail.ch\",\"Expires\":\"2023-02-19T00:20:40.269424437+01:00\",\"RawExpires\":\"\",\"MaxAge\":7776000,\"Secure\":true,\"HttpOnly\":true,\"SameSite\":0,\"Raw\":\"Session-Id=blablablablablablablablabla; Domain=protonmail.ch; Path=/; HttpOnly; Secure; Max-Age=7776000\",\"Unparsed\":null},{\"Name\":\"Tag\",\"Value\":\"default\",\"Path\":\"/\",\"Domain\":\"\",\"Expires\":\"2023-02-19T00:20:40.269428627+01:00\",\"RawExpires\":\"\",\"MaxAge\":7776000,\"Secure\":true,\"HttpOnly\":false,\"SameSite\":0,\"Raw\":\"Tag=default; Path=/; Secure; Max-Age=7776000\",\"Unparsed\":null}],\"https://protonmail.com\":[{\"Name\":\"Session-Id\",\"Value\":\"blablablablablablablablabla\",\"Path\":\"/\",\"Domain\":\"protonmail.com\",\"Expires\":\"2023-02-19T00:20:18.315084712+01:00\",\"RawExpires\":\"\",\"MaxAge\":7776000,\"Secure\":true,\"HttpOnly\":true,\"SameSite\":0,\"Raw\":\"Session-Id=Y3q2Mh-ClvqL6LWeYdfyPgAAABI; Domain=protonmail.com; Path=/; HttpOnly; Secure; Max-Age=7776000\",\"Unparsed\":null},{\"Name\":\"Tag\",\"Value\":\"redirect\",\"Path\":\"/\",\"Domain\":\"\",\"Expires\":\"2023-02-19T00:20:18.315087646+01:00\",\"RawExpires\":\"\",\"MaxAge\":7776000,\"Secure\":true,\"HttpOnly\":false,\"SameSite\":0,\"Raw\":\"Tag=redirect; Path=/; Secure; Max-Age=7776000\",\"Unparsed\":null}]}",
 	"fetch_workers": "16",
 	"first_time_start": "false",
 	"first_time_start_gui": "true",
 	"imap_workers": "16",
 	"is_all_mail_visible": "false",
 	"last_heartbeat": "325",
 	"last_used_version": "2.3.0+git",
 	"preferred_keychain": "secret-service",
 	"rebranding_migrated": "true",
 	"report_outgoing_email_without_encryption": "false",
 	"rollout": "0.4849529004202015",
 	"user_port_api": "1042",
 	"update_channel": "early",
 	"user_port_imap": "2143",
 	"user_port_smtp": "2025",
 	"user_ssl_smtp": "true"
 }
--- a/internal/app/vault.go
+++ b/internal/app/vault.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -18,59 +18,49 @@
 package app
 import (
 	"encoding/base64"
 	"fmt"
 	"path"
-	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/certs"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 )
-func WithVault(locations *locations.Locations, fn func(*vault.Vault, bool, bool) error) error {
+func WithVault(locations *locations.Locations, keychains *keychain.List, panicHandler async.PanicHandler, fn func(*vault.Vault, bool, bool) error) error {
 	logrus.Debug("Creating vault")
 	defer logrus.Debug("Vault stopped")
 	// Create the encVault.
-	encVault, insecure, corrupt, err := newVault(locations)
+	encVault, insecure, corrupt, err := newVault(locations, keychains, panicHandler)
 	if err != nil {
 		return fmt.Errorf("could not create vault: %w", err)
 	}
 	logrus.WithFields(logrus.Fields{
 		"insecure": insecure,
-		"corrupt":  corrupt,
+		"corrupt":  corrupt != nil,
 	}).Debug("Vault created")
-	// Install the certificates if needed.
+	if corrupt != nil {
-	if installed := encVault.GetCertsInstalled(); !installed {
+		logrus.WithError(corrupt).Warn("Failed to load existing vault, vault has been reset")
 		logrus.Debug("Installing certificates")
 		if err := certs.NewInstaller().InstallCert(encVault.GetBridgeTLSCert()); err != nil {
 			return fmt.Errorf("failed to install certs: %w", err)
 		}
 		if err := encVault.SetCertsInstalled(true); err != nil {
 			return fmt.Errorf("failed to set certs installed: %w", err)
 		}
 		logrus.Debug("Certificates successfully installed")
 	}
 	cert, _ := encVault.GetBridgeTLSCert()
 	certs.NewInstaller().LogCertInstallStatus(cert)
 	// GODT-1950: Add teardown actions (e.g. to close the vault).
-	return fn(encVault, insecure, corrupt)
+	return fn(encVault, insecure, corrupt != nil)
 }
-func newVault(locations *locations.Locations) (*vault.Vault, bool, bool, error) {
+func newVault(locations *locations.Locations, keychains *keychain.List, panicHandler async.PanicHandler) (*vault.Vault, bool, error, error) {
 	vaultDir, err := locations.ProvideSettingsPath()
 	if err != nil {
-		return nil, false, false, fmt.Errorf("could not get vault dir: %w", err)
+		return nil, false, nil, fmt.Errorf("could not get vault dir: %w", err)
 	}
 	logrus.WithField("vaultDir", vaultDir).Debug("Loading vault from directory")
@ -80,7 +70,8 @@ func newVault(locations *locations.Locations) (*vault.Vault, bool, bool, error)
 		insecure bool
 	)
-	if key, err := getVaultKey(vaultDir); err != nil {
+	if key, err := loadVaultKey(vaultDir, keychains); err != nil {
 		logrus.WithError(err).Error("Could not load/create vault key")
 		insecure = true
 		// We store the insecure vault in a separate directory
@ -91,53 +82,37 @@ func newVault(locations *locations.Locations) (*vault.Vault, bool, bool, error)
 	gluonCacheDir, err := locations.ProvideGluonCachePath()
 	if err != nil {
-		return nil, false, false, fmt.Errorf("could not provide gluon path: %w", err)
+		return nil, false, nil, fmt.Errorf("could not provide gluon path: %w", err)
 	}
-	vault, corrupt, err := vault.New(vaultDir, gluonCacheDir, vaultKey)
+	vault, corrupt, err := vault.New(vaultDir, gluonCacheDir, vaultKey, panicHandler)
 	if err != nil {
-		return nil, false, false, fmt.Errorf("could not create vault: %w", err)
+		return nil, false, corrupt, fmt.Errorf("could not create vault: %w", err)
 	}
 	return vault, insecure, corrupt, nil
 }
-func getVaultKey(vaultDir string) ([]byte, error) {
+func loadVaultKey(vaultDir string, keychains *keychain.List) ([]byte, error) {
 	helper, err := vault.GetHelper(vaultDir)
 	if err != nil {
 		return nil, fmt.Errorf("could not get keychain helper: %w", err)
 	}
-	keychain, err := keychain.NewKeychain(helper, constants.KeyChainName)
+	kc, err := keychain.NewKeychain(helper, constants.KeyChainName, keychains.GetHelpers(), keychains.GetDefaultHelper())
 	if err != nil {
 		return nil, fmt.Errorf("could not create keychain: %w", err)
 	}
-	secrets, err := keychain.List()
+	key, err := vault.GetVaultKey(kc)
 	if err != nil {
-		return nil, fmt.Errorf("could not list keychain: %w", err)
+		if keychain.IsErrKeychainNoItem(err) {
-	}
+			logrus.WithError(err).Warn("no vault key found, generating new")
-
+			return vault.NewVaultKey(kc)
 	if !slices.Contains(secrets, vaultSecretName) {
 		tok, err := crypto.RandomToken(32)
 		if err != nil {
 			return nil, fmt.Errorf("could not generate random token: %w", err)
 		}
-		if err := keychain.Put(vaultSecretName, base64.StdEncoding.EncodeToString(tok)); err != nil {
+		return nil, fmt.Errorf("could not check for vault key: %w", err)
 			return nil, fmt.Errorf("could not put keychain item: %w", err)
 		}
 	}
-	_, keyEnc, err := keychain.Get(vaultSecretName)
+	return key, nil
 	if err != nil {
 		return nil, fmt.Errorf("could not get keychain item: %w", err)
 	}
 	keyDec, err := base64.StdEncoding.DecodeString(keyEnc)
 	if err != nil {
 		return nil, fmt.Errorf("could not decode keychain item: %w", err)
 	}
 	return keyDec, nil
 }
--- a/internal/async/context.go
+++ b/internal/async/context.go
@ -1,82 +0,0 @@
 // Copyright (c) 2023 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package async
 import (
 	"context"
 	"sync"
 )
 // Abortable collects groups of functions that can be aborted by calling Abort.
 type Abortable struct {
 	abortFunc []context.CancelFunc
 	abortLock sync.RWMutex
 }
 func (a *Abortable) Do(ctx context.Context, fn func(context.Context)) {
 	fn(a.newCancelCtx(ctx))
 }
 func (a *Abortable) Abort() {
 	a.abortLock.RLock()
 	defer a.abortLock.RUnlock()
 	for _, fn := range a.abortFunc {
 		fn()
 	}
 }
 func (a *Abortable) newCancelCtx(ctx context.Context) context.Context {
 	a.abortLock.Lock()
 	defer a.abortLock.Unlock()
 	ctx, cancel := context.WithCancel(ctx)
 	a.abortFunc = append(a.abortFunc, cancel)
 	return ctx
 }
 // RangeContext iterates over the given channel until the context is canceled or the
 // channel is closed.
 func RangeContext[T any](ctx context.Context, ch <-chan T, fn func(T)) {
 	for {
 		select {
 		case v, ok := <-ch:
 			if !ok {
 				return
 			}
 			fn(v)
 		case <-ctx.Done():
 			return
 		}
 	}
 }
 // ForwardContext forwards all values from the src channel to the dst channel until the
 // context is canceled or the src channel is closed.
 func ForwardContext[T any](ctx context.Context, dst chan<- T, src <-chan T) {
 	RangeContext(ctx, src, func(v T) {
 		select {
 		case dst <- v:
 		case <-ctx.Done():
 		}
 	})
 }
--- a/internal/async/group.go
+++ b/internal/async/group.go
@ -1,233 +0,0 @@
 // Copyright (c) 2023 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package async
 import (
 	"context"
 	"math/rand"
 	"sync"
 	"time"
 )
 type PanicHandler interface {
 	HandlePanic()
 }
 // Group is forked and improved version of "github.com/bradenaw/juniper/xsync.Group".
 //
 // It manages a group of goroutines. The main change to original is posibility
 // to wait passed function to finish without canceling it's context and adding
 // PanicHandler.
 type Group struct {
 	baseCtx context.Context
 	ctx     context.Context
 	jobCtx  context.Context
 	cancel  context.CancelFunc
 	finish  context.CancelFunc
 	wg      sync.WaitGroup
 	panicHandler PanicHandler
 }
 // NewGroup returns a Group ready for use. The context passed to any of the f functions will be a
 // descendant of ctx.
 func NewGroup(ctx context.Context, panicHandler PanicHandler) *Group {
 	bgCtx, cancel := context.WithCancel(ctx)
 	jobCtx, finish := context.WithCancel(ctx)
 	return &Group{
 		baseCtx:      ctx,
 		ctx:          bgCtx,
 		jobCtx:       jobCtx,
 		cancel:       cancel,
 		finish:       finish,
 		panicHandler: panicHandler,
 	}
 }
 // Once calls f once from another goroutine.
 func (g *Group) Once(f func(ctx context.Context)) {
 	g.wg.Add(1)
 	go func() {
 		defer g.handlePanic()
 		f(g.ctx)
 		g.wg.Done()
 	}()
 }
 // jitterDuration returns a random duration in [d - jitter, d + jitter].
 func jitterDuration(d time.Duration, jitter time.Duration) time.Duration {
 	return d + time.Duration(float64(jitter)*((rand.Float64()*2)-1)) //nolint:gosec
 }
 // Periodic spawns a goroutine that calls f once per interval +/- jitter.
 func (g *Group) Periodic(
 	interval time.Duration,
 	jitter time.Duration,
 	f func(ctx context.Context),
 ) {
 	g.wg.Add(1)
 	go func() {
 		defer g.handlePanic()
 		defer g.wg.Done()
 		t := time.NewTimer(jitterDuration(interval, jitter))
 		defer t.Stop()
 		for {
 			if g.ctx.Err() != nil {
 				return
 			}
 			select {
 			case <-g.jobCtx.Done():
 				return
 			case <-t.C:
 			}
 			t.Reset(jitterDuration(interval, jitter))
 			f(g.ctx)
 		}
 	}()
 }
 // Trigger spawns a goroutine which calls f whenever the returned function is called. If f is
 // already running when triggered, f will run again immediately when it finishes.
 func (g *Group) Trigger(f func(ctx context.Context)) func() {
 	c := make(chan struct{}, 1)
 	g.wg.Add(1)
 	go func() {
 		defer g.handlePanic()
 		defer g.wg.Done()
 		for {
 			if g.ctx.Err() != nil {
 				return
 			}
 			select {
 			case <-g.jobCtx.Done():
 				return
 			case <-c:
 			}
 			f(g.ctx)
 		}
 	}()
 	return func() {
 		select {
 		case c <- struct{}{}:
 		default:
 		}
 	}
 }
 // PeriodicOrTrigger spawns a goroutine which calls f whenever the returned function is called.  If
 // f is already running when triggered, f will run again immediately when it finishes. Also calls f
 // when it has been interval+/-jitter since the last trigger.
 func (g *Group) PeriodicOrTrigger(
 	interval time.Duration,
 	jitter time.Duration,
 	f func(ctx context.Context),
 ) func() {
 	c := make(chan struct{}, 1)
 	g.wg.Add(1)
 	go func() {
 		defer g.handlePanic()
 		defer g.wg.Done()
 		t := time.NewTimer(jitterDuration(interval, jitter))
 		defer t.Stop()
 		for {
 			if g.ctx.Err() != nil {
 				return
 			}
 			select {
 			case <-g.jobCtx.Done():
 				return
 			case <-t.C:
 				t.Reset(jitterDuration(interval, jitter))
 			case <-c:
 				if !t.Stop() {
 					<-t.C
 				}
 				t.Reset(jitterDuration(interval, jitter))
 			}
 			f(g.ctx)
 		}
 	}()
 	return func() {
 		select {
 		case c <- struct{}{}:
 		default:
 		}
 	}
 }
 func (g *Group) resetCtx() {
 	g.jobCtx, g.finish = context.WithCancel(g.baseCtx)
 	g.ctx, g.cancel = context.WithCancel(g.baseCtx)
 }
 // Cancel is send to all of the spawn goroutines and ends periodic
 // or trigger routines.
 func (g *Group) Cancel() {
 	g.cancel()
 	g.finish()
 	g.resetCtx()
 }
 // Finish will ends all periodic or polls routines. It will let
 // currently running functions to finish (cancel is not sent).
 //
 // It is not safe to call Wait concurrently with any other method on g.
 func (g *Group) Finish() {
 	g.finish()
 	g.jobCtx, g.finish = context.WithCancel(g.baseCtx)
 }
 // CancelAndWait cancels the context passed to any of the spawned goroutines and waits for all spawned
 // goroutines to exit.
 //
 // It is not safe to call Wait concurrently with any other method on g.
 func (g *Group) CancelAndWait() {
 	g.finish()
 	g.cancel()
 	g.wg.Wait()
 	g.resetCtx()
 }
 // WaitToFinish will ends all periodic or polls routines. It will wait for
 // currently running functions to finish (cancel is not sent).
 //
 // It is not safe to call Wait concurrently with any other method on g.
 func (g *Group) WaitToFinish() {
 	g.finish()
 	g.wg.Wait()
 	g.jobCtx, g.finish = context.WithCancel(g.baseCtx)
 }
 func (g *Group) handlePanic() {
 	if g.panicHandler != nil {
 		g.panicHandler.HandlePanic()
 	}
 }
--- a/internal/bridge/api.go
+++ b/internal/bridge/api.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -21,6 +21,7 @@ import (
 	"net/http"
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/sirupsen/logrus"
@ -32,14 +33,14 @@ func defaultAPIOptions(
 	version *semver.Version,
 	cookieJar http.CookieJar,
 	transport http.RoundTripper,
-	poolSize int,
+	panicHandler async.PanicHandler,
 ) []proton.Option {
 	return []proton.Option{
 		proton.WithHostURL(apiURL),
 		proton.WithAppVersion(constants.AppVersion(version.Original())),
 		proton.WithCookieJar(cookieJar),
 		proton.WithTransport(transport),
-		proton.WithAttPoolSize(poolSize),
+		proton.WithLogger(logrus.WithField("pkg", "gpa/client")),
-		proton.WithLogger(logrus.StandardLogger()),
+		proton.WithPanicHandler(panicHandler),
 	}
 }
--- a/internal/bridge/api_default.go
+++ b/internal/bridge/api_default.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -15,7 +15,7 @@
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
-//go:build !build_qa
+//go:build !build_qa && !test_integration
 package bridge
@ -23,6 +23,7 @@ import (
 	"net/http"
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/go-proton-api"
 )
@ -32,7 +33,7 @@ func newAPIOptions(
 	version *semver.Version,
 	cookieJar http.CookieJar,
 	transport http.RoundTripper,
-	poolSize int,
+	panicHandler async.PanicHandler,
 ) []proton.Option {
-	return defaultAPIOptions(apiURL, version, cookieJar, transport, poolSize)
+	return defaultAPIOptions(apiURL, version, cookieJar, transport, panicHandler)
 }
--- a/internal/bridge/api_qa.go
+++ b/internal/bridge/api_qa.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -15,15 +15,17 @@
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
-//go:build build_qa
+//go:build build_qa || test_integration
 package bridge
 import (
 	"crypto/tls"
 	"net/http"
 	"os"
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/go-proton-api"
 )
@ -33,9 +35,17 @@ func newAPIOptions(
 	version *semver.Version,
 	cookieJar http.CookieJar,
 	transport http.RoundTripper,
-	poolSize int,
+	panicHandler async.PanicHandler,
 ) []proton.Option {
-	opt := defaultAPIOptions(apiURL, version, cookieJar, transport, poolSize)
+
 	if allow := os.Getenv("BRIDGE_ALLOW_PROXY"); allow != "" {
 		transport = &http.Transport{
 			Proxy:           http.ProxyFromEnvironment,
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 		}
 	}
 	opt := defaultAPIOptions(apiURL, version, cookieJar, transport, panicHandler)
 	if host := os.Getenv("BRIDGE_API_HOST"); host != "" {
 		opt = append(opt, proton.WithHostURL(host))
--- a/internal/bridge/bridge.go
+++ b/internal/bridge/bridge.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -23,27 +23,30 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"sync"
 	"time"
 	"github.com/Masterminds/semver/v3"
-	"github.com/ProtonMail/gluon"
+	"github.com/ProtonMail/gluon/async"
 	imapEvents "github.com/ProtonMail/gluon/events"
 	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/gluon/watcher"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/focus"
 	"github.com/ProtonMail/proton-bridge/v3/internal/identifier"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/sentry"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/imapsmtpserver"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/syncservice"
 	"github.com/ProtonMail/proton-bridge/v3/internal/telemetry"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/bradenaw/juniper/xslices"
 	"github.com/emersion/go-smtp"
 	"github.com/go-resty/resty/v2"
 	"github.com/sirupsen/logrus"
 )
@ -59,30 +62,30 @@ type Bridge struct {
 	// api manages user API clients.
 	api        *proton.Manager
 	proxyCtl   ProxyController
-	identifier Identifier
+	identifier identifier.Identifier
 	// tlsConfig holds the bridge TLS config used by the IMAP and SMTP servers.
 	tlsConfig *tls.Config
 	// imapServer is the bridge's IMAP server.
-	imapServer   *gluon.Server
+	imapEventCh chan imapEvents.Event
 	imapListener net.Listener
 	imapEventCh  chan imapEvents.Event
 	// smtpServer is the bridge's SMTP server.
 	smtpServer   *smtp.Server
 	smtpListener net.Listener
 	// updater is the bridge's updater.
 	updater   Updater
 	installCh chan installJob
 	// heartbeat is the telemetry heartbeat for metrics.
 	heartbeat *heartBeatState
 	// curVersion is the current version of the bridge,
 	// newVersion is the version that was installed by the updater.
 	curVersion     *semver.Version
 	newVersion     *semver.Version
 	newVersionLock safe.RWMutex
 	// keychains is the utils that own usable keychains found in the OS.
 	keychains *keychain.List
 	// focusService is used to raise the bridge window when needed.
 	focusService *focus.Service
@ -92,8 +95,8 @@ type Bridge struct {
 	// locator is the bridge's locator.
 	locator Locator
-	// crashHandler
+	// panicHandler
-	crashHandler async.PanicHandler
+	panicHandler async.PanicHandler
 	// reporter
 	reporter reporter.Reporter
@ -124,39 +127,48 @@ type Bridge struct {
 	// goUpdate triggers a check/install of updates.
 	goUpdate func()
 	serverManager *imapsmtpserver.Service
 	syncService   *syncservice.Service
 }
 var logPkg = logrus.WithField("pkg", "bridge") //nolint:gochecknoglobals
 // New creates a new bridge.
-func New( //nolint:funlen
+func New(
 	locator Locator, // the locator to provide paths to store data
 	vault *vault.Vault, // the bridge's encrypted data store
 	autostarter Autostarter, // the autostarter to manage autostart settings
 	updater Updater, // the updater to fetch and install updates
 	curVersion *semver.Version, // the current version of the bridge
 	keychains *keychain.List, // usable keychains
 	apiURL string, // the URL of the API to use
 	cookieJar http.CookieJar, // the cookie jar to use
-	identifier Identifier, // the identifier to keep track of the user agent
+	identifier identifier.Identifier, // the identifier to keep track of the user agent
 	tlsReporter TLSReporter, // the TLS reporter to report TLS errors
 	roundTripper http.RoundTripper, // the round tripper to use for API requests
 	proxyCtl ProxyController, // the DoH controller
-	crashHandler async.PanicHandler,
+	panicHandler async.PanicHandler,
 	reporter reporter.Reporter,
 	uidValidityGenerator imap.UIDValidityGenerator,
 	heartBeatManager telemetry.HeartbeatManager,
 	logIMAPClient, logIMAPServer bool, // whether to log IMAP client/server activity
 	logSMTP bool, // whether to log SMTP activity
 ) (*Bridge, <-chan events.Event, error) {
 	// api is the user's API manager.
-	api := proton.New(newAPIOptions(apiURL, curVersion, cookieJar, roundTripper, vault.SyncAttPool())...)
+	api := proton.New(newAPIOptions(apiURL, curVersion, cookieJar, roundTripper, panicHandler)...)
 	// tasks holds all the bridge's background tasks.
-	tasks := async.NewGroup(context.Background(), crashHandler)
+	tasks := async.NewGroup(context.Background(), panicHandler)
 	// imapEventCh forwards IMAP events from gluon instances to the bridge for processing.
 	imapEventCh := make(chan imapEvents.Event)
 	// bridge is the bridge.
 	bridge, err := newBridge(
 		context.Background(),
 		tasks,
 		imapEventCh,
@ -165,12 +177,15 @@ func New( //nolint:funlen
 		autostarter,
 		updater,
 		curVersion,
-		crashHandler,
+		keychains,
 		panicHandler,
 		reporter,
 		api,
 		identifier,
 		proxyCtl,
 		uidValidityGenerator,
 		heartBeatManager,
 		logIMAPClient, logIMAPServer, logSMTP,
 	)
 	if err != nil {
@ -185,23 +200,11 @@ func New( //nolint:funlen
 		return nil, nil, fmt.Errorf("failed to initialize bridge: %w", err)
 	}
 	// Start serving IMAP.
 	if err := bridge.serveIMAP(); err != nil {
 		logrus.WithError(err).Error("IMAP error")
 		bridge.PushError(ErrServeIMAP)
 	}
 	// Start serving SMTP.
 	if err := bridge.serveSMTP(); err != nil {
 		logrus.WithError(err).Error("SMTP error")
 		bridge.PushError(ErrServeSMTP)
 	}
 	return bridge, eventCh, nil
 }
 // nolint:funlen
 func newBridge(
 	ctx context.Context,
 	tasks *async.Group,
 	imapEventCh chan imapEvents.Event,
@ -210,12 +213,15 @@ func newBridge(
 	autostarter Autostarter,
 	updater Updater,
 	curVersion *semver.Version,
-	crashHandler async.PanicHandler,
+	keychains *keychain.List,
 	panicHandler async.PanicHandler,
 	reporter reporter.Reporter,
 	api *proton.Manager,
-	identifier Identifier,
+	identifier identifier.Identifier,
 	proxyCtl ProxyController,
 	uidValidityGenerator imap.UIDValidityGenerator,
 	heartbeatManager telemetry.HeartbeatManager,
 	logIMAPClient, logIMAPServer, logSMTP bool,
 ) (*Bridge, error) {
@ -224,16 +230,6 @@ func newBridge(
 		return nil, fmt.Errorf("failed to load TLS config: %w", err)
 	}
 	gluonCacheDir, err := getGluonDir(vault)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get Gluon directory: %w", err)
 	}
 	gluonDataDir, err := locator.ProvideGluonDataPath()
 	if err != nil {
 		return nil, fmt.Errorf("failed to get Gluon Database directory: %w", err)
 	}
 	firstStart := vault.GetFirstStart()
 	if err := vault.SetFirstStart(false); err != nil {
 		return nil, fmt.Errorf("failed to save first start indicator: %w", err)
@ -244,22 +240,9 @@ func newBridge(
 		return nil, fmt.Errorf("failed to save last version indicator: %w", err)
 	}
-	imapServer, err := newIMAPServer(
+	identifier.SetClientString(vault.GetLastUserAgent())
 		gluonCacheDir,
 		gluonDataDir,
 		curVersion,
 		tlsConfig,
 		reporter,
 		logIMAPClient,
 		logIMAPServer,
 		imapEventCh,
 		tasks,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create IMAP server: %w", err)
 	}
-	focusService, err := focus.NewService(curVersion)
+	focusService, err := focus.NewService(locator, curVersion, panicHandler)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create focus service: %w", err)
 	}
@ -275,7 +258,6 @@ func newBridge(
 		identifier: identifier,
 		tlsConfig:   tlsConfig,
 		imapServer:  imapServer,
 		imapEventCh: imapEventCh,
 		updater:   updater,
@ -285,9 +267,13 @@ func newBridge(
 		newVersion:     curVersion,
 		newVersionLock: safe.NewRWMutex(),
-		crashHandler: crashHandler,
+		keychains: keychains,
 		panicHandler: panicHandler,
 		reporter:     reporter,
 		heartbeat: newHeartBeatState(ctx, panicHandler),
 		focusService: focusService,
 		autostarter:  autostarter,
 		locator:      locator,
@ -299,15 +285,35 @@ func newBridge(
 		firstStart:  firstStart,
 		lastVersion: lastVersion,
-		tasks: tasks,
+		tasks:       tasks,
 		syncService: syncservice.NewService(reporter, panicHandler),
 	}
-	bridge.smtpServer = newSMTPServer(bridge, tlsConfig, logSMTP)
+	bridge.serverManager = imapsmtpserver.NewService(context.Background(),
 		&bridgeSMTPSettings{b: bridge},
 		&bridgeIMAPSettings{b: bridge},
 		&bridgeEventPublisher{b: bridge},
 		panicHandler,
 		reporter,
 		uidValidityGenerator,
 		&bridgeIMAPSMTPTelemetry{b: bridge},
 	)
 	if err := bridge.serverManager.Init(context.Background(), bridge.tasks, &bridgeEventSubscription{b: bridge}); err != nil {
 		return nil, err
 	}
 	if heartbeatManager == nil {
 		bridge.heartbeat.init(bridge, bridge)
 	} else {
 		bridge.heartbeat.init(bridge, heartbeatManager)
 	}
 	bridge.syncService.Run()
 	return bridge, nil
 }
 // nolint:funlen
 func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Enable or disable the proxy at startup.
 	if bridge.vault.GetProxyAllowed() {
@ -318,7 +324,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Handle connection up/down events.
 	bridge.api.AddStatusObserver(func(status proton.Status) {
-		logrus.Info("API status changed: ", status)
+		logPkg.Info("API status changed: ", status)
 		switch {
 		case status == proton.StatusUp:
@ -333,7 +339,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// If any call returns a bad version code, we need to update.
 	bridge.api.AddErrorHandler(proton.AppVersionBadCode, func() {
-		logrus.Warn("App version is bad")
+		logPkg.Warn("App version is bad")
 		bridge.publish(events.UpdateForced{})
 	})
@ -346,7 +352,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Log all manager API requests (client requests are logged separately).
 	bridge.api.AddPostRequestHook(func(_ *resty.Client, r *resty.Response) error {
 		if _, ok := proton.ClientIDFromContext(r.Request.Context()); !ok {
-			logrus.Infof("[MANAGER] %v: %v %v", r.Status(), r.Request.Method, r.Request.URL)
+			logrus.WithField("pkg", "gpa/manager").Infof("%v: %v %v", r.Status(), r.Request.Method, r.Request.URL)
 		}
 		return nil
@ -355,7 +361,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Publish a TLS issue event if a TLS issue is encountered.
 	bridge.tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, tlsReporter.GetTLSIssueCh(), func(struct{}) {
-			logrus.Warn("TLS issue encountered")
+			logPkg.Warn("TLS issue encountered")
 			bridge.publish(events.TLSIssue{})
 		})
 	})
@ -363,7 +369,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Publish a raise event if the focus service is called.
 	bridge.tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, bridge.focusService.GetRaiseCh(), func(struct{}) {
-			logrus.Info("Focus service requested raise")
+			logPkg.Info("Focus service requested raise")
 			bridge.publish(events.Raise{})
 		})
 	})
@ -371,27 +377,28 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Handle any IMAP events that are forwarded to the bridge from gluon.
 	bridge.tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, bridge.imapEventCh, func(event imapEvents.Event) {
-			logrus.WithField("event", fmt.Sprintf("%T", event)).Debug("Received IMAP event")
+			logPkg.WithField("event", fmt.Sprintf("%T", event)).Debug("Received IMAP event")
 			bridge.handleIMAPEvent(event)
 		})
 	})
-	// Attempt to lazy load users when triggered.
+	// Attempt to load users from the vault when triggered.
 	bridge.goLoad = bridge.tasks.Trigger(func(ctx context.Context) {
 		if err := bridge.loadUsers(ctx); err != nil {
-			logrus.WithError(err).Error("Failed to load users")
+			logPkg.WithError(err).Error("Failed to load users")
 			if netErr := new(proton.NetError); !errors.As(err, &netErr) {
 				sentry.ReportError(bridge.reporter, "Failed to load users", err)
 			}
-		} else {
+			return
 			bridge.publish(events.AllUsersLoaded{})
 		}
 		bridge.publish(events.AllUsersLoaded{})
 	})
 	defer bridge.goLoad()
 	// Check for updates when triggered.
 	bridge.goUpdate = bridge.tasks.PeriodicOrTrigger(constants.UpdateCheckInterval, 0, func(ctx context.Context) {
-		logrus.Info("Checking for updates")
+		logPkg.Info("Checking for updates")
 		version, err := bridge.updater.GetVersionInfo(ctx, bridge.api, bridge.vault.GetUpdateChannel())
 		if err != nil {
@ -429,25 +436,25 @@ func (bridge *Bridge) GetErrors() []error {
 }
 func (bridge *Bridge) Close(ctx context.Context) {
-	logrus.Info("Closing bridge")
+	logPkg.Info("Closing bridge")
-	// Close the IMAP server.
+	// Stop heart beat before closing users.
-	if err := bridge.closeIMAP(ctx); err != nil {
+	bridge.heartbeat.stop()
 		logrus.WithError(err).Error("Failed to close IMAP server")
 	}
 	// Close the SMTP server.
 	if err := bridge.closeSMTP(); err != nil {
 		logrus.WithError(err).Error("Failed to close SMTP server")
 	}
 	// Close all users.
-	safe.RLock(func() {
+	safe.Lock(func() {
 		for _, user := range bridge.users {
 			user.Close()
 		}
 	}, bridge.usersLock)
 	// Close the servers
 	if err := bridge.serverManager.CloseServers(ctx); err != nil {
 		logPkg.WithError(err).Error("Failed to close servers")
 	}
 	bridge.syncService.Close()
 	// Stop all ongoing tasks.
 	bridge.tasks.CancelAndWait()
@ -469,12 +476,12 @@ func (bridge *Bridge) publish(event events.Event) {
 	bridge.watchersLock.RLock()
 	defer bridge.watchersLock.RUnlock()
-	logrus.WithField("event", event).Debug("Publishing event")
+	logPkg.WithField("event", event).Debug("Publishing event")
 	for _, watcher := range bridge.watchers {
 		if watcher.IsWatching(event) {
 			if ok := watcher.Send(event); !ok {
-				logrus.WithField("event", event).Warn("Failed to send event to watcher")
+				logPkg.WithField("event", event).Warn("Failed to send event to watcher")
 			}
 		}
 	}
@ -484,7 +491,7 @@ func (bridge *Bridge) addWatcher(ofType ...events.Event) *watcher.Watcher[events
 	bridge.watchersLock.Lock()
 	defer bridge.watchersLock.Unlock()
-	watcher := watcher.New(ofType...)
+	watcher := watcher.New(bridge.panicHandler, ofType...)
 	bridge.watchers = append(bridge.watchers, watcher)
@ -506,26 +513,14 @@ func (bridge *Bridge) remWatcher(watcher *watcher.Watcher[events.Event]) {
 	watcher.Close()
 }
-func (bridge *Bridge) onStatusUp(ctx context.Context) {
+func (bridge *Bridge) onStatusUp(_ context.Context) {
-	logrus.Info("Handling API status up")
+	logPkg.Info("Handling API status up")
 	safe.RLock(func() {
 		for _, user := range bridge.users {
 			user.OnStatusUp(ctx)
 		}
 	}, bridge.usersLock)
 	bridge.goLoad()
 }
 func (bridge *Bridge) onStatusDown(ctx context.Context) {
-	logrus.Info("Handling API status down")
+	logPkg.Info("Handling API status down")
 	safe.RLock(func() {
 		for _, user := range bridge.users {
 			user.OnStatusDown(ctx)
 		}
 	}, bridge.usersLock)
 	for backoff := time.Second; ; backoff = min(backoff*2, 30*time.Second) {
 		select {
@ -533,10 +528,10 @@ func (bridge *Bridge) onStatusDown(ctx context.Context) {
 			return
 		case <-time.After(backoff):
-			logrus.Info("Pinging API")
+			logPkg.Info("Pinging API")
 			if err := bridge.api.Ping(ctx); err != nil {
-				logrus.WithError(err).Warn("Ping failed, API is still unreachable")
+				logPkg.WithError(err).Warn("Ping failed, API is still unreachable")
 			} else {
 				return
 			}
@ -545,7 +540,7 @@ func (bridge *Bridge) onStatusDown(ctx context.Context) {
 }
 func loadTLSConfig(vault *vault.Vault) (*tls.Config, error) {
-	cert, err := tls.X509KeyPair(vault.GetBridgeTLSCert(), vault.GetBridgeTLSKey())
+	cert, err := tls.X509KeyPair(vault.GetBridgeTLSCert())
 	if err != nil {
 		return nil, err
 	}
@ -556,24 +551,6 @@ func loadTLSConfig(vault *vault.Vault) (*tls.Config, error) {
 	}, nil
 }
 func newListener(port int, useTLS bool, tlsConfig *tls.Config) (net.Listener, error) {
 	if useTLS {
 		tlsListener, err := tls.Listen("tcp", fmt.Sprintf("%v:%v", constants.Host, port), tlsConfig)
 		if err != nil {
 			return nil, err
 		}
 		return tlsListener, nil
 	}
 	netListener, err := net.Listen("tcp", fmt.Sprintf("%v:%v", constants.Host, port))
 	if err != nil {
 		return nil, err
 	}
 	return netListener, nil
 }
 func min(a, b time.Duration) time.Duration {
 	if a < b {
 		return a
--- a/internal/bridge/bridge_test.go
+++ b/internal/bridge/bridge_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -21,14 +21,18 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
 	"testing"
 	"time"
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/go-proton-api/server/backend"
@ -40,14 +44,19 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/focus"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/imapsmtpserver"
 	"github.com/ProtonMail/proton-bridge/v3/internal/updater"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/ProtonMail/proton-bridge/v3/tests"
 	"github.com/bradenaw/juniper/xslices"
-	"github.com/emersion/go-imap/client"
+	imapid "github.com/emersion/go-imap-id"
 	"github.com/emersion/go-sasl"
 	"github.com/emersion/go-smtp"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
 )
 var (
@ -121,8 +130,11 @@ func TestBridge_Focus(t *testing.T) {
 			raiseCh, done := bridge.GetEvents(events.Raise{})
 			defer done()
 			settingsFolder, err := locator.ProvideSettingsPath()
 			require.NoError(t, err)
 			// Simulate a focus event.
-			focus.TryRaise()
+			focus.TryRaise(settingsFolder)
 			// Wait for the event.
 			require.IsType(t, events.Raise{}, <-raiseCh)
@ -164,6 +176,174 @@ func TestBridge_UserAgent(t *testing.T) {
 	})
 }
 func TestBridge_UserAgent_Persistence(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		otherPassword := []byte("bar")
 		otherUser := "foo"
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
 			currentUserAgent := b.GetCurrentUserAgent()
 			require.Contains(t, currentUserAgent, useragent.DefaultUserAgent)
 			require.NoError(t, getErr(b.LoginFull(ctx, otherUser, otherPassword, nil, nil)))
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			defer func() { _ = imapClient.Logout() }()
 			idClient := imapid.NewClient(imapClient)
 			// Set IMAP ID before Login to have the value capture in the Login API Call.
 			_, err = idClient.ID(imapid.ID{
 				imapid.FieldName:    "MyFancyClient",
 				imapid.FieldVersion: "0.1.2",
 			})
 			require.NoError(t, err)
 			// Login the user.
 			_, err = b.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
 			// Assert that the user agent then contains the platform.
 			require.Contains(t, b.GetCurrentUserAgent(), "MyFancyClient/0.1.2")
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			currentUserAgent := bridge.GetCurrentUserAgent()
 			require.Contains(t, currentUserAgent, "MyFancyClient/0.1.2")
 		})
 	})
 }
 func TestBridge_UserAgentFromUnknownClient(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		otherPassword := []byte("bar")
 		otherUser := "foo"
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
 			currentUserAgent := b.GetCurrentUserAgent()
 			require.Contains(t, currentUserAgent, useragent.DefaultUserAgent)
 			userID, err := b.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			defer func() { _ = imapClient.Logout() }()
 			info, err := b.GetUserInfo(userID)
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
 			require.NoError(t, imapClient.Login(info.Addresses[0], string(info.BridgePass)))
 			currentUserAgent = b.GetCurrentUserAgent()
 			require.Contains(t, currentUserAgent, "UnknownClient/0.0.1")
 		})
 	})
 }
 func TestBridge_UserAgentFromSMTPClient(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		otherPassword := []byte("bar")
 		otherUser := "foo"
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
 			currentUserAgent := b.GetCurrentUserAgent()
 			require.Contains(t, currentUserAgent, useragent.DefaultUserAgent)
 			userID, err := b.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
 			client, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(b.GetSMTPPort())))
 			require.NoError(t, err)
 			defer client.Close() //nolint:errcheck
 			info, err := b.GetUserInfo(userID)
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
 			// Upgrade to TLS.
 			require.NoError(t, client.StartTLS(&tls.Config{InsecureSkipVerify: true}))
 			require.NoError(t, client.Auth(sasl.NewLoginClient(
 				info.Addresses[0],
 				string(info.BridgePass)),
 			))
 			require.Eventually(t, func() bool {
 				currentUserAgent = b.GetCurrentUserAgent()
 				return strings.Contains(currentUserAgent, "UnknownClient/0.0.1")
 			}, time.Minute, 5*time.Second)
 		})
 	})
 }
 func TestBridge_UserAgentFromIMAPID(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		var (
 			calls []server.Call
 			lock  sync.Mutex
 		)
 		s.AddCallWatcher(func(call server.Call) {
 			lock.Lock()
 			defer lock.Unlock()
 			calls = append(calls, call)
 		})
 		otherPassword := []byte("bar")
 		otherUser := "foo"
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
 			require.NoError(t, getErr(b.LoginFull(ctx, otherUser, otherPassword, nil, nil)))
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			defer func() { _ = imapClient.Logout() }()
 			idClient := imapid.NewClient(imapClient)
 			// Set IMAP ID before Login to have the value capture in the Login API Call.
 			_, err = idClient.ID(imapid.ID{
 				imapid.FieldName:    "MyFancyClient",
 				imapid.FieldVersion: "0.1.2",
 			})
 			require.NoError(t, err)
 			// Login the user.
 			userID, err := b.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
 			info, err := b.GetUserInfo(userID)
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
 			require.NoError(t, imapClient.Login(info.Addresses[0], string(info.BridgePass)))
 			lock.Lock()
 			defer lock.Unlock()
 			userAgent := calls[len(calls)-1].RequestHeader.Get("User-Agent")
 			// Assert that the user agent was sent to the API.
 			require.Contains(t, userAgent, b.GetCurrentUserAgent())
 			require.Contains(t, userAgent, "MyFancyClient/0.1.2")
 		})
 	})
 }
 func TestBridge_Cookies(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		var (
@ -370,7 +550,7 @@ func TestBridge_MissingGluonStore(t *testing.T) {
 		require.NoError(t, os.RemoveAll(gluonDir))
 		// Bridge starts but can't find the gluon store dir; there should be no error.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			// ...
 		})
 	})
@ -408,6 +588,10 @@ func TestBridge_AddressWithoutKeys(t *testing.T) {
 		defer m.Close()
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			// Watch for sync finished event.
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
 			// Create a user which will have an address without keys.
 			userID, _, err := s.CreateUser("nokeys", []byte("password"))
 			require.NoError(t, err)
@ -428,10 +612,6 @@ func TestBridge_AddressWithoutKeys(t *testing.T) {
 			// Remove the address keys.
 			require.NoError(t, s.RemoveAddressKey(userID, aliasAddrID, aliasAddr.Keys[0].ID))
 			// Watch for sync finished event.
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
 			// We should be able to log the user in.
 			require.NoError(t, getErr(bridge.LoginFull(context.Background(), "nokeys", []byte("password"), nil, nil)))
 			require.NoError(t, err)
@ -487,15 +667,33 @@ func TestBridge_InitGluonDirectory(t *testing.T) {
 			configDir, err := b.GetGluonDataDir()
 			require.NoError(t, err)
-			_, err = os.ReadDir(bridge.ApplyGluonCachePathSuffix(b.GetGluonCacheDir()))
+			_, err = os.ReadDir(imapsmtpserver.ApplyGluonCachePathSuffix(b.GetGluonCacheDir()))
 			require.False(t, os.IsNotExist(err))
-			_, err = os.ReadDir(bridge.ApplyGluonConfigPathSuffix(configDir))
+			_, err = os.ReadDir(imapsmtpserver.ApplyGluonConfigPathSuffix(configDir))
 			require.False(t, os.IsNotExist(err))
 		})
 	})
 }
 func TestBridge_LoginFailed(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			failCh, done := chToType[events.Event, events.IMAPLoginFailed](bridge.GetEvents(events.IMAPLoginFailed{}))
 			defer done()
 			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			imapClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.Error(t, imapClient.Login("badUser", "badPass"))
 			require.Equal(t, "badUser", (<-failCh).Username)
 		})
 	})
 }
 func TestBridge_ChangeCacheDirectory(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		userID, addrID, err := s.CreateUser("imap", password)
@ -530,16 +728,16 @@ func TestBridge_ChangeCacheDirectory(t *testing.T) {
 			require.NoError(t, err)
 			// Old store should no more exists.
-			_, err = os.ReadDir(bridge.ApplyGluonCachePathSuffix(currentCacheDir))
+			_, err = os.ReadDir(imapsmtpserver.ApplyGluonCachePathSuffix(currentCacheDir))
 			require.True(t, os.IsNotExist(err))
 			// Database should not have changed.
-			_, err = os.ReadDir(bridge.ApplyGluonConfigPathSuffix(configDir))
+			_, err = os.ReadDir(imapsmtpserver.ApplyGluonConfigPathSuffix(configDir))
 			require.False(t, os.IsNotExist(err))
 			// New path should have Gluon sub-folder.
 			require.Equal(t, filepath.Join(newCacheDir, "gluon"), b.GetGluonCacheDir())
 			// And store should be inside it.
-			_, err = os.ReadDir(bridge.ApplyGluonCachePathSuffix(b.GetGluonCacheDir()))
+			_, err = os.ReadDir(imapsmtpserver.ApplyGluonCachePathSuffix(b.GetGluonCacheDir()))
 			require.False(t, os.IsNotExist(err))
 			// We should be able to fetch.
@ -547,7 +745,7 @@ func TestBridge_ChangeCacheDirectory(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -587,7 +785,7 @@ func TestBridge_ChangeAddressOrder(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -608,7 +806,7 @@ func TestBridge_ChangeAddressOrder(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -624,6 +822,9 @@ func TestBridge_ChangeAddressOrder(t *testing.T) {
 // withEnv creates the full test environment and runs the tests.
 func withEnv(t *testing.T, tests func(context.Context, *server.Server, *proton.NetCtl, bridge.Locator, []byte), opts ...server.Option) {
 	opt := goleak.IgnoreCurrent()
 	defer goleak.VerifyNone(t, opt)
 	server := server.New(opts...)
 	defer server.Close()
@ -657,6 +858,9 @@ func withMocks(t *testing.T, tests func(*bridge.Mocks)) {
 	tests(mocks)
 }
 // Needs to be global to survive bridge shutdown/startup in unit tests as they happen to fast.
 var testUIDValidityGenerator = imap.DefaultEpochUIDValidityGenerator()
 // withBridge creates a new bridge which points to the given API URL and uses the given keychain, and closes it when done.
 func withBridgeNoMocks(
 	ctx context.Context,
@ -667,6 +871,7 @@ func withBridgeNoMocks(
 	locator bridge.Locator,
 	vaultKey []byte,
 	tests func(*bridge.Bridge),
 	waitOnServers bool,
 ) {
 	// Bridge will disable the proxy by default at startup.
 	mocks.ProxyCtl.EXPECT().DisallowProxy()
@ -676,7 +881,7 @@ func withBridgeNoMocks(
 	require.NoError(t, err)
 	// Create the vault.
-	vault, _, err := vault.New(vaultDir, t.TempDir(), vaultKey)
+	vault, _, err := vault.New(vaultDir, t.TempDir(), vaultKey, async.NoopPanicHandler{})
 	require.NoError(t, err)
 	// Create a new cookie jar.
@ -692,6 +897,7 @@ func withBridgeNoMocks(
 		mocks.Autostarter,
 		mocks.Updater,
 		v2_3_0,
 		keychain.NewTestKeychainsList(),
 		// The API stuff.
 		apiURL,
@ -702,6 +908,8 @@ func withBridgeNoMocks(
 		mocks.ProxyCtl,
 		mocks.CrashHandler,
 		mocks.Reporter,
 		testUIDValidityGenerator,
 		mocks.Heartbeat,
 		// The logging stuff.
 		os.Getenv("BRIDGE_LOG_IMAP_CLIENT") == "1",
@ -715,8 +923,15 @@ func withBridgeNoMocks(
 	waitForEvent(t, eventCh, events.AllUsersLoaded{})
 	// Set random IMAP and SMTP ports for the tests.
-	require.NoError(t, bridge.SetIMAPPort(0))
+	require.NoError(t, bridge.SetIMAPPort(ctx, 0))
-	require.NoError(t, bridge.SetSMTPPort(0))
+	require.NoError(t, bridge.SetSMTPPort(ctx, 0))
 	if waitOnServers {
 		// Wait for bridge to start the IMAP server.
 		waitForEvent(t, eventCh, events.IMAPServerReady{})
 		// Wait for bridge to start the SMTP server.
 		waitForEvent(t, eventCh, events.SMTPServerReady{})
 	}
 	// Close the bridge when done.
 	defer bridge.Close(ctx)
@ -738,11 +953,28 @@ func withBridge(
 	withMocks(t, func(mocks *bridge.Mocks) {
 		withBridgeNoMocks(ctx, t, mocks, apiURL, netCtl, locator, vaultKey, func(bridge *bridge.Bridge) {
 			tests(bridge, mocks)
-		})
+		}, false)
 	})
 }
-func waitForEvent[T any](t *testing.T, eventCh <-chan events.Event, wantEvent T) {
+// withBridgeWaitForServers is the same as withBridge, but it will wait until IMAP & SMTP servers are ready.
 func withBridgeWaitForServers(
 	ctx context.Context,
 	t *testing.T,
 	apiURL string,
 	netCtl *proton.NetCtl,
 	locator bridge.Locator,
 	vaultKey []byte,
 	tests func(*bridge.Bridge, *bridge.Mocks),
 ) {
 	withMocks(t, func(mocks *bridge.Mocks) {
 		withBridgeNoMocks(ctx, t, mocks, apiURL, netCtl, locator, vaultKey, func(bridge *bridge.Bridge) {
 			tests(bridge, mocks)
 		}, true)
 	})
 }
 func waitForEvent[T any](t *testing.T, eventCh <-chan events.Event, _ T) {
 	t.Helper()
 	for event := range eventCh {
@ -776,6 +1008,7 @@ func getConnectedUserIDs(t *testing.T, b *bridge.Bridge) []string {
 func chToType[In, Out any](inCh <-chan In, done func()) (<-chan Out, func()) {
 	outCh := make(chan Out)
 	ctx, cancel := context.WithCancel(context.Background())
 	go func() {
 		defer close(outCh)
@ -785,9 +1018,62 @@ func chToType[In, Out any](inCh <-chan In, done func()) (<-chan Out, func()) {
 				panic(fmt.Sprintf("unexpected type %T", in))
 			}
-			outCh <- out
+			select {
 			case <-ctx.Done():
 				return
 			case outCh <- out:
 			}
 		}
 	}()
-	return outCh, done
+	return outCh, func() {
 		cancel()
 		done()
 	}
 }
 type eventWaiter struct {
 	evtCh  <-chan events.Event
 	cancel func()
 }
 func (e *eventWaiter) Done() {
 	e.cancel()
 }
 func (e *eventWaiter) Wait() {
 	<-e.evtCh
 }
 func waitForSMTPServerReady(b *bridge.Bridge) *eventWaiter {
 	evtCh, cancel := b.GetEvents(events.SMTPServerReady{})
 	return &eventWaiter{
 		evtCh:  evtCh,
 		cancel: cancel,
 	}
 }
 func waitForSMTPServerStopped(b *bridge.Bridge) *eventWaiter {
 	evtCh, cancel := b.GetEvents(events.SMTPServerStopped{})
 	return &eventWaiter{
 		evtCh:  evtCh,
 		cancel: cancel,
 	}
 }
 func waitForIMAPServerReady(b *bridge.Bridge) *eventWaiter {
 	evtCh, cancel := b.GetEvents(events.IMAPServerReady{})
 	return &eventWaiter{
 		evtCh:  evtCh,
 		cancel: cancel,
 	}
 }
 func waitForIMAPServerStopped(b *bridge.Bridge) *eventWaiter {
 	evtCh, cancel := b.GetEvents(events.IMAPServerStopped{})
 	return &eventWaiter{
 		evtCh:  evtCh,
 		cancel: cancel,
 	}
 }
--- a/internal/bridge/bug_report.go
+++ b/internal/bridge/bug_report.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -18,216 +18,149 @@
 package bridge
 import (
 	"archive/zip"
 	"bytes"
 	"context"
 	"errors"
 	"io"
 	"os"
 	"path/filepath"
 	"sort"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 )
 const (
-	MaxTotalAttachmentSize  = 7 * (1 << 20)
+	DefaultMaxBugReportZipSize         = 7 * 1024 * 1024
-	MaxCompressedFilesCount = 6
+	DefaultMaxSessionCountForBugReport = 10
 )
-func (bridge *Bridge) ReportBug(ctx context.Context, osType, osVersion, description, username, email, client string, attachLogs bool) error { //nolint:funlen
+type ReportBugReq struct {
-	var account string
+	OSType      string
 	OSVersion   string
 	Title       string
 	Description string
 	Username    string
 	Email       string
 	EmailClient string
 	IncludeLogs bool
 }
-	if info, err := bridge.QueryUserInfo(username); err == nil {
+func (bridge *Bridge) ReportBug(ctx context.Context, report *ReportBugReq) error {
-		account = info.Username
+	if info, err := bridge.QueryUserInfo(report.Username); err == nil {
 		report.Username = info.Username
 	} else if userIDs := bridge.GetUserIDs(); len(userIDs) > 0 {
 		if err := bridge.vault.GetUser(userIDs[0], func(user *vault.User) {
-			account = user.Username()
+			report.Username = user.Username()
 		}); err != nil {
 			return err
 		}
 	}
-	var atts []proton.ReportBugAttachment
+	var attachments []proton.ReportBugAttachment
-
+	if report.IncludeLogs {
-	if attachLogs {
+		logs, err := bridge.CollectLogs()
 		logs, err := getMatchingLogs(bridge.locator, func(filename string) bool {
 			return logging.MatchLogName(filename) && !logging.MatchStackTraceName(filename)
 		})
 		if err != nil {
 			return err
 		}
-
+		attachments = append(attachments, logs)
 		crashes, err := getMatchingLogs(bridge.locator, func(filename string) bool {
 			return logging.MatchLogName(filename) && logging.MatchStackTraceName(filename)
 		})
 		if err != nil {
 			return err
 		}
 		guiLogs, err := getMatchingLogs(bridge.locator, func(filename string) bool {
 			return logging.MatchGUILogName(filename) && !logging.MatchStackTraceName(filename)
 		})
 		if err != nil {
 			return err
 		}
 		var matchFiles []string
 		// Include bridge logs, up to a maximum amount.
 		matchFiles = append(matchFiles, logs[max(0, len(logs)-(MaxCompressedFilesCount/2)):]...)
 		// Include crash logs, up to a maximum amount.
 		matchFiles = append(matchFiles, crashes[max(0, len(crashes)-(MaxCompressedFilesCount/2)):]...)
 		// bridge-gui keeps just one small (~ 1kb) log file; we always include it.
 		if len(guiLogs) > 0 {
 			matchFiles = append(matchFiles, guiLogs[len(guiLogs)-1])
 		}
 		archive, err := zipFiles(matchFiles)
 		if err != nil {
 			return err
 		}
 		body, err := io.ReadAll(archive)
 		if err != nil {
 			return err
 		}
 		atts = append(atts, proton.ReportBugAttachment{
 			Name:     "logs.zip",
 			Filename: "logs.zip",
 			MIMEType: "application/zip",
 			Body:     body,
 		})
 	}
-	return bridge.api.ReportBug(ctx, proton.ReportBugReq{
+	var firstAtt proton.ReportBugAttachment
-		OS:        osType,
+	if len(attachments) > 0 && report.IncludeLogs {
-		OSVersion: osVersion,
+		firstAtt = attachments[0]
 	}
-		Title:       "[Bridge] Bug",
+	attachmentType := proton.AttachmentTypeSync
-		Description: description,
+	if len(attachments) > 1 {
 		attachmentType = proton.AttachmentTypeAsync
 	}
-		Client:        client,
+	token, err := bridge.createTicket(ctx, report, attachmentType, firstAtt)
 	if err != nil || token == "" {
 		return err
 	}
 	safe.RLock(func() {
 		for _, user := range bridge.users {
 			user.ReportBugSent()
 		}
 	}, bridge.usersLock)
 	// if we have a token we can append more attachment to the bugReport
 	for i, att := range attachments {
 		if i == 0 && report.IncludeLogs {
 			continue
 		}
 		err := bridge.appendComment(ctx, token, att)
 		if err != nil {
 			return err
 		}
 	}
 	return err
 }
 func (bridge *Bridge) CollectLogs() (proton.ReportBugAttachment, error) {
 	logsPath, err := bridge.locator.ProvideLogsPath()
 	if err != nil {
 		return proton.ReportBugAttachment{}, err
 	}
 	buffer, err := logging.ZipLogsForBugReport(logsPath, DefaultMaxSessionCountForBugReport, DefaultMaxBugReportZipSize)
 	if err != nil {
 		return proton.ReportBugAttachment{}, err
 	}
 	body, err := io.ReadAll(buffer)
 	if err != nil {
 		return proton.ReportBugAttachment{}, err
 	}
 	return proton.ReportBugAttachment{
 		Name:     "logs.zip",
 		Filename: "logs.zip",
 		MIMEType: "application/zip",
 		Body:     body,
 	}, nil
 }
 func (bridge *Bridge) createTicket(ctx context.Context, report *ReportBugReq,
 	asyncAttach proton.AttachmentType, att proton.ReportBugAttachment) (string, error) {
 	var attachments []proton.ReportBugAttachment
 	attachments = append(attachments, att)
 	res, err := bridge.api.ReportBug(ctx, proton.ReportBugReq{
 		OS:        report.OSType,
 		OSVersion: report.OSVersion,
 		Title:       "[Bridge] Bug - " + report.Title,
 		Description: report.Description,
 		Client:        report.EmailClient,
 		ClientType:    proton.ClientTypeEmail,
 		ClientVersion: constants.AppVersion(bridge.curVersion.Original()),
-		Username: account,
+		Username: report.Username,
-		Email:    email,
+		Email:    report.Email,
-	}, atts...)
+
 		AsyncAttachments: asyncAttach,
 	}, attachments...)
 	if err != nil || asyncAttach != proton.AttachmentTypeAsync {
 		return "", err
 	}
 	if asyncAttach == proton.AttachmentTypeAsync && res.Token == nil {
 		return "", errors.New("no token returns for AsyncAttachments")
 	}
 	return *res.Token, nil
 }
-func max(a, b int) int {
+func (bridge *Bridge) appendComment(ctx context.Context, token string, att proton.ReportBugAttachment) error {
-	if a > b {
+	var attachments []proton.ReportBugAttachment
-		return a
+	attachments = append(attachments, att)
-	}
+	return bridge.api.ReportBugAttachement(ctx, proton.ReportBugAttachmentReq{
-
+		Product: proton.ClientTypeEmail,
-	return b
+		Body:    "Comment adding attachment: " + att.Filename,
-}
+		Token:   token,
-
+	}, attachments...)
 func getMatchingLogs(locator Locator, filenameMatchFunc func(string) bool) (filenames []string, err error) {
 	logsPath, err := locator.ProvideLogsPath()
 	if err != nil {
 		return nil, err
 	}
 	files, err := os.ReadDir(logsPath)
 	if err != nil {
 		return nil, err
 	}
 	var matchFiles []string
 	for _, file := range files {
 		if filenameMatchFunc(file.Name()) {
 			matchFiles = append(matchFiles, filepath.Join(logsPath, file.Name()))
 		}
 	}
 	sort.Strings(matchFiles) // Sorted by timestamp: oldest first.
 	return matchFiles, nil
 }
 type limitedBuffer struct {
 	capacity int
 	buf      *bytes.Buffer
 }
 func newLimitedBuffer(capacity int) *limitedBuffer {
 	return &limitedBuffer{
 		capacity: capacity,
 		buf:      bytes.NewBuffer(make([]byte, 0, capacity)),
 	}
 }
 func (b *limitedBuffer) Write(p []byte) (n int, err error) {
 	if len(p)+b.buf.Len() > b.capacity {
 		return 0, ErrSizeTooLarge
 	}
 	return b.buf.Write(p)
 }
 func (b *limitedBuffer) Read(p []byte) (n int, err error) {
 	return b.buf.Read(p)
 }
 func zipFiles(filenames []string) (io.Reader, error) {
 	if len(filenames) == 0 {
 		return nil, nil
 	}
 	buf := newLimitedBuffer(MaxTotalAttachmentSize)
 	w := zip.NewWriter(buf)
 	defer w.Close() //nolint:errcheck
 	for _, file := range filenames {
 		if err := addFileToZip(file, w); err != nil {
 			return nil, err
 		}
 	}
 	if err := w.Close(); err != nil {
 		return nil, err
 	}
 	return buf, nil
 }
 func addFileToZip(filename string, writer *zip.Writer) error {
 	fileReader, err := os.Open(filepath.Clean(filename))
 	if err != nil {
 		return err
 	}
 	defer fileReader.Close() //nolint:errcheck,gosec
 	fileInfo, err := fileReader.Stat()
 	if err != nil {
 		return err
 	}
 	header, err := zip.FileInfoHeader(fileInfo)
 	if err != nil {
 		return err
 	}
 	header.Method = zip.Deflate
 	header.Name = filepath.Base(filename)
 	fileWriter, err := writer.CreateHeader(header)
 	if err != nil {
 		return err
 	}
 	if _, err := io.Copy(fileWriter, fileReader); err != nil {
 		return err
 	}
 	return fileReader.Close()
 }
--- a/internal/bridge/config_status.go
+++ b/internal/bridge/config_status.go
@ -0,0 +1,46 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge
 import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 )
 func (bridge *Bridge) ReportBugClicked() {
 	safe.RLock(func() {
 		for _, user := range bridge.users {
 			user.ReportBugClicked()
 		}
 	}, bridge.usersLock)
 }
 func (bridge *Bridge) AutoconfigUsed(client string) {
 	safe.RLock(func() {
 		for _, user := range bridge.users {
 			user.AutoconfigUsed(client)
 		}
 	}, bridge.usersLock)
 }
 func (bridge *Bridge) ExternalLinkClicked(article string) {
 	safe.RLock(func() {
 		for _, user := range bridge.users {
 			user.ExternalLinkClicked(article)
 		}
 	}, bridge.usersLock)
 }
--- a/internal/bridge/configure.go
+++ b/internal/bridge/configure.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -18,6 +18,8 @@
 package bridge
 import (
 	"context"
 	"errors"
 	"strings"
 	"github.com/ProtonMail/proton-bridge/v3/internal/clientconfig"
@ -29,10 +31,10 @@ import (
 	"github.com/sirupsen/logrus"
 )
-// ConfigureAppleMail configures apple mail for the given userID and address.
+// ConfigureAppleMail configures Apple Mail for the given userID and address.
-// If configuring apple mail for Catalina or newer, it ensures Bridge is using SSL.
+// If configuring Apple Mail for Catalina or newer, it ensures Bridge is using SSL.
-func (bridge *Bridge) ConfigureAppleMail(userID, address string) error {
+func (bridge *Bridge) ConfigureAppleMail(ctx context.Context, userID, address string) error {
-	logrus.WithFields(logrus.Fields{
+	logPkg.WithFields(logrus.Fields{
 		"userID":  userID,
 		"address": logging.Sensitive(address),
 	}).Info("Configuring Apple Mail")
@ -43,20 +45,32 @@ func (bridge *Bridge) ConfigureAppleMail(userID, address string) error {
 			return ErrNoSuchUser
 		}
-		if address == "" {
+		emails := user.Emails()
-			address = user.Emails()[0]
+		displayNames := user.DisplayNames()
 		if (len(emails) == 0) || (len(displayNames) == 0) {
 			return errors.New("could not retrieve user address info")
 		}
-		username := address
+		if address == "" {
-		addresses := address
+			address = emails[0]
 		}
 		var username, displayName, addresses string
 		if user.GetAddressMode() == vault.CombinedMode {
-			username = user.Emails()[0]
+			username = address
-			addresses = strings.Join(user.Emails(), ",")
+			displayName = displayNames[username]
 			addresses = strings.Join(emails, ",")
 		} else {
 			username = address
 			addresses = address
 			displayName = displayNames[address]
 			if len(displayName) == 0 {
 				displayName = address
 			}
 		}
 		if useragent.IsCatalinaOrNewer() && !bridge.vault.GetSMTPSSL() {
-			if err := bridge.SetSMTPSSL(true); err != nil {
+			if err := bridge.SetSMTPSSL(ctx, true); err != nil {
 				return err
 			}
 		}
@ -68,6 +82,7 @@ func (bridge *Bridge) ConfigureAppleMail(userID, address string) error {
 			bridge.vault.GetIMAPSSL(),
 			bridge.vault.GetSMTPSSL(),
 			username,
 			displayName,
 			addresses,
 			user.BridgePass(),
 		)
--- a/internal/bridge/debug.go
+++ b/internal/bridge/debug.go
@ -0,0 +1,301 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge
 import (
 	"context"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/gluon/rfc822"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/bradenaw/juniper/iterator"
 	"github.com/bradenaw/juniper/xslices"
 	goimap "github.com/emersion/go-imap"
 	goimapclient "github.com/emersion/go-imap/client"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/maps"
 )
 type CheckClientStateResult struct {
 	MissingMessages map[string]map[string]user.DiagMailboxMessage
 }
 func (c *CheckClientStateResult) AddMissingMessage(userID string, message user.DiagMailboxMessage) {
 	v, ok := c.MissingMessages[userID]
 	if !ok {
 		c.MissingMessages[userID] = map[string]user.DiagMailboxMessage{message.ID: message}
 	} else {
 		v[message.ID] = message
 	}
 }
 // CheckClientState checks the current IMAP client reported state against the proton server state and reports
 // anything that is out of place.
 func (bridge *Bridge) CheckClientState(ctx context.Context, checkFlags bool, progressCB func(string)) (CheckClientStateResult, error) {
 	bridge.usersLock.RLock()
 	defer bridge.usersLock.RUnlock()
 	users := maps.Values(bridge.users)
 	result := CheckClientStateResult{
 		MissingMessages: make(map[string]map[string]user.DiagMailboxMessage),
 	}
 	for _, usr := range users {
 		if progressCB != nil {
 			progressCB(fmt.Sprintf("Checking state for user %v", usr.Name()))
 		}
 		log := logrus.WithFields(logrus.Fields{
 			"pkg":  "bridge/debug",
 			"user": usr.Name(),
 			"diag": "state-check",
 		})
 		log.Debug("Retrieving all server metadata")
 		meta, err := usr.GetDiagnosticMetadata(ctx)
 		if err != nil {
 			return result, err
 		}
 		success := true
 		if len(meta.Metadata) != len(meta.MessageIDs) {
 			log.Errorf("Metadata (%v) and message(%v) list sizes do not match", len(meta.Metadata), len(meta.MessageIDs))
 		}
 		log.Debug("Building state")
 		state, err := meta.BuildMailboxToMessageMap(ctx, usr)
 		if err != nil {
 			log.WithError(err).Error("Failed to build state")
 			return result, err
 		}
 		info, err := bridge.GetUserInfo(usr.ID())
 		if err != nil {
 			log.WithError(err).Error("Failed to get user info")
 			return result, err
 		}
 		addr := fmt.Sprintf("127.0.0.1:%v", bridge.GetIMAPPort())
 		for account, mboxMap := range state {
 			if progressCB != nil {
 				progressCB(fmt.Sprintf("Checking state for user %v's account '%v'", usr.Name(), account))
 			}
 			if err := func(account string, mboxMap user.AccountMailboxMap) error {
 				client, err := goimapclient.Dial(addr)
 				if err != nil {
 					log.WithError(err).Error("Failed to connect to imap client")
 					return err
 				}
 				defer func() {
 					_ = client.Logout()
 				}()
 				if err := client.Login(account, string(info.BridgePass)); err != nil {
 					return fmt.Errorf("failed to login for user %v:%w", usr.Name(), err)
 				}
 				log := log.WithField("account", account)
 				for mboxName, messageList := range mboxMap {
 					log := log.WithField("mbox", mboxName)
 					status, err := client.Select(mboxName, true)
 					if err != nil {
 						log.WithError(err).Errorf("Failed to select mailbox %v", messageList)
 						return fmt.Errorf("failed to select '%v':%w", mboxName, err)
 					}
 					log.Debug("Checking message count")
 					if int(status.Messages) != len(messageList) {
 						success = false
 						log.Errorf("Message count doesn't match, got '%v' expected '%v'", status.Messages, len(messageList))
 					}
 					ids, err := clientGetMessageIDs(client, mboxName)
 					if err != nil {
 						return fmt.Errorf("failed to get message ids for mbox '%v': %w", mboxName, err)
 					}
 					for _, msg := range messageList {
 						imapFlags, ok := ids[msg.ID]
 						if !ok {
 							if meta.FailedMessageIDs.Contains(msg.ID) {
 								log.Warningf("Missing message '%v', but it is part of failed message set", msg.ID)
 							} else {
 								log.Errorf("Missing message '%v'", msg.ID)
 							}
 							result.AddMissingMessage(msg.UserID, msg)
 							continue
 						}
 						if checkFlags {
 							if !imapFlags.Equals(msg.Flags) {
 								log.Errorf("Message '%v' flags do mot match, got=%v, expected=%v",
 									msg.ID,
 									imapFlags.ToSlice(),
 									msg.Flags.ToSlice(),
 								)
 							}
 						}
 					}
 				}
 				if !success {
 					log.Errorf("State does not match")
 				} else {
 					log.Info("State matches")
 				}
 				return nil
 			}(account, mboxMap); err != nil {
 				return result, err
 			}
 		}
 		// Check for orphaned messages (only present in All Mail)
 		if progressCB != nil {
 			progressCB(fmt.Sprintf("Checking user %v for orphans", usr.Name()))
 		}
 		log.Debugf("Checking for orphans")
 		for _, m := range meta.Metadata {
 			filteredLabels := xslices.Filter(m.LabelIDs, func(t string) bool {
 				switch t {
 				case proton.AllMailLabel:
 					return false
 				case proton.AllSentLabel:
 					return false
 				case proton.AllDraftsLabel:
 					return false
 				case proton.OutboxLabel:
 					return false
 				default:
 					return true
 				}
 			})
 			if len(filteredLabels) == 0 {
 				log.Warnf("Message %v is only present in All Mail (Subject=%v)", m.ID, m.Subject)
 			}
 		}
 	}
 	return result, nil
 }
 func (bridge *Bridge) DebugDownloadFailedMessages(
 	ctx context.Context,
 	result CheckClientStateResult,
 	exportPath string,
 	progressCB func(string, int, int),
 ) error {
 	bridge.usersLock.RLock()
 	defer bridge.usersLock.RUnlock()
 	for userID, messages := range result.MissingMessages {
 		usr, ok := bridge.users[userID]
 		if !ok {
 			return fmt.Errorf("failed to find user with id %v", userID)
 		}
 		userDir := filepath.Join(exportPath, userID)
 		if err := os.MkdirAll(userDir, 0o700); err != nil {
 			return fmt.Errorf("failed to create directory '%v': %w", userDir, err)
 		}
 		if err := usr.DebugDownloadMessages(ctx, userDir, messages, progressCB); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 func clientGetMessageIDs(client *goimapclient.Client, mailbox string) (map[string]imap.FlagSet, error) {
 	status, err := client.Select(mailbox, true)
 	if err != nil {
 		return nil, err
 	}
 	if status.Messages == 0 {
 		return nil, nil
 	}
 	resCh := make(chan *goimap.Message)
 	section, err := goimap.ParseBodySectionName("BODY[HEADER]")
 	if err != nil {
 		return nil, err
 	}
 	fetchItems := []goimap.FetchItem{"BODY[HEADER]", goimap.FetchFlags}
 	seq, err := goimap.ParseSeqSet("1:*")
 	if err != nil {
 		return nil, err
 	}
 	go func() {
 		if err := client.Fetch(
 			seq,
 			fetchItems,
 			resCh,
 		); err != nil {
 			panic(err)
 		}
 	}()
 	messages := iterator.Collect(iterator.Chan(resCh))
 	ids := make(map[string]imap.FlagSet, len(messages))
 	for i, m := range messages {
 		literal, err := io.ReadAll(m.GetBody(section))
 		if err != nil {
 			return nil, err
 		}
 		header, err := rfc822.NewHeader(literal)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse header for msg %v: %w", i, err)
 		}
 		internalID, ok := header.GetChecked("X-Pm-Internal-Id")
 		if !ok {
 			logrus.WithField("pkg", "bridge/debug").Errorf("Message %v does not have internal id", internalID)
 			continue
 		}
 		messageFlags := imap.NewFlagSet(m.Flags...)
 		// Recent and Deleted are not part of the proton flag set.
 		messageFlags.RemoveFromSelf("\\Recent")
 		messageFlags.RemoveFromSelf("\\Deleted")
 		ids[internalID] = messageFlags
 	}
 	return ids, nil
 }
--- a/internal/bridge/draft_test.go
+++ b/internal/bridge/draft_test.go
@ -0,0 +1,171 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge_test
 import (
 	"bytes"
 	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
 	"net"
 	"strings"
 	"testing"
 	"time"
 	"github.com/ProtonMail/gluon/rfc822"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	go_imap "github.com/emersion/go-imap"
 	"github.com/emersion/go-sasl"
 	"github.com/emersion/go-smtp"
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/require"
 )
 func TestBridge_HandleDraftsSendFromOtherClient(t *testing.T) {
 	getGluonHeaderID := func(literal []byte) (string, string) {
 		h, err := rfc822.NewHeader(literal)
 		require.NoError(t, err)
 		gluonID, ok := h.GetChecked("X-Pm-Gluon-Id")
 		require.True(t, ok)
 		externalID, ok := h.GetChecked("Message-Id")
 		require.True(t, ok)
 		return gluonID, externalID
 	}
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		_, _, err := s.CreateUser("imap", password)
 		require.NoError(t, err)
 		_, _, err = s.CreateUser("bar", password)
 		require.NoError(t, err)
 		// The initial user should be fully synced.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()
 			userID, err := b.LoginFull(ctx, "imap", password, nil, nil)
 			require.NoError(t, err)
 			require.Equal(t, userID, (<-syncCh).UserID)
 			info, err := b.GetUserInfo(userID)
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
 			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
 			// Create first draft in client.
 			literal := fmt.Sprintf(`From: %v
 To: %v
 Date: Fri, 3 Feb 2023 01:04:32 +0100
 Subject: Foo
 Hello
 `, info.Addresses[0], "bar@proton.local")
 			require.NoError(t, client.Append("Drafts", nil, time.Now(), strings.NewReader(literal)))
 			// Verify the draft is available in client.
 			require.Eventually(t, func() bool {
 				status, err := client.Status("Drafts", []go_imap.StatusItem{go_imap.StatusMessages})
 				require.NoError(t, err)
 				return status.Messages == 1
 			}, 2*time.Second, time.Second)
 			// Retrieve the new literal so we can have the Proton Message ID.
 			messages, err := clientFetch(client, "Drafts")
 			require.NoError(t, err)
 			require.Equal(t, 1, len(messages))
 			newLiteral, err := io.ReadAll(messages[0].GetBody(must(go_imap.ParseBodySectionName("BODY[]"))))
 			require.NoError(t, err)
 			logrus.Info(string(newLiteral))
 			newLiteralID, newLiteralExternID := getGluonHeaderID(newLiteral)
 			// Modify new literal.
 			newLiteralModified := append(newLiteral, []byte(" world from client2")...) //nolint:gocritic
 			func() {
 				smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(b.GetSMTPPort())))
 				require.NoError(t, err)
 				defer func() { _ = smtpClient.Close() }()
 				// Upgrade to TLS.
 				require.NoError(t, smtpClient.StartTLS(&tls.Config{InsecureSkipVerify: true}))
 				// Authorize with SASL PLAIN.
 				require.NoError(t, smtpClient.Auth(sasl.NewPlainClient(
 					info.Addresses[0],
 					info.Addresses[0],
 					string(info.BridgePass)),
 				))
 				// Send the message.
 				require.NoError(t, smtpClient.SendMail(
 					info.Addresses[0],
 					[]string{"bar@proton.local"},
 					bytes.NewReader(newLiteralModified),
 				))
 			}()
 			// Append message to Sent as the imap client would.
 			require.NoError(t, client.Append("Sent", nil, time.Now(), strings.NewReader(literal)))
 			// Verify the sent message gets updated with the new literal.
 			require.Eventually(t, func() bool {
 				// Check if sent message matches the latest draft.
 				messagesClient1, err := clientFetch(client, "Sent", "BODY[TEXT]", "BODY[]")
 				require.NoError(t, err)
 				if len(messagesClient1) != 1 {
 					return false
 				}
 				sentLiteral, err := io.ReadAll(messagesClient1[0].GetBody(must(go_imap.ParseBodySectionName("BODY[]"))))
 				require.NoError(t, err)
 				sentLiteralID, sentLiteralExternID := getGluonHeaderID(sentLiteral)
 				sentLiteralText, err := io.ReadAll(messagesClient1[0].GetBody(must(go_imap.ParseBodySectionName("BODY[TEXT]"))))
 				require.NoError(t, err)
 				sentLiteralStr := string(sentLiteralText)
 				literalMatches := sentLiteralStr == "Hello\r\n world from client2\r\n"
 				idIsDifferent := sentLiteralID != newLiteralID
 				externIDMatches := sentLiteralExternID == newLiteralExternID
 				return literalMatches && idIsDifferent && externIDMatches
 			}, 2*time.Second, time.Second)
 		})
 	}, server.WithMessageDedup())
 }
--- a/internal/bridge/errors.go
+++ b/internal/bridge/errors.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -22,10 +22,7 @@ import "errors"
 var (
 	ErrVaultInsecure = errors.New("the vault is insecure")
 	ErrVaultCorrupt  = errors.New("the vault is corrupt")
-
+	ErrWatchUpdates  = errors.New("failed to watch for updates")
 	ErrServeIMAP    = errors.New("failed to serve IMAP")
 	ErrServeSMTP    = errors.New("failed to serve SMTP")
 	ErrWatchUpdates = errors.New("failed to watch for updates")
 	ErrNoSuchUser          = errors.New("no such user")
 	ErrUserAlreadyExists   = errors.New("user already exists")
--- a/internal/bridge/events.go
+++ b/internal/bridge/events.go
@ -0,0 +1,45 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge
 import (
 	"context"
 	"github.com/ProtonMail/gluon/watcher"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 )
 type bridgeEventSubscription struct {
 	b *Bridge
 }
 func (b bridgeEventSubscription) Add(ofType ...events.Event) *watcher.Watcher[events.Event] {
 	return b.b.addWatcher(ofType...)
 }
 func (b bridgeEventSubscription) Remove(watcher *watcher.Watcher[events.Event]) {
 	b.b.remWatcher(watcher)
 }
 type bridgeEventPublisher struct {
 	b *Bridge
 }
 func (b bridgeEventPublisher) PublishEvent(_ context.Context, event events.Event) {
 	b.b.publish(event)
 }
--- a/internal/bridge/heartbeat.go
+++ b/internal/bridge/heartbeat.go
@ -0,0 +1,167 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge
 import (
 	"context"
 	"encoding/json"
 	"sync"
 	"time"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/telemetry"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/sirupsen/logrus"
 )
 const HeartbeatCheckInterval = time.Hour
 type heartBeatState struct {
 	task *async.Group
 	telemetry.Heartbeat
 	taskLock     sync.Mutex
 	taskStarted  bool
 	taskInterval time.Duration
 }
 func newHeartBeatState(ctx context.Context, panicHandler async.PanicHandler) *heartBeatState {
 	return &heartBeatState{
 		task: async.NewGroup(ctx, panicHandler),
 	}
 }
 func (h *heartBeatState) init(bridge *Bridge, manager telemetry.HeartbeatManager) {
 	h.Heartbeat = telemetry.NewHeartbeat(manager, 1143, 1025, bridge.GetGluonCacheDir(), bridge.keychains.GetDefaultHelper())
 	h.taskInterval = manager.GetHeartbeatPeriodicInterval()
 	h.SetRollout(bridge.GetUpdateRollout())
 	h.SetAutoStart(bridge.GetAutostart())
 	h.SetAutoUpdate(bridge.GetAutoUpdate())
 	h.SetBeta(bridge.GetUpdateChannel())
 	h.SetDoh(bridge.GetProxyAllowed())
 	h.SetShowAllMail(bridge.GetShowAllMail())
 	h.SetIMAPConnectionMode(bridge.GetIMAPSSL())
 	h.SetSMTPConnectionMode(bridge.GetSMTPSSL())
 	h.SetIMAPPort(bridge.GetIMAPPort())
 	h.SetSMTPPort(bridge.GetSMTPPort())
 	h.SetCacheLocation(bridge.GetGluonCacheDir())
 	if val, err := bridge.GetKeychainApp(); err != nil {
 		h.SetKeyChainPref(val)
 	} else {
 		h.SetKeyChainPref(bridge.keychains.GetDefaultHelper())
 	}
 	h.SetPrevVersion(bridge.GetLastVersion().String())
 	safe.RLock(func() {
 		var splitMode = false
 		for _, user := range bridge.users {
 			if user.GetAddressMode() == vault.SplitMode {
 				splitMode = true
 				break
 			}
 		}
 		var nbAccount = len(bridge.users)
 		h.SetNbAccount(nbAccount)
 		h.SetSplitMode(splitMode)
 		// Do not try to send if there is no user yet.
 		if nbAccount > 0 {
 			defer h.start()
 		}
 	}, bridge.usersLock)
 }
 func (h *heartBeatState) start() {
 	h.taskLock.Lock()
 	defer h.taskLock.Unlock()
 	if h.taskStarted {
 		return
 	}
 	h.taskStarted = true
 	h.task.PeriodicOrTrigger(h.taskInterval, 0, func(ctx context.Context) {
 		logrus.WithField("pkg", "bridge/heartbeat").Debug("Checking for heartbeat")
 		h.TrySending(ctx)
 	})
 }
 func (h *heartBeatState) stop() {
 	h.taskLock.Lock()
 	defer h.taskLock.Unlock()
 	if !h.taskStarted {
 		return
 	}
 	h.task.CancelAndWait()
 	h.taskStarted = false
 }
 func (bridge *Bridge) IsTelemetryAvailable(ctx context.Context) bool {
 	var flag = true
 	if bridge.GetTelemetryDisabled() {
 		return false
 	}
 	safe.RLock(func() {
 		for _, user := range bridge.users {
 			flag = flag && user.IsTelemetryEnabled(ctx)
 		}
 	}, bridge.usersLock)
 	return flag
 }
 func (bridge *Bridge) SendHeartbeat(ctx context.Context, heartbeat *telemetry.HeartbeatData) bool {
 	data, err := json.Marshal(heartbeat)
 	if err != nil {
 		if err := bridge.reporter.ReportMessageWithContext("Cannot parse heartbeat data.", reporter.Context{
 			"error": err,
 		}); err != nil {
 			logrus.WithField("pkg", "bridge/heartbeat").WithError(err).Error("Failed to parse heartbeat data.")
 		}
 		return false
 	}
 	var sent = false
 	safe.RLock(func() {
 		for _, user := range bridge.users {
 			if err := user.SendTelemetry(ctx, data); err == nil {
 				sent = true
 				break
 			}
 		}
 	}, bridge.usersLock)
 	return sent
 }
 func (bridge *Bridge) GetLastHeartbeatSent() time.Time {
 	return bridge.vault.GetLastHeartbeatSent()
 }
 func (bridge *Bridge) SetLastHeartbeatSent(timestamp time.Time) error {
 	return bridge.vault.SetLastHeartbeatSent(timestamp)
 }
 func (bridge *Bridge) GetHeartbeatPeriodicInterval() time.Duration {
 	return HeartbeatCheckInterval
 }
--- a/internal/bridge/identifier.go
+++ b/internal/bridge/identifier.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -17,6 +17,8 @@
 package bridge
 import "github.com/sirupsen/logrus"
 func (bridge *Bridge) GetCurrentUserAgent() string {
 	return bridge.identifier.GetUserAgent()
 }
@ -24,3 +26,49 @@ func (bridge *Bridge) GetCurrentUserAgent() string {
 func (bridge *Bridge) SetCurrentPlatform(platform string) {
 	bridge.identifier.SetPlatform(platform)
 }
 func (bridge *Bridge) setUserAgent(name, version string) {
 	currentUserAgent := bridge.identifier.GetClientString()
 	bridge.identifier.SetClient(name, version)
 	newUserAgent := bridge.identifier.GetClientString()
 	if currentUserAgent != newUserAgent {
 		if err := bridge.vault.SetLastUserAgent(newUserAgent); err != nil {
 			logrus.WithError(err).Error("Failed to write new user agent to vault")
 		}
 	}
 }
 type bridgeUserAgentUpdater struct {
 	*Bridge
 }
 func (b *bridgeUserAgentUpdater) GetUserAgent() string {
 	return b.identifier.GetUserAgent()
 }
 func (b *bridgeUserAgentUpdater) HasClient() bool {
 	return b.identifier.HasClient()
 }
 func (b *bridgeUserAgentUpdater) SetClient(name, version string) {
 	b.identifier.SetClient(name, version)
 }
 func (b *bridgeUserAgentUpdater) SetPlatform(platform string) {
 	b.identifier.SetPlatform(platform)
 }
 func (b *bridgeUserAgentUpdater) SetClientString(client string) {
 	b.identifier.SetClientString(client)
 }
 func (b *bridgeUserAgentUpdater) GetClientString() string {
 	return b.identifier.GetClientString()
 }
 func (b *bridgeUserAgentUpdater) SetUserAgent(name, version string) {
 	b.setUserAgent(name, version)
 }
--- a/internal/bridge/imap.go
+++ b/internal/bridge/imap.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -20,338 +20,112 @@ package bridge
 import (
 	"context"
 	"crypto/tls"
-	"fmt"
+	"strings"
 	"io"
 	"os"
 	"path/filepath"
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon"
 	imapEvents "github.com/ProtonMail/gluon/events"
-	"github.com/ProtonMail/gluon/reporter"
+	"github.com/ProtonMail/proton-bridge/v3/internal/events"
-	"github.com/ProtonMail/gluon/store"
+	"github.com/ProtonMail/proton-bridge/v3/internal/services/imapsmtpserver"
-	"github.com/ProtonMail/proton-bridge/v3/internal/async"
+	"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/sirupsen/logrus"
 )
-const (
+func (bridge *Bridge) restartIMAP(ctx context.Context) error {
-	defaultClientName    = "UnknownClient"
+	return bridge.serverManager.RestartIMAP(ctx)
 	defaultClientVersion = "0.0.1"
 )
 func (bridge *Bridge) serveIMAP() error {
 	if bridge.imapServer == nil {
 		return fmt.Errorf("no imap server instance running")
 	}
 	logrus.Info("Starting IMAP server")
 	imapListener, err := newListener(bridge.vault.GetIMAPPort(), bridge.vault.GetIMAPSSL(), bridge.tlsConfig)
 	if err != nil {
 		return fmt.Errorf("failed to create IMAP listener: %w", err)
 	}
 	bridge.imapListener = imapListener
 	if err := bridge.imapServer.Serve(context.Background(), bridge.imapListener); err != nil {
 		return fmt.Errorf("failed to serve IMAP: %w", err)
 	}
 	if err := bridge.vault.SetIMAPPort(getPort(imapListener.Addr())); err != nil {
 		return fmt.Errorf("failed to store IMAP port in vault: %w", err)
 	}
 	return nil
 }
 func (bridge *Bridge) restartIMAP() error {
 	logrus.Info("Restarting IMAP server")
 	if bridge.imapListener != nil {
 		if err := bridge.imapListener.Close(); err != nil {
 			return fmt.Errorf("failed to close IMAP listener: %w", err)
 		}
 	}
 	return bridge.serveIMAP()
 }
 func (bridge *Bridge) closeIMAP(ctx context.Context) error {
 	logrus.Info("Closing IMAP server")
 	if bridge.imapServer != nil {
 		if err := bridge.imapServer.Close(ctx); err != nil {
 			return fmt.Errorf("failed to close IMAP server: %w", err)
 		}
 		bridge.imapServer = nil
 	}
 	if bridge.imapListener != nil {
 		if err := bridge.imapListener.Close(); err != nil {
 			return fmt.Errorf("failed to close IMAP listener: %w", err)
 		}
 	}
 	return nil
 }
 // addIMAPUser connects the given user to gluon.
 //
 //nolint:funlen
 func (bridge *Bridge) addIMAPUser(ctx context.Context, user *user.User) error {
 	if bridge.imapServer == nil {
 		return fmt.Errorf("no imap server instance running")
 	}
 	imapConn, err := user.NewIMAPConnectors()
 	if err != nil {
 		return fmt.Errorf("failed to create IMAP connectors: %w", err)
 	}
 	for addrID, imapConn := range imapConn {
 		log := logrus.WithFields(logrus.Fields{
 			"userID": user.ID(),
 			"addrID": addrID,
 		})
 		if gluonID, ok := user.GetGluonID(addrID); ok {
 			log.WithField("gluonID", gluonID).Info("Loading existing IMAP user")
 			// Load the user, checking whether the DB was newly created.
 			isNew, err := bridge.imapServer.LoadUser(ctx, imapConn, gluonID, user.GluonKey())
 			if err != nil {
 				return fmt.Errorf("failed to load IMAP user: %w", err)
 			}
 			if isNew {
 				// If the DB was newly created, clear the sync status; gluon's DB was not found.
 				logrus.Warn("IMAP user DB was newly created, clearing sync status")
 				// Remove the user from IMAP so we can clear the sync status.
 				if err := bridge.imapServer.RemoveUser(ctx, gluonID, false); err != nil {
 					return fmt.Errorf("failed to remove IMAP user: %w", err)
 				}
 				// Clear the sync status -- we need to resync all messages.
 				if err := user.ClearSyncStatus(); err != nil {
 					return fmt.Errorf("failed to clear sync status: %w", err)
 				}
 				// Add the user back to the IMAP server.
 				if isNew, err := bridge.imapServer.LoadUser(ctx, imapConn, gluonID, user.GluonKey()); err != nil {
 					return fmt.Errorf("failed to add IMAP user: %w", err)
 				} else if isNew {
 					panic("IMAP user should already have a database")
 				}
 			} else if status := user.GetSyncStatus(); !status.HasLabels {
 				// Otherwise, the DB already exists -- if the labels are not yet synced, we need to re-create the DB.
 				if err := bridge.imapServer.RemoveUser(ctx, gluonID, true); err != nil {
 					return fmt.Errorf("failed to remove old IMAP user: %w", err)
 				}
 				if err := user.RemoveGluonID(addrID, gluonID); err != nil {
 					return fmt.Errorf("failed to remove old IMAP user ID: %w", err)
 				}
 				gluonID, err := bridge.imapServer.AddUser(ctx, imapConn, user.GluonKey())
 				if err != nil {
 					return fmt.Errorf("failed to add IMAP user: %w", err)
 				}
 				if err := user.SetGluonID(addrID, gluonID); err != nil {
 					return fmt.Errorf("failed to set IMAP user ID: %w", err)
 				}
 				log.WithField("gluonID", gluonID).Info("Re-created IMAP user")
 			}
 		} else {
 			log.Info("Creating new IMAP user")
 			gluonID, err := bridge.imapServer.AddUser(ctx, imapConn, user.GluonKey())
 			if err != nil {
 				return fmt.Errorf("failed to add IMAP user: %w", err)
 			}
 			if err := user.SetGluonID(addrID, gluonID); err != nil {
 				return fmt.Errorf("failed to set IMAP user ID: %w", err)
 			}
 			log.WithField("gluonID", gluonID).Info("Created new IMAP user")
 		}
 	}
 	// Trigger a sync for the user, if needed.
 	user.TriggerSync()
 	return nil
 }
 // removeIMAPUser disconnects the given user from gluon, optionally also removing its files.
 func (bridge *Bridge) removeIMAPUser(ctx context.Context, user *user.User, withData bool) error {
 	if bridge.imapServer == nil {
 		return fmt.Errorf("no imap server instance running")
 	}
 	logrus.WithFields(logrus.Fields{
 		"userID":   user.ID(),
 		"withData": withData,
 	}).Debug("Removing IMAP user")
 	for addrID, gluonID := range user.GetGluonIDs() {
 		if err := bridge.imapServer.RemoveUser(ctx, gluonID, withData); err != nil {
 			return fmt.Errorf("failed to remove IMAP user: %w", err)
 		}
 		if withData {
 			if err := user.RemoveGluonID(addrID, gluonID); err != nil {
 				return fmt.Errorf("failed to remove IMAP user ID: %w", err)
 			}
 		}
 	}
 	return nil
 }
 func (bridge *Bridge) handleIMAPEvent(event imapEvents.Event) {
 	log := logrus.WithField("pkg", "bridge/event/imap")
 	switch event := event.(type) {
 	case imapEvents.UserAdded:
 		for labelID, count := range event.Counts {
-			logrus.WithFields(logrus.Fields{
+			log.WithFields(logrus.Fields{
 				"gluonID": event.UserID,
 				"labelID": labelID,
 				"count":   count,
 			}).Info("Received mailbox message count")
 		}
 	case imapEvents.SessionAdded:
 		if !bridge.identifier.HasClient() {
 			bridge.identifier.SetClient(defaultClientName, defaultClientVersion)
 		}
 	case imapEvents.IMAPID:
-		logrus.WithFields(logrus.Fields{
+		log.WithFields(logrus.Fields{
 			"sessionID": event.SessionID,
 			"name":      event.IMAPID.Name,
 			"version":   event.IMAPID.Version,
 		}).Info("Received IMAP ID")
 		if event.IMAPID.Name != "" && event.IMAPID.Version != "" {
-			bridge.identifier.SetClient(event.IMAPID.Name, event.IMAPID.Version)
+			bridge.setUserAgent(event.IMAPID.Name, event.IMAPID.Version)
 		}
 	case imapEvents.LoginFailed:
 		log.WithFields(logrus.Fields{
 			"sessionID": event.SessionID,
 			"username":  event.Username,
 			"pkg":       "imap",
 		}).Error("Incorrect login credentials.")
 		bridge.publish(events.IMAPLoginFailed{Username: event.Username})
 	case imapEvents.Login:
 		if strings.Contains(bridge.GetCurrentUserAgent(), useragent.DefaultUserAgent) {
 			bridge.setUserAgent(useragent.UnknownClient, useragent.DefaultVersion)
 		}
 	}
 }
-func getGluonDir(encVault *vault.Vault) (string, error) {
+type bridgeIMAPSettings struct {
-	if err := os.MkdirAll(encVault.GetGluonCacheDir(), 0o700); err != nil {
+	b *Bridge
-		return "", fmt.Errorf("failed to create gluon dir: %w", err)
+}
 func (b *bridgeIMAPSettings) EventPublisher() imapsmtpserver.IMAPEventPublisher {
 	return b
 }
 func (b *bridgeIMAPSettings) TLSConfig() *tls.Config {
 	return b.b.tlsConfig
 }
 func (b *bridgeIMAPSettings) LogClient() bool {
 	return b.b.logIMAPClient
 }
 func (b *bridgeIMAPSettings) LogServer() bool {
 	return b.b.logIMAPServer
 }
 func (b *bridgeIMAPSettings) Port() int {
 	return b.b.vault.GetIMAPPort()
 }
 func (b *bridgeIMAPSettings) SetPort(i int) error {
 	return b.b.vault.SetIMAPPort(i)
 }
 func (b *bridgeIMAPSettings) UseSSL() bool {
 	return b.b.vault.GetIMAPSSL()
 }
 func (b *bridgeIMAPSettings) CacheDirectory() string {
 	return b.b.GetGluonCacheDir()
 }
 func (b *bridgeIMAPSettings) DataDirectory() (string, error) {
 	return b.b.GetGluonDataDir()
 }
 func (b *bridgeIMAPSettings) SetCacheDirectory(s string) error {
 	return b.b.vault.SetGluonDir(s)
 }
 func (b *bridgeIMAPSettings) Version() *semver.Version {
 	return b.b.curVersion
 }
 func (b *bridgeIMAPSettings) PublishIMAPEvent(ctx context.Context, event imapEvents.Event) {
 	select {
 	case <-ctx.Done():
 		return
 	case b.b.imapEventCh <- event:
 		// do nothing
 	}
 	return encVault.GetGluonCacheDir(), nil
 }
 func ApplyGluonCachePathSuffix(basePath string) string {
 	return filepath.Join(basePath, "backend", "store")
 }
 func ApplyGluonConfigPathSuffix(basePath string) string {
 	return filepath.Join(basePath, "backend", "db")
 }
 // nolint:funlen
 func newIMAPServer(
 	gluonCacheDir, gluonConfigDir string,
 	version *semver.Version,
 	tlsConfig *tls.Config,
 	reporter reporter.Reporter,
 	logClient, logServer bool,
 	eventCh chan<- imapEvents.Event,
 	tasks *async.Group,
 ) (*gluon.Server, error) {
 	gluonCacheDir = ApplyGluonCachePathSuffix(gluonCacheDir)
 	gluonConfigDir = ApplyGluonConfigPathSuffix(gluonConfigDir)
 	logrus.WithFields(logrus.Fields{
 		"gluonStore": gluonCacheDir,
 		"gluonDB":    gluonConfigDir,
 		"version":    version,
 		"logClient":  logClient,
 		"logServer":  logServer,
 	}).Info("Creating IMAP server")
 	if logClient || logServer {
 		log := logrus.WithField("protocol", "IMAP")
 		log.Warning("================================================")
 		log.Warning("THIS LOG WILL CONTAIN **DECRYPTED** MESSAGE DATA")
 		log.Warning("================================================")
 	}
 	var imapClientLog io.Writer
 	if logClient {
 		imapClientLog = logging.NewIMAPLogger()
 	} else {
 		imapClientLog = io.Discard
 	}
 	var imapServerLog io.Writer
 	if logServer {
 		imapServerLog = logging.NewIMAPLogger()
 	} else {
 		imapServerLog = io.Discard
 	}
 	imapServer, err := gluon.New(
 		gluon.WithTLS(tlsConfig),
 		gluon.WithDataDir(gluonCacheDir),
 		gluon.WithDatabaseDir(gluonConfigDir),
 		gluon.WithStoreBuilder(new(storeBuilder)),
 		gluon.WithLogger(imapClientLog, imapServerLog),
 		getGluonVersionInfo(version),
 		gluon.WithReporter(reporter),
 	)
 	if err != nil {
 		return nil, err
 	}
 	tasks.Once(func(ctx context.Context) {
 		async.ForwardContext(ctx, eventCh, imapServer.AddWatcher())
 	})
 	tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, imapServer.GetErrorCh(), func(err error) {
 			logrus.WithError(err).Error("IMAP server error")
 		})
 	})
 	return imapServer, nil
 }
 func getGluonVersionInfo(version *semver.Version) gluon.Option {
 	return gluon.WithVersionInfo(
 		int(version.Major()),
 		int(version.Minor()),
 		int(version.Patch()),
 		constants.FullAppName,
 		"TODO",
 		"TODO",
 	)
 }
 type storeBuilder struct{}
 func (*storeBuilder) New(path, userID string, passphrase []byte) (store.Store, error) {
 	return store.NewOnDiskStore(
 		filepath.Join(path, userID),
 		passphrase,
 		store.WithCompressor(new(store.GZipCompressor)),
 	)
 }
 func (*storeBuilder) Delete(path, userID string) error {
 	return os.RemoveAll(filepath.Join(path, userID))
 }
--- a/internal/bridge/imapsmtp_telemetry.go
+++ b/internal/bridge/imapsmtp_telemetry.go
@ -0,0 +1,26 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge
 type bridgeIMAPSMTPTelemetry struct {
 	b *Bridge
 }
 func (b bridgeIMAPSMTPTelemetry) SetCacheLocation(s string) {
 	b.b.heartbeat.SetCacheLocation(s)
 }
--- a/internal/bridge/keychain.go
+++ b/internal/bridge/keychain.go
@ -0,0 +1,24 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge
 import "golang.org/x/exp/maps"
 func (bridge *Bridge) GetHelpersNames() []string {
 	return maps.Keys(bridge.keychains.GetHelpers())
 }
--- a/internal/bridge/locations.go
+++ b/internal/bridge/locations.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/internal/bridge/main_test.go
+++ b/internal/bridge/main_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/internal/bridge/mocks.go
+++ b/internal/bridge/mocks.go
@ -7,6 +7,7 @@ import (
 	"os"
 	"sync"
 	"testing"
 	"time"
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge/mocks"
@ -24,6 +25,7 @@ type Mocks struct {
 	CrashHandler *mocks.MockPanicHandler
 	Reporter     *mocks.MockReporter
 	Heartbeat    *mocks.MockHeartbeatManager
 }
 func NewMocks(tb testing.TB, version, minAuto *semver.Version) *Mocks {
@ -39,13 +41,18 @@ func NewMocks(tb testing.TB, version, minAuto *semver.Version) *Mocks {
 		CrashHandler: mocks.NewMockPanicHandler(ctl),
 		Reporter:     mocks.NewMockReporter(ctl),
 		Heartbeat:    mocks.NewMockHeartbeatManager(ctl),
 	}
 	// When getting the TLS issue channel, we want to return the test channel.
 	mocks.TLSReporter.EXPECT().GetTLSIssueCh().Return(mocks.TLSIssueCh).AnyTimes()
-	// This is called at he end of any go-routine:
+	// This is called at the end of any go-routine:
-	mocks.CrashHandler.EXPECT().HandlePanic().AnyTimes()
+	mocks.CrashHandler.EXPECT().HandlePanic(gomock.Any()).AnyTimes()
 	// this is called at start of heartbeat process.
 	mocks.Heartbeat.EXPECT().IsTelemetryAvailable(gomock.Any()).AnyTimes()
 	mocks.Heartbeat.EXPECT().GetHeartbeatPeriodicInterval().AnyTimes().Return(500 * time.Millisecond)
 	return mocks
 }
@ -139,13 +146,17 @@ func (testUpdater *TestUpdater) SetLatestVersion(version, minAuto *semver.Versio
 	}
 }
-func (testUpdater *TestUpdater) GetVersionInfo(ctx context.Context, downloader updater.Downloader, channel updater.Channel) (updater.VersionInfo, error) {
+func (testUpdater *TestUpdater) GetVersionInfo(_ context.Context, _ updater.Downloader, _ updater.Channel) (updater.VersionInfo, error) {
 	testUpdater.lock.RLock()
 	defer testUpdater.lock.RUnlock()
 	return testUpdater.latest, nil
 }
-func (testUpdater *TestUpdater) InstallUpdate(ctx context.Context, downloader updater.Downloader, update updater.VersionInfo) error {
+func (testUpdater *TestUpdater) InstallUpdate(_ context.Context, _ updater.Downloader, _ updater.VersionInfo) error {
 	return nil
 }
 func (testUpdater *TestUpdater) RemoveOldUpdates() error {
 	return nil
 }
--- a/internal/bridge/mocks/async_mocks.go
+++ b/internal/bridge/mocks/async_mocks.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/ProtonMail/proton-bridge/v3/internal/async (interfaces: PanicHandler)
+// Source: github.com/ProtonMail/gluon/async (interfaces: PanicHandler)
 // Package mocks is a generated GoMock package.
 package mocks
@ -34,13 +34,13 @@ func (m *MockPanicHandler) EXPECT() *MockPanicHandlerMockRecorder {
 }
 // HandlePanic mocks base method.
-func (m *MockPanicHandler) HandlePanic() {
+func (m *MockPanicHandler) HandlePanic(arg0 interface{}) {
 	m.ctrl.T.Helper()
-	m.ctrl.Call(m, "HandlePanic")
+	m.ctrl.Call(m, "HandlePanic", arg0)
 }
 // HandlePanic indicates an expected call of HandlePanic.
-func (mr *MockPanicHandlerMockRecorder) HandlePanic() *gomock.Call {
+func (mr *MockPanicHandlerMockRecorder) HandlePanic(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HandlePanic", reflect.TypeOf((*MockPanicHandler)(nil).HandlePanic))
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HandlePanic", reflect.TypeOf((*MockPanicHandler)(nil).HandlePanic), arg0)
 }
--- a/internal/bridge/mocks/matcher.go
+++ b/internal/bridge/mocks/matcher.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/internal/bridge/mocks/telemetry_mocks.go
+++ b/internal/bridge/mocks/telemetry_mocks.go
@ -0,0 +1,107 @@
 // Code generated by MockGen. DO NOT EDIT.
 // Source: github.com/ProtonMail/proton-bridge/v3/internal/telemetry (interfaces: HeartbeatManager)
 // Package mocks is a generated GoMock package.
 package mocks
 import (
 	context "context"
 	reflect "reflect"
 	time "time"
 	telemetry "github.com/ProtonMail/proton-bridge/v3/internal/telemetry"
 	gomock "github.com/golang/mock/gomock"
 )
 // MockHeartbeatManager is a mock of HeartbeatManager interface.
 type MockHeartbeatManager struct {
 	ctrl     *gomock.Controller
 	recorder *MockHeartbeatManagerMockRecorder
 }
 // MockHeartbeatManagerMockRecorder is the mock recorder for MockHeartbeatManager.
 type MockHeartbeatManagerMockRecorder struct {
 	mock *MockHeartbeatManager
 }
 // NewMockHeartbeatManager creates a new mock instance.
 func NewMockHeartbeatManager(ctrl *gomock.Controller) *MockHeartbeatManager {
 	mock := &MockHeartbeatManager{ctrl: ctrl}
 	mock.recorder = &MockHeartbeatManagerMockRecorder{mock}
 	return mock
 }
 // EXPECT returns an object that allows the caller to indicate expected use.
 func (m *MockHeartbeatManager) EXPECT() *MockHeartbeatManagerMockRecorder {
 	return m.recorder
 }
 // GetHeartbeatPeriodicInterval mocks base method.
 func (m *MockHeartbeatManager) GetHeartbeatPeriodicInterval() time.Duration {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetHeartbeatPeriodicInterval")
 	ret0, _ := ret[0].(time.Duration)
 	return ret0
 }
 // GetHeartbeatPeriodicInterval indicates an expected call of GetHeartbeatPeriodicInterval.
 func (mr *MockHeartbeatManagerMockRecorder) GetHeartbeatPeriodicInterval() *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetHeartbeatPeriodicInterval", reflect.TypeOf((*MockHeartbeatManager)(nil).GetHeartbeatPeriodicInterval))
 }
 // GetLastHeartbeatSent mocks base method.
 func (m *MockHeartbeatManager) GetLastHeartbeatSent() time.Time {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetLastHeartbeatSent")
 	ret0, _ := ret[0].(time.Time)
 	return ret0
 }
 // GetLastHeartbeatSent indicates an expected call of GetLastHeartbeatSent.
 func (mr *MockHeartbeatManagerMockRecorder) GetLastHeartbeatSent() *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetLastHeartbeatSent", reflect.TypeOf((*MockHeartbeatManager)(nil).GetLastHeartbeatSent))
 }
 // IsTelemetryAvailable mocks base method.
 func (m *MockHeartbeatManager) IsTelemetryAvailable(arg0 context.Context) bool {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "IsTelemetryAvailable", arg0)
 	ret0, _ := ret[0].(bool)
 	return ret0
 }
 // IsTelemetryAvailable indicates an expected call of IsTelemetryAvailable.
 func (mr *MockHeartbeatManagerMockRecorder) IsTelemetryAvailable(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IsTelemetryAvailable", reflect.TypeOf((*MockHeartbeatManager)(nil).IsTelemetryAvailable), arg0)
 }
 // SendHeartbeat mocks base method.
 func (m *MockHeartbeatManager) SendHeartbeat(arg0 context.Context, arg1 *telemetry.HeartbeatData) bool {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SendHeartbeat", arg0, arg1)
 	ret0, _ := ret[0].(bool)
 	return ret0
 }
 // SendHeartbeat indicates an expected call of SendHeartbeat.
 func (mr *MockHeartbeatManagerMockRecorder) SendHeartbeat(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SendHeartbeat", reflect.TypeOf((*MockHeartbeatManager)(nil).SendHeartbeat), arg0, arg1)
 }
 // SetLastHeartbeatSent mocks base method.
 func (m *MockHeartbeatManager) SetLastHeartbeatSent(arg0 time.Time) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetLastHeartbeatSent", arg0)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 // SetLastHeartbeatSent indicates an expected call of SetLastHeartbeatSent.
 func (mr *MockHeartbeatManagerMockRecorder) SetLastHeartbeatSent(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetLastHeartbeatSent", reflect.TypeOf((*MockHeartbeatManager)(nil).SetLastHeartbeatSent), arg0)
 }
--- a/internal/bridge/refresh_test.go
+++ b/internal/bridge/refresh_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -28,7 +28,6 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/bradenaw/juniper/iterator"
 	"github.com/emersion/go-imap/client"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/require"
 )
@ -57,6 +56,7 @@ func TestBridge_Refresh(t *testing.T) {
 			require.Equal(t, userID, (<-syncCh).UserID)
 		})
 		var uidValidities = make(map[string]uint32, len(names))
 		// If we then connect an IMAP client, it should see all the labels with UID validity of 1.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
 			mocks.Reporter.EXPECT().ReportMessageWithContext(gomock.Any(), gomock.Any()).AnyTimes()
@ -65,7 +65,7 @@ func TestBridge_Refresh(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -73,7 +73,7 @@ func TestBridge_Refresh(t *testing.T) {
 			for _, name := range names {
 				status, err := client.Select("Folders/"+name, false)
 				require.NoError(t, err)
-				require.Equal(t, uint32(1000), status.UidValidity)
+				uidValidities[name] = status.UidValidity
 			}
 		})
@ -84,6 +84,11 @@ func TestBridge_Refresh(t *testing.T) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
 			mocks.Reporter.EXPECT().ReportMessageWithContext(gomock.Any(), gomock.Any()).AnyTimes()
 			// Wait for refresh event first
 			refreshCh, refreshChDone := chToType[events.Event, events.UserRefreshed](b.GetEvents(events.UserRefreshed{}))
 			defer refreshChDone()
 			require.Equal(t, userID, (<-refreshCh).UserID)
 			// Then sync event
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()
@ -98,7 +103,7 @@ func TestBridge_Refresh(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -106,7 +111,7 @@ func TestBridge_Refresh(t *testing.T) {
 			for _, name := range names {
 				status, err := client.Select("Folders/"+name, false)
 				require.NoError(t, err)
-				require.Equal(t, uint32(1001), status.UidValidity)
+				require.Greater(t, status.UidValidity, uidValidities[name])
 			}
 		})
 	})
--- a/internal/bridge/send_test.go
+++ b/internal/bridge/send_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -33,8 +33,8 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	smtpservice "github.com/ProtonMail/proton-bridge/v3/internal/services/smtp"
 	"github.com/emersion/go-imap"
 	"github.com/emersion/go-imap/client"
 	"github.com/emersion/go-sasl"
 	"github.com/emersion/go-smtp"
 	"github.com/stretchr/testify/require"
@ -91,13 +91,13 @@ func TestBridge_Send(t *testing.T) {
 			}
 			// Connect the sender IMAP client.
-			senderIMAPClient, err := client.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			senderIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, senderIMAPClient.Login(senderInfo.Addresses[0], string(senderInfo.BridgePass)))
 			defer senderIMAPClient.Logout() //nolint:errcheck
 			// Connect the recipient IMAP client.
-			recipientIMAPClient, err := client.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			recipientIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, recipientIMAPClient.Login(recipientInfo.Addresses[0], string(recipientInfo.BridgePass)))
 			defer recipientIMAPClient.Logout() //nolint:errcheck
@ -135,19 +135,19 @@ func TestBridge_SendDraftFlags(t *testing.T) {
 		})
 		// Start the bridge.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Get the sender user info.
 			userInfo, err := bridge.QueryUserInfo(username)
 			require.NoError(t, err)
 			// Connect the sender IMAP client.
-			imapClient, err := client.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			imapClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Login(userInfo.Addresses[0], string(userInfo.BridgePass)))
 			defer imapClient.Logout() //nolint:errcheck
 			// The message to send.
-			const message = `Subject: Test\r\n\r\nHello world!`
+			message := fmt.Sprintf("From: %v\r\nDate: 01 Jan 1980 00:00:00 +0000\r\nSubject: Test\r\n\r\nHello world!", userInfo.Addresses[0])
 			// Save a draft.
 			require.NoError(t, imapClient.Append("Drafts", []string{imap.DraftFlag}, time.Now(), strings.NewReader(message)))
@ -245,13 +245,13 @@ func TestBridge_SendInvite(t *testing.T) {
 		})
 		// Start the bridge.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Get the sender user info.
 			userInfo, err := bridge.QueryUserInfo(username)
 			require.NoError(t, err)
 			// Connect the sender IMAP client.
-			imapClient, err := client.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
+			imapClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Login(userInfo.Addresses[0], string(userInfo.BridgePass)))
 			defer imapClient.Logout() //nolint:errcheck
@ -330,3 +330,408 @@ func TestBridge_SendInvite(t *testing.T) {
 		})
 	})
 }
 func TestBridge_SendAddTextBodyPartIfNotExists(t *testing.T) {
 	// NOTE: Prior to GODT-2887, these tests had inline images, however after the implementation to support
 	// inline images new parts are injected to reference inline images without content-id set. The images
 	// in this test have been changed to regular attachments to keep the original checks in place.
 	const messageMultipartWithoutText = `Content-Type: multipart/mixed;
  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
 Subject: A new message
 Date: Mon, 13 Mar 2023 16:06:16 +0100
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Disposition: attachment;
  filename=Cat_August_2010-4.jpeg
 Content-Type: image/jpeg;
  name="Cat_August_2010-4.jpeg"
 Content-Transfer-Encoding: base64
 SGVsbG8gd29ybGQ=
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
 	`
 	const messageMultipartWithText = `Content-Type: multipart/mixed;
  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
 Subject: A new message Part2 
 Date: Mon, 13 Mar 2023 16:06:16 +0100
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Disposition: attachment;
  filename=Cat_August_2010-4.jpeg
 Content-Type: image/jpeg;
  name="Cat_August_2010-4.jpeg"
 Content-Transfer-Encoding: base64
 SGVsbG8gd29ybGQ=
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Type: text/html;charset=utf8
 Content-Transfer-Encoding: quoted-printable
 Hello world
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
 `
 	const messageWithTextOnly = `Content-Type: text/plain;charset=utf8
 Content-Transfer-Encoding: quoted-printable
 Subject: A new message Part3
 Date: Mon, 13 Mar 2023 16:06:16 +0100
 Hello world
 `
 	const messageMultipartWithoutTextWithTextAttachment = `Content-Type: multipart/mixed;
  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
 Subject: A new message Part4
 Date: Mon, 13 Mar 2023 16:06:16 +0100
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Type: text/plain; charset=UTF-8; name="text.txt"
 Content-Disposition: attachment; filename="text.txt"
 Content-Transfer-Encoding: base64
 SGVsbG8gd29ybGQK
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
 `
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		_, _, err := s.CreateUser("recipient", password)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			senderUserID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			recipientUserID, err := bridge.LoginFull(ctx, "recipient", password, nil, nil)
 			require.NoError(t, err)
 			senderInfo, err := bridge.GetUserInfo(senderUserID)
 			require.NoError(t, err)
 			recipientInfo, err := bridge.GetUserInfo(recipientUserID)
 			require.NoError(t, err)
 			messages := []string{
 				messageMultipartWithoutText,
 				messageMultipartWithText,
 				messageWithTextOnly,
 				messageMultipartWithoutTextWithTextAttachment,
 			}
 			for _, m := range messages {
 				// Dial the server.
 				client, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 				require.NoError(t, err)
 				defer client.Close() //nolint:errcheck
 				// Upgrade to TLS.
 				require.NoError(t, client.StartTLS(&tls.Config{InsecureSkipVerify: true}))
 				// Authorize with SASL LOGIN.
 				require.NoError(t, client.Auth(sasl.NewLoginClient(
 					senderInfo.Addresses[0],
 					string(senderInfo.BridgePass)),
 				))
 				// Send the message.
 				require.NoError(t, client.SendMail(
 					senderInfo.Addresses[0],
 					[]string{recipientInfo.Addresses[0]},
 					strings.NewReader(m),
 				))
 			}
 			// Connect the sender IMAP client.
 			senderIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, senderIMAPClient.Login(senderInfo.Addresses[0], string(senderInfo.BridgePass)))
 			defer senderIMAPClient.Logout() //nolint:errcheck
 			// Connect the recipient IMAP client.
 			recipientIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, recipientIMAPClient.Login(recipientInfo.Addresses[0], string(recipientInfo.BridgePass)))
 			defer recipientIMAPClient.Logout() //nolint:errcheck
 			require.Eventually(t, func() bool {
 				messages, err := clientFetch(senderIMAPClient, `Sent`, imap.FetchBodyStructure)
 				require.NoError(t, err)
 				if len(messages) != 4 {
 					return false
 				}
 				// messages may not be in order
 				for _, message := range messages {
 					switch {
 					case message.Envelope.Subject == "A new message":
 						// The message that was sent should now include an empty text/plain body part since there was none
 						// in the original message.
 						require.Equal(t, 2, len(message.BodyStructure.Parts))
 						require.Equal(t, "text", message.BodyStructure.Parts[0].MIMEType)
 						require.Equal(t, "plain", message.BodyStructure.Parts[0].MIMESubType)
 						require.Equal(t, uint32(0), message.BodyStructure.Parts[0].Size)
 						require.Equal(t, "image", message.BodyStructure.Parts[1].MIMEType)
 						require.Equal(t, "jpeg", message.BodyStructure.Parts[1].MIMESubType)
 					case message.Envelope.Subject == "A new message Part2":
 						// This message already has a text body, should be unchanged
 						require.Equal(t, 2, len(message.BodyStructure.Parts))
 						require.Equal(t, "image", message.BodyStructure.Parts[1].MIMEType)
 						require.Equal(t, "jpeg", message.BodyStructure.Parts[1].MIMESubType)
 						require.Equal(t, "text", message.BodyStructure.Parts[0].MIMEType)
 						require.Equal(t, "html", message.BodyStructure.Parts[0].MIMESubType)
 					case message.Envelope.Subject == "A new message Part3":
 						// This message already has a text body, should be unchanged
 						require.Equal(t, 0, len(message.BodyStructure.Parts))
 						require.Equal(t, "text", message.BodyStructure.MIMEType)
 						require.Equal(t, "plain", message.BodyStructure.MIMESubType)
 					case message.Envelope.Subject == "A new message Part4":
 						// The message that was sent should now include an empty text/plain body part since even though
 						// there was only a text/plain attachment in the original message.
 						require.Equal(t, 2, len(message.BodyStructure.Parts))
 						require.Equal(t, "text", message.BodyStructure.Parts[0].MIMEType)
 						require.Equal(t, "plain", message.BodyStructure.Parts[0].MIMESubType)
 						require.Equal(t, uint32(0), message.BodyStructure.Parts[0].Size)
 						require.Equal(t, "text", message.BodyStructure.Parts[1].MIMEType)
 						require.Equal(t, "plain", message.BodyStructure.Parts[1].MIMESubType)
 						require.Equal(t, "attachment", message.BodyStructure.Parts[1].Disposition)
 					}
 				}
 				return true
 			}, 10*time.Second, 100*time.Millisecond)
 		})
 	})
 }
 func TestBridge_SendInlineImage(t *testing.T) {
 	const messageInlineImageOnly = `Content-Type: multipart/mixed;
  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
 Subject: A new message
 Date: Mon, 13 Mar 2023 16:06:16 +0100
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Disposition: inline;
  filename=Cat_August_2010-4.jpeg
 Content-Type: image/jpeg;
  name="Cat_August_2010-4.jpeg"
 Content-Transfer-Encoding: base64
 SGVsbG8gd29ybGQ=
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
 	`
 	const messageInlineImageWithHTML = `Content-Type: multipart/mixed;
  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
 Subject: A new message Part2 
 Date: Mon, 13 Mar 2023 16:06:16 +0100
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Type: text/html;charset=utf8
 Content-Transfer-Encoding: quoted-printable
 Hello world
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Disposition: inline;
  filename=Cat_August_2010-4.jpeg
 Content-Type: image/jpeg;
  name="Cat_August_2010-4.jpeg"
 Content-Transfer-Encoding: base64
 SGVsbG8gd29ybGQ=
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
 `
 	const messageInlineImageWithText = `Content-Type: multipart/mixed;
  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
 Subject: A new message Part3
 Date: Mon, 13 Mar 2023 16:06:16 +0100
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Type: text/plain;charset=utf8
 Content-Transfer-Encoding: quoted-printable
 Hello world
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Disposition: inline;
  filename=Cat_August_2010-4.jpeg
 Content-Type: image/jpeg;
  name="Cat_August_2010-4.jpeg"
 Content-Transfer-Encoding: base64
 SGVsbG8gd29ybGQ=
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
 `
 	const messageInlineImageFollowedByText = `Content-Type: multipart/mixed;
  boundary="Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84"
 Subject: A new message Part4
 Date: Mon, 13 Mar 2023 16:06:16 +0100
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Disposition: inline;
  filename=Cat_August_2010-4.jpeg
 Content-Type: image/jpeg;
  name="Cat_August_2010-4.jpeg"
 Content-Transfer-Encoding: base64
 SGVsbG8gd29ybGQ=
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84
 Content-Type: text/plain;charset=utf8
 Content-Transfer-Encoding: quoted-printable
 Hello world
 --Apple-Mail=_E7AC06C7-4EB2-4453-8CBB-80F4412A7C84--
 `
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		_, _, err := s.CreateUser("recipient", password)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			senderUserID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			recipientUserID, err := bridge.LoginFull(ctx, "recipient", password, nil, nil)
 			require.NoError(t, err)
 			senderInfo, err := bridge.GetUserInfo(senderUserID)
 			require.NoError(t, err)
 			recipientInfo, err := bridge.GetUserInfo(recipientUserID)
 			require.NoError(t, err)
 			messages := []string{
 				messageInlineImageOnly,
 				messageInlineImageWithHTML,
 				messageInlineImageWithText,
 				messageInlineImageFollowedByText,
 			}
 			for _, m := range messages {
 				// Dial the server.
 				client, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 				require.NoError(t, err)
 				defer client.Close() //nolint:errcheck
 				// Upgrade to TLS.
 				require.NoError(t, client.StartTLS(&tls.Config{InsecureSkipVerify: true}))
 				// Authorize with SASL LOGIN.
 				require.NoError(t, client.Auth(sasl.NewLoginClient(
 					senderInfo.Addresses[0],
 					string(senderInfo.BridgePass)),
 				))
 				// Send the message.
 				require.NoError(t, client.SendMail(
 					senderInfo.Addresses[0],
 					[]string{recipientInfo.Addresses[0]},
 					strings.NewReader(m),
 				))
 			}
 			// Connect the sender IMAP client.
 			senderIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, senderIMAPClient.Login(senderInfo.Addresses[0], string(senderInfo.BridgePass)))
 			defer senderIMAPClient.Logout() //nolint:errcheck
 			// Connect the recipient IMAP client.
 			recipientIMAPClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
 			require.NoError(t, recipientIMAPClient.Login(recipientInfo.Addresses[0], string(recipientInfo.BridgePass)))
 			defer recipientIMAPClient.Logout() //nolint:errcheck
 			require.Eventually(t, func() bool {
 				messages, err := clientFetch(senderIMAPClient, `Sent`, imap.FetchBodyStructure)
 				require.NoError(t, err)
 				if len(messages) != 4 {
 					return false
 				}
 				// messages may not be in order
 				for _, message := range messages {
 					require.Equal(t, 1, len(message.BodyStructure.Parts))
 					require.Equal(t, "multipart", message.BodyStructure.MIMEType)
 					require.Equal(t, "mixed", message.BodyStructure.MIMESubType)
 					require.Equal(t, "multipart", message.BodyStructure.Parts[0].MIMEType)
 					require.Equal(t, "related", message.BodyStructure.Parts[0].MIMESubType)
 					require.Len(t, message.BodyStructure.Parts[0].Parts, 2)
 					require.Equal(t, "text", message.BodyStructure.Parts[0].Parts[0].MIMEType)
 					require.Equal(t, "html", message.BodyStructure.Parts[0].Parts[0].MIMESubType)
 					require.Equal(t, "image", message.BodyStructure.Parts[0].Parts[1].MIMEType)
 					require.Equal(t, "jpeg", message.BodyStructure.Parts[0].Parts[1].MIMESubType)
 				}
 				return true
 			}, 10*time.Second, 100*time.Millisecond)
 		})
 	})
 }
 func TestBridge_SendAddressDisabled(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		recipientUserID, _, err := s.CreateUser("recipient", password)
 		require.NoError(t, err)
 		senderUserID, addrID, err := s.CreateUser("sender", password)
 		require.NoError(t, err)
 		require.NoError(t, s.ChangeAddressAllowSend(senderUserID, addrID, false))
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			senderUserID, err := bridge.LoginFull(ctx, "sender", password, nil, nil)
 			require.NoError(t, err)
 			_, err = bridge.LoginFull(ctx, "recipient", password, nil, nil)
 			require.NoError(t, err)
 			recipientInfo, err := bridge.GetUserInfo(recipientUserID)
 			require.NoError(t, err)
 			senderInfo, err := bridge.GetUserInfo(senderUserID)
 			require.NoError(t, err)
 			// Dial the server.
 			client, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 			require.NoError(t, err)
 			defer client.Close() //nolint:errcheck
 			// Upgrade to TLS.
 			require.NoError(t, client.StartTLS(&tls.Config{InsecureSkipVerify: true}))
 			require.NoError(t, client.Auth(sasl.NewLoginClient(
 				senderInfo.Addresses[0],
 				string(senderInfo.BridgePass)),
 			))
 			// Send the message.
 			err = client.SendMail(
 				senderInfo.Addresses[0],
 				[]string{recipientInfo.Addresses[0]},
 				strings.NewReader("Subject: Test 1\r\n\r\nHello world!"),
 			)
 			smtpErr := smtpservice.NewErrCannotSendFromAddress(senderInfo.Addresses[0])
 			require.Equal(t, fmt.Sprintf("Error: %v", smtpErr.Error()), err.Error())
 		})
 	})
 }
--- a/internal/bridge/sentry_test.go
+++ b/internal/bridge/sentry_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/internal/bridge/server_manager_test.go
+++ b/internal/bridge/server_manager_test.go
@ -0,0 +1,137 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge_test
 import (
 	"context"
 	"fmt"
 	"net"
 	"testing"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/emersion/go-smtp"
 	"github.com/stretchr/testify/require"
 )
 func TestServerManager_ServersStartWithBridge(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Logout())
 			smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 			require.NoError(t, err)
 			smtpClient.Close() //nolint:errcheck
 		})
 	})
 }
 func TestServerManager_ServersKeepsRunningfterUserLogsOut(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			require.NoError(t, bridge.LogoutUser(ctx, userID))
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Logout())
 			smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 			require.NoError(t, err)
 			smtpClient.Close() //nolint:errcheck
 		})
 	})
 }
 func TestServerManager_ServersDoNotStopWhenThereIsStillOneActiveUser(t *testing.T) {
 	otherPassword := []byte("bar")
 	otherUser := "foo"
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			userIDOther, err := bridge.LoginFull(ctx, otherUser, otherPassword, nil, nil)
 			require.NoError(t, err)
 			evtCh, cancel := bridge.GetEvents(events.UserDeauth{})
 			defer cancel()
 			require.NoError(t, s.RevokeUser(userIDOther))
 			waitForEvent(t, evtCh, events.UserDeauth{})
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Logout())
 			smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 			require.NoError(t, err)
 			smtpClient.Close() //nolint:errcheck
 		})
 	})
 }
 func TestServerManager_NetworkLossStopsServers(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(bridge)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			imapWaiterStop := waitForIMAPServerStopped(bridge)
 			defer imapWaiterStop.Done()
 			smtpWaiterStop := waitForSMTPServerStopped(bridge)
 			defer smtpWaiterStop.Done()
 			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Logout())
 			smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 			require.NoError(t, err)
 			smtpClient.Close() //nolint:errcheck
 			netCtl.Disable()
 			imapWaiterStop.Wait()
 			smtpWaiterStop.Wait()
 			netCtl.Enable()
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 		})
 	})
 }
--- a/internal/bridge/settings.go
+++ b/internal/bridge/settings.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -20,17 +20,13 @@ package bridge
 import (
 	"context"
 	"fmt"
 	"net"
 	"os"
 	"path/filepath"
 	"github.com/Masterminds/semver/v3"
-	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
+	"github.com/ProtonMail/proton-bridge/v3/internal/kb"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/userevents"
 	"github.com/ProtonMail/proton-bridge/v3/internal/updater"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/sirupsen/logrus"
 )
 func (bridge *Bridge) GetKeychainApp() (string, error) {
@ -48,6 +44,8 @@ func (bridge *Bridge) SetKeychainApp(helper string) error {
 		return err
 	}
 	bridge.heartbeat.SetKeyChainPref(helper)
 	return vault.SetHelper(vaultDir, helper)
 }
@ -55,7 +53,7 @@ func (bridge *Bridge) GetIMAPPort() int {
 	return bridge.vault.GetIMAPPort()
 }
-func (bridge *Bridge) SetIMAPPort(newPort int) error {
+func (bridge *Bridge) SetIMAPPort(ctx context.Context, newPort int) error {
 	if newPort == bridge.vault.GetIMAPPort() {
 		return nil
 	}
@ -64,14 +62,16 @@ func (bridge *Bridge) SetIMAPPort(newPort int) error {
 		return err
 	}
-	return bridge.restartIMAP()
+	bridge.heartbeat.SetIMAPPort(newPort)
 	return bridge.restartIMAP(ctx)
 }
 func (bridge *Bridge) GetIMAPSSL() bool {
 	return bridge.vault.GetIMAPSSL()
 }
-func (bridge *Bridge) SetIMAPSSL(newSSL bool) error {
+func (bridge *Bridge) SetIMAPSSL(ctx context.Context, newSSL bool) error {
 	if newSSL == bridge.vault.GetIMAPSSL() {
 		return nil
 	}
@ -80,14 +80,16 @@ func (bridge *Bridge) SetIMAPSSL(newSSL bool) error {
 		return err
 	}
-	return bridge.restartIMAP()
+	bridge.heartbeat.SetIMAPConnectionMode(newSSL)
 	return bridge.restartIMAP(ctx)
 }
 func (bridge *Bridge) GetSMTPPort() int {
 	return bridge.vault.GetSMTPPort()
 }
-func (bridge *Bridge) SetSMTPPort(newPort int) error {
+func (bridge *Bridge) SetSMTPPort(ctx context.Context, newPort int) error {
 	if newPort == bridge.vault.GetSMTPPort() {
 		return nil
 	}
@ -96,14 +98,16 @@ func (bridge *Bridge) SetSMTPPort(newPort int) error {
 		return err
 	}
-	return bridge.restartSMTP()
+	bridge.heartbeat.SetSMTPPort(newPort)
 	return bridge.restartSMTP(ctx)
 }
 func (bridge *Bridge) GetSMTPSSL() bool {
 	return bridge.vault.GetSMTPSSL()
 }
-func (bridge *Bridge) SetSMTPSSL(newSSL bool) error {
+func (bridge *Bridge) SetSMTPSSL(ctx context.Context, newSSL bool) error {
 	if newSSL == bridge.vault.GetSMTPSSL() {
 		return nil
 	}
@ -112,7 +116,9 @@ func (bridge *Bridge) SetSMTPSSL(newSSL bool) error {
 		return err
 	}
-	return bridge.restartSMTP()
+	bridge.heartbeat.SetSMTPConnectionMode(newSSL)
 	return bridge.restartSMTP(ctx)
 }
 func (bridge *Bridge) GetGluonCacheDir() string {
@ -124,99 +130,39 @@ func (bridge *Bridge) GetGluonDataDir() (string, error) {
 }
 func (bridge *Bridge) SetGluonDir(ctx context.Context, newGluonDir string) error {
-	return safe.RLockRet(func() error {
+	bridge.usersLock.RLock()
-		currentGluonDir := bridge.GetGluonCacheDir()
+
-		newGluonDir = filepath.Join(newGluonDir, "gluon")
+	defer func() {
-		if newGluonDir == currentGluonDir {
+		logPkg.Info("Restarting user event loops")
-			return fmt.Errorf("new gluon dir is the same as the old one")
+		for _, u := range bridge.users {
 			u.ResumeEventLoop()
 		}
-		if err := bridge.stopEventLoops(); err != nil {
+		bridge.usersLock.RUnlock()
-			return err
+	}()
 		}
 		defer func() {
 			err := bridge.startEventLoops(ctx)
 			if err != nil {
 				panic(err)
 			}
 		}()
-		if err := bridge.moveGluonCacheDir(currentGluonDir, newGluonDir); err != nil {
+	type waiter struct {
-			logrus.WithError(err).Error("failed to move GluonCacheDir")
+		w  *userevents.EventPollWaiter
-			if err := bridge.vault.SetGluonDir(currentGluonDir); err != nil {
+		id string
 				panic(err)
 			}
 		}
 		gluonDataDir, err := bridge.GetGluonDataDir()
 		if err != nil {
 			panic(fmt.Errorf("failed to get Gluon Database directory: %w", err))
 		}
 		imapServer, err := newIMAPServer(
 			bridge.vault.GetGluonCacheDir(),
 			gluonDataDir,
 			bridge.curVersion,
 			bridge.tlsConfig,
 			bridge.reporter,
 			bridge.logIMAPClient,
 			bridge.logIMAPServer,
 			bridge.imapEventCh,
 			bridge.tasks,
 		)
 		if err != nil {
 			panic(fmt.Errorf("failed to create new IMAP server: %w", err))
 		}
 		bridge.imapServer = imapServer
 		return nil
 	}, bridge.usersLock)
 }
 func (bridge *Bridge) moveGluonCacheDir(oldGluonDir, newGluonDir string) error {
 	logrus.Infof("gluon cache moving from %s to %s", oldGluonDir, newGluonDir)
 	oldCacheDir := ApplyGluonCachePathSuffix(oldGluonDir)
 	if err := copyDir(oldCacheDir, ApplyGluonCachePathSuffix(newGluonDir)); err != nil {
 		return fmt.Errorf("failed to copy gluon dir: %w", err)
 	}
-	if err := bridge.vault.SetGluonDir(newGluonDir); err != nil {
+	waiters := make([]waiter, 0, len(bridge.users))
-		return fmt.Errorf("failed to set new gluon cache dir: %w", err)
+
 	logPkg.Info("Pausing user event loops for gluon dir change")
 	for id, u := range bridge.users {
 		waiters = append(waiters, waiter{w: u.PauseEventLoopWithWaiter(), id: id})
 	}
-	if err := os.RemoveAll(oldCacheDir); err != nil {
+	logPkg.Info("Waiting on user event loop completion")
-		logrus.WithError(err).Error("failed to remove old gluon cache dir")
+	for _, waiter := range waiters {
-	}
+		if err := waiter.w.WaitPollFinished(ctx); err != nil {
-	return nil
+			logPkg.WithError(err).Errorf("Failed to wait on event loop pause for user %v", waiter.id)
-}
+			return fmt.Errorf("failed on event loop pause: %w", err)
 func (bridge *Bridge) stopEventLoops() error {
 	if err := bridge.closeIMAP(context.Background()); err != nil {
 		return fmt.Errorf("failed to close IMAP: %w", err)
 	}
 	if err := bridge.closeSMTP(); err != nil {
 		return fmt.Errorf("failed to close SMTP: %w", err)
 	}
 	return nil
 }
 func (bridge *Bridge) startEventLoops(ctx context.Context) error {
 	for _, user := range bridge.users {
 		if err := bridge.addIMAPUser(ctx, user); err != nil {
 			return fmt.Errorf("failed to add users to new IMAP server: %w", err)
 		}
 	}
-	if err := bridge.serveIMAP(); err != nil {
+	logPkg.Info("Changing gluon directory")
-		panic(fmt.Errorf("failed to serve IMAP: %w", err))
+	return bridge.serverManager.SetGluonDir(ctx, newGluonDir)
 	}
 	if err := bridge.serveSMTP(); err != nil {
 		panic(fmt.Errorf("failed to serve SMTP: %w", err))
 	}
 	return nil
 }
 func (bridge *Bridge) GetProxyAllowed() bool {
@ -230,6 +176,8 @@ func (bridge *Bridge) SetProxyAllowed(allowed bool) error {
 		bridge.proxyCtl.DisallowProxy()
 	}
 	bridge.heartbeat.SetDoh(allowed)
 	return bridge.vault.SetProxyAllowed(allowed)
 }
@ -243,6 +191,8 @@ func (bridge *Bridge) SetShowAllMail(show bool) error {
 			user.SetShowAllMail(show)
 		}
 		bridge.heartbeat.SetShowAllMail(show)
 		return bridge.vault.SetShowAllMail(show)
 	}, bridge.usersLock)
 }
@ -256,6 +206,8 @@ func (bridge *Bridge) SetAutostart(autostart bool) error {
 		if err := bridge.vault.SetAutostart(autostart); err != nil {
 			return err
 		}
 		bridge.heartbeat.SetAutoStart(autostart)
 	}
 	var err error
@ -276,6 +228,10 @@ func (bridge *Bridge) SetAutostart(autostart bool) error {
 	return err
 }
 func (bridge *Bridge) GetUpdateRollout() float64 {
 	return bridge.vault.GetUpdateRollout()
 }
 func (bridge *Bridge) GetAutoUpdate() bool {
 	return bridge.vault.GetAutoUpdate()
 }
@ -289,11 +245,31 @@ func (bridge *Bridge) SetAutoUpdate(autoUpdate bool) error {
 		return err
 	}
 	bridge.heartbeat.SetAutoUpdate(autoUpdate)
 	bridge.goUpdate()
 	return nil
 }
 func (bridge *Bridge) GetTelemetryDisabled() bool {
 	return bridge.vault.GetTelemetryDisabled()
 }
 func (bridge *Bridge) SetTelemetryDisabled(isDisabled bool) error {
 	if err := bridge.vault.SetTelemetryDisabled(isDisabled); err != nil {
 		return err
 	}
 	// If telemetry is re-enabled locally, try to send the heartbeat.
 	if isDisabled {
 		bridge.heartbeat.stop()
 	} else {
 		bridge.heartbeat.start()
 	}
 	return nil
 }
 func (bridge *Bridge) GetUpdateChannel() updater.Channel {
 	return bridge.vault.GetUpdateChannel()
 }
@ -307,6 +283,8 @@ func (bridge *Bridge) SetUpdateChannel(channel updater.Channel) error {
 		return err
 	}
 	bridge.heartbeat.SetBeta(channel)
 	bridge.goUpdate()
 	return nil
@ -332,49 +310,32 @@ func (bridge *Bridge) SetColorScheme(colorScheme string) error {
 	return bridge.vault.SetColorScheme(colorScheme)
 }
 func (bridge *Bridge) GetKnowledgeBaseSuggestions(userInput string) (kb.ArticleList, error) {
 	return kb.GetSuggestions(userInput)
 }
 // FactoryReset deletes all users, wipes the vault, and deletes all files.
 // Note: it does not clear the keychain. The only entry in the keychain is the vault password,
 // which we need at next startup to decrypt the vault.
 func (bridge *Bridge) FactoryReset(ctx context.Context) {
 	useTelemetry := !bridge.GetTelemetryDisabled()
 	// Delete all the users.
 	safe.Lock(func() {
 		for _, user := range bridge.users {
-			bridge.logoutUser(ctx, user, true, true)
+			bridge.logoutUser(ctx, user, true, true, useTelemetry)
 		}
 	}, bridge.usersLock)
 	// Wipe the vault.
 	gluonCacheDir, err := bridge.locator.ProvideGluonCachePath()
 	if err != nil {
-		logrus.WithError(err).Error("Failed to provide gluon dir")
+		logPkg.WithError(err).Error("Failed to provide gluon dir")
 	} else if err := bridge.vault.Reset(gluonCacheDir); err != nil {
-		logrus.WithError(err).Error("Failed to reset vault")
+		logPkg.WithError(err).Error("Failed to reset vault")
 	}
-	// Then delete all files.
+	// Lastly, delete all files except the vault.
-	if err := bridge.locator.Clear(); err != nil {
+	if err := bridge.locator.Clear(bridge.vault.Path()); err != nil {
-		logrus.WithError(err).Error("Failed to clear data paths")
+		logPkg.WithError(err).Error("Failed to clear data paths")
 	}
 	// Lastly clear the keychain.
 	vaultDir, err := bridge.locator.ProvideSettingsPath()
 	if err != nil {
 		logrus.WithError(err).Error("Failed to get vault dir")
 	} else if helper, err := vault.GetHelper(vaultDir); err != nil {
 		logrus.WithError(err).Error("Failed to get keychain helper")
 	} else if keychain, err := keychain.NewKeychain(helper, constants.KeyChainName); err != nil {
 		logrus.WithError(err).Error("Failed to get keychain")
 	} else if err := keychain.Clear(); err != nil {
 		logrus.WithError(err).Error("Failed to clear keychain")
 	}
 }
 func getPort(addr net.Addr) int {
 	switch addr := addr.(type) {
 	case *net.TCPAddr:
 		return addr.Port
 	case *net.UDPAddr:
 		return addr.Port
 	default:
 		return 0
 	}
 }
--- a/internal/bridge/settings_test.go
+++ b/internal/bridge/settings_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -25,6 +25,7 @@ import (
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/stretchr/testify/require"
 )
@ -51,13 +52,52 @@ func TestBridge_Settings_GluonDir(t *testing.T) {
 	})
 }
 func TestBridge_Settings_GluonDirWithOnGoingEvents(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		userID, addrID, err := s.CreateUser("imap", password)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
 			_, err := bridge.LoginFull(context.Background(), "imap", password, nil, nil)
 			require.NoError(t, err)
 			<-syncCh
 		})
 		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 		require.NoError(t, err)
 		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
 			createNumMessages(ctx, t, c, addrID, labelID, 200)
 		})
 		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			// Create a new location for the Gluon data.
 			newGluonDir := t.TempDir()
 			// Move the gluon dir; it should also move the user's data.
 			require.NoError(t, bridge.SetGluonDir(context.Background(), newGluonDir))
 			// Check that the new directory is not empty.
 			entries, err := os.ReadDir(newGluonDir)
 			require.NoError(t, err)
 			// There should be at least one entry.
 			require.NotEmpty(t, entries)
 		})
 	})
 }
 func TestBridge_Settings_IMAPPort(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			curPort := bridge.GetIMAPPort()
 			// Set the port to 1144.
-			require.NoError(t, bridge.SetIMAPPort(1144))
+			require.NoError(t, bridge.SetIMAPPort(ctx, 1144))
 			// Get the new setting.
 			require.Equal(t, 1144, bridge.GetIMAPPort())
@ -75,7 +115,7 @@ func TestBridge_Settings_IMAPSSL(t *testing.T) {
 			require.False(t, bridge.GetIMAPSSL())
 			// Enable IMAP SSL.
-			require.NoError(t, bridge.SetIMAPSSL(true))
+			require.NoError(t, bridge.SetIMAPSSL(ctx, true))
 			// Get the new setting.
 			require.True(t, bridge.GetIMAPSSL())
@ -89,7 +129,7 @@ func TestBridge_Settings_SMTPPort(t *testing.T) {
 			curPort := bridge.GetSMTPPort()
 			// Set the port to 1024.
-			require.NoError(t, bridge.SetSMTPPort(1024))
+			require.NoError(t, bridge.SetSMTPPort(ctx, 1024))
 			// Get the new setting.
 			require.Equal(t, 1024, bridge.GetSMTPPort())
@ -107,7 +147,7 @@ func TestBridge_Settings_SMTPSSL(t *testing.T) {
 			require.False(t, bridge.GetSMTPSSL())
 			// Enable SMTP SSL.
-			require.NoError(t, bridge.SetSMTPSSL(true))
+			require.NoError(t, bridge.SetSMTPSSL(ctx, true))
 			// Get the new setting.
 			require.True(t, bridge.GetSMTPSSL())
--- a/internal/bridge/smtp.go
+++ b/internal/bridge/smtp.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -20,97 +20,38 @@ package bridge
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
-	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
+	"github.com/ProtonMail/proton-bridge/v3/internal/identifier"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/emersion/go-sasl"
 	"github.com/emersion/go-smtp"
 	"github.com/sirupsen/logrus"
 )
-func (bridge *Bridge) serveSMTP() error {
+func (bridge *Bridge) restartSMTP(ctx context.Context) error {
-	logrus.Info("Starting SMTP server")
+	return bridge.serverManager.RestartSMTP(ctx)
 	smtpListener, err := newListener(bridge.vault.GetSMTPPort(), bridge.vault.GetSMTPSSL(), bridge.tlsConfig)
 	if err != nil {
 		return fmt.Errorf("failed to create SMTP listener: %w", err)
 	}
 	bridge.smtpListener = smtpListener
 	bridge.tasks.Once(func(context.Context) {
 		if err := bridge.smtpServer.Serve(smtpListener); err != nil {
 			logrus.WithError(err).Info("SMTP server stopped")
 		}
 	})
 	if err := bridge.vault.SetSMTPPort(getPort(smtpListener.Addr())); err != nil {
 		return fmt.Errorf("failed to store SMTP port in vault: %w", err)
 	}
 	return nil
 }
-func (bridge *Bridge) restartSMTP() error {
+type bridgeSMTPSettings struct {
-	logrus.Info("Restarting SMTP server")
+	b *Bridge
 	if err := bridge.closeSMTP(); err != nil {
 		return fmt.Errorf("failed to close SMTP: %w", err)
 	}
 	bridge.smtpServer = newSMTPServer(bridge, bridge.tlsConfig, bridge.logSMTP)
 	return bridge.serveSMTP()
 }
-// We close the listener ourselves even though it's also closed by smtpServer.Close().
+func (b *bridgeSMTPSettings) TLSConfig() *tls.Config {
-// This is because smtpServer.Serve() is called in a separate goroutine and might be executed
+	return b.b.tlsConfig
 // after we've already closed the server. However, go-smtp has a bug; it blocks on the listener
 // even after the server has been closed. So we close the listener ourselves to unblock it.
 func (bridge *Bridge) closeSMTP() error {
 	logrus.Info("Closing SMTP server")
 	if bridge.smtpListener != nil {
 		if err := bridge.smtpListener.Close(); err != nil {
 			return fmt.Errorf("failed to close SMTP listener: %w", err)
 		}
 	}
 	if err := bridge.smtpServer.Close(); err != nil {
 		logrus.WithError(err).Debug("Failed to close SMTP server (expected -- we close the listener ourselves)")
 	}
 	return nil
 }
-func newSMTPServer(bridge *Bridge, tlsConfig *tls.Config, logSMTP bool) *smtp.Server {
+func (b *bridgeSMTPSettings) Log() bool {
-	logrus.WithField("logSMTP", logSMTP).Info("Creating SMTP server")
+	return b.b.logSMTP
-
+}
-	smtpServer := smtp.NewServer(&smtpBackend{Bridge: bridge})
+
-
+func (b *bridgeSMTPSettings) Port() int {
-	smtpServer.TLSConfig = tlsConfig
+	return b.b.vault.GetSMTPPort()
-	smtpServer.Domain = constants.Host
+}
-	smtpServer.AllowInsecureAuth = true
+
-	smtpServer.MaxLineLength = 1 << 16
+func (b *bridgeSMTPSettings) SetPort(i int) error {
-	smtpServer.ErrorLog = logging.NewSMTPLogger()
+	return b.b.vault.SetSMTPPort(i)
-
+}
-	// go-smtp suppors SASL PLAIN but not LOGIN. We need to add LOGIN support ourselves.
+
-	smtpServer.EnableAuth(sasl.Login, func(conn *smtp.Conn) sasl.Server {
+func (b *bridgeSMTPSettings) UseSSL() bool {
-		return sasl.NewLoginServer(func(username, password string) error {
+	return b.b.vault.GetSMTPSSL()
-			return conn.Session().AuthPlain(username, password)
+}
-		})
+
-	})
+func (b *bridgeSMTPSettings) Identifier() identifier.UserAgentUpdater {
-
+	return &bridgeUserAgentUpdater{Bridge: b.b}
 	if logSMTP {
 		log := logrus.WithField("protocol", "SMTP")
 		log.Warning("================================================")
 		log.Warning("THIS LOG WILL CONTAIN **DECRYPTED** MESSAGE DATA")
 		log.Warning("================================================")
 		smtpServer.Debug = logging.NewSMTPDebugLogger()
 	}
 	return smtpServer
 }
--- a/internal/bridge/smtp_backend.go
+++ b/internal/bridge/smtp_backend.go
@ -1,96 +0,0 @@
 // Copyright (c) 2023 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge
 import (
 	"fmt"
 	"io"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/emersion/go-smtp"
 )
 type smtpBackend struct {
 	*Bridge
 }
 type smtpSession struct {
 	*Bridge
 	userID string
 	authID string
 	from string
 	to   []string
 }
 func (be *smtpBackend) NewSession(*smtp.Conn) (smtp.Session, error) {
 	return &smtpSession{Bridge: be.Bridge}, nil
 }
 func (s *smtpSession) AuthPlain(username, password string) error {
 	return safe.RLockRet(func() error {
 		for _, user := range s.users {
 			addrID, err := user.CheckAuth(username, []byte(password))
 			if err != nil {
 				continue
 			}
 			s.userID = user.ID()
 			s.authID = addrID
 			return nil
 		}
 		return fmt.Errorf("invalid username or password")
 	}, s.usersLock)
 }
 func (s *smtpSession) Reset() {
 	s.from = ""
 	s.to = nil
 }
 func (s *smtpSession) Logout() error {
 	s.Reset()
 	return nil
 }
 func (s *smtpSession) Mail(from string, opts *smtp.MailOptions) error {
 	s.from = from
 	return nil
 }
 func (s *smtpSession) Rcpt(to string) error {
 	if len(to) > 0 {
 		s.to = append(s.to, to)
 	}
 	return nil
 }
 func (s *smtpSession) Data(r io.Reader) error {
 	return safe.RLockRet(func() error {
 		user, ok := s.users[s.userID]
 		if !ok {
 			return ErrNoSuchUser
 		}
 		return user.SendMail(s.authID, s.from, s.to, r)
 	}, s.usersLock)
 }
--- a/internal/bridge/sync_test.go
+++ b/internal/bridge/sync_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -21,19 +21,23 @@ import (
 	"context"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"sync/atomic"
 	"testing"
 	"time"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gluon/rfc822"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/imapservice"
 	"github.com/bradenaw/juniper/iterator"
 	"github.com/bradenaw/juniper/stream"
 	"github.com/bradenaw/juniper/xslices"
@ -79,7 +83,7 @@ func TestBridge_Sync(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -111,15 +115,6 @@ func TestBridge_Sync(t *testing.T) {
 				info, err := b.GetUserInfo(userID)
 				require.NoError(t, err)
 				require.True(t, info.State == bridge.Connected)
 				client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 				require.NoError(t, err)
 				require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 				defer func() { _ = client.Logout() }()
 				status, err := client.Select(`Folders/folder`, false)
 				require.NoError(t, err)
 				require.Less(t, status.Messages, uint32(numMsg))
 			}
 			// Remove the network limit, allowing the sync to finish.
@ -135,7 +130,7 @@ func TestBridge_Sync(t *testing.T) {
 				require.NoError(t, err)
 				require.True(t, info.State == bridge.Connected)
-				client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+				client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 				require.NoError(t, err)
 				require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 				defer func() { _ = client.Logout() }()
@ -186,7 +181,7 @@ func _TestBridge_Sync_BadMessage(t *testing.T) { //nolint:unused,deadcode
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
-			client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
@ -260,27 +255,21 @@ func TestBridge_SyncWithOngoingEvents(t *testing.T) {
 		// Login the user; its sync should fail.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()
 			{
-				syncCh, done := chToType[events.Event, events.SyncFailed](b.GetEvents(events.SyncFailed{}))
+				syncFailedCh, syncFailedDone := chToType[events.Event, events.SyncFailed](b.GetEvents(events.SyncFailed{}))
-				defer done()
+				defer syncFailedDone()
 				userID, err := b.LoginFull(ctx, "imap", password, nil, nil)
 				require.NoError(t, err)
-				require.Equal(t, userID, (<-syncCh).UserID)
+				require.Equal(t, userID, (<-syncFailedCh).UserID)
 				info, err := b.GetUserInfo(userID)
 				require.NoError(t, err)
 				require.True(t, info.State == bridge.Connected)
 				client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 				require.NoError(t, err)
 				require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 				defer func() { _ = client.Logout() }()
 				status, err := client.Select(`Folders/folder`, false)
 				require.NoError(t, err)
 				require.Less(t, status.Messages, uint32(numMsg))
 			}
 			// Create a new mailbox and move that last 1/3 of the messages into it to simulate user
@ -299,28 +288,18 @@ func TestBridge_SyncWithOngoingEvents(t *testing.T) {
 			// Remove the network limit, allowing the sync to finish.
 			netCtl.SetReadLimit(0)
 			{
 				syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 				defer done()
 				require.Equal(t, userID, (<-syncCh).UserID)
 				info, err := b.GetUserInfo(userID)
 				require.NoError(t, err)
 				require.True(t, info.State == bridge.Connected)
-				client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
+				client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 				require.NoError(t, err)
 				require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 				defer func() { _ = client.Logout() }()
 				status, err := client.Select(`Folders/folder`, false)
 				require.NoError(t, err)
 				// Original folder should have more than 0 messages and less than the total.
 				require.Greater(t, status.Messages, uint32(0))
 				require.Less(t, status.Messages, uint32(numMsg))
 				// Check that the new messages arrive in the right location.
 				require.Eventually(t, func() bool {
 					status, err := client.Select(`Folders/folder2`, true)
@ -338,6 +317,379 @@ func TestBridge_SyncWithOngoingEvents(t *testing.T) {
 	}, server.WithTLS(false))
 }
 func TestBridge_CanProcessEventsDuringSync(t *testing.T) {
 	numMsg := 1 << 8
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		userID, addrID, err := s.CreateUser("imap", password)
 		require.NoError(t, err)
 		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 		require.NoError(t, err)
 		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
 			createNumMessages(ctx, t, c, addrID, labelID, numMsg)
 		})
 		// Simulate 429 to prevent sync from progressing.
 		s.AddStatusHook(func(request *http.Request) (int, bool) {
 			if strings.Contains(request.URL.Path, "/mail/v4/messages/") {
 				return http.StatusTooManyRequests, true
 			}
 			return 0, false
 		})
 		// The initial user should be fully synced.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			syncStartedCh, syncStartedDone := chToType[events.Event, events.SyncStarted](bridge.GetEvents(events.SyncStarted{}))
 			defer syncStartedDone()
 			addressCreatedCh, addressCreatedDone := chToType[events.Event, events.UserAddressCreated](bridge.GetEvents(events.UserAddressCreated{}))
 			defer addressCreatedDone()
 			userID, err := bridge.LoginFull(ctx, "imap", password, nil, nil)
 			require.NoError(t, err)
 			require.Equal(t, userID, (<-syncStartedCh).UserID)
 			// Create a new address
 			newAddress := "foo@proton.ch"
 			addrID, err := s.CreateAddress(userID, newAddress, password)
 			require.NoError(t, err)
 			event := <-addressCreatedCh
 			require.Equal(t, userID, event.UserID)
 			require.Equal(t, newAddress, event.Email)
 			require.Equal(t, addrID, event.AddressID)
 		})
 	}, server.WithTLS(false))
 }
 func TestBridge_RefreshDuringSyncRestartSync(t *testing.T) {
 	numMsg := 1 << 8
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		userID, addrID, err := s.CreateUser("imap", password)
 		require.NoError(t, err)
 		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 		require.NoError(t, err)
 		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
 			createNumMessages(ctx, t, c, addrID, labelID, numMsg)
 		})
 		var refreshPerformed atomic.Bool
 		refreshPerformed.Store(false)
 		// Simulate 429 to prevent sync from progressing.
 		s.AddStatusHook(func(request *http.Request) (int, bool) {
 			if strings.Contains(request.URL.Path, "/mail/v4/messages/") {
 				if !refreshPerformed.Load() {
 					return http.StatusTooManyRequests, true
 				}
 			}
 			return 0, false
 		})
 		// The initial user should be fully synced.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
 			userID, err := bridge.LoginFull(ctx, "imap", password, nil, nil)
 			require.NoError(t, err)
 			syncStartedCh, syncStartedDone := chToType[events.Event, events.SyncStarted](bridge.GetEvents(events.SyncStarted{}))
 			defer syncStartedDone()
 			require.Equal(t, userID, (<-syncStartedCh).UserID)
 			require.NoError(t, err, s.RefreshUser(userID, proton.RefreshMail))
 			require.Equal(t, userID, (<-syncStartedCh).UserID)
 			refreshPerformed.Store(true)
 			require.Equal(t, userID, (<-syncCh).UserID)
 		})
 	}, server.WithTLS(false))
 }
 func TestBridge_EventReplayAfterSyncHasFinished(t *testing.T) {
 	numMsg := 1 << 8
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		userID, addrID, err := s.CreateUser("imap", password)
 		require.NoError(t, err)
 		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 		require.NoError(t, err)
 		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
 			createNumMessages(ctx, t, c, addrID, labelID, numMsg)
 		})
 		addrID1, err := s.CreateAddress(userID, "foo@proton.ch", password)
 		require.NoError(t, err)
 		var allowSyncToProgress atomic.Bool
 		allowSyncToProgress.Store(false)
 		// Simulate 429 to prevent sync from progressing.
 		s.AddStatusHook(func(request *http.Request) (int, bool) {
 			if request.Method == "GET" && strings.Contains(request.URL.Path, "/mail/v4/messages/") {
 				if !allowSyncToProgress.Load() {
 					return http.StatusTooManyRequests, true
 				}
 			}
 			return 0, false
 		})
 		// The initial user should be fully synced.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
 			syncStartedCh, syncStartedDone := chToType[events.Event, events.SyncStarted](bridge.GetEvents(events.SyncStarted{}))
 			defer syncStartedDone()
 			addressCreatedCh, addressCreatedDone := chToType[events.Event, events.UserAddressCreated](bridge.GetEvents(events.UserAddressCreated{}))
 			defer addressCreatedDone()
 			userID, err := bridge.LoginFull(ctx, "imap", password, nil, nil)
 			require.NoError(t, err)
 			require.Equal(t, userID, (<-syncStartedCh).UserID)
 			// create 20 more messages and move them to inbox
 			withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
 				createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 20)
 			})
 			// User AddrID2 event as a check point to see when the new address was created.
 			addrID2, err := s.CreateAddress(userID, "bar@proton.ch", password)
 			require.NoError(t, err)
 			allowSyncToProgress.Store(true)
 			require.Equal(t, userID, (<-syncCh).UserID)
 			// At most two events can be published, one for the first address, then for the second.
 			// if the second event is not `addrID2` then something went wrong.
 			event := <-addressCreatedCh
 			if event.AddressID == addrID1 {
 				event = <-addressCreatedCh
 			}
 			require.Equal(t, addrID2, event.AddressID)
 			info, err := bridge.GetUserInfo(userID)
 			require.NoError(t, err)
 			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
 			// Finally check if the 20 messages are in INBOX.
 			status, err := client.Status("INBOX", []imap.StatusItem{imap.StatusMessages})
 			require.NoError(t, err)
 			require.Equal(t, uint32(20), status.Messages)
 			// Finally check if the numMsg are in the folder.
 			status, err = client.Status("Folders/folder", []imap.StatusItem{imap.StatusMessages})
 			require.NoError(t, err)
 			require.Equal(t, uint32(numMsg), status.Messages)
 		})
 	}, server.WithTLS(false))
 }
 func TestBridge_MessageCreateDuringSync(t *testing.T) {
 	numMsg := 1 << 8
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		userID, addrID, err := s.CreateUser("imap", password)
 		require.NoError(t, err)
 		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 		require.NoError(t, err)
 		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
 			createNumMessages(ctx, t, c, addrID, labelID, numMsg)
 		})
 		var allowSyncToProgress atomic.Bool
 		allowSyncToProgress.Store(false)
 		// Simulate 429 to prevent sync from progressing.
 		s.AddStatusHook(func(request *http.Request) (int, bool) {
 			if request.Method == "GET" && strings.Contains(request.URL.Path, "/mail/v4/messages/") {
 				if !allowSyncToProgress.Load() {
 					return http.StatusTooManyRequests, true
 				}
 			}
 			return 0, false
 		})
 		// The initial user should be fully synced.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			syncStartedCh, syncStartedDone := chToType[events.Event, events.SyncStarted](bridge.GetEvents(events.SyncStarted{}))
 			defer syncStartedDone()
 			addressCreatedCh, addressCreatedDone := chToType[events.Event, events.UserAddressCreated](bridge.GetEvents(events.UserAddressCreated{}))
 			defer addressCreatedDone()
 			userID, err := bridge.LoginFull(ctx, "imap", password, nil, nil)
 			require.NoError(t, err)
 			require.Equal(t, userID, (<-syncStartedCh).UserID)
 			// create 20 more messages and move them to inbox
 			withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
 				createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 20)
 			})
 			// User AddrID2 event as a check point to see when the new address was created.
 			addrID, err := s.CreateAddress(userID, "bar@proton.ch", password)
 			require.NoError(t, err)
 			// At most two events can be published, one for the first address, then for the second.
 			// if the second event is not `addrID` then something went wrong.
 			event := <-addressCreatedCh
 			require.Equal(t, addrID, event.AddressID)
 			allowSyncToProgress.Store(true)
 			info, err := bridge.GetUserInfo(userID)
 			require.NoError(t, err)
 			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = client.Logout() }()
 			require.Eventually(t, func() bool {
 				// Finally check if the 20 messages are in INBOX.
 				status, err := client.Status("INBOX", []imap.StatusItem{imap.StatusMessages})
 				require.NoError(t, err)
 				return uint32(20) == status.Messages
 			}, 10*time.Second, time.Second)
 		})
 	}, server.WithTLS(false))
 }
 func TestBridge_CorruptedVaultClearsPreviousIMAPSyncState(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		userID, addrID, err := s.CreateUser("imap", password)
 		require.NoError(t, err)
 		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 		require.NoError(t, err)
 		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
 			createNumMessages(ctx, t, c, addrID, labelID, 100)
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
 			var err error
 			userID, err = bridge.LoginFull(context.Background(), "imap", password, nil, nil)
 			require.NoError(t, err)
 			// Wait for sync to finish
 			require.Equal(t, userID, (<-syncCh).UserID)
 		})
 		settingsPath, err := locator.ProvideSettingsPath()
 		require.NoError(t, err)
 		syncConfigPath, err := locator.ProvideIMAPSyncConfigPath()
 		require.NoError(t, err)
 		syncStatePath := imapservice.GetSyncConfigPath(syncConfigPath, userID)
 		// Check sync state is complete
 		{
 			state, err := imapservice.NewSyncState(syncStatePath)
 			require.NoError(t, err)
 			syncStatus, err := state.GetSyncStatus(context.Background())
 			require.NoError(t, err)
 			require.True(t, syncStatus.IsComplete())
 		}
 		// corrupt the vault
 		require.NoError(t, os.WriteFile(filepath.Join(settingsPath, "vault.enc"), []byte("Trash!"), 0o600))
 		// Bridge starts but can't find the gluon database dir; there should be no error.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			_, err := bridge.LoginFull(context.Background(), "imap", password, nil, nil)
 			require.NoError(t, err)
 		})
 		// Check sync state is reset.
 		{
 			state, err := imapservice.NewSyncState(syncStatePath)
 			require.NoError(t, err)
 			syncStatus, err := state.GetSyncStatus(context.Background())
 			require.NoError(t, err)
 			require.False(t, syncStatus.IsComplete())
 		}
 	})
 }
 func TestBridge_AddressOrderChangeDuringSyncInCombinedModeDoesNotTriggerBadEventOnNewMessage(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
 		userID, addrID, err := s.CreateUser("user", password)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userInfoChanged, done := chToType[events.Event, events.UserChanged](bridge.GetEvents(events.UserChanged{}))
 			defer done()
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 300)
 			})
 			_, err := bridge.LoginFull(ctx, "user", password, nil, nil)
 			require.NoError(t, err)
 			info, err := bridge.GetUserInfo(userID)
 			require.NoError(t, err)
 			require.Equal(t, 1, len(info.Addresses))
 			require.Equal(t, info.Addresses[0], "user@proton.local")
 			addrID2, err := s.CreateAddress(userID, "foo@"+s.GetDomain(), password)
 			require.NoError(t, err)
 			require.NoError(t, s.SetAddressOrder(userID, []string{addrID2, addrID}))
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				createNumMessages(ctx, t, c, addrID2, proton.InboxLabel, 1)
 			})
 			// Since we can't intercept events at this time, we sleep for a bit to make sure the
 			// new message does not get combined into the event below. This ensures the newly created
 			// goes through the full code flow which triggered the original bad event.
 			time.Sleep(time.Second)
 			require.NoError(t, s.SetAddressOrder(userID, []string{addrID, addrID2}))
 			for i := 0; i < 2; i++ {
 				select {
 				case <-ctx.Done():
 					return
 				case e := <-userInfoChanged:
 					require.Equal(t, userID, e.UserID)
 				}
 			}
 		})
 	})
 }
 func withClient(ctx context.Context, t *testing.T, s *server.Server, username string, password []byte, fn func(context.Context, *proton.Client)) { //nolint:unparam
 	m := proton.New(
 		proton.WithHostURL(s.GetHostURL()),
@ -351,7 +703,7 @@ func withClient(ctx context.Context, t *testing.T, s *server.Server, username st
 	fn(ctx, c)
 }
-func clientFetch(client *client.Client, mailbox string) ([]*imap.Message, error) {
+func clientFetch(client *client.Client, mailbox string, extraItems ...imap.FetchItem) ([]*imap.Message, error) {
 	status, err := client.Select(mailbox, false)
 	if err != nil {
 		return nil, err
@ -363,10 +715,13 @@ func clientFetch(client *client.Client, mailbox string) ([]*imap.Message, error)
 	resCh := make(chan *imap.Message)
 	fetchItems := []imap.FetchItem{imap.FetchFlags, imap.FetchEnvelope, imap.FetchUid, imap.FetchBodyStructure, "BODY.PEEK[]"}
 	fetchItems = append(fetchItems, extraItems...)
 	go func() {
 		if err := client.Fetch(
 			&imap.SeqSet{Set: []imap.Seq{{Start: 1, Stop: status.Messages}}},
-			[]imap.FetchItem{imap.FetchFlags, imap.FetchEnvelope, imap.FetchUid, "BODY.PEEK[]"},
+			fetchItems,
 			resCh,
 		); err != nil {
 			panic(err)
@ -413,6 +768,10 @@ func createNumMessages(ctx context.Context, t *testing.T, c *proton.Client, addr
 }
 func createMessages(ctx context.Context, t *testing.T, c *proton.Client, addrID, labelID string, messages ...[]byte) []string {
 	return createMessagesWithFlags(ctx, t, c, addrID, labelID, 0, messages...)
 }
 func createMessagesWithFlags(ctx context.Context, t *testing.T, c *proton.Client, addrID, labelID string, flags proton.MessageFlag, messages ...[]byte) []string {
 	user, err := c.GetUser(ctx)
 	require.NoError(t, err)
@ -425,13 +784,20 @@ func createMessages(ctx context.Context, t *testing.T, c *proton.Client, addrID,
 	keyPass, err := salt.SaltForKey(password, user.Keys.Primary().ID)
 	require.NoError(t, err)
-	_, addrKRs, err := proton.Unlock(user, addr, keyPass)
+	_, addrKRs, err := proton.Unlock(user, addr, keyPass, async.NoopPanicHandler{})
 	require.NoError(t, err)
 	_, ok := addrKRs[addrID]
 	require.True(t, ok)
-	res, err := stream.Collect(ctx, c.ImportMessages(
+	var msgFlags proton.MessageFlag
 	if flags == 0 {
 		msgFlags = proton.MessageFlagReceived
 	} else {
 		msgFlags = flags
 	}
 	str, err := c.ImportMessages(
 		ctx,
 		addrKRs[addrID],
 		runtime.NumCPU(),
@ -441,12 +807,15 @@ func createMessages(ctx context.Context, t *testing.T, c *proton.Client, addrID,
 				Metadata: proton.ImportMetadata{
 					AddressID: addrID,
 					LabelIDs:  []string{labelID},
-					Flags:     proton.MessageFlagReceived,
+					Flags:     msgFlags,
 				},
 				Message: message,
 			}
 		})...,
-	))
+	)
 	require.NoError(t, err)
 	res, err := stream.Collect(ctx, str)
 	require.NoError(t, err)
 	return xslices.Map(res, func(res proton.ImportRes) string {
--- a/internal/bridge/sync_unix_test.go
+++ b/internal/bridge/sync_unix_test.go
@ -0,0 +1,82 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 //go:build !windows
 package bridge_test
 import (
 	"context"
 	"syscall"
 	"testing"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/stretchr/testify/require"
 )
 // Disabled due to flakiness.
 func _TestBridge_SyncExistsWithErrorWhenTooManyFilesAreOpen(t *testing.T) { //nolint:unused
 	var rlimitCurrent syscall.Rlimit
 	require.NoError(t, syscall.Getrlimit(syscall.RLIMIT_NOFILE, &rlimitCurrent))
 	// Restore RLimit for Process at the end of this test
 	defer func() {
 		require.NoError(t, syscall.Setrlimit(syscall.RLIMIT_NOFILE, &rlimitCurrent))
 	}()
 	rlimit := syscall.Rlimit{
 		Max: 100,
 		Cur: 100,
 	}
 	require.NoError(t, syscall.Setrlimit(syscall.RLIMIT_NOFILE, &rlimit))
 	numMsg := 1 << 8
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		userID, addrID, err := s.CreateUser("imap", password)
 		require.NoError(t, err)
 		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 		require.NoError(t, err)
 		withClient(ctx, t, s, "imap", password, func(ctx context.Context, c *proton.Client) {
 			createNumMessages(ctx, t, c, addrID, labelID, numMsg)
 		})
 		// The initial user should be fully synced.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			syncCh, done := bridge.GetEvents(events.SyncFailed{})
 			defer done()
 			userID, err := bridge.LoginFull(ctx, "imap", password, nil, nil)
 			require.NoError(t, err)
 			evt := <-syncCh
 			switch e := evt.(type) {
 			case events.SyncFailed:
 				require.Equal(t, userID, e.UserID)
 			default:
 				require.Fail(t, "Expected events.SyncFailed{}")
 			}
 		})
 	}, server.WithTLS(false))
 }
--- a/internal/bridge/tls.go
+++ b/internal/bridge/tls.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -18,5 +18,9 @@
 package bridge
 func (bridge *Bridge) GetBridgeTLSCert() ([]byte, []byte) {
-	return bridge.vault.GetBridgeTLSCert(), bridge.vault.GetBridgeTLSKey()
+	return bridge.vault.GetBridgeTLSCert()
 }
 func (bridge *Bridge) SetBridgeTLSCertPath(certPath, keyPath string) error {
 	return bridge.vault.SetBridgeTLSCertPath(certPath, keyPath)
 }
--- a/internal/bridge/types.go
+++ b/internal/bridge/types.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -28,16 +28,11 @@ type Locator interface {
 	ProvideLogsPath() (string, error)
 	ProvideGluonCachePath() (string, error)
 	ProvideGluonDataPath() (string, error)
 	ProvideStatsPath() (string, error)
 	GetLicenseFilePath() string
 	GetDependencyLicensesLink() string
-	Clear() error
+	Clear(...string) error
-}
+	ProvideIMAPSyncConfigPath() (string, error)
 type Identifier interface {
 	GetUserAgent() string
 	HasClient() bool
 	SetClient(name, version string)
 	SetPlatform(platform string)
 }
 type ProxyController interface {
@ -58,4 +53,5 @@ type Autostarter interface {
 type Updater interface {
 	GetVersionInfo(context.Context, updater.Downloader, updater.Channel) (updater.VersionInfo, error)
 	InstallUpdate(context.Context, updater.Downloader, updater.VersionInfo) error
 	RemoveOldUpdates() error
 }
--- a/internal/bridge/updates.go
+++ b/internal/bridge/updates.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -32,19 +32,7 @@ func (bridge *Bridge) CheckForUpdates() {
 }
 func (bridge *Bridge) InstallUpdate(version updater.VersionInfo) {
-	log := logrus.WithFields(logrus.Fields{
+	bridge.installCh <- installJob{version: version, silent: false}
 		"version": version.Version,
 		"current": bridge.curVersion,
 		"channel": bridge.vault.GetUpdateChannel(),
 	})
 	select {
 	case bridge.installCh <- installJob{version: version, silent: false}:
 		log.Info("The update will be installed manually")
 	default:
 		log.Info("An update is already being installed")
 	}
 }
 func (bridge *Bridge) handleUpdate(version updater.VersionInfo) {
@ -89,17 +77,7 @@ func (bridge *Bridge) handleUpdate(version updater.VersionInfo) {
 	default:
 		safe.RLock(func() {
-			if version.Version.GreaterThan(bridge.newVersion) {
+			bridge.installCh <- installJob{version: version, silent: true}
 				log.Info("An update is available")
 				select {
 				case bridge.installCh <- installJob{version: version, silent: true}:
 					log.Info("The update will be installed silently")
 				default:
 					log.Info("An update is already being installed")
 				}
 			}
 		}, bridge.newVersionLock)
 	}
 }
@ -117,6 +95,12 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 			"channel": bridge.vault.GetUpdateChannel(),
 		})
 		if !job.version.Version.GreaterThan(bridge.newVersion) {
 			return
 		}
 		log.WithField("silent", job.silent).Info("An update is available")
 		bridge.publish(events.UpdateAvailable{
 			Version:    job.version,
 			Compatible: true,
@ -142,6 +126,7 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 				Silent:  job.silent,
 				Error:   err,
 			})
 		default:
 			log.Info("The update was installed successfully")
@ -154,3 +139,9 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 		}
 	}, bridge.newVersionLock)
 }
 func (bridge *Bridge) RemoveOldUpdates() {
 	if err := bridge.updater.RemoveOldUpdates(); err != nil {
 		logrus.WithError(err).Error("Remove old updates fails")
 	}
 }
--- a/internal/bridge/user.go
+++ b/internal/bridge/user.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -23,12 +23,15 @@ import (
 	"fmt"
 	"runtime"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/hv"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/imapservice"
 	"github.com/ProtonMail/proton-bridge/v3/internal/try"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
@ -36,6 +39,8 @@ import (
 	"github.com/sirupsen/logrus"
 )
 var logUser = logrus.WithField("pkg", "bridge/user") //nolint:gochecknoglobals
 type UserState int
 const (
@ -44,6 +49,8 @@ const (
 	Connected
 )
 var ErrFailedToUnlock = errors.New("failed to unlock user keys")
 type UserInfo struct {
 	// UserID is the user's API ID.
 	UserID string
@ -64,10 +71,10 @@ type UserInfo struct {
 	BridgePass []byte
 	// UsedSpace is the amount of space used by the user.
-	UsedSpace int
+	UsedSpace uint64
 	// MaxSpace is the total amount of space available to the user.
-	MaxSpace int
+	MaxSpace uint64
 }
 // GetUserIDs returns the IDs of all known users (authorized or not).
@ -117,23 +124,28 @@ func (bridge *Bridge) QueryUserInfo(query string) (UserInfo, error) {
 }
 // LoginAuth begins the login process. It returns an authorized client that might need 2FA.
-func (bridge *Bridge) LoginAuth(ctx context.Context, username string, password []byte) (*proton.Client, proton.Auth, error) {
+func (bridge *Bridge) LoginAuth(ctx context.Context, username string, password []byte, hvDetails *proton.APIHVDetails) (*proton.Client, proton.Auth, error) {
-	logrus.WithField("username", logging.Sensitive(username)).Info("Authorizing user for login")
+	logUser.WithField("username", logging.Sensitive(username)).Info("Authorizing user for login")
 	if username == "crash@bandicoot" {
 		panic("Your wish is my command.. I crash!")
 	}
-
+	client, auth, err := bridge.api.NewClientWithLoginWithHVToken(ctx, username, password, hvDetails)
 	client, auth, err := bridge.api.NewClientWithLogin(ctx, username, password)
 	if err != nil {
 		if hv.IsHvRequest(err) {
 			logUser.WithFields(logrus.Fields{"username": logging.Sensitive(username),
 				"loginError": err.Error()}).Info("Human Verification requested for login")
 			return nil, proton.Auth{}, err
 		}
 		return nil, proton.Auth{}, fmt.Errorf("failed to create new API client: %w", err)
 	}
 	if ok := safe.RLockRet(func() bool { return mapHas(bridge.users, auth.UserID) }, bridge.usersLock); ok {
-		logrus.WithField("userID", auth.UserID).Warn("User already logged in")
+		logUser.WithField("userID", auth.UserID).Warn("User already logged in")
 		if err := client.AuthDelete(ctx); err != nil {
-			logrus.WithError(err).Warn("Failed to delete auth")
+			logUser.WithError(err).Warn("Failed to delete auth")
 		}
 		return nil, proton.Auth{}, ErrUserAlreadyLoggedIn
@ -148,18 +160,23 @@ func (bridge *Bridge) LoginUser(
 	client *proton.Client,
 	auth proton.Auth,
 	keyPass []byte,
 	hvDetails *proton.APIHVDetails,
 ) (string, error) {
-	logrus.WithField("userID", auth.UserID).Info("Logging in authorized user")
+	logUser.WithField("userID", auth.UserID).Info("Logging in authorized user")
 	userID, err := try.CatchVal(
 		func() (string, error) {
-			return bridge.loginUser(ctx, client, auth.UID, auth.RefreshToken, keyPass)
+			return bridge.loginUser(ctx, client, auth.UID, auth.RefreshToken, keyPass, hvDetails)
 		},
 		func() error {
 			return client.AuthDelete(ctx)
 		},
 	)
 	if err != nil {
 		// Failure to unlock will allow retries, so we do not delete auth.
 		if !errors.Is(err, ErrFailedToUnlock) {
 			if deleteErr := client.AuthDelete(ctx); deleteErr != nil {
 				logUser.WithError(deleteErr).Error("Failed to delete auth")
 			}
 		}
 		return "", fmt.Errorf("failed to login user: %w", err)
 	}
@ -180,15 +197,16 @@ func (bridge *Bridge) LoginFull(
 	getTOTP func() (string, error),
 	getKeyPass func() ([]byte, error),
 ) (string, error) {
-	logrus.WithField("username", logging.Sensitive(username)).Info("Performing full user login")
+	logUser.WithField("username", logging.Sensitive(username)).Info("Performing full user login")
-	client, auth, err := bridge.LoginAuth(ctx, username, password)
+	// (atanas) the following may need to be modified once HV is merged (its used only for testing; and depends on whether we will test HV related logic)
 	client, auth, err := bridge.LoginAuth(ctx, username, password, nil)
 	if err != nil {
 		return "", fmt.Errorf("failed to begin login process: %w", err)
 	}
 	if auth.TwoFA.Enabled&proton.HasTOTP != 0 {
-		logrus.WithField("userID", auth.UserID).Info("Requesting TOTP")
+		logUser.WithField("userID", auth.UserID).Info("Requesting TOTP")
 		totp, err := getTOTP()
 		if err != nil {
@ -203,7 +221,7 @@ func (bridge *Bridge) LoginFull(
 	var keyPass []byte
 	if auth.PasswordMode == proton.TwoPasswordMode {
-		logrus.WithField("userID", auth.UserID).Info("Requesting mailbox password")
+		logUser.WithField("userID", auth.UserID).Info("Requesting mailbox password")
 		userKeyPass, err := getKeyPass()
 		if err != nil {
@ -215,12 +233,21 @@ func (bridge *Bridge) LoginFull(
 		keyPass = password
 	}
-	return bridge.LoginUser(ctx, client, auth, keyPass)
+	userID, err := bridge.LoginUser(ctx, client, auth, keyPass, nil)
 	if err != nil {
 		if deleteErr := client.AuthDelete(ctx); deleteErr != nil {
 			logUser.WithError(err).Error("Failed to delete auth")
 		}
 		return "", err
 	}
 	return userID, nil
 }
 // LogoutUser logs out the given user.
 func (bridge *Bridge) LogoutUser(ctx context.Context, userID string) error {
-	logrus.WithField("userID", userID).Info("Logging out user")
+	logUser.WithField("userID", userID).Info("Logging out user")
 	return safe.LockRet(func() error {
 		user, ok := bridge.users[userID]
@ -228,7 +255,7 @@ func (bridge *Bridge) LogoutUser(ctx context.Context, userID string) error {
 			return ErrNoSuchUser
 		}
-		bridge.logoutUser(ctx, user, true, false)
+		bridge.logoutUser(ctx, user, true, false, false)
 		bridge.publish(events.UserLoggedOut{
 			UserID: userID,
@ -240,7 +267,12 @@ func (bridge *Bridge) LogoutUser(ctx context.Context, userID string) error {
 // DeleteUser deletes the given user.
 func (bridge *Bridge) DeleteUser(ctx context.Context, userID string) error {
-	logrus.WithField("userID", userID).Info("Deleting user")
+	logUser.WithField("userID", userID).Info("Deleting user")
 	syncConfigDir, err := bridge.locator.ProvideIMAPSyncConfigPath()
 	if err != nil {
 		return fmt.Errorf("failed to get sync config path")
 	}
 	return safe.LockRet(func() error {
 		if !bridge.vault.HasUser(userID) {
@ -248,11 +280,15 @@ func (bridge *Bridge) DeleteUser(ctx context.Context, userID string) error {
 		}
 		if user, ok := bridge.users[userID]; ok {
-			bridge.logoutUser(ctx, user, true, true)
+			bridge.logoutUser(ctx, user, true, true, !bridge.GetTelemetryDisabled())
 		}
 		if err := imapservice.DeleteSyncState(syncConfigDir, userID); err != nil {
 			return fmt.Errorf("failed to delete use sync config")
 		}
 		if err := bridge.vault.DeleteUser(userID); err != nil {
-			logrus.WithError(err).Error("Failed to delete vault user")
+			logUser.WithError(err).Error("Failed to delete vault user")
 		}
 		bridge.publish(events.UserDeleted{
@ -265,7 +301,7 @@ func (bridge *Bridge) DeleteUser(ctx context.Context, userID string) error {
 // SetAddressMode sets the address mode for the given user.
 func (bridge *Bridge) SetAddressMode(ctx context.Context, userID string, mode vault.AddressMode) error {
-	logrus.WithField("userID", userID).WithField("mode", mode).Info("Setting address mode")
+	logUser.WithField("userID", userID).WithField("mode", mode).Info("Setting address mode")
 	return safe.RLockRet(func() error {
 		user, ok := bridge.users[userID]
@ -277,29 +313,77 @@ func (bridge *Bridge) SetAddressMode(ctx context.Context, userID string, mode va
 			return fmt.Errorf("address mode is already %q", mode)
 		}
 		if err := bridge.removeIMAPUser(ctx, user, true); err != nil {
 			return fmt.Errorf("failed to remove IMAP user: %w", err)
 		}
 		if err := user.SetAddressMode(ctx, mode); err != nil {
 			return fmt.Errorf("failed to set address mode: %w", err)
 		}
 		if err := bridge.addIMAPUser(ctx, user); err != nil {
 			return fmt.Errorf("failed to add IMAP user: %w", err)
 		}
 		bridge.publish(events.AddressModeChanged{
 			UserID:      userID,
 			AddressMode: mode,
 		})
 		var splitMode = false
 		for _, user := range bridge.users {
 			if user.GetAddressMode() == vault.SplitMode {
 				splitMode = true
 				break
 			}
 		}
 		bridge.heartbeat.SetSplitMode(splitMode)
 		return nil
 	}, bridge.usersLock)
 }
-func (bridge *Bridge) loginUser(ctx context.Context, client *proton.Client, authUID, authRef string, keyPass []byte) (string, error) {
+// SendBadEventUserFeedback passes the feedback to the given user.
-	apiUser, err := client.GetUser(ctx)
+func (bridge *Bridge) SendBadEventUserFeedback(_ context.Context, userID string, doResync bool) error {
 	logUser.WithField("userID", userID).WithField("doResync", doResync).Info("Passing bad event feedback to user")
 	return safe.RLockRet(func() error {
 		ctx := context.Background()
 		user, ok := bridge.users[userID]
 		if !ok {
 			if rerr := bridge.reporter.ReportMessageWithContext(
 				"Failed to handle event: feedback failed: no such user",
 				reporter.Context{"user_id": userID},
 			); rerr != nil {
 				logUser.WithError(rerr).Error("Failed to report feedback failure")
 			}
 			return ErrNoSuchUser
 		}
 		if doResync {
 			if rerr := bridge.reporter.ReportMessageWithContext(
 				"Failed to handle event: feedback resync",
 				reporter.Context{"user_id": userID},
 			); rerr != nil {
 				logUser.WithError(rerr).Error("Failed to report feedback failure")
 			}
 			return user.BadEventFeedbackResync(ctx)
 		}
 		if rerr := bridge.reporter.ReportMessageWithContext(
 			"Failed to handle event: feedback logout",
 			reporter.Context{"user_id": userID},
 		); rerr != nil {
 			logUser.WithError(rerr).Error("Failed to report feedback failure")
 		}
 		bridge.logoutUser(ctx, user, true, false, false)
 		bridge.publish(events.UserLoggedOut{
 			UserID: userID,
 		})
 		return nil
 	}, bridge.usersLock)
 }
 func (bridge *Bridge) loginUser(ctx context.Context, client *proton.Client, authUID, authRef string, keyPass []byte, hvDetails *proton.APIHVDetails) (string, error) {
 	apiUser, err := client.GetUserWithHV(ctx, hvDetails)
 	if err != nil {
 		return "", fmt.Errorf("failed to get API user: %w", err)
 	}
@ -315,9 +399,9 @@ func (bridge *Bridge) loginUser(ctx context.Context, client *proton.Client, auth
 	}
 	if userKR, err := apiUser.Keys.Unlock(saltedKeyPass, nil); err != nil {
-		return "", fmt.Errorf("failed to unlock user keys: %w", err)
+		return "", fmt.Errorf("%w: %w", ErrFailedToUnlock, err)
 	} else if userKR.CountDecryptionEntities() == 0 {
-		return "", fmt.Errorf("failed to unlock user keys")
+		return "", ErrFailedToUnlock
 	}
 	if err := bridge.addUser(ctx, client, apiUser, authUID, authRef, saltedKeyPass, true); err != nil {
@ -329,11 +413,11 @@ func (bridge *Bridge) loginUser(ctx context.Context, client *proton.Client, auth
 // loadUsers tries to load each user in the vault that isn't already loaded.
 func (bridge *Bridge) loadUsers(ctx context.Context) error {
-	logrus.WithField("count", len(bridge.vault.GetUserIDs())).Info("Loading users")
+	logUser.WithField("count", len(bridge.vault.GetUserIDs())).Info("Loading users")
-	defer logrus.Info("Finished loading users")
+	defer logUser.Info("Finished loading users")
 	return bridge.vault.ForUser(runtime.NumCPU(), func(user *vault.User) error {
-		log := logrus.WithField("userID", user.UserID())
+		log := logUser.WithField("userID", user.UserID())
 		if user.AuthUID() == "" {
 			log.Info("User is not connected (skipping)")
@ -345,7 +429,7 @@ func (bridge *Bridge) loadUsers(ctx context.Context) error {
 			return nil
 		}
-		log.Info("Loading connected user")
+		log.WithField("mode", user.AddressMode()).Info("Loading connected user")
 		bridge.publish(events.UserLoading{
 			UserID: user.UserID(),
@ -377,9 +461,10 @@ func (bridge *Bridge) loadUser(ctx context.Context, user *vault.User) error {
 		if apiErr := new(proton.APIError); errors.As(err, &apiErr) && (apiErr.Code == proton.AuthRefreshTokenInvalid) {
 			// The session cannot be refreshed, we sign out the user by clearing his auth secrets.
 			if err := user.Clear(); err != nil {
-				logrus.WithError(err).Warn("Failed to clear user secrets")
+				logUser.WithError(err).Warn("Failed to clear user secrets")
 			}
 		}
 		return fmt.Errorf("failed to create API client: %w", err)
 	}
@ -419,26 +504,26 @@ func (bridge *Bridge) addUser(
 		return fmt.Errorf("failed to add vault user: %w", err)
 	}
-	if err := bridge.addUserWithVault(ctx, client, apiUser, vaultUser); err != nil {
+	if err := bridge.addUserWithVault(ctx, client, apiUser, vaultUser, isNew); err != nil {
 		if _, ok := err.(*resty.ResponseError); ok || isLogin {
-			logrus.WithError(err).Error("Failed to add user, clearing its secrets from vault")
+			logUser.WithError(err).Error("Failed to add user, clearing its secrets from vault")
 			if err := vaultUser.Clear(); err != nil {
-				logrus.WithError(err).Error("Failed to clear user secrets")
+				logUser.WithError(err).Error("Failed to clear user secrets")
 			}
 		} else {
-			logrus.WithError(err).Error("Failed to add user")
+			logUser.WithError(err).Error("Failed to add user")
 		}
 		if err := vaultUser.Close(); err != nil {
-			logrus.WithError(err).Error("Failed to close vault user")
+			logUser.WithError(err).Error("Failed to close vault user")
 		}
 		if isNew {
-			logrus.Warn("Deleting newly added vault user")
+			logUser.Warn("Deleting newly added vault user")
 			if err := bridge.vault.DeleteUser(apiUser.ID); err != nil {
-				logrus.WithError(err).Error("Failed to delete vault user")
+				logUser.WithError(err).Error("Failed to delete vault user")
 			}
 		}
@ -454,40 +539,51 @@ func (bridge *Bridge) addUserWithVault(
 	client *proton.Client,
 	apiUser proton.User,
 	vault *vault.User,
 	isNew bool,
 ) error {
 	statsPath, err := bridge.locator.ProvideStatsPath()
 	if err != nil {
 		return fmt.Errorf("failed to get Statistics directory: %w", err)
 	}
 	syncSettingsPath, err := bridge.locator.ProvideIMAPSyncConfigPath()
 	if err != nil {
 		return fmt.Errorf("failed to get IMAP sync config path: %w", err)
 	}
 	user, err := user.New(
 		ctx,
 		vault,
 		client,
 		bridge.reporter,
 		apiUser,
-		bridge.crashHandler,
+		bridge.panicHandler,
 		bridge.vault.SyncWorkers(),
 		bridge.vault.GetShowAllMail(),
 		bridge.vault.GetMaxSyncMemory(),
 		statsPath,
 		bridge,
 		bridge.serverManager,
 		bridge.serverManager,
 		&bridgeEventSubscription{b: bridge},
 		bridge.syncService,
 		syncSettingsPath,
 		isNew,
 	)
 	if err != nil {
 		return fmt.Errorf("failed to create user: %w", err)
 	}
 	// Connect the user's address(es) to gluon.
 	if err := bridge.addIMAPUser(ctx, user); err != nil {
 		return fmt.Errorf("failed to add IMAP user: %w", err)
 	}
 	// Handle events coming from the user before forwarding them to the bridge.
 	// For example, if the user's addresses change, we need to update them in gluon.
 	bridge.tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, user.GetEventCh(), func(event events.Event) {
-			logrus.WithFields(logrus.Fields{
+			logUser.WithFields(logrus.Fields{
 				"userID": apiUser.ID,
 				"event":  event,
 			}).Debug("Received user event")
-			if err := bridge.handleUserEvent(ctx, user, event); err != nil {
+			bridge.handleUserEvent(ctx, user, event)
-				logrus.WithError(err).Error("Failed to handle user event")
+			bridge.publish(event)
 			} else {
 				bridge.publish(event)
 			}
 		})
 	})
@ -495,7 +591,7 @@ func (bridge *Bridge) addUserWithVault(
 	// As such, if we find this ID in the context, we should use it to update our user agent.
 	client.AddPreRequestHook(func(_ *resty.Client, r *resty.Request) error {
 		if imapID, ok := imap.GetIMAPIDFromContext(r.Context()); ok {
-			bridge.identifier.SetClient(imapID.Name, imapID.Version)
+			bridge.setUserAgent(imapID.Name, imapID.Version)
 		}
 		return nil
@ -504,8 +600,12 @@ func (bridge *Bridge) addUserWithVault(
 	// Finally, save the user in the bridge.
 	safe.Lock(func() {
 		bridge.users[apiUser.ID] = user
 		bridge.heartbeat.SetNbAccount(len(bridge.users))
 	}, bridge.usersLock)
 	// As we need at least one user to send heartbeat, try to send it.
 	bridge.heartbeat.start()
 	return nil
 }
@ -516,48 +616,29 @@ func (bridge *Bridge) newVaultUser(
 	authUID, authRef string,
 	saltedKeyPass []byte,
 ) (*vault.User, bool, error) {
-	if !bridge.vault.HasUser(apiUser.ID) {
+	return bridge.vault.GetOrAddUser(apiUser.ID, apiUser.Name, apiUser.Email, authUID, authRef, saltedKeyPass)
 		user, err := bridge.vault.AddUser(apiUser.ID, apiUser.Name, apiUser.Email, authUID, authRef, saltedKeyPass)
 		if err != nil {
 			return nil, false, fmt.Errorf("failed to add user to vault: %w", err)
 		}
 		return user, true, nil
 	}
 	user, err := bridge.vault.NewUser(apiUser.ID)
 	if err != nil {
 		return nil, false, err
 	}
 	if err := user.SetAuth(authUID, authRef); err != nil {
 		return nil, false, err
 	}
 	if err := user.SetKeyPass(saltedKeyPass); err != nil {
 		return nil, false, err
 	}
 	return user, false, nil
 }
 // logout logs out the given user, optionally logging them out from the API too.
-func (bridge *Bridge) logoutUser(ctx context.Context, user *user.User, withAPI, withData bool) {
+func (bridge *Bridge) logoutUser(ctx context.Context, user *user.User, withAPI, withData, withTelemetry bool) {
 	defer delete(bridge.users, user.ID())
-	logrus.WithFields(logrus.Fields{
+	// if this is actually a remove account
 	if withData && withAPI {
 		user.SendConfigStatusAbort(ctx, withTelemetry)
 	}
 	logUser.WithFields(logrus.Fields{
 		"userID":   user.ID(),
 		"withAPI":  withAPI,
 		"withData": withData,
 	}).Debug("Logging out user")
-	if err := bridge.removeIMAPUser(ctx, user, withData); err != nil {
+	if err := user.Logout(ctx, withAPI); err != nil {
-		logrus.WithError(err).Error("Failed to remove IMAP user")
+		logUser.WithError(err).Error("Failed to logout user")
 	}
-	if err := user.Logout(ctx, withAPI); err != nil {
+	bridge.heartbeat.SetNbAccount(len(bridge.users))
 		logrus.WithError(err).Error("Failed to logout user")
 	}
 	user.Close()
 }
--- a/internal/bridge/user_event_test.go
+++ b/internal/bridge/user_event_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -20,18 +20,24 @@ package bridge_test
 import (
 	"context"
 	"fmt"
 	"net"
 	"net/http"
 	"net/mail"
 	"strings"
 	"sync/atomic"
 	"testing"
 	"time"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/gluon/rfc822"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/bradenaw/juniper/stream"
 	"github.com/bradenaw/juniper/xslices"
 	"github.com/emersion/go-imap"
 	"github.com/emersion/go-imap/client"
@ -40,7 +46,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
-func TestBridge_User_BadMessage_BadEvent(t *testing.T) {
+func TestBridge_User_RefreshEvent(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
 		userID, addrID, err := s.CreateUser("user", password)
@ -49,54 +55,131 @@ func TestBridge_User_BadMessage_BadEvent(t *testing.T) {
 		labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 		require.NoError(t, err)
 		var messageIDs []string
 		// Create 10 messages for the user.
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
-			createNumMessages(ctx, t, c, addrID, labelID, 10)
+			messageIDs = createNumMessages(ctx, t, c, addrID, labelID, 10)
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 		})
-			var messageIDs []string
+		// Remove a message
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 			require.NoError(t, c.DeleteMessage(ctx, messageIDs[0]))
 		})
-			// Create 10 more messages for the user, generating events.
+		require.NoError(t, s.RefreshUser(userID, proton.RefreshMail))
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			syncCh, closeCh := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			require.Equal(t, userID, (<-syncCh).UserID)
 			closeCh()
 			userContinueEventProcess(ctx, t, s, bridge)
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
-				messageIDs = createNumMessages(ctx, t, c, addrID, labelID, 10)
+				createNumMessages(ctx, t, c, addrID, labelID, 10)
 			})
 			// If bridge attempts to sync the new messages, it should get a BadRequest error.
 			doBadRequest := true
 			s.AddStatusHook(func(req *http.Request) (int, bool) {
 				if !doBadRequest {
 					return 0, false
 				}
 				if xslices.Index(xslices.Map(messageIDs, func(messageID string) string {
 					return "/mail/v4/messages/" + messageID
 				}), req.URL.Path) < 0 {
 					return 0, false
 				}
 				return http.StatusBadRequest, true
 			})
 			userReceiveBadErrorAndLogout(t, bridge, mocks)
 			// Remove messages
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				require.NoError(t, c.DeleteMessage(ctx, messageIDs...))
 			})
 			doBadRequest = false
 			// Login again
 			_, err := bridge.LoginFull(ctx, "user", password, nil, nil)
 			require.NoError(t, err)
 			userContinueEventProcess(ctx, t, s, bridge)
 		})
 	})
 }
 func TestBridge_User_BadMessage_BadEvent(t *testing.T) {
 	t.Run("Resync", test_badMessage_badEvent(func(t *testing.T, ctx context.Context, bridge *bridge.Bridge, badUserID string) {
 		// User feedback is resync
 		require.NoError(t, bridge.SendBadEventUserFeedback(ctx, badUserID, true))
 		// Wait for sync to finish
 		syncCh, closeCh := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 		require.Equal(t, badUserID, (<-syncCh).UserID)
 		closeCh()
 	}))
 	t.Run("LogoutAndLogin", test_badMessage_badEvent(func(t *testing.T, ctx context.Context, bridge *bridge.Bridge, badUserID string) {
 		logoutCh, closeCh := chToType[events.Event, events.UserLoggedOut](bridge.GetEvents(events.UserLoggedOut{}))
 		// User feedback is logout
 		require.NoError(t, bridge.SendBadEventUserFeedback(ctx, badUserID, false))
 		require.Equal(t, badUserID, (<-logoutCh).UserID)
 		closeCh()
 		// The user will eventually be logged out due to the bad request errors.
 		require.Eventually(t, func() bool {
 			return len(bridge.GetUserIDs()) == 1 && len(getConnectedUserIDs(t, bridge)) == 0
 		}, 100*user.EventPeriod, user.EventPeriod)
 		// Login again
 		_, err := bridge.LoginFull(ctx, "user", password, nil, nil)
 		require.NoError(t, err)
 	}))
 }
 func test_badMessage_badEvent(userFeedback func(t *testing.T, ctx context.Context, bridge *bridge.Bridge, badUserID string)) func(t *testing.T) {
 	return func(t *testing.T) {
 		withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 			// Create a user.
 			userID, addrID, err := s.CreateUser("user", password)
 			require.NoError(t, err)
 			labelID, err := s.CreateLabel(userID, "folder", "", proton.LabelTypeFolder)
 			require.NoError(t, err)
 			// Create 10 messages for the user.
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				createNumMessages(ctx, t, c, addrID, labelID, 10)
 			})
 			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 				userLoginAndSync(ctx, t, bridge, "user", password)
 				var messageIDs []string
 				// Create 10 more messages for the user, generating events.
 				withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 					messageIDs = createNumMessages(ctx, t, c, addrID, labelID, 10)
 				})
 				// If bridge attempts to sync the new messages, it should get a BadRequest error.
 				doBadRequest := true
 				s.AddStatusHook(func(req *http.Request) (int, bool) {
 					if !doBadRequest {
 						return 0, false
 					}
 					if xslices.Index(xslices.Map(messageIDs[0:5], func(messageID string) string {
 						return "/mail/v4/messages/" + messageID
 					}), req.URL.Path) < 0 {
 						return 0, false
 					}
 					return http.StatusBadRequest, true
 				})
 				badUserID := userReceivesBadError(t, bridge, mocks)
 				// Remove messages, make response OK again
 				withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 					require.NoError(t, c.DeleteMessage(ctx, messageIDs[0:5]...))
 				})
 				doBadRequest = false
 				userFeedback(t, ctx, bridge, badUserID)
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
 		})
 	}
 }
 func TestBridge_User_BadMessage_NoBadEvent(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
@ -113,12 +196,13 @@ func TestBridge_User_BadMessage_NoBadEvent(t *testing.T) {
 			var messageIDs []string
 			// Create 10 more messages for the user, generating events.
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				messageIDs = createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
 			})
 			// If bridge attempts to sync the new messages, it should get a BadRequest error.
 			s.AddStatusHook(func(req *http.Request) (int, bool) {
 				if len(messageIDs) < 3 {
 					return 0, false
 				}
 				if strings.Contains(req.URL.Path, "/mail/v4/messages/"+messageIDs[2]) {
 					return http.StatusUnprocessableEntity, true
 				}
@ -126,11 +210,6 @@ func TestBridge_User_BadMessage_NoBadEvent(t *testing.T) {
 				return 0, false
 			})
 			// Create 10 more messages for the user, generating events.
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				messageIDs = createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
 			})
 			// Remove messages
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				require.NoError(t, c.DeleteMessage(ctx, messageIDs...))
@ -249,6 +328,24 @@ func TestBridge_User_AddressEvents_NoBadEvent(t *testing.T) {
 	})
 }
 func TestBridge_User_AddressEventUpdatedForAddressThatDoesNotExist_NoBadEvent(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
 		userID, _, err := s.CreateUser("user", password)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			_, err := s.CreateAddressAsUpdate(userID, "another@pm.me", password)
 			require.NoError(t, err)
 			userContinueEventProcess(ctx, t, s, bridge)
 		})
 	})
 }
 func TestBridge_User_Network_NoBadEvents(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		retVal := int32(0)
@ -295,6 +392,453 @@ func TestBridge_User_Network_NoBadEvents(t *testing.T) {
 	})
 }
 func TestBridge_User_DropConn_NoBadEvent(t *testing.T) {
 	l, err := net.Listen("tcp", "127.0.0.1:0")
 	require.NoError(t, err)
 	dropListener := proton.NewListener(l, proton.NewDropConn)
 	defer func() { _ = dropListener.Close() }()
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
 		_, addrID, err := s.CreateUser("user", password)
 		require.NoError(t, err)
 		// Create 10 messages for the user.
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 			createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			var count int32
 			// The first 10 times bridge attempts to sync any of the messages, drop the connection.
 			s.AddStatusHook(func(req *http.Request) (int, bool) {
 				if strings.Contains(req.URL.Path, "/mail/v4/messages") {
 					if atomic.AddInt32(&count, 1) < 10 {
 						dropListener.DropAll()
 					}
 				}
 				return 0, false
 			})
 			userLoginAndSync(ctx, t, bridge, "user", password)
 			mocks.Reporter.EXPECT().ReportMessageWithContext(gomock.Any(), gomock.Any()).AnyTimes()
 			// Create 10 more messages for the user, generating events.
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
 			})
 			info, err := bridge.QueryUserInfo("user")
 			require.NoError(t, err)
 			cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = cli.Logout() }()
 			// The IMAP client will eventually see 20 messages.
 			require.Eventually(t, func() bool {
 				status, err := cli.Status("INBOX", []imap.StatusItem{imap.StatusMessages})
 				return err == nil && status.Messages == 20
 			}, 10*time.Second, 100*time.Millisecond)
 		})
 	}, server.WithListener(dropListener))
 }
 func TestBridge_User_UpdateDraft(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a bridge user.
 		_, _, err := s.CreateUser("user", password)
 		require.NoError(t, err)
 		// Initially sync the user.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 		})
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 			user, err := c.GetUser(ctx)
 			require.NoError(t, err)
 			addrs, err := c.GetAddresses(ctx)
 			require.NoError(t, err)
 			salts, err := c.GetSalts(ctx)
 			require.NoError(t, err)
 			keyPass, err := salts.SaltForKey(password, user.Keys.Primary().ID)
 			require.NoError(t, err)
 			_, addrKRs, err := proton.Unlock(user, addrs, keyPass, async.NoopPanicHandler{})
 			require.NoError(t, err)
 			// Create a draft (generating a "create draft message" event).
 			draft, err := c.CreateDraft(ctx, addrKRs[addrs[0].ID], proton.CreateDraftReq{
 				Message: proton.DraftTemplate{
 					Subject:  "subject",
 					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
 					Body:     "body",
 					MIMEType: rfc822.TextPlain,
 				},
 			})
 			require.NoError(t, err)
 			require.Empty(t, draft.ReplyTos)
 			// Process those events
 			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
 			// Update the draft (generating an "update draft message" event).
 			draft2, err := c.UpdateDraft(ctx, draft.ID, addrKRs[addrs[0].ID], proton.UpdateDraftReq{
 				Message: proton.DraftTemplate{
 					Subject:  "subject 2",
 					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
 					Body:     "body 2",
 					MIMEType: rfc822.TextPlain,
 				},
 			})
 			require.NoError(t, err)
 			require.Empty(t, draft2.ReplyTos)
 		})
 	})
 }
 func TestBridge_User_UpdateDraftAndCreateOtherMessage(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a bridge user.
 		_, _, err := s.CreateUser("user", password)
 		require.NoError(t, err)
 		// Initially sync the user.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 		})
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 			user, err := c.GetUser(ctx)
 			require.NoError(t, err)
 			addrs, err := c.GetAddresses(ctx)
 			require.NoError(t, err)
 			salts, err := c.GetSalts(ctx)
 			require.NoError(t, err)
 			keyPass, err := salts.SaltForKey(password, user.Keys.Primary().ID)
 			require.NoError(t, err)
 			_, addrKRs, err := proton.Unlock(user, addrs, keyPass, async.NoopPanicHandler{})
 			require.NoError(t, err)
 			// Create a draft (generating a "create draft message" event).
 			draft, err := c.CreateDraft(ctx, addrKRs[addrs[0].ID], proton.CreateDraftReq{
 				Message: proton.DraftTemplate{
 					Subject:  "subject",
 					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
 					Body:     "body",
 					MIMEType: rfc822.TextPlain,
 				},
 			})
 			require.NoError(t, err)
 			// Process those events
 			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
 			// Update the draft (generating an "update draft message" event).
 			require.NoError(t, getErr(c.UpdateDraft(ctx, draft.ID, addrKRs[addrs[0].ID], proton.UpdateDraftReq{
 				Message: proton.DraftTemplate{
 					Subject:  "subject 2",
 					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
 					Body:     "body 2",
 					MIMEType: rfc822.TextPlain,
 				},
 			})))
 			// Import a message (generating a "create message" event).
 			str, err := c.ImportMessages(ctx, addrKRs[addrs[0].ID], 1, 1, proton.ImportReq{
 				Metadata: proton.ImportMetadata{
 					AddressID: addrs[0].ID,
 					Flags:     proton.MessageFlagReceived,
 				},
 				Message: []byte("From: someone@example.com\r\nTo: blabla@example.com\r\n\r\nhello"),
 			})
 			require.NoError(t, err)
 			res, err := stream.Collect(ctx, str)
 			require.NoError(t, err)
 			// Process those events.
 			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
 			// Update the imported message (generating an "update message" event).
 			require.NoError(t, c.MarkMessagesUnread(ctx, res[0].MessageID))
 			// Process those events.
 			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
 		})
 	})
 }
 func TestBridge_User_SendDraftRemoveDraftFlag(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a bridge user.
 		_, _, err := s.CreateUser("user", password)
 		require.NoError(t, err)
 		// Initially sync the user.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 		})
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 			user, err := c.GetUser(ctx)
 			require.NoError(t, err)
 			addrs, err := c.GetAddresses(ctx)
 			require.NoError(t, err)
 			salts, err := c.GetSalts(ctx)
 			require.NoError(t, err)
 			keyPass, err := salts.SaltForKey(password, user.Keys.Primary().ID)
 			require.NoError(t, err)
 			_, addrKRs, err := proton.Unlock(user, addrs, keyPass, async.NoopPanicHandler{})
 			require.NoError(t, err)
 			// Create a draft (generating a "create draft message" event).
 			draft, err := c.CreateDraft(ctx, addrKRs[addrs[0].ID], proton.CreateDraftReq{
 				Message: proton.DraftTemplate{
 					Subject:  "subject",
 					ToList:   []*mail.Address{{Address: addrs[0].Email}},
 					Sender:   &mail.Address{Name: "sender", Address: addrs[0].Email},
 					Body:     "body",
 					MIMEType: rfc822.TextPlain,
 				},
 			})
 			require.NoError(t, err)
 			// Process those events
 			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 				info, err := bridge.QueryUserInfo("user")
 				require.NoError(t, err)
 				cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 				require.NoError(t, err)
 				require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
 				defer func() { _ = cli.Logout() }()
 				messages, err := clientFetch(cli, "Drafts")
 				require.NoError(t, err)
 				require.Len(t, messages, 1)
 				require.Contains(t, messages[0].Flags, imap.DraftFlag)
 			})
 			// Send the draft (generating an "update message" event).
 			{
 				pubKeys, recType, err := c.GetPublicKeys(ctx, addrs[0].Email)
 				require.NoError(t, err)
 				require.Equal(t, recType, proton.RecipientTypeInternal)
 				var req proton.SendDraftReq
 				require.NoError(t, req.AddTextPackage(addrKRs[addrs[0].ID], "body", rfc822.TextPlain, map[string]proton.SendPreferences{
 					addrs[0].Email: {
 						Encrypt:          true,
 						PubKey:           must(crypto.NewKeyRing(must(crypto.NewKeyFromArmored(pubKeys[0].PublicKey)))),
 						SignatureType:    proton.DetachedSignature,
 						EncryptionScheme: proton.InternalScheme,
 						MIMEType:         rfc822.TextPlain,
 					},
 				}, nil))
 				require.NoError(t, getErr(c.SendDraft(ctx, draft.ID, req)))
 			}
 			// Process those events; the draft will move to the sent folder and lose the draft flag.
 			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 				info, err := bridge.QueryUserInfo("user")
 				require.NoError(t, err)
 				cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 				require.NoError(t, err)
 				require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
 				defer func() { _ = cli.Logout() }()
 				messages, err := clientFetch(cli, "Sent")
 				require.NoError(t, err)
 				require.Len(t, messages, 1)
 				require.NotContains(t, messages[0].Flags, imap.DraftFlag)
 			})
 		})
 	})
 }
 func TestBridge_User_DisableEnableAddress(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
 		userID, _, err := s.CreateUser("user", password)
 		require.NoError(t, err)
 		// Create an additional address for the user.
 		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			require.NoError(t, getErr(bridge.LoginFull(ctx, "user", password, nil, nil)))
 			// Initially we should list the address.
 			info, err := bridge.QueryUserInfo("user")
 			require.NoError(t, err)
 			require.Contains(t, info.Addresses, "alias@"+s.GetDomain())
 		})
 		// Disable the address.
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 			require.NoError(t, c.DisableAddress(ctx, aliasID))
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			// Eventually we shouldn't list the address.
 			require.Eventually(t, func() bool {
 				info, err := bridge.QueryUserInfo("user")
 				require.NoError(t, err)
 				return xslices.Index(info.Addresses, "alias@"+s.GetDomain()) < 0
 			}, 5*time.Second, 100*time.Millisecond)
 		})
 		// Enable the address.
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 			require.NoError(t, c.EnableAddress(ctx, aliasID))
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			// Eventually we should list the address.
 			require.Eventually(t, func() bool {
 				info, err := bridge.QueryUserInfo("user")
 				require.NoError(t, err)
 				return xslices.Index(info.Addresses, "alias@"+s.GetDomain()) >= 0
 			}, 5*time.Second, 100*time.Millisecond)
 		})
 	})
 }
 func TestBridge_User_CreateDisabledAddress(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
 		userID, _, err := s.CreateUser("user", password)
 		require.NoError(t, err)
 		// Create an additional address for the user.
 		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password)
 		require.NoError(t, err)
 		// Immediately disable the address.
 		withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 			require.NoError(t, c.DisableAddress(ctx, aliasID))
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			require.NoError(t, getErr(bridge.LoginFull(ctx, "user", password, nil, nil)))
 			// Initially we shouldn't list the address.
 			info, err := bridge.QueryUserInfo("user")
 			require.NoError(t, err)
 			require.NotContains(t, info.Addresses, "alias@"+s.GetDomain())
 		})
 	})
 }
 func TestBridge_User_HandleParentLabelRename(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			require.NoError(t, getErr(bridge.LoginFull(ctx, username, password, nil, nil)))
 			info, err := bridge.QueryUserInfo(username)
 			require.NoError(t, err)
 			cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
 			defer func() { _ = cli.Logout() }()
 			withClient(ctx, t, s, username, password, func(ctx context.Context, c *proton.Client) {
 				parentName := uuid.NewString()
 				childName := uuid.NewString()
 				// Create a folder.
 				parentLabel, err := c.CreateLabel(ctx, proton.CreateLabelReq{
 					Name:  parentName,
 					Type:  proton.LabelTypeFolder,
 					Color: "#f66",
 				})
 				require.NoError(t, err)
 				// Wait for the parent folder to be created.
 				require.Eventually(t, func() bool {
 					return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
 						return mailbox.Name == fmt.Sprintf("Folders/%v", parentName)
 					}) >= 0
 				}, 100*user.EventPeriod, user.EventPeriod)
 				// Create a subfolder.
 				childLabel, err := c.CreateLabel(ctx, proton.CreateLabelReq{
 					Name:     childName,
 					Type:     proton.LabelTypeFolder,
 					Color:    "#f66",
 					ParentID: parentLabel.ID,
 				})
 				require.NoError(t, err)
 				require.Equal(t, parentLabel.ID, childLabel.ParentID)
 				// Wait for the parent folder to be created.
 				require.Eventually(t, func() bool {
 					return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
 						return mailbox.Name == fmt.Sprintf("Folders/%v/%v", parentName, childName)
 					}) >= 0
 				}, 100*user.EventPeriod, user.EventPeriod)
 				newParentName := uuid.NewString()
 				// Rename the parent folder.
 				require.NoError(t, getErr(c.UpdateLabel(ctx, parentLabel.ID, proton.UpdateLabelReq{
 					Color: "#f66",
 					Name:  newParentName,
 				})))
 				// Wait for the parent folder to be renamed.
 				require.Eventually(t, func() bool {
 					return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
 						return mailbox.Name == fmt.Sprintf("Folders/%v", newParentName)
 					}) >= 0
 				}, 100*user.EventPeriod, user.EventPeriod)
 				// Wait for the child folder to be renamed.
 				require.Eventually(t, func() bool {
 					return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
 						return mailbox.Name == fmt.Sprintf("Folders/%v/%v", newParentName, childName)
 					}) >= 0
 				}, 100*user.EventPeriod, user.EventPeriod)
 			})
 		})
 	})
 }
 // userLoginAndSync logs in user and waits until user is fully synced.
 func userLoginAndSync(
 	ctx context.Context,
@ -311,21 +855,24 @@ func userLoginAndSync(
 	require.Equal(t, userID, (<-syncCh).UserID)
 }
-func userReceiveBadErrorAndLogout(
+func userReceivesBadError(
 	t *testing.T,
 	bridge *bridge.Bridge,
 	mocks *bridge.Mocks,
-) {
+) (userID string) {
 	badEventCh, closeCh := bridge.GetEvents(events.UserBadEvent{})
 	// The user will continue to process events and will receive bad request errors.
 	mocks.Reporter.EXPECT().ReportMessageWithContext(gomock.Any(), gomock.Any()).MinTimes(1)
-	// The user will eventually be logged out due to the bad request errors.
+	badEvent, ok := (<-badEventCh).(events.UserBadEvent)
-	require.Eventually(t, func() bool {
+	require.True(t, ok)
-		return len(bridge.GetUserIDs()) == 1 && len(getConnectedUserIDs(t, bridge)) == 0
+
-	}, 100*user.EventPeriod, user.EventPeriod)
+	closeCh()
 	return badEvent.UserID
 }
 // userContinueEventProcess checks that user will continue to process events and will not receive any bad request errors.
 func userContinueEventProcess(
 	ctx context.Context,
 	t *testing.T,
@ -335,10 +882,10 @@ func userContinueEventProcess(
 	info, err := bridge.QueryUserInfo("user")
 	require.NoError(t, err)
-	client, err := client.Dial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+	cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 	require.NoError(t, err)
-	require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
+	require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
-	defer func() { _ = client.Logout() }()
+	defer func() { _ = cli.Logout() }()
 	randomLabel := uuid.NewString()
@ -353,8 +900,21 @@ func userContinueEventProcess(
 	// Wait for the label to be created.
 	require.Eventually(t, func() bool {
-		return xslices.IndexFunc(clientList(client), func(mailbox *imap.MailboxInfo) bool {
+		return xslices.IndexFunc(clientList(cli), func(mailbox *imap.MailboxInfo) bool {
 			return mailbox.Name == "Labels/"+randomLabel
 		}) >= 0
 	}, 100*user.EventPeriod, user.EventPeriod)
 }
 func eventuallyDial(addr string) (cli *client.Client, err error) {
 	var sleep = 1 * time.Second
 	for i := 0; i < 5; i++ {
 		cli, err := client.Dial(addr)
 		if err == nil {
 			return cli, nil
 		}
 		time.Sleep(sleep)
 		sleep *= 2
 	}
 	return nil, fmt.Errorf("after 5 attempts, last error: %s", err)
 }
--- a/internal/bridge/user_events.go
+++ b/internal/bridge/user_events.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -19,131 +19,57 @@ package bridge
 import (
 	"context"
 	"fmt"
 	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/proton-bridge/v3/internal"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/sirupsen/logrus"
 )
-func (bridge *Bridge) handleUserEvent(ctx context.Context, user *user.User, event events.Event) error {
+func (bridge *Bridge) handleUserEvent(ctx context.Context, user *user.User, event events.Event) {
 	switch event := event.(type) {
 	case events.UserAddressCreated:
 		if err := bridge.handleUserAddressCreated(ctx, user, event); err != nil {
 			return fmt.Errorf("failed to handle user address created event: %w", err)
 		}
 	case events.UserAddressUpdated:
 		if err := bridge.handleUserAddressUpdated(ctx, user, event); err != nil {
 			return fmt.Errorf("failed to handle user address updated event: %w", err)
 		}
 	case events.UserAddressDeleted:
 		if err := bridge.handleUserAddressDeleted(ctx, user, event); err != nil {
 			return fmt.Errorf("failed to handle user address deleted event: %w", err)
 		}
 	case events.UserRefreshed:
 		if err := bridge.handleUserRefreshed(ctx, user); err != nil {
 			return fmt.Errorf("failed to handle user refreshed event: %w", err)
 		}
 	case events.UserDeauth:
 		bridge.handleUserDeauth(ctx, user)
 	case events.UserBadEvent:
-		bridge.handleUserBadEvent(ctx, user, event.Error)
+		bridge.handleUserBadEvent(ctx, user, event)
 	case events.UncategorizedEventError:
 		bridge.handleUncategorizedErrorEvent(event)
 	}
 	return nil
 }
 func (bridge *Bridge) handleUserAddressCreated(ctx context.Context, user *user.User, event events.UserAddressCreated) error {
 	if user.GetAddressMode() == vault.SplitMode {
 		if bridge.imapServer == nil {
 			return fmt.Errorf("no imap server instance running")
 		}
 		gluonID, err := bridge.imapServer.AddUser(ctx, user.NewIMAPConnector(event.AddressID), user.GluonKey())
 		if err != nil {
 			return fmt.Errorf("failed to add user to IMAP server: %w", err)
 		}
 		if err := user.SetGluonID(event.AddressID, gluonID); err != nil {
 			return fmt.Errorf("failed to set gluon ID: %w", err)
 		}
 	}
 	return nil
 }
 // GODT-1948: Handle addresses that have been disabled!
 func (bridge *Bridge) handleUserAddressUpdated(_ context.Context, user *user.User, _ events.UserAddressUpdated) error {
 	switch user.GetAddressMode() {
 	case vault.CombinedMode:
 		return fmt.Errorf("not implemented")
 	case vault.SplitMode:
 		return fmt.Errorf("not implemented")
 	}
 	return nil
 }
 func (bridge *Bridge) handleUserAddressDeleted(ctx context.Context, user *user.User, event events.UserAddressDeleted) error {
 	if user.GetAddressMode() == vault.SplitMode {
 		if bridge.imapServer == nil {
 			return fmt.Errorf("no imap server instance running")
 		}
 		gluonID, ok := user.GetGluonID(event.AddressID)
 		if !ok {
 			return fmt.Errorf("gluon ID not found for address %s", event.AddressID)
 		}
 		if err := bridge.imapServer.RemoveUser(ctx, gluonID, true); err != nil {
 			return fmt.Errorf("failed to remove user from IMAP server: %w", err)
 		}
 		if err := user.RemoveGluonID(event.AddressID, gluonID); err != nil {
 			return fmt.Errorf("failed to remove gluon ID for address: %w", err)
 		}
 	}
 	return nil
 }
 func (bridge *Bridge) handleUserRefreshed(ctx context.Context, user *user.User) error {
 	return safe.RLockRet(func() error {
 		if err := bridge.removeIMAPUser(ctx, user, true); err != nil {
 			return fmt.Errorf("failed to remove IMAP user: %w", err)
 		}
 		if err := bridge.addIMAPUser(ctx, user); err != nil {
 			return fmt.Errorf("failed to add IMAP user: %w", err)
 		}
 		return nil
 	}, bridge.usersLock)
 }
 func (bridge *Bridge) handleUserDeauth(ctx context.Context, user *user.User) {
 	safe.Lock(func() {
-		bridge.logoutUser(ctx, user, false, false)
+		bridge.logoutUser(ctx, user, false, false, false)
 		user.ReportConfigStatusFailure("User deauth.")
 	}, bridge.usersLock)
 }
-func (bridge *Bridge) handleUserBadEvent(ctx context.Context, user *user.User, err error) {
+func (bridge *Bridge) handleUserBadEvent(ctx context.Context, user *user.User, event events.UserBadEvent) {
-	safe.Lock(func() {
+	safe.RLock(func() {
 		if rerr := bridge.reporter.ReportMessageWithContext("Failed to handle event", reporter.Context{
-			"error": err,
+			"user_id":      user.ID(),
 			"old_event_id": event.OldEventID,
 			"new_event_id": event.NewEventID,
 			"event_info":   event.EventInfo,
 			"error":        event.Error,
 			"error_type":   internal.ErrCauseType(event.Error),
 		}); rerr != nil {
-			logrus.WithError(rerr).Error("Failed to report failed event handling")
+			logrus.WithField("pkg", "bridge/event").WithError(rerr).Error("Failed to report failed event handling")
 		}
-		bridge.logoutUser(ctx, user, true, false)
+		user.OnBadEvent(ctx)
 	}, bridge.usersLock)
 }
 func (bridge *Bridge) handleUncategorizedErrorEvent(event events.UncategorizedEventError) {
 	if rerr := bridge.reporter.ReportMessageWithContext("Failed to handle due to uncategorized error", reporter.Context{
 		"error_type": internal.ErrCauseType(event.Error),
 		"error":      event.Error,
 	}); rerr != nil {
 		logrus.WithField("pkg", "bridge/event").WithError(rerr).Error("Failed to report failed event handling")
 	}
 }
--- a/internal/bridge/user_test.go
+++ b/internal/bridge/user_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -20,16 +20,16 @@ package bridge_test
 import (
 	"context"
 	"fmt"
 	"net"
 	"net/http"
 	"testing"
 	"time"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	mocksPkg "github.com/ProtonMail/proton-bridge/v3/internal/bridge/mocks"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/require"
 )
@ -61,6 +61,50 @@ func TestBridge_Login(t *testing.T) {
 	})
 }
 func TestBridge_Login_DropConn(t *testing.T) {
 	l, err := net.Listen("tcp", "127.0.0.1:0")
 	require.NoError(t, err)
 	dropListener := proton.NewListener(l, proton.NewDropConn)
 	defer func() { _ = dropListener.Close() }()
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			// Login the user.
 			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			// The user is now connected.
 			require.Equal(t, []string{userID}, bridge.GetUserIDs())
 			require.Equal(t, []string{userID}, getConnectedUserIDs(t, bridge))
 		})
 		// Whether to allow the user to be created.
 		var allowUser bool
 		s.AddStatusHook(func(req *http.Request) (int, bool) {
 			// Drop any request to the users endpoint.
 			if !allowUser && req.URL.Path == "/core/v4/users" {
 				dropListener.DropAll()
 			}
 			// After the ping request, allow the user to be created.
 			if req.URL.Path == "/tests/ping" {
 				allowUser = true
 			}
 			return 0, false
 		})
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			// The user is eventually connected.
 			require.Eventually(t, func() bool {
 				return len(bridge.GetUserIDs()) == 1 && len(getConnectedUserIDs(t, bridge)) == 1
 			}, 5*time.Second, 100*time.Millisecond)
 		})
 	}, server.WithListener(dropListener))
 }
 func TestBridge_LoginTwice(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
@ -632,11 +676,6 @@ func TestBridge_UserInfo_Alias(t *testing.T) {
 func TestBridge_User_Refresh(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			mocks.Reporter.EXPECT().ReportMessageWithContext(
 				gomock.Eq("Warning: refresh occurred"),
 				mocksPkg.NewRefreshContextMatcher(proton.RefreshAll),
 			).Return(nil)
 			// Get a channel of sync started events.
 			syncStartCh, done := chToType[events.Event, events.SyncStarted](bridge.GetEvents(events.SyncStarted{}))
 			defer done()
@ -662,7 +701,26 @@ func TestBridge_User_Refresh(t *testing.T) {
 	})
 }
 func TestBridge_User_GetAddresses(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
 		userID, _, err := s.CreateUser("user", password)
 		require.NoError(t, err)
 		addrID2, err := s.CreateAddress(userID, "user@external.com", []byte("password"))
 		require.NoError(t, err)
 		require.NoError(t, s.ChangeAddressType(userID, addrID2, proton.AddressTypeExternal))
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 			info, err := bridge.GetUserInfo(userID)
 			require.NoError(t, err)
 			require.Equal(t, 1, len(info.Addresses))
 			require.Equal(t, info.Addresses[0], "user@proton.local")
 		})
 	})
 }
 // getErr returns the error that was passed to it.
-func getErr[T any](val T, err error) error {
+func getErr[T any](_ T, err error) error {
 	return err
 }
--- a/internal/certs/cert_store_darwin.go
+++ b/internal/certs/cert_store_darwin.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -17,69 +17,411 @@
 package certs
-import (
+/*
-	"os"
+#cgo CFLAGS: -x objective-c
 #cgo LDFLAGS: -framework Foundation -framework Security
 #import <Foundation/Foundation.h>
 #import <Security/Security.h>
-	"golang.org/x/sys/execabs"
+// Memory management rules:
 // Foundation object (Objective-C prefixed with `NS`) get ARC (Automatic Reference Counting), and do not need to be released manually.
 // Core Foundation objects (C), prefixed with need to be released manually using CFRelease() unless:
 // - They're obtained using a CF method containing the word Get (a.k.a. the Get Rule).
 // - They're obtained using toll-free bridging from a Foundation Object (using the __bridge keyword).
 //****************************************************************************************************************************************************
 /// \brief Create a certificate object from DER-encoded data.
 ///
 /// \return The certifcation. The caller is responsible for releasing the object using CFRelease.
 /// \return NULL if data is not a valid DER-encoded certificate.
 //****************************************************************************************************************************************************
 SecCertificateRef certFromData(char const* data, uint64_t length) {
    NSData *der = [NSData dataWithBytes:data length:length];
    return SecCertificateCreateWithData(NULL, (__bridge CFDataRef)der);
 }
 //****************************************************************************************************************************************************
 /// \brief Check if a certificate is in the user's keychain.
 ///
 /// \param[in] cert The certificate.
 /// \return true iff the certificate is in the user's keychain.
 //****************************************************************************************************************************************************
 bool _isCertificateInKeychain(SecCertificateRef const cert) {
    NSDictionary *attrs = @{
        (id)kSecMatchItemList: @[(__bridge id)cert],
        (id)kSecClass: (id)kSecClassCertificate,
        (id)kSecReturnData: @YES
    };
    return errSecSuccess == SecItemCopyMatching((__bridge CFDictionaryRef)attrs, NULL);
 }
 //****************************************************************************************************************************************************
 /// \brief Check if a certificate is in the user's keychain.
 ///
 /// \param[in] certData The certificate data in DER encoded format.
 /// \param[in] certSize The size of the certData in bytes.
 /// \return true iff the certificate is in the user's keychain.
 //****************************************************************************************************************************************************
 bool isCertificateInKeychain(char const* certData, uint64_t certSize) {
    return _isCertificateInKeychain(certFromData(certData, certSize));
 }
 //****************************************************************************************************************************************************
 /// \brief Add a certificate to the user's keychain.
 ///
 /// \param[in] cert The certificate.
 /// \return The status for the operation.
 //****************************************************************************************************************************************************
 OSStatus _addCertificateToKeychain(SecCertificateRef const cert) {
    NSDictionary* addQuery = @{
        (id)kSecValueRef: (__bridge id) cert,
        (id)kSecClass: (id)kSecClassCertificate,
    };
    return SecItemAdd((__bridge CFDictionaryRef) addQuery, NULL);
 }
 //****************************************************************************************************************************************************
 /// \brief Add a certificate to the user's keychain.
 ///
 /// \param[in] certData The certificate data in DER encoded format.
 /// \param[in] certSize The size of the certData in bytes.
 /// \return The status for the operation.
 //****************************************************************************************************************************************************
 OSStatus addCertificateToKeychain(char const* certData, uint64_t certSize) {
    return _addCertificateToKeychain(certFromData(certData, certSize));
 }
 //****************************************************************************************************************************************************
 /// \brief Add a certificate to the user's keychain.
 ///
 /// \param[in] cert The certificate.
 /// \return The status for the operation.
 //****************************************************************************************************************************************************
 OSStatus _removeCertificateFromKeychain(SecCertificateRef const cert) {
        NSDictionary *query = @{ (id)kSecClass: (id)kSecClassCertificate,
                                 (id)kSecMatchItemList: @[(__bridge id)cert],
                                 (id)kSecMatchLimit: (id)kSecMatchLimitOne,
        };
        return SecItemDelete((__bridge CFDictionaryRef) query);
 }
 //****************************************************************************************************************************************************
 /// \brief Add a certificate to the user's keychain.
 ///
 /// \param[in] certData The certificate data in DER encoded format.
 /// \param[in] certSize The size of the certData in bytes.
 /// \return The status for the operation.
 //****************************************************************************************************************************************************
 OSStatus removeCertificateFromKeychain(char const* certData, uint64_t certSize) {
    return _removeCertificateFromKeychain(certFromData(certData, certSize));
 }
 //****************************************************************************************************************************************************
 /// \brief Check if a certificate is trusted in the user's keychain.
 ///
 /// \param[in] cert The certificate.
 /// \return true iff the certificate is trusted in the user's keychain.
 //****************************************************************************************************************************************************
 bool _isCertificateTrusted(SecCertificateRef const cert) {
    CFArrayRef trustSettings = NULL;
    OSStatus status = SecTrustSettingsCopyTrustSettings(cert, kSecTrustSettingsDomainUser, &trustSettings);
    if (status != errSecSuccess) {
        return false;
    }
    CFIndex count = CFArrayGetCount(trustSettings);
    bool result = false;
    for (CFIndex index = 0; index < count; ++index) {
        CFDictionaryRef dict = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, index);
        if (!dict) {
            continue;
        }
        CFNumberRef num = (CFNumberRef)CFDictionaryGetValue(dict, kSecTrustSettingsResult);
        int value;
        if (num && CFNumberGetValue(num, kCFNumberSInt32Type, &value) && (value == kSecTrustSettingsResultTrustRoot)) {
            result = true;
            break;
        }
    }
    CFRelease(trustSettings);
    return result;
 }
 //****************************************************************************************************************************************************
 /// \brief Check if a certificate is trusted in the user's keychain.
 ///
 /// \param[in] certData The certificate data in DER encoded format.
 /// \param[in] certSize The size of the certData in bytes.
 /// \return true iff the certificate is trusted in the user's keychain.
 //****************************************************************************************************************************************************
 bool isCertificateTrusted(char const* certData, uint64_t certSize) {
    return _isCertificateTrusted(certFromData(certData, certSize));
 }
 //****************************************************************************************************************************************************
 /// \brief Set the trust level for a certificate in the user's keychain. This call will trigger a security prompt.
 ///
 /// \param[in] cert The certificate.
 /// \param[in] trustLevel The trust level.
 /// \return The status for the operation.
 //****************************************************************************************************************************************************
 OSStatus _setCertificateTrustLevel(SecCertificateRef const cert, int trustLevel) {
    SecPolicyRef policy = SecPolicyCreateSSL(true, NULL); // we limit our trust to SSL
    NSDictionary *trustSettings = @{
        (id)kSecTrustSettingsResult: [NSNumber numberWithInt:trustLevel],
        (id)kSecTrustSettingsPolicy: (__bridge id) policy,
    };
    OSStatus status = SecTrustSettingsSetTrustSettings(cert, kSecTrustSettingsDomainUser, (__bridge CFTypeRef)(trustSettings));
    CFRelease(policy);
    return status;
 }
 //****************************************************************************************************************************************************
 /// \brief Set a certificate as trusted in the user's keychain. This call will trigger a security prompt.
 ///
 /// \param[in] cert The certificate.
 /// \return The status for the operation.
 //****************************************************************************************************************************************************
 OSStatus _setCertificateTrusted(SecCertificateRef cert) {
    return _setCertificateTrustLevel(cert, kSecTrustSettingsResultTrustRoot);
 }
 //****************************************************************************************************************************************************
 /// \brief Set a certificate as trusted in the user's keychain. This call will trigger a security prompt.
 ///
 /// \param[in] certData The certificate data in DER encoded format.
 /// \param[in] certSize The size of the certData in bytes.
 /// \return The status for the operation.
 //****************************************************************************************************************************************************
 OSStatus setCertificateTrusted(char const* certData, uint64_t certSize) {
    return _setCertificateTrusted(certFromData(certData, certSize));
 }
 //****************************************************************************************************************************************************
 /// \brief Remove the trust level of a certificate in the user's keychain.
 ///
 /// \param[in] cert The certificate.
 /// \return The status for the operation.
 //****************************************************************************************************************************************************
 OSStatus _removeCertificateTrust(SecCertificateRef cert) {
    return _setCertificateTrustLevel(cert, kSecTrustSettingsResultUnspecified);
 }
 //****************************************************************************************************************************************************
 /// \brief Remove the trust level of a certificate in the user's keychain.
 ///
 /// \param[in] certData The certificate data in DER encoded format.
 /// \param[in] certSize The size of the certData in bytes.
 /// \return The status for the operation.
 //****************************************************************************************************************************************************
 OSStatus removeCertificateTrust(char const* certData, uint64_t certSize) {
    return _removeCertificateTrust(certFromData(certData, certSize));
 }
 */
 import "C"
 import (
 	"encoding/pem"
 	"errors"
 	"fmt"
 	"unsafe"
 )
 // some of the error codes returned by Apple's Security framework.
 const (
 	errSecSuccess            = 0
 	errAuthorizationCanceled = -60006
 )
 // certPEMToDER converts a certificate in PEM format to DER format, which is the format required by Apple's Security framework.
 func certPEMToDER(certPEM []byte) ([]byte, error) {
 	block, left := pem.Decode(certPEM)
 	if block == nil {
 		return []byte{}, errors.New("invalid PEM certificate")
 	}
 	if len(left) > 0 {
 		return []byte{}, errors.New("trailing data found at the end of a PEM certificate")
 	}
 	return block.Bytes, nil
 }
 // wrapCGoCertCallReturningBool wrap call to a CGo function returning a bool.
 // if the certificate is invalid the call will return false.
 func wrapCGoCertCallReturningBool(certPEM []byte, fn func(*C.char, C.ulonglong) bool) bool {
 	certDER, err := certPEMToDER(certPEM)
 	if err != nil {
 		return false // error are ignored
 	}
 	buffer := C.CBytes(certDER)
 	defer C.free(unsafe.Pointer(buffer)) //nolint:unconvert
 	return fn((*C.char)(buffer), C.ulonglong(len(certDER)))
 }
 // wrapCGoCertCallReturningBool wrap call to a CGo function returning an error
 func wrapCGoCertCallReturningError(certPEM []byte, fn func(*C.char, C.ulonglong) error) error {
 	certDER, err := certPEMToDER(certPEM)
 	if err != nil {
 		return err
 	}
 	buffer := C.CBytes(certDER)
 	defer C.free(unsafe.Pointer(buffer)) //nolint:unconvert
 	return fn((*C.char)(buffer), C.ulonglong(len(certDER)))
 }
 // isCertInKeychain returns true if the given certificate is stored in the user's keychain.
 func isCertInKeychain(certPEM []byte) bool {
 	return wrapCGoCertCallReturningBool(certPEM, isCertInKeychainCGo)
 }
 func isCertInKeychainCGo(buffer *C.char, size C.ulonglong) bool {
 	return bool(C.isCertificateInKeychain(buffer, size))
 }
 // addCertToKeychain adds a certificate to the user's keychain.
 // Trying to add a certificate that is already in the keychain will result in an error.
 func addCertToKeychain(certPEM []byte) error {
 	return wrapCGoCertCallReturningError(certPEM, addCertToKeychainCGo)
 }
 func addCertToKeychainCGo(buffer *C.char, size C.ulonglong) error {
 	if errCode := C.addCertificateToKeychain(buffer, size); errCode != errSecSuccess {
 		return fmt.Errorf("could not add certificate to keychain (error %v)", errCode)
 	}
 	return nil
 }
 // removeCertFromKeychain removes a certificate from the user's keychain.
 // Trying to remove a certificate that is not in the keychain will result in an error.
 func removeCertFromKeychain(certPEM []byte) error {
 	return wrapCGoCertCallReturningError(certPEM, removeCertFromKeychainCGo)
 }
 func removeCertFromKeychainCGo(buffer *C.char, size C.ulonglong) error {
 	if errCode := C.removeCertificateFromKeychain(buffer, size); errCode != errSecSuccess {
 		return fmt.Errorf("could not remove certificate from keychain (error %v)", errCode)
 	}
 	return nil
 }
 // isCertTrusted check if a certificate is trusted in the user's keychain.
 func isCertTrusted(certPEM []byte) bool {
 	return wrapCGoCertCallReturningBool(certPEM, isCertTrustedCGo)
 }
 func isCertTrustedCGo(buffer *C.char, size C.ulonglong) bool {
 	return bool(C.isCertificateTrusted(buffer, size))
 }
 // setCertTrusted sets a certificate as trusted in the user's keychain.
 // This function will trigger a security prompt from the system.
 func setCertTrusted(certPEM []byte) error {
 	return wrapCGoCertCallReturningError(certPEM, setCertTrustedCGo)
 }
 func setCertTrustedCGo(buffer *C.char, size C.ulonglong) error {
 	errCode := C.setCertificateTrusted(buffer, size)
 	switch errCode {
 	case errSecSuccess:
 		return nil
 	case errAuthorizationCanceled:
 		return ErrUserCanceledCertificateInstall
 	default:
 		return fmt.Errorf("could not set certificate trust in keychain (error %v)", errCode)
 	}
 }
 // removeCertTrust remove the trust level of the certificated from the user's keychain.
 // This function will trigger a security prompt from the system.
 func removeCertTrust(certPEM []byte) error {
 	return wrapCGoCertCallReturningError(certPEM, removeCertTrustCGo)
 }
 func removeCertTrustCGo(buffer *C.char, size C.ulonglong) error {
 	errCode := C.removeCertificateTrust(buffer, size)
 	switch errCode {
 	case errSecSuccess:
 		return nil
 	case errAuthorizationCanceled:
 		return ErrUserCanceledCertificateInstall
 	default:
 		return fmt.Errorf("could not set certificate trust in keychain (error %v)", errCode)
 	}
 }
 func osSupportCertInstall() bool {
 	return true
 }
 // installCert installs a certificate in the keychain. The certificate is added to the keychain and it is set as trusted.
 // This function will trigger a security prompt from the system, unless the certificate is already trusted in the user keychain.
 func installCert(certPEM []byte) error {
-	name, err := writeToTempFile(certPEM)
+	certDER, err := certPEMToDER(certPEM)
 	if err != nil {
 		return err
 	}
-	return addTrustedCert(name)
+	p := C.CBytes(certDER)
 	defer C.free(unsafe.Pointer(p)) //nolint:unconvert
 	buffer := (*C.char)(p)
 	size := C.ulonglong(len(certDER))
 	if !isCertInKeychainCGo(buffer, size) {
 		if err := addCertToKeychainCGo(buffer, size); err != nil {
 			return err
 		}
 	}
 	if !isCertTrustedCGo(buffer, size) {
 		return setCertTrustedCGo(buffer, size)
 	}
 	return nil
 }
 // uninstallCert uninstalls a certificate in the keychain. The certificate trust is removed and the certificated is deleted from the keychain.
 // This function will trigger a security prompt from the system, unless the certificate is not trusted in the user keychain.
 func uninstallCert(certPEM []byte) error {
-	name, err := writeToTempFile(certPEM)
+	certDER, err := certPEMToDER(certPEM)
 	if err != nil {
 		return err
 	}
-	return removeTrustedCert(name)
+	p := C.CBytes(certDER)
 	defer C.free(unsafe.Pointer(p)) //nolint:unconvert
 	buffer := (*C.char)(p)
 	size := C.ulonglong(len(certDER))
 	if isCertTrustedCGo(buffer, size) {
 		if err := removeCertTrustCGo(buffer, size); err != nil {
 			return err
 		}
 	}
 	if isCertInKeychainCGo(buffer, size) {
 		return removeCertFromKeychainCGo(buffer, size)
 	}
 	return nil
 }
-func addTrustedCert(certPath string) error {
+func isCertInstalled(certPEM []byte) bool {
-	return execabs.Command( //nolint:gosec
+	certDER, err := certPEMToDER(certPEM)
 		"/usr/bin/security",
 		"execute-with-privileges",
 		"/usr/bin/security",
 		"add-trusted-cert",
 		"-d",
 		"-r", "trustRoot",
 		"-p", "ssl",
 		"-k", "/Library/Keychains/System.keychain",
 		certPath,
 	).Run()
 }
 func removeTrustedCert(certPath string) error {
 	return execabs.Command( //nolint:gosec
 		"/usr/bin/security",
 		"execute-with-privileges",
 		"/usr/bin/security",
 		"remove-trusted-cert",
 		"-d",
 		certPath,
 	).Run()
 }
 // writeToTempFile writes the given data to a temporary file and returns the path.
 func writeToTempFile(data []byte) (string, error) {
 	f, err := os.CreateTemp("", "tls")
 	if err != nil {
-		return "", err
+		return false
 	}
-	if _, err := f.Write(data); err != nil {
+	p := C.CBytes(certDER)
-		return "", err
+	defer C.free(unsafe.Pointer(p)) //nolint:unconvert
-	}
+	buffer := (*C.char)(p)
 	size := C.ulonglong(len(certDER))
-	if err := f.Close(); err != nil {
+	return isCertInKeychainCGo(buffer, size) && isCertTrustedCGo(buffer, size)
 		return "", err
 	}
 	return f.Name(), nil
 }
--- a/internal/certs/cert_store_darwin_test.go
+++ b/internal/certs/cert_store_darwin_test.go
@ -0,0 +1,98 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 //go:build darwin
 package certs
 import (
 	"testing"
 	"github.com/stretchr/testify/require"
 )
 func TestCertInKeychain(t *testing.T) {
 	// no trust settings change is performed, so this test will not trigger an OS security prompt.
 	certPEM := generatePEMCertificate(t)
 	require.True(t, osSupportCertInstall())
 	require.False(t, isCertInKeychain(certPEM))
 	require.NoError(t, addCertToKeychain(certPEM))
 	require.True(t, isCertInKeychain(certPEM))
 	require.Error(t, addCertToKeychain(certPEM))
 	require.True(t, isCertInKeychain(certPEM))
 	require.NoError(t, removeCertFromKeychain(certPEM))
 	require.False(t, isCertInKeychain(certPEM))
 	require.Error(t, removeCertFromKeychain(certPEM))
 	require.False(t, isCertInKeychain(certPEM))
 }
 // This test require human interaction (macOS security prompts), and is disabled by default.
 func _TestCertificateTrust(t *testing.T) { //nolint:unused
 	certPEM := generatePEMCertificate(t)
 	require.False(t, isCertTrusted(certPEM))
 	require.NoError(t, addCertToKeychain(certPEM))
 	require.NoError(t, setCertTrusted(certPEM))
 	require.True(t, isCertTrusted(certPEM))
 	require.NoError(t, removeCertTrust(certPEM))
 	require.False(t, isCertTrusted(certPEM))
 	require.NoError(t, removeCertFromKeychain(certPEM))
 }
 // This test require human interaction (macOS security prompts), and is disabled by default.
 func _TestInstallAndRemove(t *testing.T) { //nolint:unused
 	certPEM := generatePEMCertificate(t)
 	// fresh install
 	require.False(t, isCertInstalled(certPEM))
 	require.NoError(t, installCert(certPEM))
 	require.True(t, isCertInKeychain(certPEM))
 	require.True(t, isCertTrusted(certPEM))
 	require.True(t, isCertInstalled(certPEM))
 	require.NoError(t, uninstallCert(certPEM))
 	require.False(t, isCertInKeychain(certPEM))
 	require.False(t, isCertTrusted(certPEM))
 	require.False(t, isCertInstalled(certPEM))
 	// Install where certificate is already in Keychain, but not trusted.
 	require.NoError(t, addCertToKeychain(certPEM))
 	require.False(t, isCertInstalled(certPEM))
 	require.NoError(t, installCert(certPEM))
 	require.True(t, isCertInstalled(certPEM))
 	// Install where certificate is already installed
 	require.NoError(t, installCert(certPEM))
 	// Remove when certificate is not trusted.
 	require.NoError(t, removeCertTrust(certPEM))
 	require.NoError(t, uninstallCert(certPEM))
 	require.False(t, isCertInstalled(certPEM))
 	// Remove when certificate has already been removed.
 	require.NoError(t, uninstallCert(certPEM))
 	require.False(t, isCertTrusted(certPEM))
 	require.False(t, isCertInKeychain(certPEM))
 }
 func generatePEMCertificate(t *testing.T) []byte {
 	template, err := NewTLSTemplate()
 	require.NoError(t, err)
 	certPEM, _, err := GenerateCert(template)
 	require.NoError(t, err)
 	return certPEM
 }
--- a/internal/certs/cert_store_linux.go
+++ b/internal/certs/cert_store_linux.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -17,6 +17,10 @@
 package certs
 func osSupportCertInstall() bool {
 	return false
 }
 func installCert([]byte) error {
 	return nil // Linux doesn't have a root cert store.
 }
@ -24,3 +28,7 @@ func installCert([]byte) error {
 func uninstallCert([]byte) error {
 	return nil // Linux doesn't have a root cert store.
 }
 func isCertInstalled([]byte) bool {
 	return false
 }
--- a/internal/certs/cert_store_windows.go
+++ b/internal/certs/cert_store_windows.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -17,6 +17,10 @@
 package certs
 func osSupportCertInstall() bool {
 	return false
 }
 func installCert([]byte) error {
 	return nil // NOTE(GODT-986): Install certs to root cert store?
 }
@ -24,3 +28,7 @@ func installCert([]byte) error {
 func uninstallCert([]byte) error {
 	return nil // NOTE(GODT-986): Uninstall certs from root cert store?
 }
 func isCertInstalled([]byte) bool {
 	return false
 }
--- a/internal/certs/installer.go
+++ b/internal/certs/installer.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -17,16 +17,66 @@
 package certs
-type Installer struct{}
+import (
 	"errors"
 	"github.com/sirupsen/logrus"
 )
 var (
 	ErrUserCanceledCertificateInstall = errors.New("the user cancelled the authorization dialog")
 )
 type Installer struct {
 	log *logrus.Entry
 }
 func NewInstaller() *Installer {
-	return &Installer{}
+	return &Installer{
 		log: logrus.WithField("pkg", "certs"),
 	}
 }
 func (installer *Installer) OSSupportCertInstall() bool {
 	return osSupportCertInstall()
 }
 func (installer *Installer) InstallCert(certPEM []byte) error {
-	return installCert(certPEM)
+	installer.log.Info("Installing the Bridge TLS certificate in the OS keychain")
 	if err := installCert(certPEM); err != nil {
 		installer.log.WithError(err).Error("The Bridge TLS certificate could not be installed in the OS keychain")
 		return err
 	}
 	installer.log.Info("The Bridge TLS certificate was successfully installed in the OS keychain")
 	return nil
 }
 func (installer *Installer) UninstallCert(certPEM []byte) error {
-	return uninstallCert(certPEM)
+	installer.log.Info("Uninstalling the Bridge TLS certificate from the OS keychain")
 	if err := uninstallCert(certPEM); err != nil {
 		installer.log.WithError(err).Error("The Bridge TLS certificate could not be uninstalled from the OS keychain")
 		return err
 	}
 	installer.log.Info("The Bridge TLS certificate was successfully uninstalled from the OS keychain")
 	return nil
 }
 func (installer *Installer) IsCertInstalled(certPEM []byte) bool {
 	return isCertInstalled(certPEM)
 }
 // LogCertInstallStatus reports the current status of the certificate installation in the log.
 // If certificate installation is not supported on the platform, this function does nothing.
 func (installer *Installer) LogCertInstallStatus(certPEM []byte) {
 	if installer.OSSupportCertInstall() {
 		if installer.IsCertInstalled(certPEM) {
 			installer.log.Info("The Bridge TLS certificate is installed in the OS keychain")
 		} else {
 			installer.log.Info("The Bridge TLS certificate is not installed in the OS keychain")
 		}
 	}
 }
--- a/internal/certs/tls.go
+++ b/internal/certs/tls.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/internal/certs/tls_test.go
+++ b/internal/certs/tls_test.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/internal/clientconfig/applemail.go
+++ b/internal/clientconfig/applemail.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
@ -21,6 +21,7 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
@ -39,10 +40,10 @@ func (c *AppleMail) Configure(
 	hostname string,
 	imapPort, smtpPort int,
 	imapSSL, smtpSSL bool,
-	username, addresses string,
+	username, displayName, addresses string,
 	password []byte,
 ) error {
-	mc := prepareMobileConfig(hostname, imapPort, smtpPort, imapSSL, smtpSSL, username, addresses, password)
+	mc := prepareMobileConfig(hostname, imapPort, smtpPort, imapSSL, smtpSSL, username, displayName, addresses, password)
 	confPath, err := saveConfigTemporarily(mc)
 	if err != nil {
@ -66,26 +67,28 @@ func prepareMobileConfig(
 	hostname string,
 	imapPort, smtpPort int,
 	imapSSL, smtpSSL bool,
-	username, addresses string,
+	username, displayName, addresses string,
 	password []byte,
 ) *mobileconfig.Config {
 	return &mobileconfig.Config{
-		DisplayName:  username,
+		DisplayName:        escapeXMLString(username),
-		EmailAddress: addresses,
+		EmailAddress:       escapeXMLString(addresses),
-		Identifier:   "protonmail " + username + strconv.FormatInt(time.Now().Unix(), 10),
+		AccountName:        escapeXMLString(displayName),
 		AccountDescription: escapeXMLString(username),
 		Identifier:         escapeXMLString("protonmail " + username + strconv.FormatInt(time.Now().Unix(), 10)),
 		IMAP: &mobileconfig.IMAP{
-			Hostname: hostname,
+			Hostname: escapeXMLString(hostname),
 			Port:     imapPort,
 			TLS:      imapSSL,
-			Username: username,
+			Username: escapeXMLString(username),
-			Password: string(password),
+			Password: escapeXMLString(string(password)),
 		},
 		SMTP: &mobileconfig.SMTP{
-			Hostname: hostname,
+			Hostname: escapeXMLString(hostname),
 			Port:     smtpPort,
 			TLS:      smtpSSL,
-			Username: username,
+			Username: escapeXMLString(username),
-			Password: string(password),
+			Password: escapeXMLString(string(password)),
 		},
 	}
 }
@ -98,6 +101,8 @@ func saveConfigTemporarily(mc *mobileconfig.Config) (fname string, err error) {
 	// Make sure the temporary file is deleted.
 	go func() {
 		defer recover() //nolint:errcheck
 		<-time.After(10 * time.Minute)
 		_ = os.RemoveAll(dir)
 	}()
@ -117,3 +122,13 @@ func saveConfigTemporarily(mc *mobileconfig.Config) (fname string, err error) {
 	return
 }
 // escapeXMLString replace all occurrences of the 5 characters `&`, `<`, `>`, `"` and `'` by their respective escaped version as per the XML spec.
 // https://www.w3.org/TR/xml/#syntax
 func escapeXMLString(input string) string {
 	result := strings.ReplaceAll(input, `&`, `&amp;`)
 	result = strings.ReplaceAll(result, `<`, `&lt;`)
 	result = strings.ReplaceAll(result, `>`, `&gt;`)
 	result = strings.ReplaceAll(result, `"`, `&quot;`)
 	return strings.ReplaceAll(result, `'`, `&apos;`)
 }
--- a/internal/clientconfig/applemail_test.go
+++ b/internal/clientconfig/applemail_test.go
@ -0,0 +1,38 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 //go:build darwin
 package clientconfig
 import (
 	"testing"
 	"github.com/stretchr/testify/require"
 )
 func TestEscapeXMLString(t *testing.T) {
 	require.Equal(t, escapeXMLString(`abc&&''""<<>>def`), `abc&amp;&amp;&apos;&apos;&quot;&quot;&lt;&lt;&gt;&gt;def`)
 }
 // This test requires human interaction (user configuration profile installation prompt). It is for debugging purpose and is disabled by default.
 func _TestInstallCert(t *testing.T) { //nolint:unused
 	require.NoError(
 		t,
 		(&AppleMail{}).Configure(`127.0.0.1`, 1143, 1025, true, false, `user&>>`, `<<abc&&'"def>>`, `user&a`, []byte(`ir8R9vhdNXyB7isWzhyEkQ`)),
 	)
 }
--- a/internal/configstatus/config_status.go
+++ b/internal/configstatus/config_status.go
@ -0,0 +1,228 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus
 import (
 	"encoding/json"
 	"fmt"
 	"os"
 	"strconv"
 	"time"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/sirupsen/logrus"
 )
 const version = "1.0.0"
 func LoadConfigurationStatus(filepath string) (*ConfigurationStatus, error) {
 	status := ConfigurationStatus{
 		FilePath: filepath,
 		DataLock: safe.NewRWMutex(),
 		Data:     &ConfigurationStatusData{},
 	}
 	if _, err := os.Stat(filepath); err == nil {
 		if err := status.Load(); err == nil {
 			return &status, nil
 		}
 		logrus.WithError(err).Warn("Cannot load configuration status file. Reset it.")
 	}
 	status.Data.init()
 	if err := status.Save(); err != nil {
 		return &status, err
 	}
 	return &status, nil
 }
 func (status *ConfigurationStatus) Load() error {
 	bytes, err := os.ReadFile(status.FilePath)
 	if err != nil {
 		return err
 	}
 	var metadata MetadataOnly
 	if err := json.Unmarshal(bytes, &metadata); err != nil {
 		return err
 	}
 	if metadata.Metadata.Version != version {
 		return fmt.Errorf("unsupported configstatus file version %s", metadata.Metadata.Version)
 	}
 	return json.Unmarshal(bytes, status.Data)
 }
 func (status *ConfigurationStatus) Save() error {
 	temp := status.FilePath + "_temp"
 	f, err := os.Create(temp) //nolint:gosec
 	if err != nil {
 		return err
 	}
 	enc := json.NewEncoder(f)
 	enc.SetIndent("", "  ")
 	err = enc.Encode(status.Data)
 	if err := f.Close(); err != nil {
 		logrus.WithError(err).Error("Error while closing configstatus file.")
 	}
 	if err != nil {
 		return err
 	}
 	return os.Rename(temp, status.FilePath)
 }
 func (status *ConfigurationStatus) IsPending() bool {
 	status.DataLock.RLock()
 	defer status.DataLock.RUnlock()
 	return !status.Data.DataV1.PendingSince.IsZero()
 }
 func (status *ConfigurationStatus) isPendingSinceMin() int {
 	if min := int(time.Since(status.Data.DataV1.PendingSince).Minutes()); min > 0 {
 		return min
 	}
 	return 0
 }
 func (status *ConfigurationStatus) IsFromFailure() bool {
 	status.DataLock.RLock()
 	defer status.DataLock.RUnlock()
 	return status.Data.DataV1.FailureDetails != ""
 }
 func (status *ConfigurationStatus) ApplySuccess() error {
 	status.DataLock.Lock()
 	defer status.DataLock.Unlock()
 	status.Data.init()
 	status.Data.DataV1.PendingSince = time.Time{}
 	return status.Save()
 }
 func (status *ConfigurationStatus) ApplyFailure(err string) error {
 	status.DataLock.Lock()
 	defer status.DataLock.Unlock()
 	status.Data.init()
 	status.Data.DataV1.FailureDetails = err
 	return status.Save()
 }
 func (status *ConfigurationStatus) ApplyProgress() error {
 	status.DataLock.Lock()
 	defer status.DataLock.Unlock()
 	status.Data.DataV1.LastProgress = time.Now()
 	return status.Save()
 }
 func (status *ConfigurationStatus) RecordLinkClicked(link uint64) error {
 	status.DataLock.Lock()
 	defer status.DataLock.Unlock()
 	if !status.Data.hasLinkClicked(link) {
 		status.Data.setClickedLink(link)
 		return status.Save()
 	}
 	return nil
 }
 func (status *ConfigurationStatus) ReportClicked() error {
 	status.DataLock.Lock()
 	defer status.DataLock.Unlock()
 	if !status.Data.DataV1.ReportClick {
 		status.Data.DataV1.ReportClick = true
 		return status.Save()
 	}
 	return nil
 }
 func (status *ConfigurationStatus) ReportSent() error {
 	status.DataLock.Lock()
 	defer status.DataLock.Unlock()
 	if !status.Data.DataV1.ReportSent {
 		status.Data.DataV1.ReportSent = true
 		return status.Save()
 	}
 	return nil
 }
 func (status *ConfigurationStatus) AutoconfigUsed(client string) error {
 	status.DataLock.Lock()
 	defer status.DataLock.Unlock()
 	if client != status.Data.DataV1.Autoconf {
 		status.Data.DataV1.Autoconf = client
 		return status.Save()
 	}
 	return nil
 }
 func (status *ConfigurationStatus) Remove() error {
 	status.DataLock.Lock()
 	defer status.DataLock.Unlock()
 	return os.Remove(status.FilePath)
 }
 func (data *ConfigurationStatusData) init() {
 	data.Metadata = Metadata{
 		Version: version,
 	}
 	data.DataV1.PendingSince = time.Now()
 	data.DataV1.LastProgress = time.Time{}
 	data.DataV1.Autoconf = ""
 	data.DataV1.ClickedLink = 0
 	data.DataV1.ReportSent = false
 	data.DataV1.ReportClick = false
 	data.DataV1.FailureDetails = ""
 }
 func (data *ConfigurationStatusData) setClickedLink(pos uint64) {
 	data.DataV1.ClickedLink |= 1 << pos
 }
 func (data *ConfigurationStatusData) hasLinkClicked(pos uint64) bool {
 	val := data.DataV1.ClickedLink & (1 << pos)
 	return val > 0
 }
 func (data *ConfigurationStatusData) clickedLinkToString() string {
 	var str = ""
 	var first = true
 	for i := 0; i < 64; i++ {
 		if data.hasLinkClicked(uint64(i)) {
 			if !first {
 				str += ","
 			} else {
 				first = false
 				str += "["
 			}
 			str += strconv.Itoa(i)
 		}
 	}
 	if str != "" {
 		str += "]"
 	}
 	return str
 }
--- a/internal/configstatus/config_status_test.go
+++ b/internal/configstatus/config_status_test.go
@ -0,0 +1,252 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus_test
 import (
 	"encoding/json"
 	"os"
 	"path/filepath"
 	"testing"
 	"time"
 	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
 	"github.com/stretchr/testify/require"
 )
 func TestConfigStatus_init_virgin(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, "1.0.0", config.Data.Metadata.Version)
 	require.Equal(t, false, config.Data.DataV1.PendingSince.IsZero())
 	require.Equal(t, true, config.Data.DataV1.LastProgress.IsZero())
 	require.Equal(t, "", config.Data.DataV1.Autoconf)
 	require.Equal(t, uint64(0), config.Data.DataV1.ClickedLink)
 	require.Equal(t, false, config.Data.DataV1.ReportSent)
 	require.Equal(t, false, config.Data.DataV1.ReportClick)
 	require.Equal(t, "", config.Data.DataV1.FailureDetails)
 }
 func TestConfigStatus_init_existing(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	var data = configstatus.ConfigurationStatusData{
 		Metadata: configstatus.Metadata{Version: "1.0.0"},
 		DataV1:   configstatus.DataV1{Autoconf: "Mr TBird"},
 	}
 	require.NoError(t, dumpConfigStatusInFile(&data, file))
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, "1.0.0", config.Data.Metadata.Version)
 	require.Equal(t, "Mr TBird", config.Data.DataV1.Autoconf)
 }
 func TestConfigStatus_init_bad_version(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	var data = configstatus.ConfigurationStatusData{
 		Metadata: configstatus.Metadata{Version: "2.0.0"},
 		DataV1:   configstatus.DataV1{Autoconf: "Mr TBird"},
 	}
 	require.NoError(t, dumpConfigStatusInFile(&data, file))
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, "1.0.0", config.Data.Metadata.Version)
 	require.Equal(t, "", config.Data.DataV1.Autoconf)
 }
 func TestConfigStatus_IsPending(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, true, config.IsPending())
 	config.Data.DataV1.PendingSince = time.Time{}
 	require.Equal(t, false, config.IsPending())
 }
 func TestConfigStatus_IsFromFailure(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, false, config.IsFromFailure())
 	config.Data.DataV1.FailureDetails = "test"
 	require.Equal(t, true, config.IsFromFailure())
 }
 func TestConfigStatus_ApplySuccess(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, true, config.IsPending())
 	require.NoError(t, config.ApplySuccess())
 	require.Equal(t, false, config.IsPending())
 	config2, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
 	require.Equal(t, true, config2.Data.DataV1.PendingSince.IsZero())
 	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
 	require.Equal(t, "", config2.Data.DataV1.Autoconf)
 	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
 	require.Equal(t, false, config2.Data.DataV1.ReportSent)
 	require.Equal(t, false, config2.Data.DataV1.ReportClick)
 	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
 }
 func TestConfigStatus_ApplyFailure(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.NoError(t, config.ApplySuccess())
 	require.NoError(t, config.ApplyFailure("Big Failure"))
 	require.Equal(t, true, config.IsFromFailure())
 	require.Equal(t, true, config.IsPending())
 	config2, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
 	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
 	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
 	require.Equal(t, "", config2.Data.DataV1.Autoconf)
 	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
 	require.Equal(t, false, config2.Data.DataV1.ReportSent)
 	require.Equal(t, false, config2.Data.DataV1.ReportClick)
 	require.Equal(t, "Big Failure", config2.Data.DataV1.FailureDetails)
 }
 func TestConfigStatus_ApplyProgress(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, true, config.IsPending())
 	require.Equal(t, true, config.Data.DataV1.LastProgress.IsZero())
 	require.NoError(t, config.ApplyProgress())
 	config2, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
 	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
 	require.Equal(t, false, config2.Data.DataV1.LastProgress.IsZero())
 	require.Equal(t, "", config2.Data.DataV1.Autoconf)
 	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
 	require.Equal(t, false, config2.Data.DataV1.ReportSent)
 	require.Equal(t, false, config2.Data.DataV1.ReportClick)
 	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
 }
 func TestConfigStatus_RecordLinkClicked(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, uint64(0), config.Data.DataV1.ClickedLink)
 	require.NoError(t, config.RecordLinkClicked(0))
 	require.Equal(t, uint64(1), config.Data.DataV1.ClickedLink)
 	require.NoError(t, config.RecordLinkClicked(1))
 	require.Equal(t, uint64(3), config.Data.DataV1.ClickedLink)
 	config2, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
 	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
 	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
 	require.Equal(t, "", config2.Data.DataV1.Autoconf)
 	require.Equal(t, uint64(3), config2.Data.DataV1.ClickedLink)
 	require.Equal(t, false, config2.Data.DataV1.ReportSent)
 	require.Equal(t, false, config2.Data.DataV1.ReportClick)
 	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
 }
 func TestConfigStatus_ReportClicked(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, false, config.Data.DataV1.ReportClick)
 	require.NoError(t, config.ReportClicked())
 	require.Equal(t, true, config.Data.DataV1.ReportClick)
 	config2, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
 	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
 	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
 	require.Equal(t, "", config2.Data.DataV1.Autoconf)
 	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
 	require.Equal(t, false, config2.Data.DataV1.ReportSent)
 	require.Equal(t, true, config2.Data.DataV1.ReportClick)
 	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
 }
 func TestConfigStatus_ReportSent(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, false, config.Data.DataV1.ReportSent)
 	require.NoError(t, config.ReportSent())
 	require.Equal(t, true, config.Data.DataV1.ReportSent)
 	config2, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	require.Equal(t, "1.0.0", config2.Data.Metadata.Version)
 	require.Equal(t, false, config2.Data.DataV1.PendingSince.IsZero())
 	require.Equal(t, true, config2.Data.DataV1.LastProgress.IsZero())
 	require.Equal(t, "", config2.Data.DataV1.Autoconf)
 	require.Equal(t, uint64(0), config2.Data.DataV1.ClickedLink)
 	require.Equal(t, true, config2.Data.DataV1.ReportSent)
 	require.Equal(t, false, config2.Data.DataV1.ReportClick)
 	require.Equal(t, "", config2.Data.DataV1.FailureDetails)
 }
 func dumpConfigStatusInFile(data *configstatus.ConfigurationStatusData, file string) error {
 	f, err := os.Create(file)
 	if err != nil {
 		return err
 	}
 	defer func() { _ = f.Close() }()
 	return json.NewEncoder(f).Encode(data)
 }
--- a/internal/configstatus/configuration_abort.go
+++ b/internal/configstatus/configuration_abort.go
@ -0,0 +1,59 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus
 import (
 	"strconv"
 )
 type ConfigAbortValues struct {
 	Duration int `json:"duration"`
 }
 type ConfigAbortDimensions struct {
 	ReportClick string `json:"report_click"`
 	ReportSent  string `json:"report_sent"`
 	ClickedLink string `json:"clicked_link"`
 }
 type ConfigAbortData struct {
 	MeasurementGroup string
 	Event            string
 	Values           ConfigSuccessValues
 	Dimensions       ConfigSuccessDimensions
 }
 type ConfigAbortBuilder struct{}
 func (*ConfigAbortBuilder) New(config *ConfigurationStatus) ConfigAbortData {
 	config.DataLock.RLock()
 	defer config.DataLock.RUnlock()
 	return ConfigAbortData{
 		MeasurementGroup: "bridge.any.configuration",
 		Event:            "bridge_config_abort",
 		Values: ConfigSuccessValues{
 			Duration: config.isPendingSinceMin(),
 		},
 		Dimensions: ConfigSuccessDimensions{
 			ReportClick: strconv.FormatBool(config.Data.DataV1.ReportClick),
 			ReportSent:  strconv.FormatBool(config.Data.DataV1.ReportSent),
 			ClickedLink: config.Data.clickedLinkToString(),
 		},
 	}
 }
--- a/internal/configstatus/configuration_abort_test.go
+++ b/internal/configstatus/configuration_abort_test.go
@ -0,0 +1,75 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus_test
 import (
 	"path/filepath"
 	"testing"
 	"time"
 	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
 	"github.com/stretchr/testify/require"
 )
 func TestConfigurationAbort_default(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	var builder = configstatus.ConfigAbortBuilder{}
 	req := builder.New(config)
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_abort", req.Event)
 	require.Equal(t, 0, req.Values.Duration)
 	require.Equal(t, "false", req.Dimensions.ReportClick)
 	require.Equal(t, "false", req.Dimensions.ReportSent)
 	require.Equal(t, "", req.Dimensions.ClickedLink)
 }
 func TestConfigurationAbort_fed(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	var data = configstatus.ConfigurationStatusData{
 		Metadata: configstatus.Metadata{Version: "1.0.0"},
 		DataV1: configstatus.DataV1{
 			PendingSince:   time.Now().Add(-10 * time.Minute),
 			LastProgress:   time.Time{},
 			Autoconf:       "Mr TBird",
 			ClickedLink:    42,
 			ReportSent:     false,
 			ReportClick:    true,
 			FailureDetails: "Not an error",
 		},
 	}
 	require.NoError(t, dumpConfigStatusInFile(&data, file))
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	var builder = configstatus.ConfigAbortBuilder{}
 	req := builder.New(config)
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_abort", req.Event)
 	require.Equal(t, 10, req.Values.Duration)
 	require.Equal(t, "true", req.Dimensions.ReportClick)
 	require.Equal(t, "false", req.Dimensions.ReportSent)
 	require.Equal(t, "[1,3,5]", req.Dimensions.ClickedLink)
 }
--- a/internal/configstatus/configuration_progress.go
+++ b/internal/configstatus/configuration_progress.go
@ -0,0 +1,60 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus
 import "time"
 type ConfigProgressValues struct {
 	NbDay          int `json:"nb_day"`
 	NbDaySinceLast int `json:"nb_day_since_last"`
 }
 type ConfigProgressData struct {
 	MeasurementGroup string
 	Event            string
 	Values           ConfigProgressValues
 	Dimensions       struct{}
 }
 type ConfigProgressBuilder struct{}
 func (*ConfigProgressBuilder) New(config *ConfigurationStatus) ConfigProgressData {
 	config.DataLock.RLock()
 	defer config.DataLock.RUnlock()
 	return ConfigProgressData{
 		MeasurementGroup: "bridge.any.configuration",
 		Event:            "bridge_config_progress",
 		Values: ConfigProgressValues{
 			NbDay:          numberOfDay(time.Now(), config.Data.DataV1.PendingSince),
 			NbDaySinceLast: numberOfDay(time.Now(), config.Data.DataV1.LastProgress),
 		},
 	}
 }
 func numberOfDay(now, prev time.Time) int {
 	if now.IsZero() || prev.IsZero() {
 		return 1
 	}
 	if now.Year() > prev.Year() {
 		return (365 * (now.Year() - prev.Year())) + now.YearDay() - prev.YearDay()
 	} else if now.YearDay() > prev.YearDay() {
 		return now.YearDay() - prev.YearDay()
 	}
 	return 0
 }
--- a/internal/configstatus/configuration_progress_test.go
+++ b/internal/configstatus/configuration_progress_test.go
@ -0,0 +1,100 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus_test
 import (
 	"path/filepath"
 	"testing"
 	"time"
 	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
 	"github.com/stretchr/testify/require"
 )
 func TestConfigurationProgress_default(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	var builder = configstatus.ConfigProgressBuilder{}
 	req := builder.New(config)
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_progress", req.Event)
 	require.Equal(t, 0, req.Values.NbDay)
 	require.Equal(t, 1, req.Values.NbDaySinceLast)
 }
 func TestConfigurationProgress_fed(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	var data = configstatus.ConfigurationStatusData{
 		Metadata: configstatus.Metadata{Version: "1.0.0"},
 		DataV1: configstatus.DataV1{
 			PendingSince:   time.Now().AddDate(0, 0, -5),
 			LastProgress:   time.Now().AddDate(0, 0, -2),
 			Autoconf:       "Mr TBird",
 			ClickedLink:    42,
 			ReportSent:     false,
 			ReportClick:    true,
 			FailureDetails: "Not an error",
 		},
 	}
 	require.NoError(t, dumpConfigStatusInFile(&data, file))
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	var builder = configstatus.ConfigProgressBuilder{}
 	req := builder.New(config)
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_progress", req.Event)
 	require.Equal(t, 5, req.Values.NbDay)
 	require.Equal(t, 2, req.Values.NbDaySinceLast)
 }
 func TestConfigurationProgress_fed_year_change(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	var data = configstatus.ConfigurationStatusData{
 		Metadata: configstatus.Metadata{Version: "1.0.0"},
 		DataV1: configstatus.DataV1{
 			PendingSince:   time.Now().AddDate(-1, 0, -5),
 			LastProgress:   time.Now().AddDate(0, 0, -2),
 			Autoconf:       "Mr TBird",
 			ClickedLink:    42,
 			ReportSent:     false,
 			ReportClick:    true,
 			FailureDetails: "Not an error",
 		},
 	}
 	require.NoError(t, dumpConfigStatusInFile(&data, file))
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	var builder = configstatus.ConfigProgressBuilder{}
 	req := builder.New(config)
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_progress", req.Event)
 	require.True(t, (req.Values.NbDay == 370) || (req.Values.NbDay == 371)) // leap year is accounted for in the simplest manner.
 	require.Equal(t, 2, req.Values.NbDaySinceLast)
 }
--- a/internal/configstatus/configuration_recovery.go
+++ b/internal/configstatus/configuration_recovery.go
@ -0,0 +1,63 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus
 import (
 	"strconv"
 )
 type ConfigRecoveryValues struct {
 	Duration int `json:"duration"`
 }
 type ConfigRecoveryDimensions struct {
 	Autoconf       string `json:"autoconf"`
 	ReportClick    string `json:"report_click"`
 	ReportSent     string `json:"report_sent"`
 	ClickedLink    string `json:"clicked_link"`
 	FailureDetails string `json:"failure_details"`
 }
 type ConfigRecoveryData struct {
 	MeasurementGroup string
 	Event            string
 	Values           ConfigRecoveryValues
 	Dimensions       ConfigRecoveryDimensions
 }
 type ConfigRecoveryBuilder struct{}
 func (*ConfigRecoveryBuilder) New(config *ConfigurationStatus) ConfigRecoveryData {
 	config.DataLock.RLock()
 	defer config.DataLock.RUnlock()
 	return ConfigRecoveryData{
 		MeasurementGroup: "bridge.any.configuration",
 		Event:            "bridge_config_recovery",
 		Values: ConfigRecoveryValues{
 			Duration: config.isPendingSinceMin(),
 		},
 		Dimensions: ConfigRecoveryDimensions{
 			Autoconf:       config.Data.DataV1.Autoconf,
 			ReportClick:    strconv.FormatBool(config.Data.DataV1.ReportClick),
 			ReportSent:     strconv.FormatBool(config.Data.DataV1.ReportSent),
 			ClickedLink:    config.Data.clickedLinkToString(),
 			FailureDetails: config.Data.DataV1.FailureDetails,
 		},
 	}
 }
--- a/internal/configstatus/configuration_recovery_test.go
+++ b/internal/configstatus/configuration_recovery_test.go
@ -0,0 +1,79 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus_test
 import (
 	"path/filepath"
 	"testing"
 	"time"
 	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
 	"github.com/stretchr/testify/require"
 )
 func TestConfigurationRecovery_default(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	var builder = configstatus.ConfigRecoveryBuilder{}
 	req := builder.New(config)
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_recovery", req.Event)
 	require.Equal(t, 0, req.Values.Duration)
 	require.Equal(t, "", req.Dimensions.Autoconf)
 	require.Equal(t, "false", req.Dimensions.ReportClick)
 	require.Equal(t, "false", req.Dimensions.ReportSent)
 	require.Equal(t, "", req.Dimensions.ClickedLink)
 	require.Equal(t, "", req.Dimensions.FailureDetails)
 }
 func TestConfigurationRecovery_fed(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	var data = configstatus.ConfigurationStatusData{
 		Metadata: configstatus.Metadata{Version: "1.0.0"},
 		DataV1: configstatus.DataV1{
 			PendingSince:   time.Now().Add(-10 * time.Minute),
 			LastProgress:   time.Time{},
 			Autoconf:       "Mr TBird",
 			ClickedLink:    42,
 			ReportSent:     false,
 			ReportClick:    true,
 			FailureDetails: "Not an error",
 		},
 	}
 	require.NoError(t, dumpConfigStatusInFile(&data, file))
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	var builder = configstatus.ConfigRecoveryBuilder{}
 	req := builder.New(config)
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_recovery", req.Event)
 	require.Equal(t, 10, req.Values.Duration)
 	require.Equal(t, "Mr TBird", req.Dimensions.Autoconf)
 	require.Equal(t, "true", req.Dimensions.ReportClick)
 	require.Equal(t, "false", req.Dimensions.ReportSent)
 	require.Equal(t, "[1,3,5]", req.Dimensions.ClickedLink)
 	require.Equal(t, "Not an error", req.Dimensions.FailureDetails)
 }
--- a/internal/configstatus/configuration_success.go
+++ b/internal/configstatus/configuration_success.go
@ -0,0 +1,61 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus
 import (
 	"strconv"
 )
 type ConfigSuccessValues struct {
 	Duration int `json:"duration"`
 }
 type ConfigSuccessDimensions struct {
 	Autoconf    string `json:"autoconf"`
 	ReportClick string `json:"report_click"`
 	ReportSent  string `json:"report_sent"`
 	ClickedLink string `json:"clicked_link"`
 }
 type ConfigSuccessData struct {
 	MeasurementGroup string
 	Event            string
 	Values           ConfigSuccessValues
 	Dimensions       ConfigSuccessDimensions
 }
 type ConfigSuccessBuilder struct{}
 func (*ConfigSuccessBuilder) New(config *ConfigurationStatus) ConfigSuccessData {
 	config.DataLock.RLock()
 	defer config.DataLock.RUnlock()
 	return ConfigSuccessData{
 		MeasurementGroup: "bridge.any.configuration",
 		Event:            "bridge_config_success",
 		Values: ConfigSuccessValues{
 			Duration: config.isPendingSinceMin(),
 		},
 		Dimensions: ConfigSuccessDimensions{
 			Autoconf:    config.Data.DataV1.Autoconf,
 			ReportClick: strconv.FormatBool(config.Data.DataV1.ReportClick),
 			ReportSent:  strconv.FormatBool(config.Data.DataV1.ReportSent),
 			ClickedLink: config.Data.clickedLinkToString(),
 		},
 	}
 }
--- a/internal/configstatus/configuration_success_test.go
+++ b/internal/configstatus/configuration_success_test.go
@ -0,0 +1,77 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus_test
 import (
 	"path/filepath"
 	"testing"
 	"time"
 	"github.com/ProtonMail/proton-bridge/v3/internal/configstatus"
 	"github.com/stretchr/testify/require"
 )
 func TestConfigurationSuccess_default(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	var builder = configstatus.ConfigSuccessBuilder{}
 	req := builder.New(config)
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_success", req.Event)
 	require.Equal(t, 0, req.Values.Duration)
 	require.Equal(t, "", req.Dimensions.Autoconf)
 	require.Equal(t, "false", req.Dimensions.ReportClick)
 	require.Equal(t, "false", req.Dimensions.ReportSent)
 	require.Equal(t, "", req.Dimensions.ClickedLink)
 }
 func TestConfigurationSuccess_fed(t *testing.T) {
 	dir := t.TempDir()
 	file := filepath.Join(dir, "dummy.json")
 	var data = configstatus.ConfigurationStatusData{
 		Metadata: configstatus.Metadata{Version: "1.0.0"},
 		DataV1: configstatus.DataV1{
 			PendingSince:   time.Now().Add(-10 * time.Minute),
 			LastProgress:   time.Time{},
 			Autoconf:       "Mr TBird",
 			ClickedLink:    42,
 			ReportSent:     false,
 			ReportClick:    true,
 			FailureDetails: "Not an error",
 		},
 	}
 	require.NoError(t, dumpConfigStatusInFile(&data, file))
 	config, err := configstatus.LoadConfigurationStatus(file)
 	require.NoError(t, err)
 	var builder = configstatus.ConfigSuccessBuilder{}
 	req := builder.New(config)
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_success", req.Event)
 	require.Equal(t, 10, req.Values.Duration)
 	require.Equal(t, "Mr TBird", req.Dimensions.Autoconf)
 	require.Equal(t, "true", req.Dimensions.ReportClick)
 	require.Equal(t, "false", req.Dimensions.ReportSent)
 	require.Equal(t, "[1,3,5]", req.Dimensions.ClickedLink)
 }
--- a/internal/configstatus/types_config_status.go
+++ b/internal/configstatus/types_config_status.go
@ -0,0 +1,56 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package configstatus
 import (
 	"time"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 )
 const ProgressCheckInterval = time.Hour
 type Metadata struct {
 	Version string `json:"version"`
 }
 type MetadataOnly struct {
 	Metadata Metadata `json:"metadata"`
 }
 type DataV1 struct {
 	PendingSince   time.Time `json:"pending_since"`
 	LastProgress   time.Time `json:"last_progress"`
 	Autoconf       string    `json:"auto_conf"`
 	ClickedLink    uint64    `json:"clicked_link"`
 	ReportSent     bool      `json:"report_sent"`
 	ReportClick    bool      `json:"report_click"`
 	FailureDetails string    `json:"failure_details"`
 }
 type ConfigurationStatusData struct {
 	Metadata Metadata `json:"metadata"`
 	DataV1   DataV1   `json:"dataV1"`
 }
 type ConfigurationStatus struct {
 	FilePath string
 	DataLock safe.RWMutex
 	Data *ConfigurationStatusData
 }
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.Bridge.
 //
@ -33,9 +33,12 @@ var (
 	// Version of the build.
 	Version = "0.0.0"
-	// Revision is current hash of the build.
+	// Revision is build time commit hash.
 	Revision = ""
 	// Tag is build time git describe.
 	Tag = ""
 	// BuildTime stamp of the build.
 	BuildTime = ""
@ -44,6 +47,9 @@ var (
 	// DSNSentry client keys to be able to report crashes to Sentry.
 	DSNSentry = ""
 	// BuildEnv tags used at build time.
 	BuildEnv = ""
 )
 const (
--- a/internal/constants/host_default.go
+++ b/internal/constants/host_default.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/internal/constants/host_qa.go
+++ b/internal/constants/host_qa.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/internal/constants/update_default.go
+++ b/internal/constants/update_default.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/internal/constants/update_qa.go
+++ b/internal/constants/update_qa.go
@ -1,4 +1,4 @@
-// Copyright (c) 2023 Proton AG
+// Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
--- a/Show More
+++ b/Show More