chore: Erasmus Bridge 3.15.0 changelog.

chore: cherry pick changes from Dragon release branch.
(cherry picked from commit 6105f32c75)
2024-10-29 10:47:33 +01:00 · 2024-10-29 08:25:15 +01:00 · 2024-10-28 16:06:19 +01:00 · 2024-10-28 15:58:37 +01:00 · 2024-10-28 15:58:37 +01:00 · 2024-10-28 11:53:04 +00:00
318 changed files with 20422 additions and 4188 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,6 +7,7 @@
 *~
 .idea
 .vscode
 .vs
 # Test files
 godog.test
@ -35,6 +36,8 @@ cmd/Import-Export/deploy
 proton-bridge
 cmd/Desktop-Bridge/*.exe
 cmd/launcher/*.exe
 bin/
 obj/
 # Jetbrains (CLion, Golang) cmake build dirs
 cmake-build-*/
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -25,11 +25,16 @@ variables:
  GOMAXPROCS: $(( ${CI_TAG_CPU} / 2 ))
 before_script:
-  - apt update && apt-get -y install libsecret-1-dev
+  - |
-  - git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
+    if [ "$CI_JOB_NAME" != "grype-scan-code-dependencies" ]; then
      apt update && apt-get -y install libsecret-1-dev
      git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
    fi
 stages:
  - analyse
  - test
  - report
  - build
 include:
@ -37,5 +42,9 @@ include:
  - local: ci/rules.yml
  - local: ci/env.yml
  - local: ci/test.yml
  - local: ci/report.yml
  - local: ci/build.yml
  - component: gitlab.protontech.ch/proton/devops/cicd-components/kits/devsecops/go@~latest
    inputs:
      stage: analyse
--- a/.golangci.yml
+++ b/.golangci.yml
@ -2,11 +2,12 @@
 run:
  timeout: 10m
  skip-dirs:
    - pkg/mime
    - extern
 issues:
  exclude-use-default: false
  exclude-dirs:
    - pkg/mime
    - extern
  exclude:
    - Using the variable on range scope `tt` in function literal
    # For now we are missing a lot of comments.
@ -87,6 +88,7 @@ linters:
    - durationcheck     # check for two durations multiplied together [fast: false, auto-fix: false]
    - exhaustive        # check exhaustiveness of enum switch statements [fast: false, auto-fix: false]
    - exportloopref     # checks for pointers to enclosing loop variables [fast: false, auto-fix: false]
    - copyloopvar       # detects places where loop variables are copied.
    - forcetypeassert   # finds forced type assertions [fast: true, auto-fix: false]
    - godot             # Check if comments end in a period [fast: true, auto-fix: true]
    - goheader          # Checks is file header matches to pattern [fast: true, auto-fix: false]
--- a/.grype.yaml
+++ b/.grype.yaml
@ -0,0 +1,2 @@
 # Check out for configuration details: https://github.com/anchore/grype?tab=readme-ov-file#configuration
 fail-on-severity: "medium"
--- a/BUILDS.md
+++ b/BUILDS.md
@ -3,7 +3,7 @@
 ## Prerequisites
 * 64-bit OS:
    - the go-rfc5322 module cannot currently be compiled for 32-bit OSes
-* Go 1.21.6
+* Go 1.21.9
 * Bash with basic build utils: make, gcc, sed, find, grep, ...
  - For Windows, it is recommended to use MinGW 64bit shell from [MSYS2](https://www.msys2.org/)
 * GCC (Linux), msvc (Windows) or Xcode (macOS)
--- a/COPYING_NOTES.md
+++ b/COPYING_NOTES.md
@ -63,11 +63,15 @@ Proton Mail Bridge includes the following 3rd party software:
 * [goleak](https://go.uber.org/goleak) available under [license](https://pkg.go.dev/go.uber.org/goleak?tab=licenses) 
 * [exp](https://golang.org/x/exp) available under [license](https://cs.opensource.google/go/x/exp/+/master:LICENSE) 
 * [net](https://golang.org/x/net) available under [license](https://cs.opensource.google/go/x/net/+/master:LICENSE) 
 * [oauth2](https://golang.org/x/oauth2) available under [license](https://cs.opensource.google/go/x/oauth2/+/master:LICENSE) 
 * [sys](https://golang.org/x/sys) available under [license](https://cs.opensource.google/go/x/sys/+/master:LICENSE) 
 * [text](https://golang.org/x/text) available under [license](https://cs.opensource.google/go/x/text/+/master:LICENSE) 
 * [api](https://google.golang.org/api) available under [license](https://pkg.go.dev/google.golang.org/api?tab=licenses) 
 * [grpc](https://google.golang.org/grpc) available under [license](https://github.com/grpc/grpc-go/blob/master/LICENSE) 
 * [protobuf](https://google.golang.org/protobuf) available under [license](https://github.com/protocolbuffers/protobuf/blob/main/LICENSE) 
 * [plist](https://howett.net/plist) available under [license](https://github.com/DHowett/go-plist/blob/main/LICENSE) 
 * [compute](https://cloud.google.com/go/compute) available under [license](https://pkg.go.dev/cloud.google.com/go/compute?tab=licenses) 
 * [metadata](https://cloud.google.com/go/compute/metadata) available under [license](https://pkg.go.dev/cloud.google.com/go/compute/metadata?tab=licenses) 
 * [bcrypt](https://github.com/ProtonMail/bcrypt) available under [license](https://github.com/ProtonMail/bcrypt/blob/master/LICENSE) 
 * [go-crypto](https://github.com/ProtonMail/go-crypto) available under [license](https://github.com/ProtonMail/go-crypto/blob/master/LICENSE) 
 * [go-mime](https://github.com/ProtonMail/go-mime) available under [license](https://github.com/ProtonMail/go-mime/blob/master/LICENSE) 
@ -95,8 +99,11 @@ Proton Mail Bridge includes the following 3rd party software:
 * [validator](https://github.com/go-playground/validator/v10) available under [license](https://github.com/go-playground/validator/v10/blob/master/LICENSE) 
 * [go-json](https://github.com/goccy/go-json) available under [license](https://github.com/goccy/go-json/blob/master/LICENSE) 
 * [uuid](https://github.com/gofrs/uuid) available under [license](https://github.com/gofrs/uuid/blob/master/LICENSE) 
 * [groupcache](https://github.com/golang/groupcache) available under [license](https://github.com/golang/groupcache/blob/master/LICENSE) 
 * [protobuf](https://github.com/golang/protobuf) available under [license](https://github.com/golang/protobuf/blob/master/LICENSE) 
 * [pprof](https://github.com/google/pprof) available under [license](https://github.com/google/pprof/blob/master/LICENSE) 
 * [enterprise-certificate-proxy](https://github.com/googleapis/enterprise-certificate-proxy) available under [license](https://github.com/googleapis/enterprise-certificate-proxy/blob/master/LICENSE) 
 * [gax-go](https://github.com/googleapis/gax-go/v2) available under [license](https://github.com/googleapis/gax-go/v2/blob/master/LICENSE) 
 * [errwrap](https://github.com/hashicorp/errwrap) available under [license](https://github.com/hashicorp/errwrap/blob/master/LICENSE) 
 * [go-immutable-radix](https://github.com/hashicorp/go-immutable-radix) available under [license](https://github.com/hashicorp/go-immutable-radix/blob/master/LICENSE) 
 * [go-memdb](https://github.com/hashicorp/go-memdb) available under [license](https://github.com/hashicorp/go-memdb/blob/master/LICENSE) 
@ -124,14 +131,16 @@ Proton Mail Bridge includes the following 3rd party software:
 * [codec](https://github.com/ugorji/go/codec) available under [license](https://github.com/ugorji/go/codec/blob/master/LICENSE) 
 * [tagparser](https://github.com/vmihailenco/tagparser/v2) available under [license](https://github.com/vmihailenco/tagparser/v2/blob/master/LICENSE) 
 * [smetrics](https://github.com/xrash/smetrics) available under [license](https://github.com/xrash/smetrics/blob/master/LICENSE) 
-* [go-ordered-json](https://gitlab.com/c0b/go-ordered-json)
+* [go-ordered-json](https://gitlab.com/c0b/go-ordered-json) available under [license](https://gitlab.com/c0b/go-ordered-json/blob/master/LICENSE) 
 * [go.opencensus.io](https://pkg.go.dev/go.opencensus.io?tab=licenses) available under [license](https://pkg.go.dev/go.opencensus.io?tab=licenses) 
 * [arch](https://golang.org/x/arch) available under [license](https://cs.opensource.google/go/x/arch/+/master:LICENSE) 
 * [crypto](https://golang.org/x/crypto) available under [license](https://cs.opensource.google/go/x/crypto/+/master:LICENSE) 
 * [mod](https://golang.org/x/mod) available under [license](https://cs.opensource.google/go/x/mod/+/master:LICENSE) 
 * [sync](https://golang.org/x/sync) available under [license](https://cs.opensource.google/go/x/sync/+/master:LICENSE) 
 * [tools](https://golang.org/x/tools) available under [license](https://cs.opensource.google/go/x/tools/+/master:LICENSE) 
 * [appengine](https://google.golang.org/appengine) available under [license](https://pkg.go.dev/google.golang.org/appengine?tab=licenses) 
 * [genproto](https://google.golang.org/genproto) available under [license](https://pkg.go.dev/google.golang.org/genproto?tab=licenses) 
-* [yaml](https://gopkg.in/yaml.v3) available under [license](https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE) 
+* [yaml](https://gopkg.in/yaml.v3) available under [license](https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE)  available under [license](https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE) 
 * [go-message](https://github.com/ProtonMail/go-message) available under [license](https://github.com/ProtonMail/go-message/blob/master/LICENSE) 
 * [go-smtp](https://github.com/ProtonMail/go-smtp) available under [license](https://github.com/ProtonMail/go-smtp/blob/master/LICENSE) 
 * [resty](https://github.com/LBeernaertProton/resty/v2) available under [license](https://github.com/LBeernaertProton/resty/v2/blob/master/LICENSE) 
--- a/Changelog.md
+++ b/Changelog.md
@ -3,6 +3,123 @@
 Changelog [format](http://keepachangelog.com/en/1.0.0/)
 ## Erasmus Bridge 3.15.0
 ### Added
 * BRIDGE-238: Added host information to sentry events; new sentry event for keychain issues.
 * BRIDGE-236: Added SMTP observability metrics.
 * BRIDGE-217: Added missing parameter to the CLI help command.
 * BRIDGE-234: Add accessibility name in QML for UI automation.
 * BRIDGE-232: Test: Add Home Menu Bridge UI e2e automation tests.
 * BRIDGE-220: Test: Add Bridge E2E UI login/logout tests for Windows.
 ### Changed
 * BRIDGE-228: Removed sentry events.
 * BRIDGE-218: Observability adapter; gluon observability metrics and tests.
 * BRIDGE-215: Tweak wording on macOS profile install page.
 * BRIDGE-131: Test: Integration tests for messages from Proton <-> Gmail.
 * BRIDGE-142: Bridge icon can be removed from the menu bar on macOS.
 ### Fixed
 * BRIDGE-240: Fix for running against Qt 6.8 (contribution of GitHub user Cimbali).
 * BRIDGE-231: Fix reversed header order in messages.
 * BRIDGE-235: Fix compilation of Bridge GUI Tester on Windows.
 * BRIDGE-120: Use appropriate address key when importing / saving draft.
 ## Dragon Bridge 3.14.0
 ### Changed
 * BRIDGE-207: Failure to download or verify an update now fails silently.
 * BRIDGE-204: Removed redundant Sentry events.
 * BRIDGE-150: Observability service modification.
 * BRIDGE-210: Reduced log level of cache events so they won't be printed to stdout.
 ### Fixed
 * BRIDGE-106: Fixed import of multipart-related messages.
 * BRIDGE-108: Fixed GetInitials when empty username is passed.
 ## Colorado Bridge 3.13.0
 ### Added
 * BRIDGE-37: added message broadcasting functionality.
 * BRIDGE-122: added observability service.
 * BRIDGE-119: added support for Feature Flags.
 * BRIDGE-116: added command-line switches to enable/disable keychain check on macOS.
 * BRIDGE-88: added context menu for quick actions on input labels: cut, copy, paste.
 ### Changed
 * BRIDGE-81: KB article suggestion updates + more weight for long keywords.
 ### Fixed
 * BRIDGE-67: Added detection for username changes on macOS & automatic reconfiguration.
 * BRIDGE-138: Remove deprecated doc.
 ## Bastei Bridge 3.12.0
 ### Added
 * BRIDGE-75: Bridge repair button.
 * BRIDGE-79: Add New Outlook for Mac KB disclaimer.
 ### Changed
 * BRIDGE-16: Bump version Go 1.21.9 Qt 6.4.3.
 * BRIDGE-23: Update gluon to go 1.21.
 * BRIDGE-22: Update gpa to go 1.21.
 ### Fixed
 * BRIDGE-90: Disable repair button when bridge cannot connect to proton servers; bump GPA.
 * BRIDGE-69: Explicitly handle semver panic for last bridge version from vault.
 * BRIDGE-29: Bump gluon version.
 * BRIDGE-49: Configure gitleaks baseline and grype config.
 * BRIDGE-21: Missing panic handling.
 * BRIDGE-17: Broken telemetry heartbeat test.
 * BRIDGE-10: Bumped gluon version.
 ## Alcantara Bridge 3.11.1
 ### Fixed
 * BRIDGE-70: Hotfix for blocked smtp/imap port causing bridge to quit.
 ## Alcantara Bridge 3.11.0
 ### Added
 * GODT-3185: Report cases which leads to wrong address key used.
 ### Changed
 * BRIDGE-14: HV3 implementation.
 * BRIDGE-15: Certificate install is now also done during Outlook setup on macOS.
 * GODT-3146: Start servers on startup, keep running even when no users are active.
 * BRIDGE-19: Update checksum validation use warning instead of error on non-existing files.
 ### Fixed
 * BRIDGE-8: Fix bridge double sessionID issue in logs.
 * BRIDGE-7: Modify keychain test on macOS.
 * BRIDGE-4: Logs not being created when invalid flag is passed.
 * BRIDGE-5: Add tooltip to tray icon.
 * GODT-3163: Filter MBOX format delimiter.
 ## Zaehringen Bridge 3.10.0
 ### Added
 * GODT-3199: Add package log field.
 * GODT-3220: Add more test scenarios.
 ### Changed
 * GODT-3193: Preserve attachment encoding.
 * GODT-3214: Encrypt only with primary key.
 * GODT-2662: Use tart runner for darwin jobs.
 * GODT-1602: Test: run integration tests against black 🖤.
 * GODT-3257: Test: quad9 provider test not working on CI.
 ### Fixed
 * GODT-3290: Fix test failing because of leap day.
 ## Ypsilon Bridge 3.9.1
 ### Fixed
@ -43,6 +160,12 @@ Changelog [format](http://keepachangelog.com/en/1.0.0/)
 * GODT-3188: Happy new year.
 ## Xikou Bridge 3.8.2
 ### Fixed
 * GODT-3235: Update bridge update key.
 ## Xikou Bridge 3.8.1
 ### Added
--- a/25
+++ b/25
@ -1,17 +1,18 @@
 export GO111MODULE=on
 export CGO_ENABLED=1
 # By default, the target OS is the same as the host OS,
 # but this can be overridden by setting TARGET_OS to "windows"/"darwin"/"linux".
 GOOS:=$(shell go env GOOS)
 TARGET_CMD?=Desktop-Bridge
 TARGET_OS?=${GOOS}
-ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+ROOT_DIR:=$(realpath .)
 ## Build
 .PHONY: build build-gui build-nogui build-launcher versioner hasher
 # Keep version hardcoded so app build works also without Git repository.
-BRIDGE_APP_VERSION?=3.9.1+git
+BRIDGE_APP_VERSION?=3.15.0+git
 APP_VERSION:=${BRIDGE_APP_VERSION}
 APP_FULL_NAME:=Proton Mail Bridge
 APP_VENDOR:=Proton AG
@ -19,8 +20,8 @@ SRC_ICO:=bridge.ico
 SRC_ICNS:=Bridge.icns
 SRC_SVG:=bridge.svg
 EXE_NAME:=proton-bridge
-REVISION:=$(shell ./utils/get_revision.sh)
+REVISION:=$(shell "${ROOT_DIR}/utils/get_revision.sh" rev)
-TAG:=$(shell ./utils/get_revision.sh tag)
+TAG:=$(shell "${ROOT_DIR}/utils/get_revision.sh" tag)
 BUILD_TIME:=$(shell date +%FT%T%z)
 MACOS_MIN_VERSION_ARM64=11.0
 MACOS_MIN_VERSION_AMD64=10.15
@ -101,9 +102,9 @@ endif
 ifeq "${GOOS}" "windows"
 	go-build-finalize= \
-		$(if $(4),powershell Copy-Item ${ROOT_DIR}/${RESOURCE_FILE} ${4}  &&,) \
+		$(if $(4),cp "${ROOT_DIR}/${RESOURCE_FILE}" ${4}  &&,) \
 		$(call go-build,$(1),$(2),$(3)) \
-		$(if $(4), && powershell Remove-Item ${4} -Force,)
+		$(if $(4), && rm -f ${4},)
 endif
 ${EXE_NAME}: gofiles  ${RESOURCE_FILE}
@ -117,7 +118,10 @@ versioner:
 	go build ${BUILD_FLAGS} -o versioner utils/versioner/main.go
 vault-editor:
-	$(call go-build-finalize,"-tags=debug","vault-editor","./utils/vault-editor/main.go")
+	$(call go-build-finalize,-tags=debug,"vault-editor","./utils/vault-editor/main.go")
 bridge-rollout:
 	$(call go-build-finalize,, "bridge-rollout","./utils/bridge-rollout/bridge-rollout.go")
 hasher:
 	go build -o hasher utils/hasher/main.go
@ -164,7 +168,7 @@ ${EXE_TARGET}: check-build-essentials ${EXE_NAME}
 		BRIDGE_BUILD_TIME=${BUILD_TIME} \
 		BRIDGE_GUI_BUILD_CONFIG=Release \
 		BRIDGE_BUILD_ENV=${BUILD_ENV} \
-		BRIDGE_INSTALL_PATH=${ROOT_DIR}/${DEPLOY_DIR}/${GOOS} \
+		BRIDGE_INSTALL_PATH="${ROOT_DIR}/${DEPLOY_DIR}/${GOOS}" \
 		./build.sh install
 	mv "${ROOT_DIR}/${BRIDGE_EXE}" "$(ROOT_DIR)/${EXE_TARGET}"
@ -185,7 +189,7 @@ ${RESOURCE_FILE}: ./dist/info.rc ./dist/${SRC_ICO} .FORCE
 ## Dev dependencies
 .PHONY: install-devel-tools install-linter install-go-mod-outdated install-git-hooks
-LINTVER:="v1.55.2"
+LINTVER:="v1.61.0"
 LINTSRC:="https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh"
 install-dev-dependencies: install-devel-tools install-linter install-go-mod-outdated
@ -260,7 +264,8 @@ test-integration-race: gofiles
 test-integration-nightly: gofiles
 	mkdir -p coverage/integration
-	go test \
+	gotestsum \
 		--junitfile tests/result/feature-tests.xml -- \
 		-v -timeout=90m -p=1 -count=1 -tags=test_integration \
 		${GOCOVERAGE} \
 		github.com/ProtonMail/proton-bridge/v3/tests \
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
-# Proton Mail Bridge and Import Export app
+# Proton Mail Bridge
 Copyright (c) 2024 Proton AG
-This repository holds the Proton Mail Bridge and the Proton Mail Import-Export applications.
+This repository holds the Proton Mail Bridge application.
 For a detailed build information see [BUILDS](./BUILDS.md).
 The license can be found in [LICENSE](./LICENSE) file, for more licensing information see [COPYING_NOTES](./COPYING_NOTES.md).
 For contribution policy see [CONTRIBUTING](./CONTRIBUTING.md).
@ -13,7 +13,7 @@ Proton Mail Bridge for e-mail clients.
 When launched, Bridge will initialize local IMAP/SMTP servers and render 
 its GUI.
-To configure an e-mail client, firstly log in using your Proton Mail credentials. 
+To configure an e-mail client, first log in using your Proton Mail credentials. 
 Open your e-mail client and add a new account using the settings which are 
 located in the Bridge GUI. The client will only be able to sync with 
 your Proton Mail account when the Bridge is running, thus the option 
@ -24,10 +24,10 @@ background.
 More details [on the public website](https://proton.me/mail/bridge).
-## Launchers
+## Launcher
-Launchers are binaries used to run the Proton Mail Bridge or Import-Export apps.
+The launcher is a binary used to run the Proton Mail Bridge.
-Official distributions of the Proton Mail Bridge and Import-Export apps contain
+The Official distribution of the Proton Mail Bridge application contains
 both a launcher and the app itself. The launcher is installed in a protected
 area of the system (i.e. an area accessible only with admin privileges) and is
 used to run the app. The launcher ensures that nobody tampered with the app's
@ -37,7 +37,7 @@ feature enables the app to securely update itself automatically without asking
 the user for a password.
 ## Keychain
-You need to have a keychain in order to run the Proton Mail Bridge. On Mac or
+You need to have a keychain in order to run Proton Mail Bridge. On Mac or
 Windows, Bridge uses native credential managers. On Linux, use `secret-service` freedesktop.org API
 (e.g. [Gnome keyring](https://wiki.gnome.org/Projects/GnomeKeyring/))
 or
--- a/ci/build.yml
+++ b/ci/build.yml
@ -1,4 +1,3 @@
 ---
 .script-build:
@ -7,9 +6,14 @@
  extends:
    - .rules-branch-and-MR-manual
  script:
    - which go && go version
    - which gcc && gcc --version
    - which qmake && qmake --version
    - git rev-parse --short=10 HEAD
    - make build
    - git diff && git diff-index --quiet HEAD
    - make vault-editor
    - make bridge-rollout
  artifacts:
    expire_in: 1 day
    when: always
@ -17,7 +21,7 @@
    paths:
      - bridge_*.tgz
      - vault-editor
-
+      - bridge-rollout
 build-linux:
  extends:
    - .script-build
@ -66,4 +70,3 @@ trigger-qa-installer:
  trigger:
    project: "jcuth/bridge-release"
    branch: master
--- a/ci/env.yml
+++ b/ci/env.yml
@ -2,23 +2,41 @@
 ---
 .env-windows:
  extends:
    - .image-windows-virt-build
  before_script:
-    - export BRIDGE_SYNC_FORCE_MINIMUM_SPEC=1
+    - !reference [.before-script-windows-virt-build, before_script]
    - !reference [.before-script-windows-aws-build, before_script]
    - !reference [.before-script-git-config, before_script]
-    - git config --global safe.directory '*'
+    - mkdir -p .cache/bin
-    - git status --porcelain
+    - export PATH=$(pwd)/.cache/bin:$PATH
-  cache: {}
+    - export GOPATH="$CI_PROJECT_DIR/.cache"
-  tags:
+  variables:
-    - windows-bridge
+    GOARCH: amd64
    BRIDGE_SYNC_FORCE_MINIMUM_SPEC: 1
    VCPKG_DEFAULT_BINARY_CACHE: ${CI_PROJECT_DIR}/.cache
  cache:
    key: windows-vcpkg-go-0
    paths:
      - .cache
    when: 'always'
 .env-darwin:
  extends:
    - .image-darwin-build
  before_script:
-    - export BRIDGE_SYNC_FORCE_MINIMUM_SPEC=1
+    - !reference [.before-script-darwin-tart-build, before_script]
-    - !reference [.before-script-darwin-build, before_script]
+    - !reference [.before-script-git-config, before_script]
-  cache: {}
+    - mkdir -p .cache/bin
-  tags:
+    - export PATH=$(pwd)/.cache/bin:$PATH
-    - macos-m1-bridge
+    - export GOPATH="$CI_PROJECT_DIR/.cache"
  variables:
    BRIDGE_SYNC_FORCE_MINIMUM_SPEC: 1
    VCPKG_DEFAULT_BINARY_CACHE: ${CI_PROJECT_DIR}/.cache
  cache:
    key: darwin-go-and-vcpkg
    paths:
      - .cache
    when: 'always'
 .env-linux-build:
  extends:
--- a/ci/report.yml
+++ b/ci/report.yml
@ -0,0 +1,25 @@
 ---
 include:
  - project: 'tpe/testmo-reporter'
    ref: master
    file: '/scenarios/testmo-script.yml'
 testmo-upload:
    stage: report
    extends:
      - .testmo-upload
      - .rules-branch-manual-scheduled-and-test-branch-always
    needs:
      - test-integration-nightly
    before_script: []
    variables:
      TESTMO_TOKEN: "$TESTMO_TOKEN"
      TESTMO_URL: "https://proton.testmo.net"
      PROJECT_ID: "9"
      NAME: "Nightly integration tests"
      MILESTONE: "Nightly integration tests"
      SOURCE: "test-integration-nightly"
      TAGS: "$CI_COMMIT_REF_SLUG"
      RESULT_FOLDER: "tests/result/*.xml"
--- a/ci/test.yml
+++ b/ci/test.yml
@ -26,11 +26,15 @@ lint-bug-report-preview:
  extends:
    - .rules-branch-manual-MR-and-devel-always
  script:
    - which go && go version
    - which gcc && gcc --version
    - make test
  artifacts:
    paths:
      - coverage/**
 test-linux:
  extends:
    - .image-linux-test
@ -70,6 +74,9 @@ test-integration:
    - test-linux
  script:
    - make test-integration | tee -a integration-job.log
  after_script:
    - |
      grep "Error: " integration-job.log
  artifacts:
    when: always
    paths:
@ -95,9 +102,13 @@ test-integration-nightly:
    - test-integration
  script:
    - make test-integration-nightly | tee -a nightly-job.log
  after_script:
    - |
      grep "Error: " nightly-job.log
  artifacts:
    when: always
    paths:
      - tests/result/feature-tests.xml
      - nightly-job.log
 test-coverage:
--- a/cmd/Desktop-Bridge/main.go
+++ b/cmd/Desktop-Bridge/main.go
@ -19,8 +19,15 @@ package main
 import (
 	"os"
 	"runtime"
 	"strings"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/sentry"
 	"github.com/sirupsen/logrus"
 	"github.com/ProtonMail/proton-bridge/v3/internal/app"
 	"github.com/bradenaw/juniper/xslices"
 )
@ -43,5 +50,72 @@ import (
 */
 func main() {
-	_ = app.New().Run(xslices.Filter(os.Args, func(arg string) bool { return !strings.Contains(arg, "-psn_") }))
+	appErr := app.New().Run(xslices.Filter(os.Args, func(arg string) bool { return !strings.Contains(arg, "-psn_") }))
 	if appErr != nil {
 		_ = app.WithLocations(func(l *locations.Locations) error {
 			logsPath, err := l.ProvideLogsPath()
 			if err != nil {
 				return err
 			}
 			// Get the session ID if its specified
 			var sessionID logging.SessionID
 			if flagVal, found := getFlagValue(os.Args, app.FlagSessionID); found {
 				sessionID = logging.SessionID(flagVal)
 			} else {
 				sessionID = logging.NewSessionID()
 			}
 			closer, err := logging.Init(
 				logsPath,
 				sessionID,
 				logging.BridgeShortAppName,
 				logging.DefaultMaxLogFileSize,
 				logging.DefaultPruningSize,
 				"",
 			)
 			if err != nil {
 				return err
 			}
 			defer func() {
 				_ = logging.Close(closer)
 			}()
 			logrus.
 				WithField("appName", constants.FullAppName).
 				WithField("version", constants.Version).
 				WithField("revision", constants.Revision).
 				WithField("tag", constants.Tag).
 				WithField("build", constants.BuildTime).
 				WithField("runtime", runtime.GOOS).
 				WithField("args", os.Args).
 				WithField("SentryID", sentry.GetProtectedHostname()).WithError(appErr).Error("Failed to initialize bridge")
 			return nil
 		})
 	}
 }
 // getFlagValue - obtains the value of a specified tag
 // The flag can be of the following form `-flag value`, `--flag value`, `-flag=value` or `--flags=value`.
 func getFlagValue(argList []string, flag string) (string, bool) {
 	eqPrefix1 := "-" + flag + "="
 	eqPrefix2 := "--" + flag + "="
 	for i := 0; i < len(argList); i++ {
 		arg := argList[i]
 		if strings.HasPrefix(arg, eqPrefix1) {
 			val := strings.TrimPrefix(arg, eqPrefix1)
 			return val, len(val) > 0
 		}
 		if strings.HasPrefix(arg, eqPrefix2) {
 			val := strings.TrimPrefix(arg, eqPrefix2)
 			return val, len(val) > 0
 		}
 		if (arg == "-"+flag || arg == "--"+flag) && i+1 < len(argList) {
 			return argList[i+1], true
 		}
 	}
 	return "", false
 }
--- a/cmd/Desktop-Bridge/main_test.go
+++ b/cmd/Desktop-Bridge/main_test.go
@ -0,0 +1,47 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 package main
 import (
 	"testing"
 	"github.com/stretchr/testify/require"
 )
 func TestGetFlagValue(t *testing.T) {
 	tests := []struct {
 		args     []string
 		flag     string
 		expected string
 	}{
 		{[]string{"session-id", ""}, "session-id", ""},
 		{[]string{"-session-id", ""}, "session-id", ""},
 		{[]string{"--session-id", ""}, "session-id", ""},
 		{[]string{"session-id", "test"}, "session-id", ""},
 		{[]string{"-session-id", "test"}, "session-id", "test"},
 		{[]string{"--session-id", "test"}, "session-id", "test"},
 		{[]string{"session-id=test"}, "session-id", ""},
 		{[]string{"-session-id=test"}, "session-id", "test"},
 		{[]string{"--session-id=test"}, "session-id", "test"},
 	}
 	for _, tt := range tests {
 		val, _ := getFlagValue(tt.args, tt.flag)
 		require.Equal(t, val, tt.expected)
 	}
 }
--- a/cmd/launcher/main.go
+++ b/cmd/launcher/main.go
@ -40,6 +40,7 @@ import (
 	"github.com/elastic/go-sysinfo/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"golang.org/x/sys/execabs"
 )
@ -53,9 +54,12 @@ const (
 	FlagCLIShort            = "c"
 	FlagNonInteractive      = "noninteractive"
 	FlagNonInteractiveShort = "n"
-	FlagLauncher            = "--launcher"
+	FlagLauncher            = "launcher"
-	FlagWait                = "--wait"
+	FlagWait                = "wait"
-	FlagSessionID           = "--session-id"
+	FlagSessionID           = "session-id"
 	HyphenatedFlagLauncher  = "--" + FlagLauncher
 	HyphenatedFlagWait      = "--" + FlagWait
 	HyphenatedFlagSessionID = "--" + FlagSessionID
 )
 func main() { //nolint:funlen
@ -151,7 +155,7 @@ func main() { //nolint:funlen
 		}
 	}
-	cmd := execabs.Command(exe, appendLauncherPath(launcher, append(args, FlagSessionID, string(sessionID)))...) //nolint:gosec
+	cmd := execabs.Command(exe, appendLauncherPath(launcher, appendOrModifySessionID(args, string(sessionID)))...) //nolint:gosec
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout
@ -173,19 +177,14 @@ func main() { //nolint:funlen
 // appendLauncherPath add launcher path if missing.
 func appendLauncherPath(path string, args []string) []string {
-	if !sliceContains(args, FlagLauncher) {
+	if !slices.Contains(args, HyphenatedFlagLauncher) {
 		res := append([]string{}, args...)
-		res = append(res, FlagLauncher, path)
+		res = append(res, HyphenatedFlagLauncher, path)
 		return res
 	}
 	return args
 }
 // sliceContains checks if a value is present in a list.
 func sliceContains[T comparable](list []T, s T) bool {
 	return xslices.Any(list, func(arg T) bool { return arg == s })
 }
 // inCLIMode detect if CLI mode is asked.
 func inCLIMode(args []string) bool {
 	return hasFlag(args, FlagCLI) || hasFlag(args, FlagCLIShort) || hasFlag(args, FlagNonInteractive) || hasFlag(args, FlagNonInteractiveShort)
@ -193,7 +192,12 @@ func inCLIMode(args []string) bool {
 // hasFlag checks if a flag is present in a list.
 func hasFlag(args []string, flag string) bool {
-	return xslices.Any(args, func(arg string) bool { return (arg == "-"+flag) || (arg == "--"+flag) })
+	return flagIndex(args, flag) >= 0
 }
 // flagIndex returns the position of the first occurrence of a flag int args, or -1 if the flag is not present.
 func flagIndex(args []string, flag string) int {
 	return slices.IndexFunc(args, func(arg string) bool { return (arg == "-"+flag) || (arg == "--"+flag) })
 }
 // findAndStrip check if a value is present in s list and remove all occurrences of the value from this list.
@ -211,7 +215,7 @@ func findAndStripWait(args []string) ([]string, bool, []string) {
 	hasFlag := false
 	values := make([]string, 0)
 	for k, v := range res {
-		if v != FlagWait {
+		if v != HyphenatedFlagWait {
 			continue
 		}
 		if k+1 >= len(res) {
@ -222,7 +226,7 @@ func findAndStripWait(args []string) ([]string, bool, []string) {
 	}
 	if hasFlag {
-		res, _ = findAndStrip(res, FlagWait)
+		res, _ = findAndStrip(res, HyphenatedFlagWait)
 		for _, v := range values {
 			res, _ = findAndStrip(res, v)
 		}
@ -230,6 +234,23 @@ func findAndStripWait(args []string) ([]string, bool, []string) {
 	return res, hasFlag, values
 }
 // return args with the sessionID flag and value added or modified. The original slice is not modified.
 func appendOrModifySessionID(args []string, sessionID string) []string {
 	index := flagIndex(args, FlagSessionID)
 	if index < 0 {
 		return append(args, HyphenatedFlagSessionID, sessionID)
 	}
 	if index == len(args)-1 {
 		return append(args, sessionID)
 	}
 	res := slices.Clone(args)
 	res[index+1] = sessionID
 	return res
 }
 func getPathToUpdatedExecutable(
 	name string,
 	ver *versioner.Versioner,
--- a/cmd/launcher/main_test.go
+++ b/cmd/launcher/main_test.go
@ -20,61 +20,62 @@ package main
 import (
 	"testing"
-	"github.com/bradenaw/juniper/xslices"
+	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/stretchr/testify/assert"
 )
 func TestSliceContains(t *testing.T) {
 	assert.True(t, sliceContains([]string{"a", "b", "c"}, "a"))
 	assert.True(t, sliceContains([]int{1, 2, 3}, 2))
 	assert.False(t, sliceContains([]string{"a", "b", "c"}, "A"))
 	assert.False(t, sliceContains([]int{1, 2, 3}, 4))
 	assert.False(t, sliceContains([]string{}, "a"))
 	assert.True(t, sliceContains([]string{"a", "a"}, "a"))
 }
 func TestFindAndStrip(t *testing.T) {
 	list := []string{"a", "b", "c", "c", "b", "c"}
 	result, found := findAndStrip(list, "a")
 	assert.True(t, found)
-	assert.True(t, xslices.Equal(result, []string{"b", "c", "c", "b", "c"}))
+	assert.Equal(t, result, []string{"b", "c", "c", "b", "c"})
 	result, found = findAndStrip(list, "c")
 	assert.True(t, found)
-	assert.True(t, xslices.Equal(result, []string{"a", "b", "b"}))
+	assert.Equal(t, result, []string{"a", "b", "b"})
 	result, found = findAndStrip([]string{"c", "c", "c"}, "c")
 	assert.True(t, found)
-	assert.True(t, xslices.Equal(result, []string{}))
+	assert.Equal(t, result, []string{})
 	result, found = findAndStrip(list, "A")
 	assert.False(t, found)
-	assert.True(t, xslices.Equal(result, list))
+	assert.Equal(t, result, list)
 	result, found = findAndStrip([]string{}, "a")
 	assert.False(t, found)
-	assert.True(t, xslices.Equal(result, []string{}))
+	assert.Equal(t, result, []string{})
 }
 func TestFindAndStripWait(t *testing.T) {
 	result, found, values := findAndStripWait([]string{"a", "b", "c"})
 	assert.False(t, found)
-	assert.True(t, xslices.Equal(result, []string{"a", "b", "c"}))
+	assert.Equal(t, result, []string{"a", "b", "c"})
-	assert.True(t, xslices.Equal(values, []string{}))
+	assert.Equal(t, values, []string{})
 	result, found, values = findAndStripWait([]string{"a", "--wait", "b"})
 	assert.True(t, found)
-	assert.True(t, xslices.Equal(result, []string{"a"}))
+	assert.Equal(t, result, []string{"a"})
-	assert.True(t, xslices.Equal(values, []string{"b"}))
+	assert.Equal(t, values, []string{"b"})
 	result, found, values = findAndStripWait([]string{"a", "--wait", "b", "--wait", "c"})
 	assert.True(t, found)
-	assert.True(t, xslices.Equal(result, []string{"a"}))
+	assert.Equal(t, result, []string{"a"})
-	assert.True(t, xslices.Equal(values, []string{"b", "c"}))
+	assert.Equal(t, values, []string{"b", "c"})
 	result, found, values = findAndStripWait([]string{"a", "--wait", "b", "--wait", "c", "--wait", "d"})
 	assert.True(t, found)
-	assert.True(t, xslices.Equal(result, []string{"a"}))
+	assert.Equal(t, result, []string{"a"})
-	assert.True(t, xslices.Equal(values, []string{"b", "c", "d"}))
+	assert.Equal(t, values, []string{"b", "c", "d"})
 }
 func TestAppendOrModifySessionID(t *testing.T) {
 	sessionID := string(logging.NewSessionID())
 	assert.Equal(t, appendOrModifySessionID(nil, sessionID), []string{"--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{}, sessionID), []string{"--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{"--cli"}, sessionID), []string{"--cli", "--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{"--cli", "--session-id"}, sessionID), []string{"--cli", "--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{"--cli", "--session-id"}, sessionID), []string{"--cli", "--session-id", sessionID})
 	assert.Equal(t, appendOrModifySessionID([]string{"--session-id", "<oldID>", "--cli"}, sessionID), []string{"--session-id", sessionID, "--cli"})
 }
--- a/doc/bridge.md
+++ b/doc/bridge.md
@ -1,135 +0,0 @@
 # Bridge
 ## Main blocks
 This is basic overview of the main bridge blocks.
 Note connection between IMAP/SMTP and PMAPI. IMAP and SMTP packages are in the queue to be refactored
 and we would like to try to have functionality in bridge core or bridge utilities (such as messages)
 than direct usage of PMAPI from IMAP or SMTP. Also database (BoltDB) should be moved to bridge core.
 ```mermaid
 graph LR
    S[Server]
    C[Client]
    U[User]
    subgraph "Bridge app"
        Core[Bridge core]
        API[PMAPI]
        Store
        DB[BoltDB]
        Frontend["Qt / CLI"]
        IMAP
        SMTP
        IMAP --> Store
        IMAP --> Core
        SMTP --> Core
        SMTP --> API
        Core --> API
        Core --> Store
        Store --> API
        Store --> DB
        Frontend --> Core
    end
    C --> IMAP
    C --> SMTP
    U --> Frontend
    API --> S
 ```
 ## Code structure
 More detailed graph of main types used in Bridge app and connection between them. Here is already
 communication to PMAPI only from bridge core which is not true, yet. IMAP and SMTP are still calling
 PMAPI directly.
 ```mermaid
 graph TD
    C["Client (e.g. Thunderbird)"]
    PM[Proton Mail Server]
    subgraph "Bridge app"
        subgraph "Bridge core"
            B[Bridge]
            U[User]
            B --> U
        end
        subgraph Store
            StoreU[Store User]
            StoreA[Address]
            StoreM[Mailbox]
            StoreU --> StoreA
            StoreA --> StoreM
        end
        subgraph Credentials
            CredStore[Store]
            Creds[Credentials]
            CredStore --> Creds
        end
        subgraph Frontend
            CLI
            Qt
        end
        subgraph IMAP
            IB[IMAP backend]
            IA[IMAP address]
            IM[IMAP mailbox]
            IB --> B
            IB --> IA
            IA --> IM
            IA --> U
            IA --> StoreA
            IM --> StoreM
        end
        subgraph SMTP
            SB[SMTP backend]
            SS[SMTP session]
            SB --> B
            SB --> SS
            SS --> U
        end
    end
    subgraph PMAPI
        AC[Client]
    end
    C --> IB
    C --> SB
    CLI --> B
    Qt --> B
    U --> CredStore
    U --> Creds
    U --> StoreU
    StoreU --> AC
    StoreA --> AC
    StoreM --> AC
    B --> AC
    U --> AC
    AC --> PM
 ```
 ## How to debug
 Run `make run-debug` which starts [Delve](https://github.com/go-delve/delve).
--- a/doc/communication.md
+++ b/doc/communication.md
@ -1,114 +0,0 @@
 # Communication
 ## First login and sync
 When user logs in to the bridge for the first time, immediately starts the first sync.
 First sync downloads all headers of all e-mails and creates database to have proper UIDs
 and indexes for IMAP. See [database](database.md) for more information.
 By default, whenever it's possible, sync downloads only all e-mails maiblox which already
 have list of labels so we can construct all mailboxes (inbox, sent, trash, custom folders
 and labels) without need to download each e-mail headers many times.
 Note that we need to download also bodies to calculate size of the e-mail and set proper
 content type (clients uses content type for guess if e-mail contains attachment)--but only
 body, not attachment. Also it's downloaded only for the first time. After that we store
 those information in our database so next time we only sync headers, labels and so on.
 First sync takes some time. List of 150 messages takes about second and then we need to
 download bodies for each message. We still need to do some optimalizations. Anyway, if
 user has reasonable amount of e-mails, there is good chance user will see e-mails in the
 client right after adding account.
 When account is added to client, client start the sync. This sync will ask Bridge app
 for all headers (done quickly) and then starts to download all bodies and attachment.
 Unfortunately for some e-mail more than once if the same e-mail is in more mailboxes
 (e.g. inbox and all mail)--there is no way to tell over IMAP it's the same message.
 After successful login of client to IMAP, Bridge starts event loop. That periodicly ask
 servers (each 30 seconds) for new updates (new message, keys, …).
 ```mermaid
 sequenceDiagram
    participant S as Server
    participant B as Bridge
    participant C as Client
    Note right of B: Set up PM account<br/>by user
    loop First sync
        B ->> S: Fetch body and attachments
        Note right of B: Build local database<br/>(e-mail UIDs)
    end
    Note right of C: Set up IMAP/SMTP<br/>by user
    C ->> B: IMAP login
    B ->> S: Authenticate user
    Note right of B: Create IMAP user
    loop Event loop, every 30 sec
        B ->> S: Fetch e-mail headers
        B ->> C: Send IMAP IDLE response
    end
    C ->> B: IMAP LIST directories
    loop Client sync
        C ->> B: IMAP SELECT directory
        C ->> B: IMAP SEARCH e-mails UIDs
        C ->> B: IMAP FETCH of e-mail UID
        B ->> S: Fetch body and attachments
        Note right of B: Decrypt message<br/>and attachment
        B ->> C: IMAP response
    end
 ```
 ## IMAP IDLE extension
 IMAP IDLE is extension, it has to be supported by both client and server. IMAP server (in our case
 the bridge) supports it so clients can use it. It works by issuing `IDLE` command by the client and
 keeps the connection open. When the server has some update, server (the bridge) will respond to that
 by `EXISTS` (new message), `APPEND` (imported message), `EXPUNGE` (deleted message) or `MOVE` response.
 Even when there is connection with IDLE open, server can mark the client as inactive. Therefore,
 it's recommended the client should reissue the connection after each 29 minutes. This is not the
 real push and can fail!
 Our event loop is also simple pull and it will trigger IMAP IDLE when we get some new update from 
 the server. Would be good to have push from the server, but we need to wait for the support on API.
 RFC: https://tools.ietf.org/html/rfc2177
 ```mermaid
 sequenceDiagram
    participant S as Server
    participant B as Bridge
    participant C as Client
    C ->> B: IMAP IDLE
    loop Every 30 seconds
        S ->> B: Checking events
        B ->> C: IMAP response
    end
 ```
 ## Sending e-mails
 E-mail are sent over standard SMTP protocol. Our bridge takes the message, encrypts and sent it
 further to our server which will then send the message to its final destination. The important
 and tricky part is encryption. See [encryption](encryption.md) or [PMEL document](https://docs.google.com/document/d/1lEBkG0DC5FOWlumInKtu4a9Cc1Eszp48ZhFy9UpPQso/edit)
 for more information.
 ```mermaid
 sequenceDiagram
    participant S as Server
    participant B as Bridge
    participant C as Client
    C ->> B: SMTP send e-mail
    Note right of B: Encrypt messages
    B ->> S: Send encrypted e-mail
    B ->> C: Respond OK
 ```
--- a/doc/database.md
+++ b/doc/database.md
@ -1,27 +0,0 @@
 # Database
 Bridge needs to have a small database to pair our IDs with IMAP UIDs and indexes. IMAP protocol
 requires every message to have an unique UID in mailbox. In this context, mailbox is not an account,
 but a folder or label. This means that one message can have more UIDs, one for each mailbox (folder), 
 and that two messages can have the same UID, but each for different mailbox (folder).
 IMAP index is just an index. Look at it like to an array: `["UID1", "UID2", "UID3"]`. We can access
 message by UID or index; for example index 2 and UID `UID2`. When this message is deleted, we need
 to re-index all following messages. The array will look now like `["UID1", "UID3"]` and the last
 message can be accessed by index 2 or UID `UID3`.
 See RFCs for more information:
 * https://tools.ietf.org/html/rfc822
 * https://tools.ietf.org/html/rfc3501
 Our database is currently built on BBolt and have those buckets (key-value storage):
 * Message metadata bucket:
    * `[metadataBucket][API_ID] -> pmapi.Message{subject, from, to, size, other headers...}` (without body or attachment)
 * Mapping buckets
    * `[mailboxesBucket][addressID-mailboxID][api_ids][API_ID] -> UID`
    * `[mailboxesBucket][addressID-mailboxID][imap_ids][UID] -> API_ID`
--- a/doc/encryption.md
+++ b/doc/encryption.md
@ -1,12 +0,0 @@
 # Encryption
 Encryption is done in PMAPI, bridge utils and bridge itself. The best would be to keep encryption
 in PMAPI and bridge utils (in package such as messages). All packages are using our high-level
 GopenPGP library on top of OpenPGP.
 ## `gopenpgp.KeyRing`
 We use one `KeyRing` per address. Our usage then contains all keys for specific address. Primary
 key is always on the first position, then there old ones to be able to decrypt last e-mail.
 OpenPGP encrypts given message with all available keys, so we need to first get first (primary)
 key for encryption to have message encrypted only once with primary key.
--- a/doc/index.md
+++ b/doc/index.md
@ -1,9 +0,0 @@
 # Bridge Documentation
 Documentation pages in order to read for a novice:
 * [Bridge code](bridge.md)
 * [Internal Bridge database](database.md)
 * [Communication between Bridge, Client and Server](communication.md)
 * [Encryption](encryption.md)
--- a/doc/updates.md
+++ b/doc/updates.md
@ -1,103 +0,0 @@
 # Update mechanism of Bridge
 There are multiple options how to change version of application:
 * Automatic in-app update
 * Manual in-app update
 * Manual install
 In-app update ends with restarting bridge into new version. Automatic in-app
 update is downloading, verifying and installing the new version immediately
 without user confirmation. For manual in-app update user needs to confirm first.
 Update is done from special update file published on website.
 The manual installation requires user to download, verify and install manually
 using installer for given OS.
 The bridge is installed and executed differently for given OS:
 * Windows and Linux apps are using launcher mechanism:
    * There is system protected installation path which is created on first
      install. It contains bridge exe and launcher exe. When users starts
      bridge the launcher is executed first. It will check update path compare
      version with installed one. The newer version then is then executed.
    * Update mechanism means to replace files in update folder which is located
      in user space.
 * macOS app does not use launcher
    * No launcher, only one executable
    * In-App update replaces the bridge files in installation path directly
 ```mermaid
 flowchart LR
    subgraph Frontend
    U[User requests<br>version check]
    ManIns((Notify user about<br>manual install<br>is needed))
    R((Notify user<br>about restart))
    ManUp((Notify user about<br>manual update))
    NF((Notify user about<br>force update))
    ManUp -->|Install| InstFront[Install]
    InstFront -->|Ok| R
    InstFront -->|Error| ManIns
    U --> CheckFront[Check online]
    CheckFront -->|Ok| IAFront{Is new version<br>and applicable?}
    CheckFront -->|Error| ManIns
    IAFront -->|No| Latest((Notify user<br>has latest version))
    IAFront -->|Yes| CanInstall{Can update?}
    CanInstall -->|No| ManIns
    CanInstall -->|Yes| NotifOrInstall{Is automatic<br>update enabled?}
    NotifOrInstall -->|Manual| ManUp
    end
    subgraph Backend
    W[Wait for next check]
    W --> Check[Check online]
    Check --> NV{Has new<br>version?}
    Check -->|Error| W
    NV -->|No new version| W
    IA{Is install<br>applicable?}
    NV -->|New version<br>available| IA
    IA -->|Local rollout<br>not enough| W
    IA -->|Yes| AU{Is automatic\nupdate enabled?}
    AU -->|Yes| CanUp{Can update?}
    CanUp -->|No| ManIns
    CanUp -->|Yes| Ins[Install]
    Ins -->|Error| ManIns
    Ins -->|Ok| R
    AU -->|No| ManUp
    ManUp -->|Ignore| W
    F[Force update]
    F --> NF
    end
    ManIns --> Web[Open web page]
    NF --> Web
    ManUp --> Web
    R --> Re[Restart]
    NF --> Q[Quit bridge]
    NotifOrInstall -->|Automatic| W
 ```
 The non-trivial is to combine the update with setting change:
 * turn off/on automatic in-app updates
 * change from stable to beta or back
 _TODO fill flow chart details_
 We are not support downgrade functionality. Only some circumstances can lead to
 downgrading the app version.
 _TODO fill flow chart details_
--- a/extern/vcpkg
+++ b/extern/vcpkg
--- a/go.mod
+++ b/go.mod
@ -2,12 +2,14 @@ module github.com/ProtonMail/proton-bridge/v3
 go 1.21
 toolchain go1.21.9
 require (
 	github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557
 	github.com/Masterminds/semver/v3 v3.2.0
-	github.com/ProtonMail/gluon v0.17.1-0.20240102132144-89b40fb6fe7e
+	github.com/ProtonMail/gluon v0.17.1-0.20241018144126-31e040c2417e
 	github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a
-	github.com/ProtonMail/go-proton-api v0.4.1-0.20231130083229-e8aa47d7a366
+	github.com/ProtonMail/go-proton-api v0.4.1-0.20240918100656-b4860af56d47
 	github.com/ProtonMail/gopenpgp/v2 v2.7.4-proton
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/abiosoft/ishell v2.0.0+incompatible
@ -44,15 +46,19 @@ require (
 	github.com/vmihailenco/msgpack/v5 v5.3.5
 	go.uber.org/goleak v1.2.1
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	golang.org/x/net v0.17.0
+	golang.org/x/net v0.24.0
-	golang.org/x/sys v0.16.0
+	golang.org/x/oauth2 v0.7.0
 	golang.org/x/sys v0.19.0
 	golang.org/x/text v0.14.0
 	google.golang.org/api v0.114.0
 	google.golang.org/grpc v1.56.3
-	google.golang.org/protobuf v1.31.0
+	google.golang.org/protobuf v1.33.0
 	howett.net/plist v1.0.0
 )
 require (
 	cloud.google.com/go/compute v1.19.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230717121622-edf196117233 // indirect
 	github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
@ -62,7 +68,7 @@ require (
 	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/chzyer/test v1.0.0 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/cronokirby/saferith v0.33.0 // indirect
 	github.com/cucumber/gherkin-go/v19 v19.0.3 // indirect
@ -80,8 +86,11 @@ require (
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid v4.3.0+incompatible // indirect
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/pprof v0.0.0-20211214055906-6f57359322fd // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.7.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-memdb v1.3.3 // indirect
@ -93,7 +102,7 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/mattn/go-sqlite3 v1.14.17 // indirect
+	github.com/mattn/go-sqlite3 v1.14.22 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
@ -110,17 +119,19 @@ require (
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	gitlab.com/c0b/go-ordered-json v0.0.0-20201030195603-febf46534d5a // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
 	golang.org/x/mod v0.8.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/tools v0.6.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 replace (
-	github.com/emersion/go-message => github.com/ProtonMail/go-message v0.13.1-0.20230526094639-b62c999c85b7
+	github.com/emersion/go-message => github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423
 	github.com/emersion/go-smtp => github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865
 	github.com/go-resty/resty/v2 => github.com/LBeernaertProton/resty/v2 v2.0.0-20231129100320-dddf8030d93a
 	github.com/keybase/go-keychain => github.com/cuthix/go-keychain v0.0.0-20240103134243-0b6a41580b77
--- a/go.sum
+++ b/go.sum
@ -5,9 +5,16 @@ cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6A
 cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
 cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
 cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
 cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY=
 cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
 cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
 cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
@ -27,19 +34,31 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
 github.com/ProtonMail/bcrypt v0.0.0-20210511135022-227b4adcab57/go.mod h1:HecWFHognK8GfRDGnFQbW/LiV7A3MX3gZVs45vk5h8I=
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs69zUkSzubzjBbL+cmOXgnmt9Fyd9ug=
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo=
-github.com/ProtonMail/gluon v0.17.1-0.20240102132144-89b40fb6fe7e h1:DR97ydcuS4/EjTTCkp7F9IRCi+ykD1UoAP7UBFtEcRA=
+github.com/ProtonMail/gluon v0.17.1-0.20240923151549-d23b4bec3602 h1:EoMjWlC32tg46L/07hWoiZfLkqJyxVMcsq4Cyn+Ofqc=
-github.com/ProtonMail/gluon v0.17.1-0.20240102132144-89b40fb6fe7e/go.mod h1:Og5/Dz1MiGpCJn51XujZwxiLG7WzvvjE5PRpZBQmAHo=
+github.com/ProtonMail/gluon v0.17.1-0.20240923151549-d23b4bec3602/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8=
 github.com/ProtonMail/gluon v0.17.1-0.20241002092751-3bbeea9053af h1:iMxTQUg2cB47cXqpMev3cZmQoGBOef3cSUjBbdEl33M=
 github.com/ProtonMail/gluon v0.17.1-0.20241002092751-3bbeea9053af/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8=
 github.com/ProtonMail/gluon v0.17.1-0.20241002111651-173859b80060 h1:dcu3tT84GjoXb++n7crv8UJeG8eRwogjTYdkoJ+MjQI=
 github.com/ProtonMail/gluon v0.17.1-0.20241002111651-173859b80060/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8=
 github.com/ProtonMail/gluon v0.17.1-0.20241002142736-ef4153d156d8 h1:YxPHSJUA87i1hc6s1YrW89++V7HpcR7LSFQ6XM0TsAE=
 github.com/ProtonMail/gluon v0.17.1-0.20241002142736-ef4153d156d8/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8=
 github.com/ProtonMail/gluon v0.17.1-0.20241008123701-ddf4a459d0b4 h1:xE+V17O9HIttMpVymNCORQILk9OKpSekrrPbX7YGnF8=
 github.com/ProtonMail/gluon v0.17.1-0.20241008123701-ddf4a459d0b4/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8=
 github.com/ProtonMail/gluon v0.17.1-0.20241014082854-9d93627be032 h1:5bwI+mwF26c460xlq2Dw3/cVF1cU4Xo4kTKX1/pBXko=
 github.com/ProtonMail/gluon v0.17.1-0.20241014082854-9d93627be032/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8=
 github.com/ProtonMail/gluon v0.17.1-0.20241018144126-31e040c2417e h1:+UfdKOkF9JEiH9VXWBo+/nlXNVSJcxtuf4+SJTrk9fw=
 github.com/ProtonMail/gluon v0.17.1-0.20241018144126-31e040c2417e/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a h1:D+aZah+k14Gn6kmL7eKxoo/4Dr/lK3ChBcwce2+SQP4=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a/go.mod h1:oTGdE7/DlWIr23G0IKW3OXK9wZ5Hw1GGiaJFccTvZi4=
 github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
 github.com/ProtonMail/go-crypto v0.0.0-20230717121622-edf196117233 h1:bdoKdh0f66/lrgVfYlxw0aqISY/KOqXmFJyGt7rGmnc=
 github.com/ProtonMail/go-crypto v0.0.0-20230717121622-edf196117233/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
-github.com/ProtonMail/go-message v0.13.1-0.20230526094639-b62c999c85b7 h1:+j+Kd/DyZ/qGfMT9htAT7HxqIEbZHsatsx+m8AoV6fc=
+github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423 h1:p8nBDxvRnvDOyrcePKkPpErWGhDoTqpX8a1c54CcSu0=
-github.com/ProtonMail/go-message v0.13.1-0.20230526094639-b62c999c85b7/go.mod h1:NBAn21zgCJ/52WLDyed18YvYFm5tEoeDauubFqLokM4=
+github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423/go.mod h1:NBAn21zgCJ/52WLDyed18YvYFm5tEoeDauubFqLokM4=
 github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
 github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
-github.com/ProtonMail/go-proton-api v0.4.1-0.20231130083229-e8aa47d7a366 h1:W9P5GdDnuGkB3tbzKnXmUrTjIs6zk/K+4lpPTWzsoRE=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20240918100656-b4860af56d47 h1:a+3dOyIxJEslN5HxyICM8flY9lnCyJupXNcv6fUaivA=
-github.com/ProtonMail/go-proton-api v0.4.1-0.20231130083229-e8aa47d7a366/go.mod h1:t+hb0BfkmZ9fpvzVRpHC7limoowym6ln/j0XL9a8DDw=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20240918100656-b4860af56d47/go.mod h1:3A0cpdo0BIenIPjTG6u8EbzJ8uuJy7rVvM/NaynjCKA=
 github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865 h1:EP1gnxLL5Z7xBSymE9nSTM27nRYINuvssAtDmG0suD8=
 github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
 github.com/ProtonMail/go-srp v0.0.7 h1:Sos3Qk+th4tQR64vsxGIxYpN3rdnG9Wf9K4ZloC1JrI=
@ -74,6 +93,7 @@ github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
 github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
@ -87,8 +107,10 @@ github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
 github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
 github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@ -140,6 +162,10 @@ github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 h1:IbFBtwo
 github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594/go.mod h1:aqO8z8wPrjkscevZJFVE1wXJrLpC5LtJG7fqLOsPb2U=
 github.com/emersion/go-vcard v0.0.0-20230331202150-f3d26859ccd3 h1:hQ1wTMaKcGfobYRT88RM8NFNyX+IQHvagkm/tqViU98=
 github.com/emersion/go-vcard v0.0.0-20230331202150-f3d26859ccd3/go.mod h1:HMJKR5wlh/ziNp+sHEDV2ltblO4JD2+IdDOWtGcQBTM=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
@ -192,6 +218,8 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69
 github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff/go.mod h1:wfqRWLHRBsRgkp5dmbG56SA0DmVtwrF5N3oPdI8t+Aw=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@ -200,6 +228,13 @@ github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+Licev
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
@ -207,6 +242,10 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@ -217,10 +256,15 @@ github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OI
 github.com/google/pprof v0.0.0-20211214055906-6f57359322fd h1:1FjCyPC+syAzJ5/2S8fqdZK1R22vvA0J7JZKcuOIQ7Y=
 github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
 github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A=
 github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
@ -312,8 +356,8 @@ github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
-github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
@ -366,6 +410,7 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
@ -447,6 +492,8 @@ gitlab.com/c0b/go-ordered-json v0.0.0-20201030195603-febf46534d5a/go.mod h1:NREv
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
@ -461,12 +508,13 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -509,6 +557,7 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@ -520,11 +569,14 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
 golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
 golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -555,6 +607,7 @@ golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200720211630-cb9d2d5c5666/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -575,8 +628,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@ -614,6 +667,7 @@ golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
@ -638,10 +692,14 @@ google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
 google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
 google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE=
 google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@ -651,17 +709,31 @@ google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
 google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@ -685,6 +757,7 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
 howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
--- a/internal/app/app.go
+++ b/internal/app/app.go
@ -75,15 +75,21 @@ const (
 	flagLogIMAP = "log-imap"
 	flagLogSMTP = "log-smtp"
 	flagEnableKeychainTest  = "enable-keychain-test"
 	flagDisableKeychainTest = "disable-keychain-test"
 	flagSoftwareRenderer    = "software-renderer"
 	flagSetSoftwareRenderer = "set-software-renderer"
 	flagSetHardwareRenderer = "set-hardware-renderer"
 )
 // Hidden flags.
 const (
-	flagLauncher         = "launcher"
+	flagLauncher  = "launcher"
-	flagNoWindow         = "no-window"
+	flagNoWindow  = "no-window"
-	flagParentPID        = "parent-pid"
+	flagParentPID = "parent-pid"
-	flagSoftwareRenderer = "software-renderer"
+	FlagSessionID = "session-id"
 	flagSessionID        = "session-id"
 )
 const (
@ -91,6 +97,20 @@ const (
 	appShortName = "bridge"
 )
 var cliFlagEnableKeychainTest = &cli.BoolFlag{ //nolint:gochecknoglobals
 	Name:               flagEnableKeychainTest,
 	Usage:              "Enable the keychain test for the current and future executions of the application",
 	Value:              false,
 	DisableDefaultText: true,
 } //nolint:gochecknoglobals
 var cliFlagDisableKeychainTest = &cli.BoolFlag{ //nolint:gochecknoglobals
 	Name:               flagDisableKeychainTest,
 	Usage:              "Disable the keychain test for the current and future executions of the application",
 	Value:              false,
 	DisableDefaultText: true,
 }
 func New() *cli.App {
 	app := cli.NewApp()
@ -140,6 +160,24 @@ func New() *cli.App {
 			Name:  flagLogSMTP,
 			Usage: "Enable logging of SMTP communications (may contain decrypted data!)",
 		},
 		&cli.BoolFlag{
 			Name:               flagSoftwareRenderer, // This flag is ignored by bridge, but should be passed to launcher in case of restart, so it need to be accepted by the CLI parser.
 			Usage:              "Use software rendering of the GUI for the current execution of the application",
 			Value:              false,
 			DisableDefaultText: true,
 		},
 		&cli.BoolFlag{
 			Name:               flagSetSoftwareRenderer, // This flag is ignored by bridge, we just want it to be shown in the help (BRIDGE-217).
 			Usage:              "Toggle software rendering of the GUI for the current and future executions of the application",
 			Value:              false,
 			DisableDefaultText: true,
 		},
 		&cli.BoolFlag{
 			Name:               flagSetHardwareRenderer, // This flag is ignored by bridge, we just want it to be shown in the help (BRIDGE-217).
 			Usage:              "Toggle hardware rendering of the GUI for the current and future executions of the application",
 			Value:              false,
 			DisableDefaultText: true,
 		},
 		// Hidden flags
 		&cli.BoolFlag{
@ -158,18 +196,24 @@ func New() *cli.App {
 			Hidden: true,
 			Value:  -1,
 		},
 		&cli.BoolFlag{
 			Name:   flagSoftwareRenderer, // This flag is ignored by bridge, but should be passed to launcher in case of restart, so it need to be accepted by the CLI parser.
 			Usage:  "GUI is using software renderer",
 			Hidden: true,
 			Value:  false,
 		},
 		&cli.StringFlag{
-			Name:   flagSessionID,
+			Name:   FlagSessionID,
 			Hidden: true,
 		},
 	}
 	// We override the default help value because we want "Show" to be capitalized
 	cli.HelpFlag = &cli.BoolFlag{
 		Name:               "help",
 		Usage:              "Show help",
 		DisableDefaultText: true,
 	}
 	if onMacOS() {
 		// The two flags below were introduced for BRIDGE-116, and are available only on macOS.
 		app.Flags = append(app.Flags, cliFlagEnableKeychainTest, cliFlagDisableKeychainTest)
 	}
 	app.Action = run
 	return app
@ -238,9 +282,10 @@ func run(c *cli.Context) error {
 						return withSingleInstance(settings, locations.GetLockFile(), version, func() error {
 							// Look for available keychains
-							return WithKeychainList(crashHandler, func(keychains *keychain.List) error {
+							skipKeychainTest := checkSkipKeychainTest(c, settings)
 							return WithKeychainList(crashHandler, skipKeychainTest, func(keychains *keychain.List) error {
 								// Unlock the encrypted vault.
-								return WithVault(locations, keychains, crashHandler, func(v *vault.Vault, insecure, corrupt bool) error {
+								return WithVault(reporter, locations, keychains, crashHandler, func(v *vault.Vault, insecure, corrupt bool) error {
 									if !v.Migrated() {
 										// Migrate old settings into the vault.
 										if err := migrateOldSettings(v); err != nil {
@ -346,7 +391,7 @@ func withLogging(c *cli.Context, crashHandler *crash.Handler, locations *locatio
 	logrus.WithField("path", logsPath).Debug("Received logs path")
 	// Initialize logging.
-	sessionID := logging.NewSessionIDFromString(c.String(flagSessionID))
+	sessionID := logging.NewSessionIDFromString(c.String(FlagSessionID))
 	var closer io.Closer
 	if closer, err = logging.Init(
 		logsPath,
@ -502,11 +547,11 @@ func withCookieJar(vault *vault.Vault, fn func(http.CookieJar) error) error {
 }
 // WithKeychainList init the list of usable keychains.
-func WithKeychainList(panicHandler async.PanicHandler, fn func(*keychain.List) error) error {
+func WithKeychainList(panicHandler async.PanicHandler, skipKeychainTest bool, fn func(*keychain.List) error) error {
 	logrus.Debug("Creating keychain list")
 	defer logrus.Debug("Keychain list stop")
 	defer async.HandlePanic(panicHandler)
-	return fn(keychain.NewList())
+	return fn(keychain.NewList(skipKeychainTest))
 }
 func setDeviceCookies(jar *cookies.Jar) error {
@ -526,3 +571,39 @@ func setDeviceCookies(jar *cookies.Jar) error {
 	return nil
 }
 func checkSkipKeychainTest(c *cli.Context, settingsDir string) bool {
 	if !onMacOS() {
 		return false
 	}
 	enable := c.Bool(flagEnableKeychainTest)
 	disable := c.Bool(flagDisableKeychainTest)
 	skip, err := vault.GetShouldSkipKeychainTest(settingsDir)
 	if err != nil {
 		logrus.WithError(err).Error("Could not load keychain settings.")
 	}
 	if (!enable) && (!disable) {
 		return skip
 	}
 	// if both switches are passed, 'enable' has priority
 	if disable {
 		skip = true
 	}
 	if enable {
 		skip = false
 	}
 	if err := vault.SetShouldSkipKeychainTest(settingsDir, skip); err != nil {
 		logrus.WithError(err).Error("Could not save keychain settings.")
 	}
 	return skip
 }
 func onMacOS() bool {
 	return runtime.GOOS == "darwin"
 }
--- a/internal/app/app_test.go
+++ b/internal/app/app_test.go
@ -0,0 +1,64 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 package app
 import (
 	"testing"
 	"github.com/stretchr/testify/require"
 	"github.com/urfave/cli/v2"
 )
 func TestCheckSkipKeychainTest(t *testing.T) {
 	var expectedResult bool
 	dir := t.TempDir()
 	app := cli.App{
 		Flags: []cli.Flag{
 			cliFlagEnableKeychainTest,
 			cliFlagDisableKeychainTest,
 		},
 		Action: func(c *cli.Context) error {
 			require.Equal(t, expectedResult, checkSkipKeychainTest(c, dir))
 			return nil
 		},
 	}
 	noArgs := []string{"appName"}
 	enableArgs := []string{"appName", "-" + flagEnableKeychainTest}
 	disableArgs := []string{"appName", "-" + flagDisableKeychainTest}
 	bothArgs := []string{"appName", "-" + flagDisableKeychainTest, "-" + flagEnableKeychainTest}
 	onMac := onMacOS()
 	expectedResult = false
 	require.NoError(t, app.Run(noArgs))
 	expectedResult = onMac
 	require.NoError(t, app.Run(disableArgs))
 	require.NoError(t, app.Run(noArgs))
 	expectedResult = false
 	require.NoError(t, app.Run(enableArgs))
 	require.NoError(t, app.Run(noArgs))
 	expectedResult = onMac
 	require.NoError(t, app.Run(disableArgs))
 	expectedResult = false
 	require.NoError(t, app.Run(bothArgs))
 }
--- a/internal/app/migration.go
+++ b/internal/app/migration.go
@ -43,7 +43,7 @@ import (
 // nolint:gosec
 func migrateKeychainHelper(locations *locations.Locations) error {
-	logrus.Info("Migrating keychain helper")
+	logrus.Trace("Checking if keychain helper needs to be migrated")
 	settings, err := locations.ProvideSettingsPath()
 	if err != nil {
@ -75,7 +75,11 @@ func migrateKeychainHelper(locations *locations.Locations) error {
 		return fmt.Errorf("failed to unmarshal old prefs file: %w", err)
 	}
-	return vault.SetHelper(settings, prefs.Helper)
+	err = vault.SetHelper(settings, prefs.Helper)
 	if err == nil {
 		logrus.Info("Keychain helper has been migrated")
 	}
 	return err
 }
 // nolint:gosec
--- a/internal/app/vault.go
+++ b/internal/app/vault.go
@ -25,17 +25,18 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/certs"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/sentry"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/sirupsen/logrus"
 )
-func WithVault(locations *locations.Locations, keychains *keychain.List, panicHandler async.PanicHandler, fn func(*vault.Vault, bool, bool) error) error {
+func WithVault(reporter *sentry.Reporter, locations *locations.Locations, keychains *keychain.List, panicHandler async.PanicHandler, fn func(*vault.Vault, bool, bool) error) error {
 	logrus.Debug("Creating vault")
 	defer logrus.Debug("Vault stopped")
 	// Create the encVault.
-	encVault, insecure, corrupt, err := newVault(locations, keychains, panicHandler)
+	encVault, insecure, corrupt, err := newVault(reporter, locations, keychains, panicHandler)
 	if err != nil {
 		return fmt.Errorf("could not create vault: %w", err)
 	}
@ -57,7 +58,7 @@ func WithVault(locations *locations.Locations, keychains *keychain.List, panicHa
 	return fn(encVault, insecure, corrupt != nil)
 }
-func newVault(locations *locations.Locations, keychains *keychain.List, panicHandler async.PanicHandler) (*vault.Vault, bool, error, error) {
+func newVault(reporter *sentry.Reporter, locations *locations.Locations, keychains *keychain.List, panicHandler async.PanicHandler) (*vault.Vault, bool, error, error) {
 	vaultDir, err := locations.ProvideSettingsPath()
 	if err != nil {
 		return nil, false, nil, fmt.Errorf("could not get vault dir: %w", err)
@ -71,6 +72,16 @@ func newVault(locations *locations.Locations, keychains *keychain.List, panicHan
 	)
 	if key, err := loadVaultKey(vaultDir, keychains); err != nil {
 		if reporter != nil {
 			if rerr := reporter.ReportMessageWithContext("Could not load/create vault key", map[string]any{
 				"keychainDefaultHelper":       keychains.GetDefaultHelper(),
 				"keychainUsableHelpersLength": len(keychains.GetHelpers()),
 				"error":                       err.Error(),
 			}); rerr != nil {
 				logrus.WithError(err).Info("Failed to report keychain issue to Sentry")
 			}
 		}
 		logrus.WithError(err).Error("Could not load/create vault key")
 		insecure = true
--- a/internal/bridge/api.go
+++ b/internal/bridge/api.go
@ -40,7 +40,7 @@ func defaultAPIOptions(
 		proton.WithAppVersion(constants.AppVersion(version.Original())),
 		proton.WithCookieJar(cookieJar),
 		proton.WithTransport(transport),
-		proton.WithLogger(logrus.StandardLogger()),
+		proton.WithLogger(logrus.WithField("pkg", "gpa/client")),
 		proton.WithPanicHandler(panicHandler),
 	}
 }
--- a/internal/bridge/bridge.go
+++ b/internal/bridge/bridge.go
@ -24,6 +24,10 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"regexp"
 	"runtime"
 	"strings"
 	"sync"
 	"time"
@ -41,8 +45,11 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/sentry"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/imapsmtpserver"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/notifications"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/observability"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/syncservice"
 	"github.com/ProtonMail/proton-bridge/v3/internal/telemetry"
 	"github.com/ProtonMail/proton-bridge/v3/internal/unleash"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
@ -51,6 +58,8 @@ import (
 	"github.com/sirupsen/logrus"
 )
 var usernameChangeRegex = regexp.MustCompile(`^/Users/([^/]+)/`)
 type Bridge struct {
 	// vault holds bridge-specific data, such as preferences and known users (authorized or not).
 	vault *vault.Vault
@ -130,8 +139,19 @@ type Bridge struct {
 	serverManager *imapsmtpserver.Service
 	syncService   *syncservice.Service
 	// unleashService is responsible for polling the feature flags and caching
 	unleashService *unleash.Service
 	// observabilityService is responsible for handling calls to the observability system
 	observabilityService *observability.Service
 	// notificationStore is used for notification deduplication
 	notificationStore *notifications.Store
 }
 var logPkg = logrus.WithField("pkg", "bridge") //nolint:gochecknoglobals
 // New creates a new bridge.
 func New(
 	locator Locator, // the locator to provide paths to store data
@ -245,6 +265,10 @@ func newBridge(
 		return nil, fmt.Errorf("failed to create focus service: %w", err)
 	}
 	unleashService := unleash.NewBridgeService(ctx, api, locator, panicHandler)
 	observabilityService := observability.NewService(ctx, panicHandler)
 	bridge := &Bridge{
 		vault: vault,
@ -284,7 +308,13 @@ func newBridge(
 		lastVersion: lastVersion,
 		tasks:       tasks,
-		syncService: syncservice.NewService(reporter, panicHandler),
+		syncService: syncservice.NewService(panicHandler, observabilityService),
 		unleashService: unleashService,
 		observabilityService: observabilityService,
 		notificationStore: notifications.NewStore(locator.ProvideNotificationsCachePath),
 	}
 	bridge.serverManager = imapsmtpserver.NewService(context.Background(),
@ -295,8 +325,12 @@ func newBridge(
 		reporter,
 		uidValidityGenerator,
 		&bridgeIMAPSMTPTelemetry{b: bridge},
 		observabilityService,
 	)
 	// Check whether username has changed and correct (macOS only)
 	bridge.verifyUsernameChange()
 	if err := bridge.serverManager.Init(context.Background(), bridge.tasks, &bridgeEventSubscription{b: bridge}); err != nil {
 		return nil, err
 	}
@ -309,6 +343,10 @@ func newBridge(
 	bridge.syncService.Run()
 	bridge.unleashService.Run()
 	bridge.observabilityService.Run(bridge)
 	return bridge, nil
 }
@ -322,7 +360,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Handle connection up/down events.
 	bridge.api.AddStatusObserver(func(status proton.Status) {
-		logrus.Info("API status changed: ", status)
+		logPkg.Info("API status changed: ", status)
 		switch {
 		case status == proton.StatusUp:
@ -337,7 +375,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// If any call returns a bad version code, we need to update.
 	bridge.api.AddErrorHandler(proton.AppVersionBadCode, func() {
-		logrus.Warn("App version is bad")
+		logPkg.Warn("App version is bad")
 		bridge.publish(events.UpdateForced{})
 	})
@ -350,7 +388,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Log all manager API requests (client requests are logged separately).
 	bridge.api.AddPostRequestHook(func(_ *resty.Client, r *resty.Response) error {
 		if _, ok := proton.ClientIDFromContext(r.Request.Context()); !ok {
-			logrus.Infof("[MANAGER] %v: %v %v", r.Status(), r.Request.Method, r.Request.URL)
+			logrus.WithField("pkg", "gpa/manager").Infof("%v: %v %v", r.Status(), r.Request.Method, r.Request.URL)
 		}
 		return nil
@ -359,7 +397,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Publish a TLS issue event if a TLS issue is encountered.
 	bridge.tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, tlsReporter.GetTLSIssueCh(), func(struct{}) {
-			logrus.Warn("TLS issue encountered")
+			logPkg.Warn("TLS issue encountered")
 			bridge.publish(events.TLSIssue{})
 		})
 	})
@ -367,7 +405,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Publish a raise event if the focus service is called.
 	bridge.tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, bridge.focusService.GetRaiseCh(), func(struct{}) {
-			logrus.Info("Focus service requested raise")
+			logPkg.Info("Focus service requested raise")
 			bridge.publish(events.Raise{})
 		})
 	})
@ -375,7 +413,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Handle any IMAP events that are forwarded to the bridge from gluon.
 	bridge.tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, bridge.imapEventCh, func(event imapEvents.Event) {
-			logrus.WithField("event", fmt.Sprintf("%T", event)).Debug("Received IMAP event")
+			logPkg.WithField("event", fmt.Sprintf("%T", event)).Debug("Received IMAP event")
 			bridge.handleIMAPEvent(event)
 		})
 	})
@ -383,7 +421,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Attempt to load users from the vault when triggered.
 	bridge.goLoad = bridge.tasks.Trigger(func(ctx context.Context) {
 		if err := bridge.loadUsers(ctx); err != nil {
-			logrus.WithError(err).Error("Failed to load users")
+			logPkg.WithError(err).Error("Failed to load users")
 			if netErr := new(proton.NetError); !errors.As(err, &netErr) {
 				sentry.ReportError(bridge.reporter, "Failed to load users", err)
 			}
@ -396,7 +434,7 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Check for updates when triggered.
 	bridge.goUpdate = bridge.tasks.PeriodicOrTrigger(constants.UpdateCheckInterval, 0, func(ctx context.Context) {
-		logrus.Info("Checking for updates")
+		logPkg.Info("Checking for updates")
 		version, err := bridge.updater.GetVersionInfo(ctx, bridge.api, bridge.vault.GetUpdateChannel())
 		if err != nil {
@ -434,7 +472,10 @@ func (bridge *Bridge) GetErrors() []error {
 }
 func (bridge *Bridge) Close(ctx context.Context) {
-	logrus.Info("Closing bridge")
+	logPkg.Info("Closing bridge")
 	// Stop observability service
 	bridge.observabilityService.Stop()
 	// Stop heart beat before closing users.
 	bridge.heartbeat.stop()
@ -448,7 +489,7 @@ func (bridge *Bridge) Close(ctx context.Context) {
 	// Close the servers
 	if err := bridge.serverManager.CloseServers(ctx); err != nil {
-		logrus.WithError(err).Error("Failed to close servers")
+		logPkg.WithError(err).Error("Failed to close servers")
 	}
 	bridge.syncService.Close()
@ -459,6 +500,9 @@ func (bridge *Bridge) Close(ctx context.Context) {
 	// Close the focus service.
 	bridge.focusService.Close()
 	// Close the unleash service.
 	bridge.unleashService.Close()
 	// Close the watchers.
 	bridge.watchersLock.Lock()
 	defer bridge.watchersLock.Unlock()
@ -474,12 +518,12 @@ func (bridge *Bridge) publish(event events.Event) {
 	bridge.watchersLock.RLock()
 	defer bridge.watchersLock.RUnlock()
-	logrus.WithField("event", event).Debug("Publishing event")
+	logPkg.WithField("event", event).Debug("Publishing event")
 	for _, watcher := range bridge.watchers {
 		if watcher.IsWatching(event) {
 			if ok := watcher.Send(event); !ok {
-				logrus.WithField("event", event).Warn("Failed to send event to watcher")
+				logPkg.WithField("event", event).Warn("Failed to send event to watcher")
 			}
 		}
 	}
@ -512,13 +556,13 @@ func (bridge *Bridge) remWatcher(watcher *watcher.Watcher[events.Event]) {
 }
 func (bridge *Bridge) onStatusUp(_ context.Context) {
-	logrus.Info("Handling API status up")
+	logPkg.Info("Handling API status up")
 	bridge.goLoad()
 }
 func (bridge *Bridge) onStatusDown(ctx context.Context) {
-	logrus.Info("Handling API status down")
+	logPkg.Info("Handling API status down")
 	for backoff := time.Second; ; backoff = min(backoff*2, 30*time.Second) {
 		select {
@ -526,10 +570,10 @@ func (bridge *Bridge) onStatusDown(ctx context.Context) {
 			return
 		case <-time.After(backoff):
-			logrus.Info("Pinging API")
+			logPkg.Info("Pinging API")
 			if err := bridge.api.Ping(ctx); err != nil {
-				logrus.WithError(err).Warn("Ping failed, API is still unreachable")
+				logPkg.WithError(err).Warn("Ping failed, API is still unreachable")
 			} else {
 				return
 			}
@ -537,6 +581,49 @@ func (bridge *Bridge) onStatusDown(ctx context.Context) {
 	}
 }
 func (bridge *Bridge) Repair() {
 	var wg sync.WaitGroup
 	userIDs := bridge.GetUserIDs()
 	for _, userID := range userIDs {
 		logPkg.Info("Initiating repair for userID:", userID)
 		userInfo, err := bridge.GetUserInfo(userID)
 		if err != nil {
 			logPkg.WithError(err).Error("Failed getting user info for repair; ID:", userID)
 			continue
 		}
 		if userInfo.State != Connected {
 			logPkg.Info("User is not connected. Repair will be executed on following successful log in.", userID)
 			if err := bridge.vault.GetUser(userID, func(user *vault.User) {
 				if err := user.SetShouldSync(true); err != nil {
 					logPkg.WithError(err).Error("Failed setting vault should sync for user:", userID)
 				}
 			}); err != nil {
 				logPkg.WithError(err).Error("Unable to get user vault when scheduling repair:", userID)
 			}
 			continue
 		}
 		bridgeUser, ok := bridge.users[userID]
 		if !ok {
 			logPkg.Info("UserID does not exist in bridge user map", userID)
 			continue
 		}
 		wg.Add(1)
 		go func(userID string) {
 			defer wg.Done()
 			if err = bridgeUser.TriggerRepair(); err != nil {
 				logPkg.WithError(err).Error("Failed re-syncing IMAP for userID", userID)
 			}
 		}(userID)
 	}
 	wg.Wait()
 }
 func loadTLSConfig(vault *vault.Vault) (*tls.Config, error) {
 	cert, err := tls.X509KeyPair(vault.GetBridgeTLSCert())
 	if err != nil {
@ -549,10 +636,90 @@ func loadTLSConfig(vault *vault.Vault) (*tls.Config, error) {
 	}, nil
 }
-func min(a, b time.Duration) time.Duration {
+func min(a, b time.Duration) time.Duration { //nolint:predeclared
 	if a < b {
 		return a
 	}
 	return b
 }
 func (bridge *Bridge) HasAPIConnection() bool {
 	return bridge.api.GetStatus() == proton.StatusUp
 }
 // verifyUsernameChange - works only on macOS
 // it attempts to check whether a username change has taken place by comparing the gluon DB path (which is static and provided by bridge)
 // to the gluon Cache path - which can be modified by the user and is stored in the vault;
 // if a username discrepancy is detected, and the cache folder does not exist with the "old" username
 // then we verify whether the gluon cache exists using the "new" username (provided by the DB path in this case)
 // if so we modify the cache directory in the user vault.
 func (bridge *Bridge) verifyUsernameChange() {
 	if runtime.GOOS != "darwin" {
 		return
 	}
 	gluonDBPath, err := bridge.GetGluonDataDir()
 	if err != nil {
 		logPkg.WithError(err).Error("Failed to get gluon db path")
 		return
 	}
 	gluonCachePath := bridge.GetGluonCacheDir()
 	// If the cache folder exists even on another user account or is in `/Users/Shared` we would still be able to access it
 	// though it depends on the permissions; this is an edge-case.
 	if _, err := os.Stat(gluonCachePath); err == nil {
 		return
 	}
 	newCacheDir := GetUpdatedCachePath(gluonDBPath, gluonCachePath)
 	if newCacheDir == "" {
 		return
 	}
 	if _, err := os.Stat(newCacheDir); err == nil {
 		logPkg.Info("Username change detected. Trying to restore gluon cache directory")
 		if err = bridge.vault.SetGluonDir(newCacheDir); err != nil {
 			logPkg.WithError(err).Error("Failed to restore gluon cache directory")
 			return
 		}
 		logPkg.Info("Successfully restored gluon cache directory")
 	}
 }
 func GetUpdatedCachePath(gluonDBPath, gluonCachePath string) string {
 	// If gluon cache is moved to an external drive; regex find will fail; as is expected
 	cachePathMatches := usernameChangeRegex.FindStringSubmatch(gluonCachePath)
 	if cachePathMatches == nil || len(cachePathMatches) < 2 {
 		return ""
 	}
 	cacheUsername := cachePathMatches[1]
 	dbPathMatches := usernameChangeRegex.FindStringSubmatch(gluonDBPath)
 	if dbPathMatches == nil || len(dbPathMatches) < 2 {
 		return ""
 	}
 	dbUsername := dbPathMatches[1]
 	if cacheUsername == dbUsername {
 		return ""
 	}
 	return strings.Replace(gluonCachePath, "/Users/"+cacheUsername+"/", "/Users/"+dbUsername+"/", 1)
 }
 func (bridge *Bridge) GetFeatureFlagValue(key string) bool {
 	return bridge.unleashService.GetFlagValue(key)
 }
 func (bridge *Bridge) PushObservabilityMetric(metric proton.ObservabilityMetric) {
 	bridge.observabilityService.AddMetrics(metric)
 }
 func (bridge *Bridge) PushDistinctObservabilityMetrics(errType observability.DistinctionErrorTypeEnum, metrics ...proton.ObservabilityMetric) {
 	bridge.observabilityService.AddDistinctMetrics(errType, metrics...)
 }
 func (bridge *Bridge) ModifyObservabilityHeartbeatInterval(duration time.Duration) {
 	bridge.observabilityService.ModifyHeartbeatInterval(duration)
 }
--- a/internal/bridge/bridge_test.go
+++ b/internal/bridge/bridge_test.go
@ -76,7 +76,7 @@ func init() {
 func TestBridge_ConnStatus(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Get a stream of connection status events.
 			eventCh, done := bridge.GetEvents(events.ConnStatusUp{}, events.ConnStatusDown{})
 			defer done()
@ -125,7 +125,7 @@ func TestBridge_TLSIssue(t *testing.T) {
 func TestBridge_Focus(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Get a stream of TLS issue events.
 			raiseCh, done := bridge.GetEvents(events.Raise{})
 			defer done()
@ -156,7 +156,7 @@ func TestBridge_UserAgent(t *testing.T) {
 			calls = append(calls, call)
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Set the platform to something other than the default.
 			bridge.SetCurrentPlatform("platform")
@ -183,21 +183,12 @@ func TestBridge_UserAgent_Persistence(t *testing.T) {
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(b)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(b)
 			defer smtpWaiter.Done()
 			currentUserAgent := b.GetCurrentUserAgent()
 			require.Contains(t, currentUserAgent, useragent.DefaultUserAgent)
 			require.NoError(t, getErr(b.LoginFull(ctx, otherUser, otherPassword, nil, nil)))
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			defer func() { _ = imapClient.Logout() }()
@ -220,7 +211,7 @@ func TestBridge_UserAgent_Persistence(t *testing.T) {
 			require.Contains(t, b.GetCurrentUserAgent(), "MyFancyClient/0.1.2")
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			currentUserAgent := bridge.GetCurrentUserAgent()
 			require.Contains(t, currentUserAgent, "MyFancyClient/0.1.2")
 		})
@ -234,22 +225,13 @@ func TestBridge_UserAgentFromUnknownClient(t *testing.T) {
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(b)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(b)
 			defer smtpWaiter.Done()
 			currentUserAgent := b.GetCurrentUserAgent()
 			require.Contains(t, currentUserAgent, useragent.DefaultUserAgent)
 			userID, err := b.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			defer func() { _ = imapClient.Logout() }()
@ -273,22 +255,13 @@ func TestBridge_UserAgentFromSMTPClient(t *testing.T) {
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(b)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(b)
 			defer smtpWaiter.Done()
 			currentUserAgent := b.GetCurrentUserAgent()
 			require.Contains(t, currentUserAgent, useragent.DefaultUserAgent)
 			userID, err := b.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 			client, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(b.GetSMTPPort())))
 			require.NoError(t, err)
 			defer client.Close() //nolint:errcheck
@ -332,18 +305,9 @@ func TestBridge_UserAgentFromIMAPID(t *testing.T) {
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(b)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(b)
 			defer smtpWaiter.Done()
 			require.NoError(t, getErr(b.LoginFull(ctx, otherUser, otherPassword, nil, nil)))
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			defer func() { _ = imapClient.Logout() }()
@ -401,13 +365,13 @@ func TestBridge_Cookies(t *testing.T) {
 		})
 		// Start bridge and add a user so that API assigns us a session ID via cookie.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			_, err := bridge.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
 		})
 		// Start bridge again and check that it uses the same session ID.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(_ *bridge.Bridge, _ *bridge.Mocks) {
 			// ...
 		})
@ -520,7 +484,7 @@ func TestBridge_ManualUpdate(t *testing.T) {
 func TestBridge_ForceUpdate(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Get a stream of update events.
 			updateCh, done := bridge.GetEvents(events.UpdateForced{})
 			defer done()
@ -543,7 +507,7 @@ func TestBridge_BadVaultKey(t *testing.T) {
 		var userID string
 		// Login a user.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			newUserID, err := bridge.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
@ -551,17 +515,17 @@ func TestBridge_BadVaultKey(t *testing.T) {
 		})
 		// Start bridge with the correct vault key -- it should load the users correctly.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.ElementsMatch(t, []string{userID}, bridge.GetUserIDs())
 		})
 		// Start bridge with a bad vault key, the vault will be wiped and bridge will show no users.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, []byte("bad"), func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, []byte("bad"), func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.Empty(t, bridge.GetUserIDs())
 		})
 		// Start bridge with a nil vault key, the vault will be wiped and bridge will show no users.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, nil, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, nil, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.Empty(t, bridge.GetUserIDs())
 		})
 	})
@ -571,7 +535,7 @@ func TestBridge_MissingGluonStore(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		var gluonDir string
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			_, err := bridge.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
@ -586,7 +550,7 @@ func TestBridge_MissingGluonStore(t *testing.T) {
 		require.NoError(t, os.RemoveAll(gluonDir))
 		// Bridge starts but can't find the gluon store dir; there should be no error.
-		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(_ *bridge.Bridge, _ *bridge.Mocks) {
 			// ...
 		})
 	})
@ -596,7 +560,7 @@ func TestBridge_MissingGluonDatabase(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		var gluonDir string
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			_, err := bridge.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
@ -609,7 +573,7 @@ func TestBridge_MissingGluonDatabase(t *testing.T) {
 		require.NoError(t, os.RemoveAll(gluonDir))
 		// Bridge starts but can't find the gluon database dir; there should be no error.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(_ *bridge.Bridge, _ *bridge.Mocks) {
 			// ...
 		})
 	})
@ -623,7 +587,7 @@ func TestBridge_AddressWithoutKeys(t *testing.T) {
 		)
 		defer m.Close()
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Watch for sync finished event.
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
@ -699,7 +663,7 @@ func TestBridge_FactoryReset(t *testing.T) {
 func TestBridge_InitGluonDirectory(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			configDir, err := b.GetGluonDataDir()
 			require.NoError(t, err)
@ -714,22 +678,13 @@ func TestBridge_InitGluonDirectory(t *testing.T) {
 func TestBridge_LoginFailed(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(bridge)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			failCh, done := chToType[events.Event, events.IMAPLoginFailed](bridge.GetEvents(events.IMAPLoginFailed{}))
 			defer done()
 			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 			imapClient, err := eventuallyDial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetIMAPPort())))
 			require.NoError(t, err)
@ -751,18 +706,12 @@ func TestBridge_ChangeCacheDirectory(t *testing.T) {
 			createNumMessages(ctx, t, c, addrID, labelID, 10)
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			newCacheDir := t.TempDir()
 			currentCacheDir := b.GetGluonCacheDir()
 			configDir, err := b.GetGluonDataDir()
 			require.NoError(t, err)
 			imapWaiter := waitForIMAPServerReady(b)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(b)
 			defer smtpWaiter.Done()
 			// Login the user.
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()
@ -796,9 +745,6 @@ func TestBridge_ChangeCacheDirectory(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 			client, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, client.Login(info.Addresses[0], string(info.BridgePass)))
@ -826,7 +772,7 @@ func TestBridge_ChangeAddressOrder(t *testing.T) {
 			createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			// Log the user in with its first address.
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()
@ -854,7 +800,7 @@ func TestBridge_ChangeAddressOrder(t *testing.T) {
 			require.NoError(t, c.OrderAddresses(ctx, proton.OrderAddressesReq{AddressIDs: []string{aliasID, addrID}}))
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			// We should still see 10 messages in the inbox.
 			info, err := b.GetUserInfo(userID)
 			require.NoError(t, err)
@ -1131,3 +1077,57 @@ func waitForIMAPServerStopped(b *bridge.Bridge) *eventWaiter {
 		cancel: cancel,
 	}
 }
 func TestBridge_GetUpdatedCachePath(t *testing.T) {
 	type TestData struct {
 		gluonDBPath    string
 		gluonCachePath string
 		shouldChange   bool
 	}
 	dataArr := []TestData{
 		{
 			gluonDBPath:    "/Users/test/",
 			gluonCachePath: "/Users/test/gluon",
 			shouldChange:   false,
 		}, {
 			gluonDBPath:    "/Users/test/",
 			gluonCachePath: "/Users/tester/gluon",
 			shouldChange:   true,
 		}, {
 			gluonDBPath:    "/Users/testing/",
 			gluonCachePath: "/Users/test/gluon",
 			shouldChange:   true,
 		},
 		{
 			gluonDBPath:    "/Users/testing/",
 			gluonCachePath: "/Users/test/gluon",
 			shouldChange:   true,
 		},
 		{
 			gluonDBPath:    "/Users/testing/",
 			gluonCachePath: "/Volumes/test/gluon",
 			shouldChange:   false,
 		},
 		{
 			gluonDBPath:    "/Volumes/test/",
 			gluonCachePath: "/Users/test/gluon",
 			shouldChange:   false,
 		},
 		{
 			gluonDBPath:    "/XXX/test/",
 			gluonCachePath: "/Users/test/gluon",
 			shouldChange:   false,
 		},
 		{
 			gluonDBPath:    "/XXX/test/",
 			gluonCachePath: "/YYY/test/gluon",
 			shouldChange:   false,
 		},
 	}
 	for _, el := range dataArr {
 		newCachePath := bridge.GetUpdatedCachePath(el.gluonDBPath, el.gluonCachePath)
 		require.Equal(t, el.shouldChange, newCachePath != "" && newCachePath != el.gluonCachePath)
 	}
 }
--- a/internal/bridge/configure.go
+++ b/internal/bridge/configure.go
@ -34,7 +34,7 @@ import (
 // ConfigureAppleMail configures Apple Mail for the given userID and address.
 // If configuring Apple Mail for Catalina or newer, it ensures Bridge is using SSL.
 func (bridge *Bridge) ConfigureAppleMail(ctx context.Context, userID, address string) error {
-	logrus.WithFields(logrus.Fields{
+	logPkg.WithFields(logrus.Fields{
 		"userID":  userID,
 		"address": logging.Sensitive(address),
 	}).Info("Configuring Apple Mail")
--- a/internal/bridge/debug.go
+++ b/internal/bridge/debug.go
@ -65,7 +65,11 @@ func (bridge *Bridge) CheckClientState(ctx context.Context, checkFlags bool, pro
 		if progressCB != nil {
 			progressCB(fmt.Sprintf("Checking state for user %v", usr.Name()))
 		}
-		log := logrus.WithField("user", usr.Name()).WithField("diag", "state-check")
+		log := logrus.WithFields(logrus.Fields{
 			"pkg":  "bridge/debug",
 			"user": usr.Name(),
 			"diag": "state-check",
 		})
 		log.Debug("Retrieving all server metadata")
 		meta, err := usr.GetDiagnosticMetadata(ctx)
 		if err != nil {
@ -280,7 +284,7 @@ func clientGetMessageIDs(client *goimapclient.Client, mailbox string) (map[strin
 		internalID, ok := header.GetChecked("X-Pm-Internal-Id")
 		if !ok {
-			logrus.Errorf("Message %v does not have internal id", internalID)
+			logrus.WithField("pkg", "bridge/debug").Errorf("Message %v does not have internal id", internalID)
 			continue
 		}
--- a/internal/bridge/draft_test.go
+++ b/internal/bridge/draft_test.go
@ -64,9 +64,6 @@ func TestBridge_HandleDraftsSendFromOtherClient(t *testing.T) {
 		// The initial user should be fully synced.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			waiter := waitForIMAPServerReady(b)
 			defer waiter.Done()
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()
@ -74,7 +71,6 @@ func TestBridge_HandleDraftsSendFromOtherClient(t *testing.T) {
 			require.NoError(t, err)
 			require.Equal(t, userID, (<-syncCh).UserID)
 			waiter.Wait()
 			info, err := b.GetUserInfo(userID)
 			require.NoError(t, err)
--- a/internal/bridge/heartbeat.go
+++ b/internal/bridge/heartbeat.go
@ -97,7 +97,7 @@ func (h *heartBeatState) start() {
 	h.taskStarted = true
 	h.task.PeriodicOrTrigger(h.taskInterval, 0, func(ctx context.Context) {
-		logrus.Debug("Checking for heartbeat")
+		logrus.WithField("pkg", "bridge/heartbeat").Debug("Checking for heartbeat")
 		h.TrySending(ctx)
 	})
@ -135,7 +135,7 @@ func (bridge *Bridge) SendHeartbeat(ctx context.Context, heartbeat *telemetry.He
 		if err := bridge.reporter.ReportMessageWithContext("Cannot parse heartbeat data.", reporter.Context{
 			"error": err,
 		}); err != nil {
-			logrus.WithError(err).Error("Failed to parse heartbeat data.")
+			logrus.WithField("pkg", "bridge/heartbeat").WithError(err).Error("Failed to parse heartbeat data.")
 		}
 		return false
 	}
--- a/internal/bridge/imap.go
+++ b/internal/bridge/imap.go
@ -35,10 +35,12 @@ func (bridge *Bridge) restartIMAP(ctx context.Context) error {
 }
 func (bridge *Bridge) handleIMAPEvent(event imapEvents.Event) {
 	log := logrus.WithField("pkg", "bridge/event/imap")
 	switch event := event.(type) {
 	case imapEvents.UserAdded:
 		for labelID, count := range event.Counts {
-			logrus.WithFields(logrus.Fields{
+			log.WithFields(logrus.Fields{
 				"gluonID": event.UserID,
 				"labelID": labelID,
 				"count":   count,
@ -46,7 +48,7 @@ func (bridge *Bridge) handleIMAPEvent(event imapEvents.Event) {
 		}
 	case imapEvents.IMAPID:
-		logrus.WithFields(logrus.Fields{
+		log.WithFields(logrus.Fields{
 			"sessionID": event.SessionID,
 			"name":      event.IMAPID.Name,
 			"version":   event.IMAPID.Version,
@ -57,7 +59,7 @@ func (bridge *Bridge) handleIMAPEvent(event imapEvents.Event) {
 		}
 	case imapEvents.LoginFailed:
-		logrus.WithFields(logrus.Fields{
+		log.WithFields(logrus.Fields{
 			"sessionID": event.SessionID,
 			"username":  event.Username,
 			"pkg":       "imap",
--- a/internal/bridge/mocks/observability_mocks.go
+++ b/internal/bridge/mocks/observability_mocks.go
@ -0,0 +1,49 @@
 package mocks
 import (
 	reflect "reflect"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/observability"
 	"github.com/golang/mock/gomock"
 )
 type MockObservabilitySender struct {
 	ctrl     *gomock.Controller
 	recorder *MockObservabilitySenderRecorder
 }
 type MockObservabilitySenderRecorder struct {
 	mock *MockObservabilitySender
 }
 func NewMockObservabilitySender(ctrl *gomock.Controller) *MockObservabilitySender {
 	mock := &MockObservabilitySender{ctrl: ctrl}
 	mock.recorder = &MockObservabilitySenderRecorder{mock: mock}
 	return mock
 }
 func (m *MockObservabilitySender) EXPECT() *MockObservabilitySenderRecorder { return m.recorder }
 func (m *MockObservabilitySender) AddDistinctMetrics(errType observability.DistinctionErrorTypeEnum, _ ...proton.ObservabilityMetric) {
 	m.ctrl.T.Helper()
 	m.ctrl.Call(m, "AddDistinctMetrics", errType)
 }
 func (m *MockObservabilitySender) AddMetrics(metrics ...proton.ObservabilityMetric) {
 	m.ctrl.T.Helper()
 	m.ctrl.Call(m, "AddMetrics", metrics)
 }
 func (mr *MockObservabilitySenderRecorder) AddDistinctMetrics(errType observability.DistinctionErrorTypeEnum, _ ...proton.ObservabilityMetric) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock,
 		"AddDistinctMetrics",
 		reflect.TypeOf((*MockObservabilitySender)(nil).AddDistinctMetrics),
 		errType)
 }
 func (mr *MockObservabilitySenderRecorder) AddMetrics(metrics ...proton.ObservabilityMetric) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddMetrics", reflect.TypeOf((*MockObservabilitySender)(nil).AddMetrics), metrics)
 }
--- a/internal/bridge/observability_test.go
+++ b/internal/bridge/observability_test.go
@ -0,0 +1,164 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
 package bridge_test
 import (
 	"testing"
 	"time"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/observability"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/net/context"
 )
 func TestBridge_Observability(t *testing.T) {
 	testMetric := proton.ObservabilityMetric{
 		Name:      "test1",
 		Version:   1,
 		Timestamp: time.Now().Unix(),
 		Data:      nil,
 	}
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		throttlePeriod := time.Millisecond * 500
 		observability.ModifyThrottlePeriod(throttlePeriod)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.NoError(t, getErr(bridge.LoginFull(ctx, username, password, nil, nil)))
 			bridge.PushObservabilityMetric(testMetric)
 			time.Sleep(time.Millisecond * 50) // Wait for the metric to be sent
 			require.Equal(t, 1, len(s.GetObservabilityStatistics().Metrics))
 			for i := 0; i < 10; i++ {
 				time.Sleep(time.Millisecond * 5) // Minor delay between each so our tests aren't flaky
 				bridge.PushObservabilityMetric(testMetric)
 			}
 			// We should still have only 1 metric sent as the throttleDuration has not passed
 			require.Equal(t, 1, len(s.GetObservabilityStatistics().Metrics))
 			// Wait for throttle duration to pass; we should have our remaining metrics posted
 			time.Sleep(throttlePeriod)
 			require.Equal(t, 11, len(s.GetObservabilityStatistics().Metrics))
 			// Wait for the throttle duration to reset; i.e. so we have enough time to send a request immediately
 			time.Sleep(throttlePeriod)
 			for i := 0; i < 10; i++ {
 				time.Sleep(time.Millisecond * 5)
 				bridge.PushObservabilityMetric(testMetric)
 			}
 			// We should only have one additional metric sent immediately
 			require.Equal(t, 12, len(s.GetObservabilityStatistics().Metrics))
 			// Wait for the others to be sent
 			time.Sleep(throttlePeriod)
 			require.Equal(t, 21, len(s.GetObservabilityStatistics().Metrics))
 			// Spam the endpoint a bit
 			for i := 0; i < 300; i++ {
 				if i < 200 {
 					time.Sleep(time.Millisecond * 10)
 				}
 				bridge.PushObservabilityMetric(testMetric)
 			}
 			// Ensure we've sent all metrics
 			time.Sleep(throttlePeriod)
 			observabilityStats := s.GetObservabilityStatistics()
 			require.Equal(t, 321, len(observabilityStats.Metrics))
 			// Verify that each request had a throttleDuration time difference between each request
 			for i := 0; i < len(observabilityStats.RequestTime)-1; i++ {
 				tOne := observabilityStats.RequestTime[i]
 				tTwo := observabilityStats.RequestTime[i+1]
 				require.True(t, tTwo.Sub(tOne).Abs() > throttlePeriod)
 			}
 		})
 	})
 }
 func TestBridge_Observability_Heartbeat(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		throttlePeriod := time.Millisecond * 300
 		observability.ModifyThrottlePeriod(throttlePeriod)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.NoError(t, getErr(bridge.LoginFull(ctx, username, password, nil, nil)))
 			bridge.ModifyObservabilityHeartbeatInterval(throttlePeriod)
 			require.Equal(t, 0, len(s.GetObservabilityStatistics().Metrics))
 			time.Sleep(time.Millisecond * 150)
 			require.Equal(t, 0, len(s.GetObservabilityStatistics().Metrics))
 			time.Sleep(time.Millisecond * 200)
 			require.Equal(t, 1, len(s.GetObservabilityStatistics().Metrics))
 			time.Sleep(time.Millisecond * 350)
 			require.Equal(t, 2, len(s.GetObservabilityStatistics().Metrics))
 			time.Sleep(time.Millisecond * 350)
 			require.Equal(t, 3, len(s.GetObservabilityStatistics().Metrics))
 		})
 	})
 }
 func TestBridge_Observability_UserMetric(t *testing.T) {
 	testMetric := proton.ObservabilityMetric{
 		Name:      "test1",
 		Version:   1,
 		Timestamp: time.Now().Unix(),
 		Data:      nil,
 	}
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
 		userMetricPeriod := time.Millisecond * 200
 		heartbeatPeriod := time.Second * 10
 		throttlePeriod := time.Millisecond * 100
 		observability.ModifyUserMetricInterval(userMetricPeriod)
 		observability.ModifyThrottlePeriod(throttlePeriod)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.NoError(t, getErr(bridge.LoginFull(ctx, username, password, nil, nil)))
 			bridge.ModifyObservabilityHeartbeatInterval(heartbeatPeriod)
 			time.Sleep(throttlePeriod)
 			require.Equal(t, 0, len(s.GetObservabilityStatistics().Metrics))
 			bridge.PushDistinctObservabilityMetrics(observability.SyncError, testMetric)
 			time.Sleep(throttlePeriod)
 			// We're expecting two observability metrics to be sent, the actual metric + the user metric.
 			require.Equal(t, 2, len(s.GetObservabilityStatistics().Metrics))
 			bridge.PushDistinctObservabilityMetrics(observability.SyncError, testMetric)
 			time.Sleep(throttlePeriod)
 			// We're expecting only a single metric to be sent, since the user metric update has been sent already within the predefined period.
 			require.Equal(t, 3, len(s.GetObservabilityStatistics().Metrics))
 			bridge.PushDistinctObservabilityMetrics(observability.SyncError, testMetric)
 			time.Sleep(throttlePeriod)
 			// Two metric updates should be sent again.
 			require.Equal(t, 5, len(s.GetObservabilityStatistics().Metrics))
 			bridge.PushDistinctObservabilityMetrics(observability.SyncError, testMetric)
 			time.Sleep(throttlePeriod)
 			// Only a single one should be sent.
 			require.Equal(t, 6, len(s.GetObservabilityStatistics().Metrics))
 		})
 	})
 }
--- a/internal/bridge/send_test.go
+++ b/internal/bridge/send_test.go
@ -46,17 +46,12 @@ func TestBridge_Send(t *testing.T) {
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			senderUserID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			recipientUserID, err := bridge.LoginFull(ctx, "recipient", password, nil, nil)
 			require.NoError(t, err)
 			smtpWaiter.Wait()
 			senderInfo, err := bridge.GetUserInfo(senderUserID)
 			require.NoError(t, err)
@ -409,9 +404,6 @@ SGVsbG8gd29ybGQK
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			senderUserID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
@ -431,8 +423,6 @@ SGVsbG8gd29ybGQK
 				messageMultipartWithoutTextWithTextAttachment,
 			}
 			smtpWaiter.Wait()
 			for _, m := range messages {
 				// Dial the server.
 				client, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
@ -617,9 +607,6 @@ Hello world
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			senderUserID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
@ -639,8 +626,6 @@ Hello world
 				messageInlineImageFollowedByText,
 			}
 			smtpWaiter.Wait()
 			for _, m := range messages {
 				// Dial the server.
 				client, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
@ -714,17 +699,12 @@ func TestBridge_SendAddressDisabled(t *testing.T) {
 		require.NoError(t, s.ChangeAddressAllowSend(senderUserID, addrID, false))
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			senderUserID, err := bridge.LoginFull(ctx, "sender", password, nil, nil)
 			require.NoError(t, err)
 			_, err = bridge.LoginFull(ctx, "recipient", password, nil, nil)
 			require.NoError(t, err)
 			smtpWaiter.Wait()
 			recipientInfo, err := bridge.GetUserInfo(recipientUserID)
 			require.NoError(t, err)
@ -750,7 +730,7 @@ func TestBridge_SendAddressDisabled(t *testing.T) {
 				strings.NewReader("Subject: Test 1\r\n\r\nHello world!"),
 			)
-			smtpErr := smtpservice.NewErrCanNotSendOnAddress(senderInfo.Addresses[0])
+			smtpErr := smtpservice.NewErrCannotSendFromAddress(senderInfo.Addresses[0])
 			require.Equal(t, fmt.Sprintf("Error: %v", smtpErr.Error()), err.Error())
 		})
 	})
--- a/internal/bridge/sentry_test.go
+++ b/internal/bridge/sentry_test.go
@ -29,16 +29,12 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/require"
 )
 func TestBridge_Report(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(b)
 			defer imapWaiter.Done()
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()
@ -54,19 +50,11 @@ func TestBridge_Report(t *testing.T) {
 			require.NoError(t, err)
 			require.True(t, info.State == bridge.Connected)
 			imapWaiter.Wait()
 			// Dial the IMAP port.
 			conn, err := net.Dial("tcp", fmt.Sprintf("%v:%v", constants.Host, b.GetIMAPPort()))
 			require.NoError(t, err)
 			defer func() { require.NoError(t, conn.Close()) }()
 			// Sending garbage to the IMAP port should cause the bridge to report it.
 			mocks.Reporter.EXPECT().ReportMessageWithContext(
 				gomock.Eq("Failed to parse IMAP command"),
 				gomock.Any(),
 			).Return(nil)
 			// Read lines from the IMAP port.
 			lineCh := liner.New(conn).Lines(func() error { return nil })
--- a/internal/bridge/server_manager_test.go
+++ b/internal/bridge/server_manager_test.go
@ -20,6 +20,7 @@ package bridge_test
 import (
 	"context"
 	"fmt"
 	"net"
 	"testing"
 	"github.com/ProtonMail/go-proton-api"
@ -27,57 +28,39 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/emersion/go-smtp"
 	"github.com/stretchr/testify/require"
 )
-func TestServerManager_NoLoadedUsersNoServers(t *testing.T) {
+func TestServerManager_ServersStartWithBridge(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
-			_, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
+			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.Error(t, err)
 		})
 	})
 }
 func TestServerManager_ServersStartAfterFirstConnectedUser(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(bridge)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Logout())
-			imapWaiter.Wait()
+			smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
-			smtpWaiter.Wait()
+			require.NoError(t, err)
 			smtpClient.Close() //nolint:errcheck
 		})
 	})
 }
-func TestServerManager_ServersStopsAfterUserLogsOut(t *testing.T) {
+func TestServerManager_ServersKeepsRunningfterUserLogsOut(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(bridge)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 			imapWaiterStopped := waitForIMAPServerStopped(bridge)
 			defer imapWaiterStopped.Done()
 			require.NoError(t, bridge.LogoutUser(ctx, userID))
-			imapWaiterStopped.Wait()
+			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Logout())
 			smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 			require.NoError(t, err)
 			smtpClient.Close() //nolint:errcheck
 		})
 	})
 }
@ -89,22 +72,13 @@ func TestServerManager_ServersDoNotStopWhenThereIsStillOneActiveUser(t *testing.
 		_, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(bridge)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
 			userIDOther, err := bridge.LoginFull(ctx, otherUser, otherPassword, nil, nil)
 			require.NoError(t, err)
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 			evtCh, cancel := bridge.GetEvents(events.UserDeauth{})
 			defer cancel()
@ -115,38 +89,17 @@ func TestServerManager_ServersDoNotStopWhenThereIsStillOneActiveUser(t *testing.
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Logout())
 		})
 	})
 }
-func TestServerManager_ServersStartIfAtLeastOneUserIsLoggedIn(t *testing.T) {
+			smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 	otherPassword := []byte("bar")
 	otherUser := "foo"
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		userIDOther, _, err := s.CreateUser(otherUser, otherPassword)
 		require.NoError(t, err)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
-
+			smtpClient.Close() //nolint:errcheck
 			_, err = bridge.LoginFull(ctx, otherUser, otherPassword, nil, nil)
 			require.NoError(t, err)
 		})
 		require.NoError(t, s.RevokeUser(userIDOther))
 		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, imapClient.Logout())
 		})
 	})
 }
 func TestServerManager_NetworkLossStopsServers(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(bridge)
 			defer imapWaiter.Done()
@ -162,8 +115,13 @@ func TestServerManager_NetworkLossStopsServers(t *testing.T) {
 			_, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
-			imapWaiter.Wait()
+			imapClient, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
-			smtpWaiter.Wait()
+			require.NoError(t, err)
 			require.NoError(t, imapClient.Logout())
 			smtpClient, err := smtp.Dial(net.JoinHostPort(constants.Host, fmt.Sprint(bridge.GetSMTPPort())))
 			require.NoError(t, err)
 			smtpClient.Close() //nolint:errcheck
 			netCtl.Disable()
--- a/internal/bridge/settings.go
+++ b/internal/bridge/settings.go
@ -27,7 +27,6 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/userevents"
 	"github.com/ProtonMail/proton-bridge/v3/internal/updater"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/sirupsen/logrus"
 )
 func (bridge *Bridge) GetKeychainApp() (string, error) {
@ -134,7 +133,7 @@ func (bridge *Bridge) SetGluonDir(ctx context.Context, newGluonDir string) error
 	bridge.usersLock.RLock()
 	defer func() {
-		logrus.Info("Restarting user event loops")
+		logPkg.Info("Restarting user event loops")
 		for _, u := range bridge.users {
 			u.ResumeEventLoop()
 		}
@ -149,20 +148,20 @@ func (bridge *Bridge) SetGluonDir(ctx context.Context, newGluonDir string) error
 	waiters := make([]waiter, 0, len(bridge.users))
-	logrus.Info("Pausing user event loops for gluon dir change")
+	logPkg.Info("Pausing user event loops for gluon dir change")
 	for id, u := range bridge.users {
 		waiters = append(waiters, waiter{w: u.PauseEventLoopWithWaiter(), id: id})
 	}
-	logrus.Info("Waiting on user event loop completion")
+	logPkg.Info("Waiting on user event loop completion")
 	for _, waiter := range waiters {
 		if err := waiter.w.WaitPollFinished(ctx); err != nil {
-			logrus.WithError(err).Errorf("Failed to wait on event loop pause for user %v", waiter.id)
+			logPkg.WithError(err).Errorf("Failed to wait on event loop pause for user %v", waiter.id)
 			return fmt.Errorf("failed on event loop pause: %w", err)
 		}
 	}
-	logrus.Info("Changing gluon directory")
+	logPkg.Info("Changing gluon directory")
 	return bridge.serverManager.SetGluonDir(ctx, newGluonDir)
 }
@ -330,13 +329,13 @@ func (bridge *Bridge) FactoryReset(ctx context.Context) {
 	// Wipe the vault.
 	gluonCacheDir, err := bridge.locator.ProvideGluonCachePath()
 	if err != nil {
-		logrus.WithError(err).Error("Failed to provide gluon dir")
+		logPkg.WithError(err).Error("Failed to provide gluon dir")
 	} else if err := bridge.vault.Reset(gluonCacheDir); err != nil {
-		logrus.WithError(err).Error("Failed to reset vault")
+		logPkg.WithError(err).Error("Failed to reset vault")
 	}
 	// Lastly, delete all files except the vault.
 	if err := bridge.locator.Clear(bridge.vault.Path()); err != nil {
-		logrus.WithError(err).Error("Failed to clear data paths")
+		logPkg.WithError(err).Error("Failed to clear data paths")
 	}
 }
--- a/internal/bridge/settings_test.go
+++ b/internal/bridge/settings_test.go
@ -31,7 +31,7 @@ import (
 func TestBridge_Settings_GluonDir(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Create a user.
 			_, err := bridge.LoginFull(context.Background(), username, password, nil, nil)
 			require.NoError(t, err)
@ -57,7 +57,7 @@ func TestBridge_Settings_GluonDirWithOnGoingEvents(t *testing.T) {
 		userID, addrID, err := s.CreateUser("imap", password)
 		require.NoError(t, err)
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
@ -74,7 +74,7 @@ func TestBridge_Settings_GluonDirWithOnGoingEvents(t *testing.T) {
 			createNumMessages(ctx, t, c, addrID, labelID, 200)
 		})
-		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridgeWaitForServers(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Create a new location for the Gluon data.
 			newGluonDir := t.TempDir()
@ -93,7 +93,7 @@ func TestBridge_Settings_GluonDirWithOnGoingEvents(t *testing.T) {
 func TestBridge_Settings_IMAPPort(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			curPort := bridge.GetIMAPPort()
 			// Set the port to 1144.
@ -110,7 +110,7 @@ func TestBridge_Settings_IMAPPort(t *testing.T) {
 func TestBridge_Settings_IMAPSSL(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// By default, IMAP SSL is disabled.
 			require.False(t, bridge.GetIMAPSSL())
@ -125,7 +125,7 @@ func TestBridge_Settings_IMAPSSL(t *testing.T) {
 func TestBridge_Settings_SMTPPort(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			curPort := bridge.GetSMTPPort()
 			// Set the port to 1024.
@ -142,7 +142,7 @@ func TestBridge_Settings_SMTPPort(t *testing.T) {
 func TestBridge_Settings_SMTPSSL(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// By default, SMTP SSL is disabled.
 			require.False(t, bridge.GetSMTPSSL())
@ -198,7 +198,7 @@ func TestBridge_Settings_Autostart(t *testing.T) {
 func TestBridge_Settings_FirstStart(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// By default, first start is true.
 			require.True(t, bridge.GetFirstStart())
--- a/internal/bridge/sync_test.go
+++ b/internal/bridge/sync_test.go
@ -232,7 +232,7 @@ func TestBridge_SyncWithOngoingEvents(t *testing.T) {
 		var total uint64
 		// The initial user should be fully synced.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
@ -246,7 +246,7 @@ func TestBridge_SyncWithOngoingEvents(t *testing.T) {
 		})
 		// Now let's remove the user and stop the network at 2/3 of the data.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.NoError(t, bridge.DeleteUser(ctx, userID))
 		})
@ -254,7 +254,7 @@ func TestBridge_SyncWithOngoingEvents(t *testing.T) {
 		netCtl.SetReadLimit(2 * total / 3)
 		// Login the user; its sync should fail.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](b.GetEvents(events.SyncFinished{}))
 			defer done()
@ -592,7 +592,7 @@ func TestBridge_CorruptedVaultClearsPreviousIMAPSyncState(t *testing.T) {
 			createNumMessages(ctx, t, c, addrID, labelID, 100)
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			defer done()
@ -625,7 +625,7 @@ func TestBridge_CorruptedVaultClearsPreviousIMAPSyncState(t *testing.T) {
 		require.NoError(t, os.WriteFile(filepath.Join(settingsPath, "vault.enc"), []byte("Trash!"), 0o600))
 		// Bridge starts but can't find the gluon database dir; there should be no error.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			_, err := bridge.LoginFull(context.Background(), "imap", password, nil, nil)
 			require.NoError(t, err)
 		})
--- a/internal/bridge/types.go
+++ b/internal/bridge/types.go
@ -33,6 +33,8 @@ type Locator interface {
 	GetDependencyLicensesLink() string
 	Clear(...string) error
 	ProvideIMAPSyncConfigPath() (string, error)
 	ProvideUnleashCachePath() (string, error)
 	ProvideNotificationsCachePath() (string, error)
 }
 type ProxyController interface {
--- a/internal/bridge/unleash_test.go
+++ b/internal/bridge/unleash_test.go
@ -0,0 +1,90 @@
 // Copyright (c) 2024 Proton AG
 //
 // This file is part of Proton Mail Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 package bridge_test
 import (
 	"context"
 	"testing"
 	"time"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/go-proton-api/server"
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/unleash"
 	"github.com/stretchr/testify/require"
 )
 func Test_UnleashService(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		unleash.ModifyPollPeriodAndJitter(500*time.Millisecond, 0)
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			// Initial startup assumes there is no cached feature flags.
 			require.Equal(t, b.GetFeatureFlagValue("test-1"), false)
 			require.Equal(t, b.GetFeatureFlagValue("test-2"), false)
 			require.Equal(t, b.GetFeatureFlagValue("test-3"), false)
 			s.PushFeatureFlag("test-1")
 			s.PushFeatureFlag("test-2")
 			// Wait for poll.
 			time.Sleep(time.Millisecond * 700)
 			require.Equal(t, b.GetFeatureFlagValue("test-1"), true)
 			require.Equal(t, b.GetFeatureFlagValue("test-2"), true)
 			require.Equal(t, b.GetFeatureFlagValue("test-3"), false)
 			s.PushFeatureFlag("test-3")
 			time.Sleep(time.Millisecond * 700) // Wait for poll again
 			require.Equal(t, b.GetFeatureFlagValue("test-1"), true)
 			require.Equal(t, b.GetFeatureFlagValue("test-2"), true)
 			require.Equal(t, b.GetFeatureFlagValue("test-3"), true)
 		})
 		// Wait for Bridge to close.
 		time.Sleep(time.Millisecond * 500)
 		// Second instance should have a feature flag cache file available. Therefore, all of the flags should evaluate to true on startup.
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(b *bridge.Bridge, _ *bridge.Mocks) {
 			require.Equal(t, b.GetFeatureFlagValue("test-1"), true)
 			require.Equal(t, b.GetFeatureFlagValue("test-2"), true)
 			require.Equal(t, b.GetFeatureFlagValue("test-3"), true)
 			s.DeleteFeatureFlags()
 			require.Equal(t, b.GetFeatureFlagValue("test-1"), true)
 			require.Equal(t, b.GetFeatureFlagValue("test-2"), true)
 			require.Equal(t, b.GetFeatureFlagValue("test-3"), true)
 			time.Sleep(time.Millisecond * 700)
 			require.Equal(t, b.GetFeatureFlagValue("test-1"), false)
 			require.Equal(t, b.GetFeatureFlagValue("test-2"), false)
 			require.Equal(t, b.GetFeatureFlagValue("test-3"), false)
 			s.PushFeatureFlag("test-3")
 			require.Equal(t, b.GetFeatureFlagValue("test-1"), false)
 			require.Equal(t, b.GetFeatureFlagValue("test-2"), false)
 			require.Equal(t, b.GetFeatureFlagValue("test-3"), false)
 			time.Sleep(time.Millisecond * 700)
 			require.Equal(t, b.GetFeatureFlagValue("test-1"), false)
 			require.Equal(t, b.GetFeatureFlagValue("test-2"), false)
 			require.Equal(t, b.GetFeatureFlagValue("test-3"), true)
 		})
 	})
 }
--- a/internal/bridge/updates.go
+++ b/internal/bridge/updates.go
@ -21,6 +21,7 @@ import (
 	"context"
 	"errors"
 	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/updater"
@ -115,6 +116,17 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 		err := bridge.updater.InstallUpdate(ctx, bridge.api, job.version)
 		switch {
 		case errors.Is(err, updater.ErrDownloadVerify):
 			// BRIDGE-207: if download or verification fails, we do not want to trigger a manual update. We report in the log and to Sentry
 			// and we fail silently.
 			log.WithError(err).Error("The update could not be installed, but we will fail silently")
 			if reporterErr := bridge.reporter.ReportMessageWithContext(
 				"Cannot download or verify update",
 				reporter.Context{"error": err},
 			); reporterErr != nil {
 				log.WithError(reporterErr).Error("Failed to report update error")
 			}
 		case errors.Is(err, updater.ErrUpdateAlreadyInstalled):
 			log.Info("The update was already installed")
--- a/internal/bridge/user.go
+++ b/internal/bridge/user.go
@ -28,6 +28,7 @@ import (
 	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/hv"
 	"github.com/ProtonMail/proton-bridge/v3/internal/logging"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/imapservice"
@ -38,6 +39,8 @@ import (
 	"github.com/sirupsen/logrus"
 )
 var logUser = logrus.WithField("pkg", "bridge/user") //nolint:gochecknoglobals
 type UserState int
 const (
@ -121,23 +124,28 @@ func (bridge *Bridge) QueryUserInfo(query string) (UserInfo, error) {
 }
 // LoginAuth begins the login process. It returns an authorized client that might need 2FA.
-func (bridge *Bridge) LoginAuth(ctx context.Context, username string, password []byte) (*proton.Client, proton.Auth, error) {
+func (bridge *Bridge) LoginAuth(ctx context.Context, username string, password []byte, hvDetails *proton.APIHVDetails) (*proton.Client, proton.Auth, error) {
-	logrus.WithField("username", logging.Sensitive(username)).Info("Authorizing user for login")
+	logUser.WithField("username", logging.Sensitive(username)).Info("Authorizing user for login")
 	if username == "crash@bandicoot" {
 		panic("Your wish is my command.. I crash!")
 	}
-
+	client, auth, err := bridge.api.NewClientWithLoginWithHVToken(ctx, username, password, hvDetails)
 	client, auth, err := bridge.api.NewClientWithLogin(ctx, username, password)
 	if err != nil {
 		if hv.IsHvRequest(err) {
 			logUser.WithFields(logrus.Fields{"username": logging.Sensitive(username),
 				"loginError": err.Error()}).Info("Human Verification requested for login")
 			return nil, proton.Auth{}, err
 		}
 		return nil, proton.Auth{}, fmt.Errorf("failed to create new API client: %w", err)
 	}
 	if ok := safe.RLockRet(func() bool { return mapHas(bridge.users, auth.UserID) }, bridge.usersLock); ok {
-		logrus.WithField("userID", auth.UserID).Warn("User already logged in")
+		logUser.WithField("userID", auth.UserID).Warn("User already logged in")
 		if err := client.AuthDelete(ctx); err != nil {
-			logrus.WithError(err).Warn("Failed to delete auth")
+			logUser.WithError(err).Warn("Failed to delete auth")
 		}
 		return nil, proton.Auth{}, ErrUserAlreadyLoggedIn
@ -152,12 +160,13 @@ func (bridge *Bridge) LoginUser(
 	client *proton.Client,
 	auth proton.Auth,
 	keyPass []byte,
 	hvDetails *proton.APIHVDetails,
 ) (string, error) {
-	logrus.WithField("userID", auth.UserID).Info("Logging in authorized user")
+	logUser.WithField("userID", auth.UserID).Info("Logging in authorized user")
 	userID, err := try.CatchVal(
 		func() (string, error) {
-			return bridge.loginUser(ctx, client, auth.UID, auth.RefreshToken, keyPass)
+			return bridge.loginUser(ctx, client, auth.UID, auth.RefreshToken, keyPass, hvDetails)
 		},
 	)
@ -165,7 +174,7 @@ func (bridge *Bridge) LoginUser(
 		// Failure to unlock will allow retries, so we do not delete auth.
 		if !errors.Is(err, ErrFailedToUnlock) {
 			if deleteErr := client.AuthDelete(ctx); deleteErr != nil {
-				logrus.WithError(deleteErr).Error("Failed to delete auth")
+				logUser.WithError(deleteErr).Error("Failed to delete auth")
 			}
 		}
 		return "", fmt.Errorf("failed to login user: %w", err)
@ -188,15 +197,16 @@ func (bridge *Bridge) LoginFull(
 	getTOTP func() (string, error),
 	getKeyPass func() ([]byte, error),
 ) (string, error) {
-	logrus.WithField("username", logging.Sensitive(username)).Info("Performing full user login")
+	logUser.WithField("username", logging.Sensitive(username)).Info("Performing full user login")
-	client, auth, err := bridge.LoginAuth(ctx, username, password)
+	// (atanas) the following may need to be modified once HV is merged (its used only for testing; and depends on whether we will test HV related logic)
 	client, auth, err := bridge.LoginAuth(ctx, username, password, nil)
 	if err != nil {
 		return "", fmt.Errorf("failed to begin login process: %w", err)
 	}
 	if auth.TwoFA.Enabled&proton.HasTOTP != 0 {
-		logrus.WithField("userID", auth.UserID).Info("Requesting TOTP")
+		logUser.WithField("userID", auth.UserID).Info("Requesting TOTP")
 		totp, err := getTOTP()
 		if err != nil {
@ -211,7 +221,7 @@ func (bridge *Bridge) LoginFull(
 	var keyPass []byte
 	if auth.PasswordMode == proton.TwoPasswordMode {
-		logrus.WithField("userID", auth.UserID).Info("Requesting mailbox password")
+		logUser.WithField("userID", auth.UserID).Info("Requesting mailbox password")
 		userKeyPass, err := getKeyPass()
 		if err != nil {
@ -223,10 +233,10 @@ func (bridge *Bridge) LoginFull(
 		keyPass = password
 	}
-	userID, err := bridge.LoginUser(ctx, client, auth, keyPass)
+	userID, err := bridge.LoginUser(ctx, client, auth, keyPass, nil)
 	if err != nil {
 		if deleteErr := client.AuthDelete(ctx); deleteErr != nil {
-			logrus.WithError(err).Error("Failed to delete auth")
+			logUser.WithError(err).Error("Failed to delete auth")
 		}
 		return "", err
@ -237,7 +247,7 @@ func (bridge *Bridge) LoginFull(
 // LogoutUser logs out the given user.
 func (bridge *Bridge) LogoutUser(ctx context.Context, userID string) error {
-	logrus.WithField("userID", userID).Info("Logging out user")
+	logUser.WithField("userID", userID).Info("Logging out user")
 	return safe.LockRet(func() error {
 		user, ok := bridge.users[userID]
@ -257,7 +267,7 @@ func (bridge *Bridge) LogoutUser(ctx context.Context, userID string) error {
 // DeleteUser deletes the given user.
 func (bridge *Bridge) DeleteUser(ctx context.Context, userID string) error {
-	logrus.WithField("userID", userID).Info("Deleting user")
+	logUser.WithField("userID", userID).Info("Deleting user")
 	syncConfigDir, err := bridge.locator.ProvideIMAPSyncConfigPath()
 	if err != nil {
@ -278,7 +288,7 @@ func (bridge *Bridge) DeleteUser(ctx context.Context, userID string) error {
 		}
 		if err := bridge.vault.DeleteUser(userID); err != nil {
-			logrus.WithError(err).Error("Failed to delete vault user")
+			logUser.WithError(err).Error("Failed to delete vault user")
 		}
 		bridge.publish(events.UserDeleted{
@ -291,7 +301,7 @@ func (bridge *Bridge) DeleteUser(ctx context.Context, userID string) error {
 // SetAddressMode sets the address mode for the given user.
 func (bridge *Bridge) SetAddressMode(ctx context.Context, userID string, mode vault.AddressMode) error {
-	logrus.WithField("userID", userID).WithField("mode", mode).Info("Setting address mode")
+	logUser.WithField("userID", userID).WithField("mode", mode).Info("Setting address mode")
 	return safe.RLockRet(func() error {
 		user, ok := bridge.users[userID]
@ -327,7 +337,7 @@ func (bridge *Bridge) SetAddressMode(ctx context.Context, userID string, mode va
 // SendBadEventUserFeedback passes the feedback to the given user.
 func (bridge *Bridge) SendBadEventUserFeedback(_ context.Context, userID string, doResync bool) error {
-	logrus.WithField("userID", userID).WithField("doResync", doResync).Info("Passing bad event feedback to user")
+	logUser.WithField("userID", userID).WithField("doResync", doResync).Info("Passing bad event feedback to user")
 	return safe.RLockRet(func() error {
 		ctx := context.Background()
@ -338,30 +348,16 @@ func (bridge *Bridge) SendBadEventUserFeedback(_ context.Context, userID string,
 				"Failed to handle event: feedback failed: no such user",
 				reporter.Context{"user_id": userID},
 			); rerr != nil {
-				logrus.WithError(rerr).Error("Failed to report feedback failure")
+				logUser.WithError(rerr).Error("Failed to report feedback failure")
 			}
 			return ErrNoSuchUser
 		}
 		if doResync {
 			if rerr := bridge.reporter.ReportMessageWithContext(
 				"Failed to handle event: feedback resync",
 				reporter.Context{"user_id": userID},
 			); rerr != nil {
 				logrus.WithError(rerr).Error("Failed to report feedback failure")
 			}
 			return user.BadEventFeedbackResync(ctx)
 		}
 		if rerr := bridge.reporter.ReportMessageWithContext(
 			"Failed to handle event: feedback logout",
 			reporter.Context{"user_id": userID},
 		); rerr != nil {
 			logrus.WithError(rerr).Error("Failed to report feedback failure")
 		}
 		bridge.logoutUser(ctx, user, true, false, false)
 		bridge.publish(events.UserLoggedOut{
@ -372,8 +368,8 @@ func (bridge *Bridge) SendBadEventUserFeedback(_ context.Context, userID string,
 	}, bridge.usersLock)
 }
-func (bridge *Bridge) loginUser(ctx context.Context, client *proton.Client, authUID, authRef string, keyPass []byte) (string, error) {
+func (bridge *Bridge) loginUser(ctx context.Context, client *proton.Client, authUID, authRef string, keyPass []byte, hvDetails *proton.APIHVDetails) (string, error) {
-	apiUser, err := client.GetUser(ctx)
+	apiUser, err := client.GetUserWithHV(ctx, hvDetails)
 	if err != nil {
 		return "", fmt.Errorf("failed to get API user: %w", err)
 	}
@ -403,11 +399,11 @@ func (bridge *Bridge) loginUser(ctx context.Context, client *proton.Client, auth
 // loadUsers tries to load each user in the vault that isn't already loaded.
 func (bridge *Bridge) loadUsers(ctx context.Context) error {
-	logrus.WithField("count", len(bridge.vault.GetUserIDs())).Info("Loading users")
+	logUser.WithField("count", len(bridge.vault.GetUserIDs())).Info("Loading users")
-	defer logrus.Info("Finished loading users")
+	defer logUser.Info("Finished loading users")
 	return bridge.vault.ForUser(runtime.NumCPU(), func(user *vault.User) error {
-		log := logrus.WithField("userID", user.UserID())
+		log := logUser.WithField("userID", user.UserID())
 		if user.AuthUID() == "" {
 			log.Info("User is not connected (skipping)")
@ -451,7 +447,7 @@ func (bridge *Bridge) loadUser(ctx context.Context, user *vault.User) error {
 		if apiErr := new(proton.APIError); errors.As(err, &apiErr) && (apiErr.Code == proton.AuthRefreshTokenInvalid) {
 			// The session cannot be refreshed, we sign out the user by clearing his auth secrets.
 			if err := user.Clear(); err != nil {
-				logrus.WithError(err).Warn("Failed to clear user secrets")
+				logUser.WithError(err).Warn("Failed to clear user secrets")
 			}
 		}
@ -496,24 +492,24 @@ func (bridge *Bridge) addUser(
 	if err := bridge.addUserWithVault(ctx, client, apiUser, vaultUser, isNew); err != nil {
 		if _, ok := err.(*resty.ResponseError); ok || isLogin {
-			logrus.WithError(err).Error("Failed to add user, clearing its secrets from vault")
+			logUser.WithError(err).Error("Failed to add user, clearing its secrets from vault")
 			if err := vaultUser.Clear(); err != nil {
-				logrus.WithError(err).Error("Failed to clear user secrets")
+				logUser.WithError(err).Error("Failed to clear user secrets")
 			}
 		} else {
-			logrus.WithError(err).Error("Failed to add user")
+			logUser.WithError(err).Error("Failed to add user")
 		}
 		if err := vaultUser.Close(); err != nil {
-			logrus.WithError(err).Error("Failed to close vault user")
+			logUser.WithError(err).Error("Failed to close vault user")
 		}
 		if isNew {
-			logrus.Warn("Deleting newly added vault user")
+			logUser.Warn("Deleting newly added vault user")
 			if err := bridge.vault.DeleteUser(apiUser.ID); err != nil {
-				logrus.WithError(err).Error("Failed to delete vault user")
+				logUser.WithError(err).Error("Failed to delete vault user")
 			}
 		}
@ -556,8 +552,11 @@ func (bridge *Bridge) addUserWithVault(
 		bridge.serverManager,
 		&bridgeEventSubscription{b: bridge},
 		bridge.syncService,
 		bridge.observabilityService,
 		syncSettingsPath,
 		isNew,
 		bridge.notificationStore,
 		bridge.unleashService.GetFlagValue,
 	)
 	if err != nil {
 		return fmt.Errorf("failed to create user: %w", err)
@ -567,7 +566,7 @@ func (bridge *Bridge) addUserWithVault(
 	// For example, if the user's addresses change, we need to update them in gluon.
 	bridge.tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, user.GetEventCh(), func(event events.Event) {
-			logrus.WithFields(logrus.Fields{
+			logUser.WithFields(logrus.Fields{
 				"userID": apiUser.ID,
 				"event":  event,
 			}).Debug("Received user event")
@ -596,6 +595,8 @@ func (bridge *Bridge) addUserWithVault(
 	// As we need at least one user to send heartbeat, try to send it.
 	bridge.heartbeat.start()
 	user.PublishEvent(ctx, events.UserLoadedCheckResync{UserID: user.ID()})
 	return nil
 }
@ -618,14 +619,14 @@ func (bridge *Bridge) logoutUser(ctx context.Context, user *user.User, withAPI,
 		user.SendConfigStatusAbort(ctx, withTelemetry)
 	}
-	logrus.WithFields(logrus.Fields{
+	logUser.WithFields(logrus.Fields{
 		"userID":   user.ID(),
 		"withAPI":  withAPI,
 		"withData": withData,
 	}).Debug("Logging out user")
 	if err := user.Logout(ctx, withAPI); err != nil {
-		logrus.WithError(err).Error("Failed to logout user")
+		logUser.WithError(err).Error("Failed to logout user")
 	}
 	bridge.heartbeat.SetNbAccount(len(bridge.users))
--- a/internal/bridge/user_event_test.go
+++ b/internal/bridge/user_event_test.go
@ -62,7 +62,7 @@ func TestBridge_User_RefreshEvent(t *testing.T) {
 			messageIDs = createNumMessages(ctx, t, c, addrID, labelID, 10)
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 		})
@ -73,7 +73,7 @@ func TestBridge_User_RefreshEvent(t *testing.T) {
 		require.NoError(t, s.RefreshUser(userID, proton.RefreshMail))
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			syncCh, closeCh := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 			require.Equal(t, userID, (<-syncCh).UserID)
@ -82,7 +82,7 @@ func TestBridge_User_RefreshEvent(t *testing.T) {
 			userContinueEventProcess(ctx, t, s, bridge)
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			withClient(ctx, t, s, "user", password, func(ctx context.Context, c *proton.Client) {
 				createNumMessages(ctx, t, c, addrID, labelID, 10)
 			})
@ -139,9 +139,6 @@ func test_badMessage_badEvent(userFeedback func(t *testing.T, ctx context.Contex
 			})
 			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 				smtpWaiter := waitForSMTPServerReady(bridge)
 				defer smtpWaiter.Done()
 				userLoginAndSync(ctx, t, bridge, "user", password)
 				var messageIDs []string
@ -177,8 +174,6 @@ func test_badMessage_badEvent(userFeedback func(t *testing.T, ctx context.Contex
 				userFeedback(t, ctx, bridge, badUserID)
 				smtpWaiter.Wait()
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
 		})
@ -196,10 +191,7 @@ func TestBridge_User_BadMessage_NoBadEvent(t *testing.T) {
 			createNumMessages(ctx, t, c, addrID, proton.InboxLabel, 10)
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			userLoginAndSync(ctx, t, bridge, "user", password)
 			var messageIDs []string
@ -223,7 +215,6 @@ func TestBridge_User_BadMessage_NoBadEvent(t *testing.T) {
 				require.NoError(t, c.DeleteMessage(ctx, messageIDs...))
 			})
 			smtpWaiter.Wait()
 			userContinueEventProcess(ctx, t, s, bridge)
 		})
 	})
@ -377,7 +368,7 @@ func TestBridge_User_Network_NoBadEvents(t *testing.T) {
 		_, addrID, err := s.CreateUser("user", password)
 		require.NoError(t, err)
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 			// Create 10 more messages for the user, generating events.
@ -463,7 +454,7 @@ func TestBridge_User_UpdateDraft(t *testing.T) {
 		require.NoError(t, err)
 		// Initially sync the user.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 		})
@ -496,7 +487,7 @@ func TestBridge_User_UpdateDraft(t *testing.T) {
 			require.Empty(t, draft.ReplyTos)
 			// Process those events
-			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
@ -522,7 +513,7 @@ func TestBridge_User_UpdateDraftAndCreateOtherMessage(t *testing.T) {
 		require.NoError(t, err)
 		// Initially sync the user.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 		})
@ -554,7 +545,7 @@ func TestBridge_User_UpdateDraftAndCreateOtherMessage(t *testing.T) {
 			require.NoError(t, err)
 			// Process those events
-			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
@ -582,7 +573,7 @@ func TestBridge_User_UpdateDraftAndCreateOtherMessage(t *testing.T) {
 			require.NoError(t, err)
 			// Process those events.
-			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
@ -590,7 +581,7 @@ func TestBridge_User_UpdateDraftAndCreateOtherMessage(t *testing.T) {
 			require.NoError(t, c.MarkMessagesUnread(ctx, res[0].MessageID))
 			// Process those events.
-			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 			})
 		})
@ -604,7 +595,7 @@ func TestBridge_User_SendDraftRemoveDraftFlag(t *testing.T) {
 		require.NoError(t, err)
 		// Initially sync the user.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 		})
@ -637,7 +628,7 @@ func TestBridge_User_SendDraftRemoveDraftFlag(t *testing.T) {
 			require.NoError(t, err)
 			// Process those events
-			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 				info, err := bridge.QueryUserInfo("user")
@ -676,7 +667,7 @@ func TestBridge_User_SendDraftRemoveDraftFlag(t *testing.T) {
 			}
 			// Process those events; the draft will move to the sent folder and lose the draft flag.
-			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 				userContinueEventProcess(ctx, t, s, bridge)
 				info, err := bridge.QueryUserInfo("user")
@ -706,7 +697,7 @@ func TestBridge_User_DisableEnableAddress(t *testing.T) {
 		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password)
 		require.NoError(t, err)
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.NoError(t, getErr(bridge.LoginFull(ctx, "user", password, nil, nil)))
 			// Initially we should list the address.
@ -720,7 +711,7 @@ func TestBridge_User_DisableEnableAddress(t *testing.T) {
 			require.NoError(t, c.DisableAddress(ctx, aliasID))
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Eventually we shouldn't list the address.
 			require.Eventually(t, func() bool {
 				info, err := bridge.QueryUserInfo("user")
@ -735,7 +726,7 @@ func TestBridge_User_DisableEnableAddress(t *testing.T) {
 			require.NoError(t, c.EnableAddress(ctx, aliasID))
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Eventually we should list the address.
 			require.Eventually(t, func() bool {
 				info, err := bridge.QueryUserInfo("user")
@ -762,7 +753,7 @@ func TestBridge_User_CreateDisabledAddress(t *testing.T) {
 			require.NoError(t, c.DisableAddress(ctx, aliasID))
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.NoError(t, getErr(bridge.LoginFull(ctx, "user", password, nil, nil)))
 			// Initially we shouldn't list the address.
@ -775,21 +766,12 @@ func TestBridge_User_CreateDisabledAddress(t *testing.T) {
 func TestBridge_User_HandleParentLabelRename(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			imapWaiter := waitForIMAPServerReady(bridge)
 			defer imapWaiter.Done()
 			smtpWaiter := waitForSMTPServerReady(bridge)
 			defer smtpWaiter.Done()
 			require.NoError(t, getErr(bridge.LoginFull(ctx, username, password, nil, nil)))
 			info, err := bridge.QueryUserInfo(username)
 			require.NoError(t, err)
 			imapWaiter.Wait()
 			smtpWaiter.Wait()
 			cli, err := eventuallyDial(fmt.Sprintf("%v:%v", constants.Host, bridge.GetIMAPPort()))
 			require.NoError(t, err)
 			require.NoError(t, cli.Login(info.Addresses[0], string(info.BridgePass)))
--- a/internal/bridge/user_events.go
+++ b/internal/bridge/user_events.go
@ -36,8 +36,8 @@ func (bridge *Bridge) handleUserEvent(ctx context.Context, user *user.User, even
 	case events.UserBadEvent:
 		bridge.handleUserBadEvent(ctx, user, event)
-	case events.UncategorizedEventError:
+	case events.UserLoadedCheckResync:
-		bridge.handleUncategorizedErrorEvent(event)
+		user.VerifyResyncAndExecute()
 	}
 }
@ -58,18 +58,9 @@ func (bridge *Bridge) handleUserBadEvent(ctx context.Context, user *user.User, e
 			"error":        event.Error,
 			"error_type":   internal.ErrCauseType(event.Error),
 		}); rerr != nil {
-			logrus.WithError(rerr).Error("Failed to report failed event handling")
+			logrus.WithField("pkg", "bridge/event").WithError(rerr).Error("Failed to report failed event handling")
 		}
 		user.OnBadEvent(ctx)
 	}, bridge.usersLock)
 }
 func (bridge *Bridge) handleUncategorizedErrorEvent(event events.UncategorizedEventError) {
 	if rerr := bridge.reporter.ReportMessageWithContext("Failed to handle due to uncategorized error", reporter.Context{
 		"error_type": internal.ErrCauseType(event.Error),
 		"error":      event.Error,
 	}); rerr != nil {
 		logrus.WithError(rerr).Error("Failed to report failed event handling")
 	}
 }
--- a/internal/bridge/user_test.go
+++ b/internal/bridge/user_test.go
@ -35,12 +35,12 @@ import (
 func TestBridge_WithoutUsers(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.Empty(t, bridge.GetUserIDs())
 			require.Empty(t, getConnectedUserIDs(t, bridge))
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.Empty(t, bridge.GetUserIDs())
 			require.Empty(t, getConnectedUserIDs(t, bridge))
 		})
@ -49,7 +49,7 @@ func TestBridge_WithoutUsers(t *testing.T) {
 func TestBridge_Login(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
@ -69,7 +69,7 @@ func TestBridge_Login_DropConn(t *testing.T) {
 	defer func() { _ = dropListener.Close() }()
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
@ -96,7 +96,7 @@ func TestBridge_Login_DropConn(t *testing.T) {
 			return 0, false
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// The user is eventually connected.
 			require.Eventually(t, func() bool {
 				return len(bridge.GetUserIDs()) == 1 && len(getConnectedUserIDs(t, bridge)) == 1
@ -107,7 +107,7 @@ func TestBridge_Login_DropConn(t *testing.T) {
 func TestBridge_LoginTwice(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
@ -125,7 +125,7 @@ func TestBridge_LoginTwice(t *testing.T) {
 func TestBridge_LoginLogoutLogin(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID := must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -153,7 +153,7 @@ func TestBridge_LoginLogoutLogin(t *testing.T) {
 func TestBridge_LoginDeleteLogin(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID := must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -181,7 +181,7 @@ func TestBridge_LoginDeleteLogin(t *testing.T) {
 func TestBridge_LoginDeauthLogin(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID := must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -215,7 +215,7 @@ func TestBridge_LoginDeauthRestartLogin(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		var userID string
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID = must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -235,7 +235,7 @@ func TestBridge_LoginDeauthRestartLogin(t *testing.T) {
 			require.IsType(t, events.UserDeauth{}, <-eventCh)
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// The user should be disconnected at startup.
 			require.Equal(t, []string{userID}, bridge.GetUserIDs())
 			require.Empty(t, getConnectedUserIDs(t, bridge))
@ -257,7 +257,7 @@ func TestBridge_LoginExpireLogin(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		s.SetAuthLife(authLife)
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user. Its auth will only be valid for a short time.
 			userID := must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -275,7 +275,7 @@ func TestBridge_FailToLoad(t *testing.T) {
 		var userID string
 		// Login the user.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userID = must(bridge.LoginFull(ctx, username, password, nil, nil))
 		})
@ -283,7 +283,7 @@ func TestBridge_FailToLoad(t *testing.T) {
 		require.NoError(t, s.RevokeUser(userID))
 		// When bridge starts, the user will not be logged in.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.Equal(t, []string{userID}, bridge.GetUserIDs())
 			require.Empty(t, getConnectedUserIDs(t, bridge))
 		})
@ -295,7 +295,7 @@ func TestBridge_LoadWithoutInternet(t *testing.T) {
 		var userID string
 		// Login the user.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userID = must(bridge.LoginFull(ctx, username, password, nil, nil))
 		})
@ -303,7 +303,7 @@ func TestBridge_LoadWithoutInternet(t *testing.T) {
 		netCtl.Disable()
 		// Start bridge without internet.
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Initially, users are not connected.
 			require.Equal(t, []string{userID}, bridge.GetUserIDs())
 			require.Empty(t, getConnectedUserIDs(t, bridge))
@ -325,11 +325,11 @@ func TestBridge_LoginRestart(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		var userID string
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userID = must(bridge.LoginFull(ctx, username, password, nil, nil))
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			require.Equal(t, []string{userID}, bridge.GetUserIDs())
 			require.Equal(t, []string{userID}, getConnectedUserIDs(t, bridge))
 		})
@ -340,7 +340,7 @@ func TestBridge_LoginLogoutRestart(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		var userID string
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID = must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -348,7 +348,7 @@ func TestBridge_LoginLogoutRestart(t *testing.T) {
 			require.NoError(t, bridge.LogoutUser(ctx, userID))
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// The user is still disconnected.
 			require.Equal(t, []string{userID}, bridge.GetUserIDs())
 			require.Empty(t, getConnectedUserIDs(t, bridge))
@ -360,7 +360,7 @@ func TestBridge_LoginDeleteRestart(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		var userID string
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID = must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -368,7 +368,7 @@ func TestBridge_LoginDeleteRestart(t *testing.T) {
 			require.NoError(t, bridge.DeleteUser(ctx, userID))
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// The user is still gone.
 			require.Empty(t, bridge.GetUserIDs())
 			require.Empty(t, getConnectedUserIDs(t, bridge))
@ -384,7 +384,7 @@ func TestBridge_FailLoginRecover(t *testing.T) {
 				// Log the user in, wait for it to sync, then log it out.
 				// (We don't want to count message sync data in the test.)
-				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 					syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 					defer done()
@ -396,7 +396,7 @@ func TestBridge_FailLoginRecover(t *testing.T) {
 				var total uint64
 				// Now that the user is synced, we can measure exactly how much data is needed during login.
-				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 					total = countBytesRead(netCtl, func() {
 						must(bridge.LoginFull(ctx, username, password, nil, nil))
 					})
@ -405,7 +405,7 @@ func TestBridge_FailLoginRecover(t *testing.T) {
 				})
 				// Now simulate failing to login.
-				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 					// Simulate a partial read.
 					netCtl.SetReadLimit(i * total / 10)
@ -421,7 +421,7 @@ func TestBridge_FailLoginRecover(t *testing.T) {
 				netCtl.SetReadLimit(0)
 				// We should now be able to log the user in.
-				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 					require.NoError(t, getErr(bridge.LoginFull(ctx, username, password, nil, nil)))
 					// The user should be there, now connected.
@ -441,7 +441,7 @@ func TestBridge_FailLoadRecover(t *testing.T) {
 				// Log the user in and wait for it to sync.
 				// (We don't want to count message sync data in the test.)
-				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 					syncCh, done := chToType[events.Event, events.SyncFinished](bridge.GetEvents(events.SyncFinished{}))
 					defer done()
@ -451,7 +451,7 @@ func TestBridge_FailLoadRecover(t *testing.T) {
 				// See how much data it takes to load the user at startup.
 				total := countBytesRead(netCtl, func() {
-					withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+					withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(_ *bridge.Bridge, _ *bridge.Mocks) {
 						// ...
 					})
 				})
@ -460,7 +460,7 @@ func TestBridge_FailLoadRecover(t *testing.T) {
 				netCtl.SetReadLimit(i * total / 10)
 				// We should fail to load the user; it should be listed but disconnected.
-				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 					require.Equal(t, []string{userID}, bridge.GetUserIDs())
 					require.Empty(t, getConnectedUserIDs(t, bridge))
 				})
@ -469,7 +469,7 @@ func TestBridge_FailLoadRecover(t *testing.T) {
 				netCtl.SetReadLimit(0)
 				// We should now be able to load the user.
-				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+				withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 					require.Equal(t, []string{userID}, bridge.GetUserIDs())
 					require.Equal(t, []string{userID}, getConnectedUserIDs(t, bridge))
 				})
@ -484,7 +484,7 @@ func TestBridge_BridgePass(t *testing.T) {
 		var pass []byte
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID = must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -501,7 +501,7 @@ func TestBridge_BridgePass(t *testing.T) {
 			require.Equal(t, pass, pass)
 		})
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// The bridge should load the user.
 			require.Equal(t, []string{userID}, bridge.GetUserIDs())
 			require.Equal(t, []string{userID}, getConnectedUserIDs(t, bridge))
@ -514,7 +514,7 @@ func TestBridge_BridgePass(t *testing.T) {
 func TestBridge_AddressMode(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
@ -552,7 +552,7 @@ func TestBridge_AddressMode(t *testing.T) {
 func TestBridge_LoginLogoutRepeated(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			for i := 0; i < 10; i++ {
 				// Log the user in.
 				userID := must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -568,7 +568,7 @@ func TestBridge_LogoutOffline(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		var userID string
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID = must(bridge.LoginFull(ctx, username, password, nil, nil))
@ -590,7 +590,7 @@ func TestBridge_LogoutOffline(t *testing.T) {
 		// Go back online.
 		netCtl.Enable()
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// The user is still disconnected.
 			require.Equal(t, []string{userID}, bridge.GetUserIDs())
 			require.Empty(t, getConnectedUserIDs(t, bridge))
@ -600,7 +600,7 @@ func TestBridge_LogoutOffline(t *testing.T) {
 func TestBridge_DeleteDisconnected(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
@ -628,7 +628,7 @@ func TestBridge_DeleteDisconnected(t *testing.T) {
 func TestBridge_DeleteOffline(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Login the user.
 			userID, err := bridge.LoginFull(ctx, username, password, nil, nil)
 			require.NoError(t, err)
@ -652,7 +652,7 @@ func TestBridge_DeleteOffline(t *testing.T) {
 func TestBridge_UserInfo_Alias(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Create a new user.
 			userID, _, err := s.CreateUser("primary", []byte("password"))
 			require.NoError(t, err)
@ -675,7 +675,7 @@ func TestBridge_UserInfo_Alias(t *testing.T) {
 func TestBridge_User_Refresh(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			// Get a channel of sync started events.
 			syncStartCh, done := chToType[events.Event, events.SyncStarted](bridge.GetEvents(events.SyncStarted{}))
 			defer done()
--- a/internal/configstatus/config_status.go
+++ b/internal/configstatus/config_status.go
@ -96,7 +96,7 @@ func (status *ConfigurationStatus) IsPending() bool {
 }
 func (status *ConfigurationStatus) isPendingSinceMin() int {
-	if min := int(time.Since(status.Data.DataV1.PendingSince).Minutes()); min > 0 {
+	if min := int(time.Since(status.Data.DataV1.PendingSince).Minutes()); min > 0 { //nolint:predeclared
 		return min
 	}
 	return 0
@ -211,7 +211,7 @@ func (data *ConfigurationStatusData) clickedLinkToString() string {
 	var str = ""
 	var first = true
 	for i := 0; i < 64; i++ {
-		if data.hasLinkClicked(uint64(i)) {
+		if data.hasLinkClicked(uint64(i)) { //nolint:gosec // disable G115
 			if !first {
 				str += ","
 			} else {
--- a/internal/configstatus/configuration_progress_test.go
+++ b/internal/configstatus/configuration_progress_test.go
@ -95,6 +95,6 @@ func TestConfigurationProgress_fed_year_change(t *testing.T) {
 	require.Equal(t, "bridge.any.configuration", req.MeasurementGroup)
 	require.Equal(t, "bridge_config_progress", req.Event)
-	require.Equal(t, 370, req.Values.NbDay)
+	require.True(t, (req.Values.NbDay == 370) || (req.Values.NbDay == 371)) // leap year is accounted for in the simplest manner.
 	require.Equal(t, 2, req.Values.NbDaySinceLast)
 }
--- a/internal/cookies/jar_test.go
+++ b/internal/cookies/jar_test.go
@ -151,7 +151,7 @@ func getClientWithJar(t *testing.T, persister Persister) (*http.Client, *Jar) {
 func getTestServer(t *testing.T, wantCookies []testCookie) *httptest.Server {
 	mux := http.NewServeMux()
-	mux.HandleFunc("/set", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc("/set", http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		for _, cookie := range wantCookies {
 			http.SetCookie(w, &http.Cookie{
 				Name:   cookie.name,
--- a/internal/crash/actions.go
+++ b/internal/crash/actions.go
@ -26,7 +26,7 @@ import (
 // ShowErrorNotification shows a system notification that the app with the given appName has crashed.
 // NOTE: Icons shouldn't be hardcoded.
 func ShowErrorNotification(appName string) RecoveryAction {
-	return func(r interface{}) error {
+	return func(_ interface{}) error {
 		notify := notificator.New(notificator.Options{
 			DefaultIcon: "../frontend/ui/icon/icon.png",
 			AppName:     appName,
--- a/internal/dialer/dialer_basic.go
+++ b/internal/dialer/dialer_basic.go
@ -29,27 +29,34 @@ type TLSDialer interface {
 	DialTLSContext(ctx context.Context, network, address string) (conn net.Conn, err error)
 }
 func SetBasicTransportTimeouts(t *http.Transport) {
 	t.MaxIdleConns = 100
 	t.MaxIdleConnsPerHost = 100
 	t.IdleConnTimeout = 5 * time.Minute
 	t.ExpectContinueTimeout = 500 * time.Millisecond
 	// GODT-126: this was initially 10s but logs from users showed a significant number
 	// were hitting this timeout, possibly due to flaky wifi taking >10s to reconnect.
 	// Bumping to 30s for now to avoid this problem.
 	t.ResponseHeaderTimeout = 30 * time.Second
 	// If we allow up to 30 seconds for response headers, it is reasonable to allow up
 	// to 30 seconds for the TLS handshake to take place.
 	t.TLSHandshakeTimeout = 30 * time.Second
 }
 // CreateTransportWithDialer creates an http.Transport that uses the given dialer to make TLS connections.
 func CreateTransportWithDialer(dialer TLSDialer) *http.Transport {
-	return &http.Transport{
+	t := &http.Transport{
 		DialTLSContext: dialer.DialTLSContext,
-		Proxy:               http.ProxyFromEnvironment,
+		Proxy: http.ProxyFromEnvironment,
 		MaxIdleConns:        100,
 		MaxIdleConnsPerHost: 100,
 		IdleConnTimeout:     5 * time.Minute,
 		ExpectContinueTimeout: 500 * time.Millisecond,
 		// GODT-126: this was initially 10s but logs from users showed a significant number
 		// were hitting this timeout, possibly due to flaky wifi taking >10s to reconnect.
 		// Bumping to 30s for now to avoid this problem.
 		ResponseHeaderTimeout: 30 * time.Second,
 		// If we allow up to 30 seconds for response headers, it is reasonable to allow up
 		// to 30 seconds for the TLS handshake to take place.
 		TLSHandshakeTimeout: 30 * time.Second,
 	}
 	SetBasicTransportTimeouts(t)
 	return t
 }
 // BasicTLSDialer implements TLSDialer.
--- a/internal/dialer/dialer_pinning_reporter_test.go
+++ b/internal/dialer/dialer_pinning_reporter_test.go
@ -31,7 +31,7 @@ import (
 func TestTLSReporter_DoubleReport(t *testing.T) {
 	reportCounter := 0
-	reportServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	reportServer := httptest.NewTLSServer(http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {
 		reportCounter++
 	}))
--- a/internal/dialer/dialer_pinning_test.go
+++ b/internal/dialer/dialer_pinning_test.go
@ -64,7 +64,8 @@ func TestTLSPinInvalid(t *testing.T) {
 	checkTLSIssueHandler(t, 1, called)
 }
-func TestTLSPinNoMatch(t *testing.T) {
+// Disabled for now we'll need to patch this up.
 func _TestTLSPinNoMatch(t *testing.T) { //nolint:unused
 	skipIfProxyIsSet(t)
 	called, _, reporter, checker, cm := createClientWithPinningDialer(getRootURL())
--- a/internal/dialer/dialer_proxy_provider_test.go
+++ b/internal/dialer/dialer_proxy_provider_test.go
@ -33,7 +33,7 @@ func TestProxyProvider_FindProxy(t *testing.T) {
 	defer closeServer(proxy)
 	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
-	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{proxy.URL}, nil }
+	p.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { return []string{proxy.URL}, nil }
 	url, err := p.findReachableServer()
 	r.NoError(t, err)
@ -49,7 +49,7 @@ func TestProxyProvider_FindProxy_ChooseReachableProxy(t *testing.T) {
 	closeServer(unreachableProxy)
 	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
-	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) {
+	p.dohLookup = func(_ context.Context, _, _ string) ([]string, error) {
 		return []string{reachableProxy.URL, unreachableProxy.URL}, nil
 	}
@ -70,7 +70,7 @@ func TestProxyProvider_FindProxy_ChooseTrustedProxy(t *testing.T) {
 	dialer := NewPinningTLSDialer(NewBasicTLSDialer(""), reporter, checker)
 	p := newProxyProvider(dialer, "", []string{"not used"}, async.NoopPanicHandler{})
-	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) {
+	p.dohLookup = func(_ context.Context, _, _ string) ([]string, error) {
 		return []string{untrustedProxy.URL, trustedProxy.URL}, nil
 	}
@ -87,7 +87,7 @@ func TestProxyProvider_FindProxy_FailIfNoneReachable(t *testing.T) {
 	closeServer(unreachableProxy2)
 	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
-	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) {
+	p.dohLookup = func(_ context.Context, _, _ string) ([]string, error) {
 		return []string{unreachableProxy1.URL, unreachableProxy2.URL}, nil
 	}
@ -107,7 +107,7 @@ func TestProxyProvider_FindProxy_FailIfNoneTrusted(t *testing.T) {
 	dialer := NewPinningTLSDialer(NewBasicTLSDialer(""), reporter, checker)
 	p := newProxyProvider(dialer, "", []string{"not used"}, async.NoopPanicHandler{})
-	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) {
+	p.dohLookup = func(_ context.Context, _, _ string) ([]string, error) {
 		return []string{untrustedProxy1.URL, untrustedProxy2.URL}, nil
 	}
@ -118,7 +118,7 @@ func TestProxyProvider_FindProxy_FailIfNoneTrusted(t *testing.T) {
 func TestProxyProvider_FindProxy_RefreshCacheTimeout(t *testing.T) {
 	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
 	p.cacheRefreshTimeout = 1 * time.Second
-	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { time.Sleep(2 * time.Second); return nil, nil }
+	p.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { time.Sleep(2 * time.Second); return nil, nil }
 	// We should fail to refresh the proxy cache because the doh provider
 	// takes 2 seconds to respond but we timeout after just 1 second.
@ -135,7 +135,7 @@ func TestProxyProvider_FindProxy_CanReachTimeout(t *testing.T) {
 	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{"not used"}, async.NoopPanicHandler{})
 	p.canReachTimeout = 1 * time.Second
-	p.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{slowProxy.URL}, nil }
+	p.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { return []string{slowProxy.URL}, nil }
 	// We should fail to reach the returned proxy because it takes 2 seconds
 	// to reach it and we only allow 1.
@ -144,7 +144,8 @@ func TestProxyProvider_FindProxy_CanReachTimeout(t *testing.T) {
 	r.Error(t, err)
 }
-func TestProxyProvider_DoHLookup_Quad9(t *testing.T) {
+// DISABLED_TestProxyProvider_DoHLookup_Quad9 cannot run on CI, see GODT-3257.
 func DISABLED_TestProxyProvider_DoHLookup_Quad9(t *testing.T) {
 	p := newProxyProvider(NewBasicTLSDialer(""), "", []string{Quad9Provider, GoogleProvider}, async.NoopPanicHandler{})
 	records, err := p.dohLookup(context.Background(), proxyQuery, Quad9Provider)
--- a/internal/dialer/dialer_proxy_test.go
+++ b/internal/dialer/dialer_proxy_test.go
@ -112,7 +112,7 @@ vwRMog6lPhlRhHh/FZ43Cg==
 // getUntrustedServer returns a server but it doesn't add its public key to the list of pinned ones.
 func getUntrustedServer() *httptest.Server {
-	server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
+	server := httptest.NewUnstartedServer(http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {}))
 	cert, err := tls.X509KeyPair([]byte(servercrt), []byte(serverkey))
 	if err != nil {
@ -145,7 +145,7 @@ func TestProxyDialer_UseProxy(t *testing.T) {
 	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders, async.NoopPanicHandler{})
 	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "", async.NoopPanicHandler{})
 	d.proxyProvider = provider
-	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{trustedProxy.URL}, nil }
+	provider.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { return []string{trustedProxy.URL}, nil }
 	err := d.switchToReachableServer()
 	require.NoError(t, err)
@ -163,7 +163,7 @@ func TestProxyDialer_UseProxy_MultipleTimes(t *testing.T) {
 	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders, async.NoopPanicHandler{})
 	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "", async.NoopPanicHandler{})
 	d.proxyProvider = provider
-	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{proxy1.URL}, nil }
+	provider.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { return []string{proxy1.URL}, nil }
 	err := d.switchToReachableServer()
 	require.NoError(t, err)
@ -172,7 +172,7 @@ func TestProxyDialer_UseProxy_MultipleTimes(t *testing.T) {
 	// Have to wait so as to not get rejected.
 	time.Sleep(proxyLookupWait)
-	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{proxy2.URL}, nil }
+	provider.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { return []string{proxy2.URL}, nil }
 	err = d.switchToReachableServer()
 	require.NoError(t, err)
 	require.Equal(t, formatAsAddress(proxy2.URL), d.proxyAddress)
@ -180,7 +180,7 @@ func TestProxyDialer_UseProxy_MultipleTimes(t *testing.T) {
 	// Have to wait so as to not get rejected.
 	time.Sleep(proxyLookupWait)
-	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{proxy3.URL}, nil }
+	provider.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { return []string{proxy3.URL}, nil }
 	err = d.switchToReachableServer()
 	require.NoError(t, err)
 	require.Equal(t, formatAsAddress(proxy3.URL), d.proxyAddress)
@ -195,7 +195,7 @@ func TestProxyDialer_UseProxy_RevertAfterTime(t *testing.T) {
 	d.proxyProvider = provider
 	d.proxyUseDuration = time.Second
-	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{trustedProxy.URL}, nil }
+	provider.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { return []string{trustedProxy.URL}, nil }
 	err := d.switchToReachableServer()
 	require.NoError(t, err)
@ -216,7 +216,7 @@ func TestProxyDialer_UseProxy_RevertIfProxyStopsWorkingAndOriginalAPIIsReachable
 	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders, async.NoopPanicHandler{})
 	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "", async.NoopPanicHandler{})
 	d.proxyProvider = provider
-	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{trustedProxy.URL}, nil }
+	provider.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { return []string{trustedProxy.URL}, nil }
 	err := d.switchToReachableServer()
 	require.NoError(t, err)
@ -246,7 +246,7 @@ func TestProxyDialer_UseProxy_FindSecondAlternativeIfFirstFailsAndAPIIsStillBloc
 	provider := newProxyProvider(NewBasicTLSDialer(""), "", DoHProviders, async.NoopPanicHandler{})
 	d := NewProxyTLSDialer(NewBasicTLSDialer(""), "", async.NoopPanicHandler{})
 	d.proxyProvider = provider
-	provider.dohLookup = func(ctx context.Context, q, p string) ([]string, error) { return []string{proxy1.URL, proxy2.URL}, nil }
+	provider.dohLookup = func(_ context.Context, _, _ string) ([]string, error) { return []string{proxy1.URL, proxy2.URL}, nil }
 	err := d.switchToReachableServer()
 	require.NoError(t, err)
--- a/internal/events/user.go
+++ b/internal/events/user.go
@ -202,3 +202,26 @@ type UncategorizedEventError struct {
 func (event UncategorizedEventError) String() string {
 	return fmt.Sprintf("UncategorizedEventError: UserID: %s, Source:%T, Error: %s", event.UserID, event.Error, event.Error)
 }
 type UserLoadedCheckResync struct {
 	eventBase
 	UserID string
 }
 func (event UserLoadedCheckResync) String() string {
 	return fmt.Sprintf("UserLoadedCheckResync: UserID: %s", event.UserID)
 }
 type UserNotification struct {
 	eventBase
 	UserID   string
 	Title    string
 	Subtitle string
 	Body     string
 }
 func (event UserNotification) String() string {
 	return fmt.Sprintf("UserNotification: UserID: %s, Title: %s, Subtitle: %s, Body: %s", event.UserID, event.Title, event.Subtitle, event.Body)
 }
--- a/internal/frontend/bridge-gui/bridge-gui-tester/GRPCService.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui-tester/GRPCService.cpp
@ -29,13 +29,11 @@ using namespace bridgepp;
 namespace {
 QString const defaultKeychain = "defaultKeychain"; ///< The default keychain.
-
+QString const HV_ERROR_TEMPLATE = "failed to create new API client: 422 POST https://mail-api.proton.me/auth/v4: CAPTCHA validation failed (Code=12087, Status=422)";
 }
 //****************************************************************************************************************************************************
 //
 //****************************************************************************************************************************************************
@ -349,6 +347,7 @@ Status GRPCService::ForceLauncher(ServerContext *, StringValue const *request, E
 /// \return The status for the call.
 //****************************************************************************************************************************************************
 Status GRPCService::SetMainExecutable(ServerContext *, StringValue const *request, Empty *) {
    resetHv();
    app().log().debug(__FUNCTION__);
    app().log().info(QString("SetMainExecutable: %1").arg(QString::fromStdString(request->value())));
    return Status::OK;
@ -365,9 +364,9 @@ grpc::Status GRPCService::RequestKnowledgeBaseSuggestions(ServerContext*, String
    QList<bridgepp::KnowledgeBaseSuggestion> suggestions;
    for (qsizetype i = 1; i <= 3; ++i) {
-        suggestions.push_back(        {
+        suggestions.push_back({
            .title = QString("Suggested link %1").arg(i),
            .url = QString("https://proton.me/support/bridge#%1").arg(i),
            .title = QString("Suggested link %1").arg(i),
        });
    }
    qtProxy_.sendDelayedEvent(newKnowledgeBaseSuggestionsEvent(app().mainWindow().knowledgeBaseTab().getSuggestions()));
@ -418,7 +417,19 @@ Status GRPCService::Login(ServerContext *, LoginRequest const *request, Empty *)
        return Status::OK;
    }
-
+    if (usersTab.nextUserHvRequired() && !hvWasRequested_ && previousHvUsername_ != QString::fromStdString(request->username())) {
        hvWasRequested_ = true;
        previousHvUsername_ = QString::fromStdString(request->username());
        qtProxy_.sendDelayedEvent(newLoginHvRequestedEvent());
        return Status::OK;
    } else {
        hvWasRequested_ = false;
        previousHvUsername_ = "";
    }
    if (usersTab.nextUserHvError()) {
        qtProxy_.sendDelayedEvent(newLoginError(LoginErrorType::HV_ERROR, HV_ERROR_TEMPLATE));
        return Status::OK;
    }
    if (usersTab.nextUserUsernamePasswordError()) {
        qtProxy_.sendDelayedEvent(newLoginError(LoginErrorType::USERNAME_PASSWORD_ERROR, usersTab.usernamePasswordErrorMessage()));
        return Status::OK;
@ -495,6 +506,7 @@ Status GRPCService::Login2Passwords(ServerContext *, LoginRequest const *request
 //****************************************************************************************************************************************************
 Status GRPCService::LoginAbort(ServerContext *, LoginAbortRequest const *request, Empty *) {
    app().log().debug(__FUNCTION__);
    this->resetHv();
    loginUsername_ = QString();
    return Status::OK;
 }
@ -953,3 +965,11 @@ void GRPCService::finishLogin() {
    qtProxy_.sendDelayedEvent(newLoginFinishedEvent(user->id(), alreadyExist));
 }
 //****************************************************************************************************************************************************
 //
 //****************************************************************************************************************************************************
 void GRPCService::resetHv() {
    hvWasRequested_ = false;
    previousHvUsername_ = "";
 }
--- a/internal/frontend/bridge-gui/bridge-gui-tester/GRPCService.h
+++ b/internal/frontend/bridge-gui/bridge-gui-tester/GRPCService.h
@ -106,6 +106,7 @@ public: // member functions.
 private: // member functions
    void finishLogin(); ///< finish the login procedure once the credentials have been validated.
    void resetHv(); ///< Resets the human verification state.
 private: // data member
    mutable QMutex eventStreamMutex_; ///< Mutex used to access eventQueue_, isStreaming_ and shouldStopStreaming_;
@ -113,6 +114,8 @@ private: // data member
    bool isStreaming_; ///< Is the gRPC stream running. Access protected by eventStreamMutex_;
    bool eventStreamShouldStop_; ///< Should the stream be stopped? Access protected by eventStreamMutex
    QString loginUsername_; ///< The username used for the current login procedure.
    QString previousHvUsername_; ///< The previous username used for HV.
    bool hvWasRequested_ {false}; ///< Was human verification requested.
    GRPCQtProxy qtProxy_; ///< Qt Proxy used to send signals, as this class is not a QObject.
 };
--- a/internal/frontend/bridge-gui/bridge-gui-tester/Tabs/UsersTab.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui-tester/Tabs/UsersTab.cpp
@ -57,6 +57,7 @@ UsersTab::UsersTab(QWidget *parent)
    connect(ui_.checkUsernamePasswordError, &QCheckBox::toggled, this, &UsersTab::updateGUIState);
    connect(ui_.checkSync, &QCheckBox::toggled, this, &UsersTab::onCheckSyncToggled);
    connect(ui_.sliderSync, &QSlider::valueChanged, this, &UsersTab::onSliderSyncValueChanged);
    connect(ui_.sendNotificationButton, &QPushButton::clicked, this, &UsersTab::onSendUserNotification);
    users_.append(defaultUser());
@ -216,6 +217,7 @@ void UsersTab::updateGUIState() {
    ui_.editUsernamePasswordError->setEnabled(ui_.checkUsernamePasswordError->isChecked());
    ui_.spinUsedBytes->setValue(user ? user->usedBytes() : 0.0);
    ui_.groupboxSync->setEnabled(user.get());
    ui_.groupBoxNotification->setEnabled(hasSelectedUser && (UserState::Connected == state));
    if (user)
        ui_.editIMAPLoginFailedUsername->setText(user->primaryEmailOrUsername());
@ -277,6 +279,22 @@ bridgepp::SPUser UsersTab::userWithUsernameOrEmail(QString const &username) {
 }
 //****************************************************************************************************************************************************
 /// \return true if the next login attempt should trigger a human verification request
 //****************************************************************************************************************************************************
 bool UsersTab::nextUserHvRequired() const {
    return ui_.checkHV3Required->isChecked();
 }
 //****************************************************************************************************************************************************
 /// \return true if the next login attempt should trigger a human verification error
 //****************************************************************************************************************************************************
 bool UsersTab::nextUserHvError() const {
    return ui_.checkHV3Error->isChecked();
 }
 //****************************************************************************************************************************************************
 /// \return true iff the next login attempt should trigger a username/password error.
 //****************************************************************************************************************************************************
@ -473,3 +491,41 @@ void UsersTab::onSliderSyncValueChanged(int value) {
    app().grpc().sendEvent(newSyncProgressEvent(user->id(), progress, 1, 1));  // we do not simulate elapsed & remaining.
    this->updateGUIState();
 }
 //****************************************************************************************************************************************************
 /// \return the title for the notification.
 //****************************************************************************************************************************************************
 QString UsersTab::notificationTitle() const {
    return ui_.notificationTitle->text();
 }
 //****************************************************************************************************************************************************
 /// \return the subtitle for the notification.
 //****************************************************************************************************************************************************
 QString UsersTab::notificationSubtitle() const {
    return ui_.notificationSubtitleText->text();
 }
 //****************************************************************************************************************************************************
 /// \return the body for the notification.
 //****************************************************************************************************************************************************
 QString UsersTab::notificationBody() const {
    return ui_.notticationBodyText->text();
 }
 void UsersTab::onSendUserNotification() {
    SPUser const user = selectedUser();
    if (!user) {
        app().log().error(QString("%1 failed. Unkown user.").arg(__FUNCTION__));
        return;
    }
    GRPCService &grpc = app().grpc();
    if (grpc.isStreaming()) {
        QString const userID = user->id();
        grpc.sendEvent(newUserNotificationEvent(userID, notificationTitle(), notificationSubtitle(), notificationBody()));
    }
 }
--- a/internal/frontend/bridge-gui/bridge-gui-tester/Tabs/UsersTab.h
+++ b/internal/frontend/bridge-gui/bridge-gui-tester/Tabs/UsersTab.h
@ -23,7 +23,6 @@
 #include "Tabs/ui_UsersTab.h"
 #include "UserTable.h"
 //****************************************************************************************************************************************************
 /// \brief The 'Users' tab of the main window.
 //****************************************************************************************************************************************************
@ -39,6 +38,8 @@ public: // member functions.
    UserTable &userTable(); ///< Returns a reference to the user table.
    bridgepp::SPUser userWithID(QString const &userID); ///< Get the user with the given ID.
    bridgepp::SPUser userWithUsernameOrEmail(QString const &username); ///< Get the user with the given username.
    bool nextUserHvRequired() const; ///< Check if next user login should trigger HV
    bool nextUserHvError() const; ///< Check if next user login should trigger HV error
    bool nextUserUsernamePasswordError() const; ///< Check if next user login should trigger a username/password error.
    bool nextUserFreeUserError() const; ///< Check if next user login should trigger a Free user error.
    bool nextUserTFARequired() const; ///< Check if next user login should requires 2FA.
@ -48,12 +49,15 @@ public: // member functions.
    bool nextUserTwoPasswordsError() const; ///< Check if next user login should trigger 2nd password error.
    bool nextUserTwoPasswordsAbort() const; ///< Check if next user login should trigger 2nd password abort.
    QString usernamePasswordErrorMessage() const; ///< Return the username password error message.
    QString notificationTitle() const; ///< Return the user notification title.
    QString notificationSubtitle() const; ///< Return the user notification subtitle.
    QString notificationBody() const; ///< Return the user notification body.
 public slots:
    void setUserSplitMode(QString const &userID, bool makeItActive); ///< Slot for the split mode.
    void logoutUser(QString const &userID); ///< slot for the logging out of a user.
    void removeUser(QString const &userID); ///< Slot for the removal of a user.
-static void configureUserAppleMail(QString const &userID, QString const &address); ///< Slot for the configuration of Apple mail.
+    static void configureUserAppleMail(QString const &userID, QString const &address); ///< Slot for the configuration of Apple mail.
    void processBadEventUserFeedback(QString const& userID, bool doResync); ///< Slot for the reception of a bad event user feedback.
 private slots:
@ -67,6 +71,7 @@ private slots:
    void onCheckSyncToggled(bool checked); ///< Slot for the 'Synchronizing' check box.
    void onSliderSyncValueChanged(int value); ///< Slot for the sync 'Progress' slider.
    void updateGUIState(); ///< Update the GUI state.
    void onSendUserNotification(); ///< Send a user notification event to the GUI.
 private: // member functions.
    qint32 selectedIndex() const; ///< Get the index of the selected row.
--- a/internal/frontend/bridge-gui/bridge-gui-tester/Tabs/UsersTab.ui
+++ b/internal/frontend/bridge-gui/bridge-gui-tester/Tabs/UsersTab.ui
@ -7,13 +7,19 @@
    <x>0</x>
    <y>0</y>
    <width>1221</width>
-    <height>894</height>
+    <height>408</height>
   </rect>
  </property>
  <property name="sizePolicy">
   <sizepolicy hsizetype="Minimum" vsizetype="Minimum">
    <horstretch>0</horstretch>
    <verstretch>0</verstretch>
   </sizepolicy>
  </property>
  <property name="windowTitle">
   <string>Form</string>
  </property>
-  <layout class="QHBoxLayout" name="horizontalLayout" stretch="1,0">
+  <layout class="QHBoxLayout" name="horizontalLayout" stretch="0,0">
   <item>
    <widget class="QTableView" name="tableUserList">
     <property name="selectionMode">
@ -31,318 +37,419 @@
    </widget>
   </item>
   <item>
-    <layout class="QVBoxLayout" name="verticalLayout">
+    <widget class="QScrollArea" name="scrollArea">
-     <item>
+     <property name="sizePolicy">
-      <widget class="QPushButton" name="buttonNewUser">
+      <sizepolicy hsizetype="Minimum" vsizetype="Minimum">
-       <property name="text">
+       <horstretch>0</horstretch>
-        <string>New User</string>
+       <verstretch>0</verstretch>
-       </property>
+      </sizepolicy>
-      </widget>
+     </property>
-     </item>
+     <property name="widgetResizable">
-     <item>
+      <bool>true</bool>
-      <widget class="QPushButton" name="buttonEditUser">
+     </property>
-       <property name="text">
+     <widget class="QWidget" name="scrollAreaWidgetContents">
-        <string>Edit User</string>
+      <property name="geometry">
-       </property>
+       <rect>
-      </widget>
+        <x>0</x>
-     </item>
+        <y>0</y>
-     <item>
+        <width>327</width>
-      <widget class="QPushButton" name="buttonRemoveUser">
+        <height>905</height>
-       <property name="text">
+       </rect>
-        <string>Remove User</string>
+      </property>
-       </property>
+      <layout class="QHBoxLayout" name="horizontalLayout_6">
-      </widget>
+       <item>
-     </item>
+        <layout class="QVBoxLayout" name="verticalLayout">
-     <item>
+         <item>
-      <spacer name="verticalSpacer">
+          <widget class="QPushButton" name="buttonNewUser">
-       <property name="orientation">
+           <property name="text">
-        <enum>Qt::Vertical</enum>
+            <string>New User</string>
-       </property>
+           </property>
-       <property name="sizeHint" stdset="0">
+          </widget>
-        <size>
+         </item>
-         <width>20</width>
+         <item>
-         <height>40</height>
+          <widget class="QPushButton" name="buttonEditUser">
-        </size>
+           <property name="text">
-       </property>
+            <string>Edit User</string>
-      </spacer>
+           </property>
-     </item>
+          </widget>
-     <item>
+         </item>
-      <widget class="QGroupBox" name="groupboxSync">
+         <item>
-       <property name="minimumSize">
+          <widget class="QPushButton" name="buttonRemoveUser">
-        <size>
+           <property name="text">
-         <width>0</width>
+            <string>Remove User</string>
-         <height>0</height>
+           </property>
-        </size>
+          </widget>
-       </property>
+         </item>
-       <property name="title">
+         <item>
-        <string>Sync</string>
+          <spacer name="verticalSpacer">
-       </property>
+           <property name="orientation">
-       <layout class="QVBoxLayout" name="verticalLayout_5">
+            <enum>Qt::Vertical</enum>
-        <item>
+           </property>
-         <layout class="QHBoxLayout" name="horizontalLayout_4" stretch="1,0">
+           <property name="sizeHint" stdset="0">
-          <item>
+            <size>
-           <widget class="QCheckBox" name="checkSync">
+             <width>20</width>
-            <property name="text">
+             <height>40</height>
-             <string>Synchronizing</string>
+            </size>
-            </property>
+           </property>
-           </widget>
+          </spacer>
-          </item>
+         </item>
-          <item>
+         <item>
-           <widget class="QLabel" name="labelSync">
+          <widget class="QGroupBox" name="groupBoxNotification">
-            <property name="text">
+           <property name="enabled">
-             <string>0%</string>
+            <bool>true</bool>
-            </property>
+           </property>
-           </widget>
+           <property name="minimumSize">
-          </item>
+            <size>
-         </layout>
+             <width>300</width>
-        </item>
+             <height>0</height>
-        <item>
+            </size>
-         <widget class="QSlider" name="sliderSync">
+           </property>
-          <property name="maximum">
+           <property name="maximumSize">
-           <number>100</number>
+            <size>
-          </property>
+             <width>300</width>
-          <property name="orientation">
+             <height>400</height>
-           <enum>Qt::Horizontal</enum>
+            </size>
-          </property>
+           </property>
-          <property name="tickInterval">
+           <property name="title">
-           <number>10</number>
+            <string>Notification</string>
-          </property>
+           </property>
-         </widget>
+           <layout class="QVBoxLayout" name="verticalLayout_9">
-        </item>
+            <item>
-       </layout>
+             <layout class="QVBoxLayout" name="verticalLayout_6" stretch="0,0,0,0">
-      </widget>
+              <item>
-     </item>
+               <widget class="QLineEdit" name="notificationTitle">
-     <item>
+                <property name="placeholderText">
-      <widget class="QGroupBox" name="groupBoxBadEvent">
+                 <string>Title</string>
-       <property name="minimumSize">
+                </property>
-        <size>
+               </widget>
-         <width>0</width>
+              </item>
-         <height>0</height>
+              <item>
-        </size>
+               <widget class="QLineEdit" name="notificationSubtitleText">
-       </property>
+                <property name="minimumSize">
-       <property name="title">
+                 <size>
-        <string>Bad Event</string>
+                  <width>0</width>
-       </property>
+                  <height>0</height>
-       <layout class="QVBoxLayout" name="verticalLayout_3">
+                 </size>
-        <item>
+                </property>
-         <layout class="QHBoxLayout" name="horizontalLayout_3">
+                <property name="placeholderText">
-          <item>
+                 <string>Subtitle</string>
-           <widget class="QLineEdit" name="editUserBadEvent">
+                </property>
-            <property name="minimumSize">
+               </widget>
-             <size>
+              </item>
-              <width>200</width>
+              <item>
-              <height>0</height>
+               <widget class="QLineEdit" name="notticationBodyText">
-             </size>
+                <property name="placeholderText">
-            </property>
+                 <string>Body</string>
-            <property name="text">
+                </property>
-             <string/>
+               </widget>
-            </property>
+              </item>
-            <property name="placeholderText">
+              <item>
-             <string>error message</string>
+               <widget class="QPushButton" name="sendNotificationButton">
-            </property>
+                <property name="text">
-           </widget>
+                 <string>Send</string>
-          </item>
+                </property>
-          <item>
+               </widget>
-           <widget class="QPushButton" name="buttonUserBadEvent">
+              </item>
-            <property name="text">
+             </layout>
-             <string>Send</string>
+            </item>
-            </property>
+           </layout>
-           </widget>
+          </widget>
-          </item>
+         </item>
-         </layout>
+         <item>
-        </item>
+          <widget class="QGroupBox" name="groupboxSync">
-       </layout>
+           <property name="minimumSize">
-      </widget>
+            <size>
-     </item>
+             <width>0</width>
-     <item>
+             <height>0</height>
-      <widget class="QGroupBox" name="groupBoxUsedSpace">
+            </size>
-       <property name="minimumSize">
+           </property>
-        <size>
+           <property name="title">
-         <width>0</width>
+            <string>Sync</string>
-         <height>0</height>
+           </property>
-        </size>
+           <layout class="QVBoxLayout" name="verticalLayout_5">
-       </property>
+            <item>
-       <property name="title">
+             <layout class="QHBoxLayout" name="horizontalLayout_4" stretch="1,0">
-        <string>Used Bytes Changed</string>
+              <item>
-       </property>
+               <widget class="QCheckBox" name="checkSync">
-       <layout class="QVBoxLayout" name="verticalLayout_4">
+                <property name="text">
-        <item>
+                 <string>Synchronizing</string>
-         <layout class="QHBoxLayout" name="hBoxUsedBytes" stretch="1,0">
+                </property>
-          <item>
+               </widget>
-           <widget class="QDoubleSpinBox" name="spinUsedBytes">
+              </item>
-            <property name="buttonSymbols">
+              <item>
-             <enum>QAbstractSpinBox::NoButtons</enum>
+               <widget class="QLabel" name="labelSync">
-            </property>
+                <property name="text">
-            <property name="decimals">
+                 <string>0%</string>
-             <number>0</number>
+                </property>
-            </property>
+               </widget>
-            <property name="maximum">
+              </item>
-             <double>1000000000000000.000000000000000</double>
+             </layout>
-            </property>
+            </item>
-           </widget>
+            <item>
-          </item>
+             <widget class="QSlider" name="sliderSync">
-          <item>
+              <property name="maximum">
-           <widget class="QPushButton" name="buttonUsedBytesChanged">
+               <number>100</number>
-            <property name="text">
+              </property>
-             <string>Send</string>
+              <property name="orientation">
-            </property>
+               <enum>Qt::Horizontal</enum>
-           </widget>
+              </property>
-          </item>
+              <property name="tickInterval">
-         </layout>
+               <number>10</number>
-        </item>
+              </property>
-       </layout>
+             </widget>
-      </widget>
+            </item>
-     </item>
+           </layout>
-     <item>
+          </widget>
-      <widget class="QGroupBox" name="groupBoxIMAPLoginFailed">
+         </item>
-       <property name="minimumSize">
+         <item>
-        <size>
+          <widget class="QGroupBox" name="groupBoxBadEvent">
-         <width>0</width>
+           <property name="minimumSize">
-         <height>0</height>
+            <size>
-        </size>
+             <width>0</width>
-       </property>
+             <height>0</height>
-       <property name="title">
+            </size>
-        <string>IMAP Login Failure</string>
+           </property>
-       </property>
+           <property name="title">
-       <layout class="QVBoxLayout" name="verticalLayout_8">
+            <string>Bad Event</string>
-        <item>
+           </property>
-         <layout class="QHBoxLayout" name="horizontalLayout_7">
+           <layout class="QVBoxLayout" name="verticalLayout_3">
-          <item>
+            <item>
-           <widget class="QLineEdit" name="editIMAPLoginFailedUsername">
+             <layout class="QHBoxLayout" name="horizontalLayout_3">
-            <property name="minimumSize">
+              <item>
-             <size>
+               <widget class="QLineEdit" name="editUserBadEvent">
-              <width>200</width>
+                <property name="minimumSize">
-              <height>0</height>
+                 <size>
-             </size>
+                  <width>200</width>
-            </property>
+                  <height>0</height>
-            <property name="text">
+                 </size>
-             <string/>
+                </property>
-            </property>
+                <property name="text">
-            <property name="placeholderText">
+                 <string/>
-             <string>username or primary email</string>
+                </property>
-            </property>
+                <property name="placeholderText">
-           </widget>
+                 <string>error message</string>
-          </item>
+                </property>
-          <item>
+               </widget>
-           <widget class="QPushButton" name="buttonImapLoginFailed">
+              </item>
-            <property name="text">
+              <item>
-             <string>Send</string>
+               <widget class="QPushButton" name="buttonUserBadEvent">
-            </property>
+                <property name="text">
-           </widget>
+                 <string>Send</string>
-          </item>
+                </property>
-         </layout>
+               </widget>
-        </item>
+              </item>
-       </layout>
+             </layout>
-      </widget>
+            </item>
-     </item>
+           </layout>
-     <item>
+          </widget>
-      <widget class="QGroupBox" name="groupBoxNextLogin">
+         </item>
-       <property name="minimumSize">
+         <item>
-        <size>
+          <widget class="QGroupBox" name="groupBoxUsedSpace">
-         <width>0</width>
+           <property name="minimumSize">
-         <height>100</height>
+            <size>
-        </size>
+             <width>0</width>
-       </property>
+             <height>0</height>
-       <property name="title">
+            </size>
-        <string>Next Login Attempt</string>
+           </property>
-       </property>
+           <property name="title">
-       <layout class="QVBoxLayout" name="verticalLayout_2">
+            <string>Used Bytes Changed</string>
-        <item>
+           </property>
-         <widget class="QCheckBox" name="checkUsernamePasswordError">
+           <layout class="QVBoxLayout" name="verticalLayout_4">
-          <property name="text">
+            <item>
-           <string>Username/password error:</string>
+             <layout class="QHBoxLayout" name="hBoxUsedBytes" stretch="1,0">
-          </property>
+              <item>
-         </widget>
+               <widget class="QDoubleSpinBox" name="spinUsedBytes">
-        </item>
+                <property name="buttonSymbols">
-        <item>
+                 <enum>QAbstractSpinBox::NoButtons</enum>
-         <layout class="QHBoxLayout" name="horizontalLayout_2">
+                </property>
-          <property name="spacing">
+                <property name="decimals">
-           <number>0</number>
+                 <number>0</number>
-          </property>
+                </property>
-          <item>
+                <property name="maximum">
-           <spacer name="horizontalSpacer">
+                 <double>1000000000000000.000000000000000</double>
-            <property name="orientation">
+                </property>
-             <enum>Qt::Horizontal</enum>
+               </widget>
-            </property>
+              </item>
-            <property name="sizeType">
+              <item>
-             <enum>QSizePolicy::Fixed</enum>
+               <widget class="QPushButton" name="buttonUsedBytesChanged">
-            </property>
+                <property name="text">
-            <property name="sizeHint" stdset="0">
+                 <string>Send</string>
-             <size>
+                </property>
-              <width>20</width>
+               </widget>
-              <height>10</height>
+              </item>
-             </size>
+             </layout>
-            </property>
+            </item>
-           </spacer>
+           </layout>
-          </item>
+          </widget>
-          <item>
+         </item>
-           <widget class="QLineEdit" name="editUsernamePasswordError">
+         <item>
-            <property name="minimumSize">
+          <widget class="QGroupBox" name="groupBoxIMAPLoginFailed">
-             <size>
+           <property name="minimumSize">
-              <width>200</width>
+            <size>
-              <height>0</height>
+             <width>0</width>
-             </size>
+             <height>0</height>
-            </property>
+            </size>
-            <property name="text">
+           </property>
-             <string>Username/password error.</string>
+           <property name="title">
-            </property>
+            <string>IMAP Login Failure</string>
-           </widget>
+           </property>
-          </item>
+           <layout class="QVBoxLayout" name="verticalLayout_8">
-         </layout>
+            <item>
-        </item>
+             <layout class="QHBoxLayout" name="horizontalLayout_7">
-        <item>
+              <item>
-         <widget class="QCheckBox" name="checkFreeUserError">
+               <widget class="QLineEdit" name="editIMAPLoginFailedUsername">
-          <property name="text">
+                <property name="minimumSize">
-           <string>Free user error</string>
+                 <size>
-          </property>
+                  <width>200</width>
-         </widget>
+                  <height>0</height>
-        </item>
+                 </size>
-        <item>
+                </property>
-         <widget class="QCheckBox" name="checkTFARequired">
+                <property name="text">
-          <property name="text">
+                 <string/>
-           <string>2FA required</string>
+                </property>
-          </property>
+                <property name="placeholderText">
-         </widget>
+                 <string>username or primary email</string>
-        </item>
+                </property>
-        <item>
+               </widget>
-         <widget class="QCheckBox" name="checkTFAError">
+              </item>
-          <property name="text">
+              <item>
-           <string>2FA error</string>
+               <widget class="QPushButton" name="buttonImapLoginFailed">
-          </property>
+                <property name="text">
-         </widget>
+                 <string>Send</string>
-        </item>
+                </property>
-        <item>
+               </widget>
-         <widget class="QCheckBox" name="checkTFAAbort">
+              </item>
-          <property name="text">
+             </layout>
-           <string>2FA abort</string>
+            </item>
-          </property>
+           </layout>
-         </widget>
+          </widget>
-        </item>
+         </item>
-        <item>
+         <item>
-         <widget class="QCheckBox" name="checkTwoPasswordsRequired">
+          <widget class="QGroupBox" name="groupBoxNextLogin">
-          <property name="text">
+           <property name="minimumSize">
-           <string>2nd password required</string>
+            <size>
-          </property>
+             <width>0</width>
-         </widget>
+             <height>250</height>
-        </item>
+            </size>
-        <item>
+           </property>
-         <widget class="QCheckBox" name="checkTwoPasswordsError">
+           <property name="title">
-          <property name="text">
+            <string>Next Login Attempt</string>
-           <string>2nd password error</string>
+           </property>
-          </property>
+           <layout class="QVBoxLayout" name="verticalLayout_2">
-         </widget>
+            <item>
-        </item>
+             <widget class="QCheckBox" name="checkUsernamePasswordError">
-        <item>
+              <property name="text">
-         <widget class="QCheckBox" name="checkTwoPasswordsAbort">
+               <string>Username/password error:</string>
-          <property name="text">
+              </property>
-           <string>2nd password abort</string>
+             </widget>
-          </property>
+            </item>
-         </widget>
+            <item>
-        </item>
+             <layout class="QHBoxLayout" name="horizontalLayout_2">
-       </layout>
+              <property name="spacing">
-      </widget>
+               <number>0</number>
-     </item>
+              </property>
-    </layout>
+              <item>
               <spacer name="horizontalSpacer">
                <property name="orientation">
                 <enum>Qt::Horizontal</enum>
                </property>
                <property name="sizeType">
                 <enum>QSizePolicy::Fixed</enum>
                </property>
                <property name="sizeHint" stdset="0">
                 <size>
                  <width>20</width>
                  <height>10</height>
                 </size>
                </property>
               </spacer>
              </item>
              <item>
               <widget class="QLineEdit" name="editUsernamePasswordError">
                <property name="minimumSize">
                 <size>
                  <width>200</width>
                  <height>0</height>
                 </size>
                </property>
                <property name="text">
                 <string>Username/password error.</string>
                </property>
               </widget>
              </item>
             </layout>
            </item>
            <item>
             <widget class="QCheckBox" name="checkHV3Required">
              <property name="text">
               <string>HV3 required</string>
              </property>
             </widget>
            </item>
            <item>
             <widget class="QCheckBox" name="checkHV3Error">
              <property name="text">
               <string>HV3 error</string>
              </property>
             </widget>
            </item>
            <item>
             <widget class="QCheckBox" name="checkFreeUserError">
              <property name="text">
               <string>Free user error</string>
              </property>
             </widget>
            </item>
            <item>
             <widget class="QCheckBox" name="checkTFARequired">
              <property name="text">
               <string>2FA required</string>
              </property>
             </widget>
            </item>
            <item>
             <widget class="QCheckBox" name="checkTFAError">
              <property name="text">
               <string>2FA error</string>
              </property>
             </widget>
            </item>
            <item>
             <widget class="QCheckBox" name="checkTFAAbort">
              <property name="text">
               <string>2FA abort</string>
              </property>
             </widget>
            </item>
            <item>
             <widget class="QCheckBox" name="checkTwoPasswordsRequired">
              <property name="text">
               <string>2nd password required</string>
              </property>
             </widget>
            </item>
            <item>
             <widget class="QCheckBox" name="checkTwoPasswordsError">
              <property name="text">
               <string>2nd password error</string>
              </property>
             </widget>
            </item>
            <item>
             <widget class="QCheckBox" name="checkTwoPasswordsAbort">
              <property name="text">
               <string>2nd password abort</string>
              </property>
             </widget>
            </item>
           </layout>
          </widget>
         </item>
        </layout>
       </item>
      </layout>
     </widget>
    </widget>
   </item>
  </layout>
 </widget>
--- a/internal/frontend/bridge-gui/bridge-gui/CMakeLists.txt
+++ b/internal/frontend/bridge-gui/bridge-gui/CMakeLists.txt
@ -75,7 +75,7 @@ if(NOT UNIX)
    set(CMAKE_INSTALL_BINDIR ".")
 endif(NOT UNIX)
-find_package(Qt6 COMPONENTS Core Quick Qml QuickControls2 Widgets Svg REQUIRED)
+find_package(Qt6 COMPONENTS Core Quick Qml QuickControls2 Widgets Svg Gui REQUIRED)
 qt_standard_project_setup()
 set(CMAKE_AUTORCC ON)
 message(STATUS "Using Qt ${Qt6_VERSION}")
@ -120,6 +120,7 @@ add_executable(bridge-gui
    UserList.cpp UserList.h
    SentryUtils.cpp SentryUtils.h
    Settings.cpp Settings.h
    ClipboardProxy.cpp ClipboardProxy.h
    ${DOCK_ICON_SRC_FILE} MacOS/DockIcon.h
    )
@ -140,7 +141,7 @@ if (WIN32) # on Windows, we add a (non-Qt) resource file that contains the appli
 endif()
 target_precompile_headers(bridge-gui PRIVATE Pch.h)
-target_include_directories(bridge-gui PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} ${SENTRY_CONFIG_GENERATED_FILE_DIR})
+target_include_directories(bridge-gui PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}" ${SENTRY_CONFIG_GENERATED_FILE_DIR})
 target_link_libraries(bridge-gui
    Qt6::Widgets
    Qt6::Core
@ -148,6 +149,7 @@ target_link_libraries(bridge-gui
    Qt6::Qml
    Qt6::QuickControls2
    Qt6::Svg
    Qt6::Gui
    sentry::sentry
    bridgepp
    )
--- a/internal/frontend/bridge-gui/bridge-gui/ClipboardProxy.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui/ClipboardProxy.cpp
@ -0,0 +1,25 @@
 // Copyright (c) 2024 Proton AG
 // This file is part of Proton Mail Bridge.
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 #include "ClipboardProxy.h"
 // The following definitions were taken and adapted from:
 // https://stackoverflow.com/questions/40092352/passing-qclipboard-to-qml
 // Author: krzaq
 ClipboardProxy::ClipboardProxy(QClipboard* c) : clipboard(c) {
    connect(clipboard, &QClipboard::dataChanged, this, &ClipboardProxy::textChanged);
 }
 QString ClipboardProxy::text() const {
    return clipboard->text();
 }
--- a/internal/frontend/bridge-gui/bridge-gui/ClipboardProxy.h
+++ b/internal/frontend/bridge-gui/bridge-gui/ClipboardProxy.h
@ -1,40 +1,38 @@
 // Copyright (c) 2024 Proton AG
-//
+// This file is part of Proton Mail Bridge.
 // This file is part of Proton Mail Bridge.Bridge.
 //
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 //
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 #ifndef BRIDGE_GUI_CLIPBOARDPROXY_H
 #define BRIDGE_GUI_CLIPBOARDPROXY_H
-package tests
+// The following class declarations were taken and adapted from:
 // https://stackoverflow.com/questions/40092352/passing-qclipboard-to-qml
 // Author: krzaq
 import (
 	"time"
-	"github.com/ProtonMail/go-proton-api/server/backend"
+class ClipboardProxy : public QObject
-	"github.com/ProtonMail/proton-bridge/v3/internal/certs"
+{
-	"github.com/ProtonMail/proton-bridge/v3/internal/user"
+Q_OBJECT
-)
+    Q_PROPERTY(QString text READ text NOTIFY textChanged)
 public:
    explicit ClipboardProxy(QClipboard*);
-func init() {
+    QString text() const;
 	// Use the fast key generation for tests.
 	backend.GenerateKey = backend.FastGenerateKey
-	// Use the fast cert generation for tests.
+signals:
-	certs.GenerateCert = FastGenerateCert
+    void textChanged();
-	// Set the event period to 1 second for more responsive tests.
+private:
-	user.EventPeriod = time.Second
+    QClipboard* clipboard;
 };
-	// Don't use jitter during tests.
+
-	user.EventJitter = 0
+#endif //BRIDGE_GUI_CLIPBOARDPROXY_H
 }
--- a/internal/frontend/bridge-gui/bridge-gui/CommandLine.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui/CommandLine.cpp
@ -15,113 +15,85 @@
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 #include "Pch.h"
 #include "CommandLine.h"
 #include "Settings.h"
 #include <bridgepp/CLI/CLIUtils.h>
 #include <bridgepp/SessionID/SessionID.h>
 using namespace bridgepp;
 namespace {
-
+QString const hyphenatedLauncherFlag = "--launcher"; ///< launcher flag parameter used for bridge.
-QString const launcherFlag = "--launcher"; ///< launcher flag parameter used for bridge.
+QString const hyphenatedWindowFlag = "--no-window"; ///< The no-window command-line flag.
-QString const noWindowFlag = "--no-window"; ///< The no-window command-line flag.
+QString const hyphenatedSoftwareRendererFlag = "--software-renderer"; ///< The 'software-renderer' command-line flag. enable software rendering for a single execution
-QString const softwareRendererFlag = "--software-renderer"; ///< The 'software-renderer' command-line flag. enable software rendering for a single execution
+QString const hyphenatedSetSoftwareRendererFlag = "--set-software-renderer"; ///< The 'set-software-renderer' command-line flag. Software rendering will be used for all subsequent executions of the application.
-QString const setSoftwareRendererFlag = "--set-software-renderer"; ///< The 'set-software-renderer' command-line flag. Software rendering will be used for all subsequent executions of the application.
+QString const hyphenatedSetHardwareRendererFlag = "--set-hardware-renderer"; ///< The 'set-hardware-renderer' command-line flag. Hardware rendering will be used for all subsequent executions of the application.
 QString const setHardwareRendererFlag = "--set-hardware-renderer"; ///< The 'set-hardware-renderer' command-line flag. Hardware rendering will be used for all subsequent executions of the application.
 //****************************************************************************************************************************************************
 /// \brief parse a command-line string argument as expected by go's CLI package.
 /// \param[in] argc The number of arguments passed to the application.
 /// \param[in] argv The list of arguments passed to the application.
 /// \param[in] paramNames the list of names for the parameter
 //****************************************************************************************************************************************************
 QString parseGoCLIStringArgument(int argc, char *argv[], QStringList paramNames) {
    // go cli package is pretty permissive when it comes to parsing arguments. For each name 'param', all the following seems to be accepted:
    // -param value
    // --param value
    // -param=value
    // --param=value
    for (QString const &paramName: paramNames) {
        for (qsizetype i = 1; i < argc; ++i) {
            QString const arg(QString::fromLocal8Bit(argv[i]));
            if ((i < argc - 1) && ((arg == "-" + paramName) || (arg == "--" + paramName))) {
                return QString(argv[i + 1]);
            }
            QRegularExpressionMatch match = QRegularExpression(QString("^-{1,2}%1=(.+)$").arg(paramName)).match(arg);
            if (match.hasMatch()) {
                return match.captured(1);
            }
        }
    }
    return QString();
 }
 //****************************************************************************************************************************************************
 /// \brief Parse the log level from the command-line arguments.
 ///
-/// \param[in] argc The number of arguments passed to the application.
+/// \param[in] args The command-line arguments.
 /// \param[in] argv The list of arguments passed to the application.
 /// \return The log level. if not specified on the command-line, the default log level is returned.
 //****************************************************************************************************************************************************
-Log::Level parseLogLevel(int argc, char *argv[]) {
+Log::Level parseLogLevel(QStringList const &args) {
-    QString levelStr = parseGoCLIStringArgument(argc, argv, { "l", "log-level" });
+    QStringList levelStr = parseGoCLIStringArgument(args, {"l", "log-level"});
    if (levelStr.isEmpty()) {
        return Log::defaultLevel;
    }
    Log::Level level = Log::defaultLevel;
-    Log::stringToLevel(levelStr, level);
+    Log::stringToLevel(levelStr.back(), level);
    return level;
 }
 } // anonymous namespace
 //****************************************************************************************************************************************************
-/// \param[in]  argc number of arguments passed to the application.
+/// \param[in]  argv list of arguments passed to the application, including the exe name/path at index 0.
 /// \param[in]  argv list of arguments passed to the application.
 /// \return The parsed options.
 //****************************************************************************************************************************************************
-CommandLineOptions parseCommandLine(int argc, char *argv[]) {
+CommandLineOptions parseCommandLine(QStringList const &argv) {
    CommandLineOptions options;
-    bool flagFound = false;
+    bool launcherFlagFound = false;
-    options.launcher = QString::fromLocal8Bit(argv[0]);
+    options.launcher = argv[0];
    // for unknown reasons, on Windows QCoreApplication::arguments() frequently returns an empty list, which is incorrect, so we rebuild the argument
    // list from the original argc and argv values.
-    for (int i = 1; i < argc; i++) {
+    for (int i = 1; i < argv.count(); i++) {
-        QString const &arg = QString::fromLocal8Bit(argv[i]);
+        QString const &arg = argv[i];
        // we can't use QCommandLineParser here since it will fail on unknown options.
        // we skip session-id for now we'll process it later, with a special treatment for duplicates
        if (arg == hyphenatedSessionIDFlag) {
            i++; // we skip the next param, which if the flag's value.
            continue;
        }
        if (arg.startsWith(hyphenatedSessionIDFlag + "=")) {
            continue;
        }
        // Arguments may contain some bridge flags.
-        if (arg == softwareRendererFlag) {
+        if (arg == hyphenatedSoftwareRendererFlag) {
            options.bridgeGuiArgs.append(arg);
            options.useSoftwareRenderer = true;
        }
-        if (arg == setSoftwareRendererFlag) {
+        if (arg == hyphenatedSetSoftwareRendererFlag) {
            app().settings().setUseSoftwareRenderer(true);
            continue; // setting is permanent. no need to keep/pass it to bridge for restart.
        }
-        if (arg == setHardwareRendererFlag) {
+        if (arg == hyphenatedSetHardwareRendererFlag) {
            app().settings().setUseSoftwareRenderer(false);
            continue; // setting is permanent. no need to keep/pass it to bridge for restart.
        }
-        if (arg == noWindowFlag) {
+        if (arg == hyphenatedWindowFlag) {
            options.noWindow = true;
        }
-        if (arg == launcherFlag) {
+        if (arg == hyphenatedLauncherFlag) {
            options.bridgeArgs.append(arg);
-            options.launcher = QString::fromLocal8Bit(argv[++i]);
+            options.launcher = argv[++i];
            options.bridgeArgs.append(options.launcher);
-            flagFound = true;
+            launcherFlagFound = true;
        }
 #ifdef QT_DEBUG
        else if (arg == "--attach" || arg == "-a") {
@ -135,22 +107,24 @@ CommandLineOptions parseCommandLine(int argc, char *argv[]) {
            options.bridgeGuiArgs.append(arg);
        }
    }
-    if (!flagFound) {
+    if (!launcherFlagFound) {
        // add bridge-gui as launcher
-        options.bridgeArgs.append(launcherFlag);
+        options.bridgeArgs.append(hyphenatedLauncherFlag);
        options.bridgeArgs.append(options.launcher);
    }
-    options.logLevel = parseLogLevel(argc, argv);
+    QStringList args;
-
+    if (!argv.isEmpty()) {
-    QString sessionID = parseGoCLIStringArgument(argc, argv, { "session-id" });
+        args = argv.last(argv.count() - 1);
    if (sessionID.isEmpty()) {
        // The session ID was not passed to us on the command-line -> create one and add to the command-line for bridge
        sessionID = newSessionID();
        options.bridgeArgs.append("--session-id");
        options.bridgeArgs.append(sessionID);
    }
    options.logLevel = parseLogLevel(args);
    QString const sessionID = mostRecentSessionID(args);
    options.bridgeArgs.append(hyphenatedSessionIDFlag);
    options.bridgeArgs.append(sessionID);
    app().setSessionID(sessionID);
    return options;
 }
--- a/internal/frontend/bridge-gui/bridge-gui/CommandLine.h
+++ b/internal/frontend/bridge-gui/bridge-gui/CommandLine.h
@ -37,7 +37,7 @@ struct CommandLineOptions {
 };
-CommandLineOptions parseCommandLine(int argc, char *argv[]); ///< Parse the command-line arguments
+CommandLineOptions parseCommandLine(QStringList const &argv); ///< Parse the command-line arguments
 #endif //BRIDGE_GUI_COMMAND_LINE_H
--- a/internal/frontend/bridge-gui/bridge-gui/DeployWindows.cmake
+++ b/internal/frontend/bridge-gui/bridge-gui/DeployWindows.cmake
@ -31,7 +31,7 @@ macro( AppendLib LIB_NAME HINT_PATH)
    if( ${PATH_${UP_NAME}} STREQUAL "PATH_${UP_NAME}-NOTFOUND")
        message(SEND_ERROR "${LIB_NAME} was not found in ${HINT_PATH}")
    else()
-        list(APPEND DEPLOY_LIBS ${PATH_${UP_NAME}})
+        list(APPEND DEPLOY_LIBS "${PATH_${UP_NAME}}")
    endif()
 endmacro()
--- a/internal/frontend/bridge-gui/bridge-gui/Pch.h
+++ b/internal/frontend/bridge-gui/bridge-gui/Pch.h
@ -26,6 +26,7 @@
 #include <QtWidgets>
 #include <QtQuickControls2>
 #include <QtSvg>
 #include <QtGui>
 #include <AppController.h>
--- a/internal/frontend/bridge-gui/bridge-gui/QMLBackend.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui/QMLBackend.cpp
@ -25,6 +25,7 @@
 #include <bridgepp/GRPC/GRPCClient.h>
 #include <bridgepp/Worker/Overseer.h>
 #include "Settings.h"
 #define HANDLE_EXCEPTION(x) try { x } \
    catch (Exception const &e) { emit fatalError(e); } \
@ -59,15 +60,19 @@ QMLBackend::QMLBackend()
 /// \param[in] serviceConfig
 //****************************************************************************************************************************************************
 void QMLBackend::init(GRPCConfig const &serviceConfig) {
    Log &log = app().log();
    log.info(QString("Connecting to gRPC service"));
    trayIcon_.reset(new TrayIcon());
    connect(this, &QMLBackend::trayIconVisibleChanged, trayIcon_.get(), &TrayIcon::setVisible);
    log.info(QString("Tray icon is visible: %1").arg(trayIcon_->isVisible() ? "true" : "false"));
    this->setNormalTrayIcon();
    connect(this, &QMLBackend::fatalError, &app(), &AppController::onFatalError);
    users_ = new UserList(this);
    Log &log = app().log();
    log.info(QString("Connecting to gRPC service"));
    app().grpc().setLog(&log);
    this->connectGrpcEvents();
@ -731,6 +736,32 @@ void QMLBackend::setDockIconVisible(bool visible) {
 }
 //****************************************************************************************************************************************************
 /// \param[in] visible Should the tray icon be visible.
 //****************************************************************************************************************************************************
 void QMLBackend::setTrayIconVisible(bool visible) {
    HANDLE_EXCEPTION(
        AppController& app = ::app();
        if (visible == app.settings().trayIconVisible()) {
            return;
        }
        app.settings().setTrayIconVisible(visible);
        emit trayIconVisibleChanged(visible);
        app.log().info(QString("Changing tray icon visibility to %1").arg(visible ? "true" : "false"));
    )
 }
 //****************************************************************************************************************************************************
 //
 //****************************************************************************************************************************************************
 bool QMLBackend::trayIconVisible() const {
    HANDLE_EXCEPTION_RETURN_BOOL(
        return app().settings().trayIconVisible();
    )
 }
 //****************************************************************************************************************************************************
 /// \param[in] active Should we activate autostart.
 //****************************************************************************************************************************************************
@ -810,6 +841,18 @@ void QMLBackend::login(QString const &username, QString const &password) const {
    )
 }
 void QMLBackend::loginHv(QString const &username, QString const &password) const {
    HANDLE_EXCEPTION(
            if (username.compare("coco@bandicoot", Qt::CaseInsensitive) == 0) {
                throw Exception("User requested bridge-gui to crash by trying to log as coco@bandicoot",
                                "This error exists for test purposes and should be ignored.", __func__, tailOfLatestBridgeLog(app().sessionID()));
            }
            app().grpc().loginHv(username, password);
    )
 }
 //****************************************************************************************************************************************************
 /// \param[in] username The username.
@ -1316,6 +1359,9 @@ void QMLBackend::connectGrpcEvents() {
    connect(client, &GRPCClient::certificateInstallFailed, this, &QMLBackend::certificateInstallFailed);
    connect(client, &GRPCClient::showMainWindow, [&]() { this->showMainWindow("gRPC showMainWindow event"); });
    connect(client, &GRPCClient::knowledgeBasSuggestionsReceived, this, &QMLBackend::receivedKnowledgeBaseSuggestions);
    connect(client, &GRPCClient::repairStarted, this, &QMLBackend::repairStarted);
    connect(client, &GRPCClient::allUsersLoaded, this, &QMLBackend::allUsersLoaded);
    connect(client, &GRPCClient::userNotificationReceived, this, &QMLBackend::processUserNotification);
    // cache events
    connect(client, &GRPCClient::cantMoveDiskCache, this, &QMLBackend::cantMoveDiskCache);
@ -1334,6 +1380,8 @@ void QMLBackend::connectGrpcEvents() {
    connect(client, &GRPCClient::login2PasswordErrorAbort, this, &QMLBackend::login2PasswordErrorAbort);
    connect(client, &GRPCClient::loginFinished, this, &QMLBackend::onLoginFinished);
    connect(client, &GRPCClient::loginAlreadyLoggedIn, this, &QMLBackend::onLoginAlreadyLoggedIn);
    connect(client, &GRPCClient::loginHvRequested, this, &QMLBackend::loginHvRequested);
    connect(client, &GRPCClient::loginHvError, this, &QMLBackend::loginHvError);
    // update events
    connect(client, &GRPCClient::updateManualError, this, &QMLBackend::updateManualError);
@ -1396,3 +1444,31 @@ void QMLBackend::displayBadEventDialog(QString const &userID) {
        emit showMainWindow();
    )
 }
 void QMLBackend::triggerRepair() const {
    HANDLE_EXCEPTION(
            app().grpc().triggerRepair();
    )
 }
 //****************************************************************************************************************************************************
 /// \param[in] notification The user notification received from the event loop.
 //****************************************************************************************************************************************************
 void QMLBackend::processUserNotification(bridgepp::UserNotification const& notification) {
    this->userNotificationStack_.push(notification);
    trayIcon_->showUserNotification(notification.title, notification.subtitle);
    emit receivedUserNotification(notification);
 }
 void QMLBackend::userNotificationDismissed() {
    if (!this->userNotificationStack_.size()) return;
    // Remove the user notification from the top of the queue as it has been dismissed.
    this->userNotificationStack_.pop();
    if (!this->userNotificationStack_.size()) return;
    // Display the user notification that is on top of the queue, if there is one.
    auto notification = this->userNotificationStack_.top();
    emit receivedUserNotification(notification);
 }
--- a/internal/frontend/bridge-gui/bridge-gui/QMLBackend.h
+++ b/internal/frontend/bridge-gui/bridge-gui/QMLBackend.h
@ -28,6 +28,7 @@
 #include <bridgepp/GRPC/GRPCClient.h>
 #include <bridgepp/GRPC/GRPCUtils.h>
 #include <bridgepp/Worker/Overseer.h>
 #include <stack>
 //****************************************************************************************************************************************************
@ -101,6 +102,7 @@ public: // Qt/QML properties. Note that the NOTIFY-er signal is required even fo
    Q_PROPERTY(QVariantList bugQuestions READ bugQuestions NOTIFY bugQuestionsChanged)
    Q_PROPERTY(UserList *users MEMBER users_ NOTIFY usersChanged)
    Q_PROPERTY(bool dockIconVisible READ dockIconVisible WRITE setDockIconVisible NOTIFY dockIconVisibleChanged)
    Q_PROPERTY(bool trayIconVisible READ trayIconVisible WRITE setTrayIconVisible NOTIFY trayIconVisibleChanged)
    // Qt Property system setters & getters.
    bool showOnStartup() const; ///< Getter for the 'showOnStartup' property.
@ -140,6 +142,9 @@ public: // Qt/QML properties. Note that the NOTIFY-er signal is required even fo
    QVariantList bugQuestions() const; ///< Getter for the 'bugQuestions' property.
    void setDockIconVisible(bool visible); ///< Setter for the 'dockIconVisible' property.
    bool dockIconVisible() const;; ///< Getter for the 'dockIconVisible' property.
    void setTrayIconVisible(bool visible); ///< Setter for the 'trayIconVisible' property.
    bool trayIconVisible() const; ///< Getter for the 'trayIconVisible' property.
 signals: // Signal used by the Qt property system. Many of them are unused but required to avoid warning from the QML engine.
    void showSplashScreenChanged(bool value); ///<Signal for the change of the 'showSplashScreen' property.
@ -174,6 +179,9 @@ signals: // Signal used by the Qt property system. Many of them are unused but r
    void isAutostartOnChanged(bool value); ///<Signal for the change of the 'isAutostartOn' property.
    void usersChanged(UserList *users); ///<Signal for the change of the 'users' property.
    void dockIconVisibleChanged(bool value); ///<Signal for the change of the 'dockIconVisible' property.
    void trayIconVisibleChanged(bool value); ///< Signal for the change of the 'trayIconVisible' property.
    void receivedUserNotification(bridgepp::UserNotification const& notification); ///< Signal to display the userNotification modal
 public slots: // slot for signals received from QML -> To be forwarded to Bridge via RPC Client calls.
    void toggleAutostart(bool active); ///< Slot for the autostart toggle.
@ -183,6 +191,7 @@ public slots: // slot for signals received from QML -> To be forwarded to Bridge
    void changeColorScheme(QString const &scheme); ///< Slot for the change of the theme.
    void setDiskCachePath(QUrl const &path) const; ///< Slot for the change of the disk cache path.
    void login(QString const &username, QString const &password) const; ///< Slot for the login button (initial login).
    void loginHv(QString const &username, QString const &password) const; ///< Slot for the login button (after HV challenge completed).
    void login2FA(QString const &username, QString const &code) const; ///< Slot for the login button (2FA login).
    void login2Password(QString const &username, QString const &password) const; ///< Slot for the login button (mailbox password login).
    void loginAbort(QString const &username) const; ///< Slot for the login abort procedure.
@ -207,6 +216,8 @@ public slots: // slot for signals received from QML -> To be forwarded to Bridge
    void notifyReportBugClicked() const; ///< Slot for the ReportBugClicked gRPC event.
    void notifyAutoconfigClicked(QString const &client) const; ///< Slot for gAutoconfigClicked gRPC event.
    void notifyExternalLinkClicked(QString const &article) const; ///< Slot for KBArticleClicked gRPC event.
    void triggerRepair() const; ///< Slot for the triggering of the bridge repair function i.e. 'resync'.
    void userNotificationDismissed(); ///< Slot to pop the notification from the stack and display the rest.
 public slots: // slots for functions that need to be processed locally.
    void setNormalTrayIcon(); ///< Set the tray icon to normal.
@ -222,6 +233,7 @@ public slots: // slot for signals received from gRPC that need transformation in
    void onLoginAlreadyLoggedIn(QString const &userID); ///< Slot for the LoginAlreadyLoggedIn gRPC event.
    void onUserBadEvent(QString const& userID, QString const& errorMessage); ///< Slot for the userBadEvent gRPC event.
    void onIMAPLoginFailed(QString const& username); ///< Slot the the imapLoginFailed event.
    void processUserNotification(bridgepp::UserNotification const& notification); ///< Slot for the userNotificationReceived gRCP event.
 signals: // Signals received from the Go backend, to be forwarded to QML
    void toggleAutostartFinished(); ///< Signal for the 'toggleAutostartFinished' gRPC stream event.
@ -238,6 +250,8 @@ signals: // Signals received from the Go backend, to be forwarded to QML
    void login2PasswordErrorAbort(QString const &errorMsg); ///< Signal for the 'login2PasswordErrorAbort' gRPC stream event.
    void loginFinished(int index, bool wasSignedOut); ///< Signal for the 'loginFinished' gRPC stream event.
    void loginAlreadyLoggedIn(int index); ///< Signal for the 'loginAlreadyLoggedIn' gRPC stream event.
    void loginHvRequested(QString const &hvUrl); ///< Signal for the 'loginHvRequested' gRPC stream event.
    void loginHvError(QString const &errorMsg); ///< Signal for the 'loginHvError' gRPC stream event.
    void updateManualReady(QString const &version); ///< Signal for the 'updateManualReady' gRPC stream event.
    void updateManualRestartNeeded(); ///< Signal for the 'updateManualRestartNeeded' gRPC stream event.
    void updateManualError(); ///< Signal for the 'updateManualError' gRPC stream event.
@ -279,7 +293,9 @@ signals: // Signals received from the Go backend, to be forwarded to QML
    void selectUser(QString const& userID, bool forceShowWindow); ///< Signal emitted in order to selected a user with a given ID in the list.
    void genericError(QString const &title, QString const &description); ///< Signal for the 'genericError' gRPC stream event.
    void imapLoginWhileSignedOut(QString const& username); ///< Signal for the notification of IMAP login attempt on a signed out account.
-    void receivedKnowledgeBaseSuggestions(QList<bridgepp::KnowledgeBaseSuggestion> const& suggestions); ///< Signal for the reception of knowledgebase article suggestions.
+    void receivedKnowledgeBaseSuggestions(QList<bridgepp::KnowledgeBaseSuggestion> const& suggestions); ///< Signal for the reception of knowledge base article suggestions.
    void repairStarted(); ///< Signal for the 'repairStarted' gRPC stream event.
    void allUsersLoaded(); ///< Signal for the 'allUsersLoaded' gRPC stream event
    // This signal is emitted when an exception is intercepted is calls triggered by QML. QML engine would intercept the exception otherwise.
    void fatalError(bridgepp::Exception const& e) const; ///< Signal emitted when an fatal error occurs.
@ -304,6 +320,7 @@ private: // data members
    QList<QString> badEventDisplayQueue_; ///< THe queue for displaying 'bad event feedback request dialog'.
    std::unique_ptr<TrayIcon> trayIcon_; ///< The tray icon for the application.
    bridgepp::BugReportFlow reportFlow_;  ///< The bug report flow.
    std::stack<bridgepp::UserNotification> userNotificationStack_; ///< The stack which holds all of the active notifications that the user needs to acknowledge.
    friend class AppController;
 };
--- a/internal/frontend/bridge-gui/bridge-gui/Resources.qrc
+++ b/internal/frontend/bridge-gui/bridge-gui/Resources.qrc
@ -71,6 +71,7 @@
        <file>qml/icons/systray-mono-update.png</file>
        <file>qml/icons/systray-mono-warn.png</file>
        <file>qml/icons/systray.svg</file>
        <file>qml/icons/ic-notification-bell.svg</file>
        <file alias="bridge.svg">../../../../dist/bridge.svg</file>
        <file alias="bridgeMacOS.svg">../../../../dist/bridgeMacOS.svg</file>
        <file>qml/KeychainSettings.qml</file>
@ -78,6 +79,7 @@
        <file>qml/MainWindow.qml</file>
        <file>qml/NoAccountView.qml</file>
        <file>qml/NotificationDialog.qml</file>
        <file>qml/UserNotificationDialog.qml</file>
        <file>qml/NotificationPopups.qml</file>
        <file>qml/Notifications/Notification.qml</file>
        <file>qml/Notifications/NotificationFilter.qml</file>
@ -117,6 +119,7 @@
        <file>qml/Resources/Help/WhyProfileWarning.html</file>
        <file>qml/SettingsItem.qml</file>
        <file>qml/SettingsView.qml</file>
        <file>qml/SetupWizard/ClientConfigCertInstall.qml</file>
        <file>qml/SetupWizard/ClientListItem.qml</file>
        <file>qml/SetupWizard/LeftPane.qml</file>
        <file>qml/SetupWizard/ClientConfigAppleMail.qml</file>
@ -131,5 +134,6 @@
        <file>qml/ConnectionModeSettings.qml</file>
        <file>qml/SplashScreen.qml</file>
        <file>qml/Status.qml</file>
        <file>qml/Proton/ContextMenu.qml</file>
    </qresource>
 </RCC>
--- a/internal/frontend/bridge-gui/bridge-gui/Settings.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui/Settings.cpp
@ -28,6 +28,7 @@ namespace {
 QString const settingsFileName = "bridge-gui.ini"; ///< The name of the settings file.
 QString const keyUseSoftwareRenderer = "UseSoftwareRenderer"; ///< The key for storing the 'Use software rendering' setting.
 QString const keyTrayIconVisible = "TrayIconVisible"; ///< The key for storing the 'Tray icon visible' setting.
 }
@ -36,7 +37,7 @@ QString const keyUseSoftwareRenderer = "UseSoftwareRenderer"; ///< The key for s
 //
 //****************************************************************************************************************************************************
 Settings::Settings()
-    : settings_(QDir(userConfigDir()).absoluteFilePath("bridge-gui.ini"), QSettings::Format::IniFormat) {
+    : settings_(QDir(userConfigDir()).absoluteFilePath(settingsFileName), QSettings::Format::IniFormat) {
 }
@ -54,3 +55,17 @@ bool Settings::useSoftwareRenderer() const {
 void Settings::setUseSoftwareRenderer(bool value) {
    settings_.setValue(keyUseSoftwareRenderer, value);
 }
 //****************************************************************************************************************************************************
 /// \param[in] value The value for the 'Tray icon visible' setting.
 //****************************************************************************************************************************************************
 void Settings::setTrayIconVisible(bool value) {
    settings_.setValue(keyTrayIconVisible, value);
 }
 //****************************************************************************************************************************************************
 /// \return The value for the 'Tray icon visible' setting.
 //****************************************************************************************************************************************************
 bool Settings::trayIconVisible() const {
    return settings_.value(keyTrayIconVisible, true).toBool();
 }
--- a/internal/frontend/bridge-gui/bridge-gui/Settings.h
+++ b/internal/frontend/bridge-gui/bridge-gui/Settings.h
@ -33,6 +33,8 @@ public: // member functions.
    bool useSoftwareRenderer() const; ///< Get the 'Use software renderer' settings value.
    void setUseSoftwareRenderer(bool value); ///< Set the 'Use software renderer' settings value.
    void setTrayIconVisible(bool value);  ///< Get the 'Tray icon visible' setting value.
    bool trayIconVisible() const; ///< Set the 'Tray icon visible' setting value.
 private: // member functions.
    Settings(); ///< Default constructor.
--- a/internal/frontend/bridge-gui/bridge-gui/TrayIcon.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui/TrayIcon.cpp
@ -21,6 +21,7 @@
 #include <bridgepp/Exception/Exception.h>
 #include <bridgepp/BridgeUtils.h>
 #include "Settings.h"
 using namespace bridgepp;
@ -182,6 +183,7 @@ TrayIcon::TrayIcon()
    , notificationErrorIcon_(loadIconFromSVG(":/qml/icons/ic-alert.svg")) {
    this->generateDotIcons();
    this->setContextMenu(menu_.get());
    this->setToolTip(PROJECT_FULL_NAME);
    connect(menu_.get(), &QMenu::aboutToShow, this, &TrayIcon::onMenuAboutToShow);
    connect(this, &TrayIcon::selectUser, &app().backend(), [](QString const& userID, bool forceShowWindow) {
@ -194,7 +196,7 @@ TrayIcon::TrayIcon()
    }
    this->setIcon();
-    this->show();
+    this->setVisible(app().settings().trayIconVisible());
    // TrayIcon does not expose its screen, so we connect relevant screen events to our DPI change handler.
    for (QScreen *screen: QGuiApplication::screens()) {
@ -208,7 +210,6 @@ TrayIcon::TrayIcon()
    connect(&iconRefreshTimer_, &QTimer::timeout, this, &TrayIcon::onIconRefreshTimer);
 }
 //****************************************************************************************************************************************************
 //
 //****************************************************************************************************************************************************
@ -321,16 +322,42 @@ void TrayIcon::setState(TrayIcon::State state, QString const &stateString, QStri
    this->generateStatusIcon(statusIconPath, stateColor(state));
 }
 //****************************************************************************************************************************************************
 /// \brief A helper struct to temporarily force the tray to be visible. Useful for operations that do not work when the tray is not visible,
 ///  such as showMessage().
 //****************************************************************************************************************************************************
 struct ScopedTrayVisibility {
    explicit ScopedTrayVisibility(TrayIcon& trayIcon) : trayIcon_(trayIcon), wasVisible_(app().settings().trayIconVisible()) {
        trayIcon_.setVisible(true);
    }
    ~ScopedTrayVisibility() { trayIcon_.setVisible(wasVisible_); }
 private:
    TrayIcon &trayIcon_;
    bool wasVisible_;
 };
 //****************************************************************************************************************************************************
 /// \param[in] title The title.
 /// \param[in] message The message.
 //****************************************************************************************************************************************************
 void TrayIcon::showErrorPopupNotification(QString const &title, QString const &message) {
    ScopedTrayVisibility visible(*this);
    this->showMessage(title, message, notificationErrorIcon_);
 }
 //****************************************************************************************************************************************************
 /// Used only by user notifications received from the event loop
 /// \param[in] title The title.
 /// \param[in] subtitle The subtitle.
 //****************************************************************************************************************************************************
 void TrayIcon::showUserNotification(QString const &title, QString const &subtitle) {
    ScopedTrayVisibility visible(*this);
    this->showMessage(title, subtitle, QSystemTrayIcon::NoIcon);
 }
 //****************************************************************************************************************************************************
 /// \param[in] svgPath The path of the SVG file for the icon.
 /// \param[in] color The color to apply to the icon.
--- a/internal/frontend/bridge-gui/bridge-gui/TrayIcon.h
+++ b/internal/frontend/bridge-gui/bridge-gui/TrayIcon.h
@ -42,7 +42,7 @@ public: // data members
    TrayIcon& operator=(TrayIcon&&) = delete; ///< Disabled move assignment operator.
    void setState(State state, QString const& stateString, QString const &statusIconPath); ///< Set the state of the icon
    void showErrorPopupNotification(QString const& title, QString const &message); ///< Display a pop up notification.
-
+    void showUserNotification(QString const& title, QString const &subtitle); ///< Display an OS pop up notification (without icon).
 signals:
    void selectUser(QString const& userID, bool forceShowWindow); ///< Signal for selecting a user with a given userID
--- a/internal/frontend/bridge-gui/bridge-gui/build.ps1
+++ b/internal/frontend/bridge-gui/bridge-gui/build.ps1
@ -102,6 +102,7 @@ git submodule update --init --recursive $vcpkgRoot
                                       -S . -B $buildDir
 check_exit "CMake failed"
 . $cmakeExe --build $buildDir --config "$buildConfig"
 check_exit "Build failed"
@ -109,7 +110,7 @@ if  ($($args.count) -gt 0 )
 {
    if ($args[0] = "install")
    {
-        . $cmakeExe --install $buildDir
+        . $cmakeExe --install "$buildDir" -v
        check_exit "Install failed"
    }
 }
--- a/internal/frontend/bridge-gui/bridge-gui/main.cpp
+++ b/internal/frontend/bridge-gui/bridge-gui/main.cpp
@ -15,7 +15,6 @@
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 #include "BridgeApp.h"
 #include "BuildConfig.h"
 #include "CommandLine.h"
@ -29,14 +28,14 @@
 #include <bridgepp/Log/Log.h>
 #include <bridgepp/Log/LogUtils.h>
 #include <bridgepp/ProcessMonitor.h>
 #include <ClipboardProxy.h>
 #include "bridgepp/CLI/CLIUtils.h"
 #ifdef Q_OS_MACOS
 #include "MacOS/SecondInstance.h"
 #endif
 using namespace bridgepp;
@ -50,17 +49,15 @@ QString const exeSuffix = ".exe";
 QString const exeSuffix;
 #endif
 QString const bridgeLock = "bridge-v3.lock"; ///< The file name used for the bridge-gui lock file.
 QString const bridgeGUILock = "bridge-v3-gui.lock"; ///< The file name used for the bridge-gui lock file.
 QString const exeName = "bridge" + exeSuffix; ///< The bridge executable file name.*
-qint64 const grpcServiceConfigWaitDelayMs = 180000; ///< The wait delay for the gRPC config file in milliseconds.
+qint64 constexpr grpcServiceConfigWaitDelayMs = 180000; ///< The wait delay for the gRPC config file in milliseconds.
 QString const waitFlag = "--wait"; ///< The wait command-line flag.
-
+QString const orphanInstanceException =  "An orphan instance of bridge is already running. Please terminate it and relaunch the application.";
 } // anonymous namespace
 //****************************************************************************************************************************************************
 /// \return The path of the bridge executable.
 /// \return A null string if the executable could not be located.
@ -70,7 +67,6 @@ QString locateBridgeExe() {
    return (fileInfo.exists() && fileInfo.isFile() && fileInfo.isExecutable()) ? fileInfo.absoluteFilePath() : QString();
 }
 //****************************************************************************************************************************************************
 /// // initialize the Qt application.
 //****************************************************************************************************************************************************
@ -97,8 +93,6 @@ void initQtApplication() {
 #endif // #ifdef Q_OS_MACOS
 }
 //****************************************************************************************************************************************************
 /// \param[in] engine The QML component.
 //****************************************************************************************************************************************************
@ -118,13 +112,12 @@ QQmlComponent *createRootQmlComponent(QQmlApplicationEngine &engine) {
    rootComponent->loadUrl(QUrl(qrcQmlDir + "/Bridge.qml"));
    if (rootComponent->status() != QQmlComponent::Status::Ready) {
        QString const &err = rootComponent->errorString();
-            app().log().error(err);
+        app().log().error(err);
        throw Exception("Could not load QML component", err);
    }
    return rootComponent;
 }
 //****************************************************************************************************************************************************
 /// \param[in] lock The lock file to be checked.
 /// \return True if the lock can be taken, false otherwise.
@ -155,7 +148,6 @@ bool checkSingleInstance(QLockFile &lock) {
    return true;
 }
 //****************************************************************************************************************************************************
 /// \return QUrl to reach the bridge API.
 //****************************************************************************************************************************************************
@ -184,7 +176,6 @@ QUrl getApiUrl() {
    return url;
 }
 //****************************************************************************************************************************************************
 /// \brief Check if bridge is running.
 ///
@ -199,7 +190,6 @@ bool isBridgeRunning() {
    return (!lockFile.tryLock()) && (lockFile.error() == QLockFile::LockFailedError);
 }
 //****************************************************************************************************************************************************
 /// \brief Use api to bring focus on existing bridge instance.
 //****************************************************************************************************************************************************
@ -213,8 +203,7 @@ void focusOtherInstance() {
            if (!sc.load(path)) {
                throw Exception("The gRPC focus service configuration file is invalid.");
            }
-        }
+        } else {
        else {
            throw Exception("Server did not provide gRPC Focus service configuration.");
        }
@ -225,20 +214,18 @@ void focusOtherInstance() {
        if (!client.raise("focusOtherInstance").ok()) {
            throw Exception(QString("The raise call to the bridge focus service failed."));
        }
-    }
+    } catch (Exception const &e) {
    catch (Exception const &e) {
        app().log().error(e.qwhat());
        auto uuid = reportSentryException("Exception occurred during focusOtherInstance()", e);
        app().log().fatal(QString("reportID: %1 Captured exception: %2").arg(QByteArray(uuid.bytes, 16).toHex(), e.qwhat()));
    }
 }
 //****************************************************************************************************************************************************
 /// \param [in] args list of arguments to pass to bridge.
 /// \return bridge executable path
 //****************************************************************************************************************************************************
-const QString launchBridge(QStringList const &args) {
+QString launchBridge(QStringList const &args) {
    UPOverseer &overseer = app().bridgeOverseer();
    overseer.reset();
@ -251,26 +238,38 @@ const QString launchBridge(QStringList const &args) {
    }
    qint64 const pid = qApp->applicationPid();
-    QStringList const params = QStringList { "--grpc", "--parent-pid", QString::number(pid) } + args;
+    QStringList const params = QStringList{"--grpc", "--parent-pid", QString::number(pid)} + args;
    app().log().info(QString("Launching bridge process with command \"%1\" %2").arg(bridgeExePath, params.join(" ")));
    overseer = std::make_unique<Overseer>(new ProcessMonitor(bridgeExePath, params, nullptr), nullptr);
    overseer->startWorker(true);
    return bridgeExePath;
 }
 //****************************************************************************************************************************************************
 //
 //****************************************************************************************************************************************************
 void closeBridgeApp() {
    app().grpc().quit(); // this will cause the grpc service and the bridge app to close.
-    UPOverseer &overseer = app().bridgeOverseer();
+    UPOverseer const &overseer = app().bridgeOverseer();
-    if (overseer) {  // A null overseer means the app was run in 'attach' mode. We're not monitoring it.
+    if (overseer) {
        // A null overseer means the app was run in 'attach' mode. We're not monitoring it.
        // ReSharper disable once CppExpressionWithoutSideEffects
        overseer->wait(Overseer::maxTerminationWaitTimeMs);
    }
 }
 //****************************************************************************************************************************************************
 /// \param[in] argv The command-line argments, including the application name at index 0.
 //****************************************************************************************************************************************************
 void logCommandLineInvocation(QStringList argv) {
    Log &log = app().log();
    if (argv.isEmpty()) {
        log.error("The command line is empty");
    }
    log.info("bridge-gui executable: " + argv.front());
    log.info("Command-line invocation: " + (argv.size() > 1 ? argv.last(argv.size() - 1).join(" ") : "<none>"));
 }
 //****************************************************************************************************************************************************
 /// \param[in] argc The number of command-line arguments.
@ -289,12 +288,11 @@ int main(int argc, char *argv[]) {
    auto sentryCloser = qScopeGuard([] { sentry_close(); });
    try {
-        QString const& configDir = bridgepp::userConfigDir();
+        QString const &configDir = bridgepp::userConfigDir();
        initQtApplication();
-
+        QStringList const argvList = cliArgsToStringList(argc, argv);
-        CommandLineOptions const cliOptions = parseCommandLine(argc, argv);
+        CommandLineOptions const cliOptions = parseCommandLine(argvList);
        Log &log = initLog();
        log.setLevel(cliOptions.logLevel);
@ -309,6 +307,8 @@ int main(int argc, char *argv[]) {
        setDockIconVisibleState(!cliOptions.noWindow);
 #endif
        logCommandLineInvocation(argvList);
        // In attached mode, we do not intercept stderr and stdout of bridge, as we did not launch it ourselves, so we output the log to the console.
        // When not in attached mode, log entries are forwarded to bridge, which output it on stdout/stderr. bridge-gui's process monitor intercept
        // these outputs and output them on the command-line.
@ -318,7 +318,7 @@ int main(int argc, char *argv[]) {
        QString bridgeExe;
        if (!cliOptions.attach) {
            if (isBridgeRunning()) {
-                throw Exception("An orphan instance of bridge is already running. Please terminate it and relaunch the application.",
+                throw Exception(orphanInstanceException,
                    QString(), __FUNCTION__, tailOfLatestBridgeLog(sessionID));
            }
@ -348,8 +348,9 @@ int main(int argc, char *argv[]) {
        QQuickWindow::setSceneGraphBackend((app().settings().useSoftwareRenderer() || cliOptions.useSoftwareRenderer) ? "software" : "rhi");
        log.info(QString("Qt Quick renderer: %1").arg(QQuickWindow::sceneGraphBackend()));
        QQmlApplicationEngine engine;
        // Set up clipboard
        engine.rootContext()->setContextProperty("clipboard", new ClipboardProxy(QGuiApplication::clipboard()));
        std::unique_ptr<QQmlComponent> rootComponent(createRootQmlComponent(engine));
        std::unique_ptr<QObject> rootObject(rootComponent->create(engine.rootContext()));
        if (!rootObject) {
@ -374,7 +375,7 @@ int main(int argc, char *argv[]) {
                app().log().debug(QString("Monitoring Bridge PID : %1").arg(status.pid));
                connection = QObject::connect(bridgeMonitor, &ProcessMonitor::processExited, [&](int returnCode) {
-                    bridgeExited = true;// clazy:exclude=lambda-in-connect
+                    bridgeExited = true; // clazy:exclude=lambda-in-connect
                    qGuiApp->exit(returnCode);
                });
            }
@ -383,7 +384,7 @@ int main(int argc, char *argv[]) {
        int result = 0;
        if (!startError) {
            // we succeeded in launching bridge, so we can be set as mainExecutable.
-            QString mainexec = QString::fromLocal8Bit(argv[0]);
+            QString const mainexec = argvList[0];
            app().grpc().setMainExecutable(mainexec);
            QStringList args = cliOptions.bridgeGuiArgs;
            args.append(waitFlag);
@ -412,15 +413,19 @@ int main(int argc, char *argv[]) {
        // release the lock file
        lock.unlock();
        return result;
-    }
+    } catch (Exception const &e) {
    catch (Exception const &e) {
        sentry_uuid_s const uuid = reportSentryException("Exception occurred during main", e);
        QString message = e.qwhat();
        if (e.showSupportLink()) {
            message += R"(<br/><br/>If the issue persists, please contact our <a href="https://proton.me/support/contact">customer support</a>.)";
        }
        QMessageBox::critical(nullptr, "Error", message);
-        QTextStream(stderr) << "reportID: " << QByteArray(uuid.bytes, 16).toHex() << " Captured exception :" << e.detailedWhat() << "\n";
+
        if (e.qwhat() != orphanInstanceException) {
            sentry_uuid_s const uuid = reportSentryException("Exception occurred during main", e);
            QTextStream(stderr) << "reportID: " << QByteArray(uuid.bytes, 16).toHex() << " Captured exception :"
                                << e.detailedWhat() << "\n";
        }
        return EXIT_FAILURE;
    }
 }
--- a/internal/frontend/bridge-gui/bridge-gui/qml/AccountView.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/AccountView.qml
@ -86,11 +86,13 @@ Item {
                                }
                            }
                            Button {
                                id: signIn
                                Layout.alignment: Qt.AlignTop
                                colorScheme: root.colorScheme
                                secondary: true
                                text: qsTr("Sign in")
                                visible: root.user ? (root.user.state === EUserState.SignedOut) : false
                                Accessible.name: text
                                onClicked: {
                                    if (user) {
@ -99,11 +101,13 @@ Item {
                                }
                            }
                            Button {
                                id: removeAccount
                                Layout.alignment: Qt.AlignTop
                                colorScheme: root.colorScheme
                                icon.source: "/qml/icons/ic-trash.svg"
                                secondary: true
                                visible: root.user ? root.user.state !== EUserState.Locked : false
                                Accessible.name: qsTr("Remove account")
                                onClicked: {
                                    if (!root.user)
@ -118,6 +122,7 @@ Item {
                            height: root._lineThickness
                        }
                        SettingsItem {
                            id: configureEmailClient
                            Layout.fillWidth: true
                            actionText: qsTr("Configure email client")
                            colorScheme: root.colorScheme
@ -126,6 +131,7 @@ Item {
                            text: qsTr("Email clients")
                            type: SettingsItem.PrimaryButton
                            visible: _connected && ((!root.user.splitMode) || (root.user.addresses.length === 1))
                            Accessible.name: actionText
                            onClicked: {
                                if (!root.user)
@ -143,6 +149,7 @@ Item {
                            text: qsTr("Split addresses")
                            type: SettingsItem.Toggle
                            visible: _connected && root.user.addresses.length > 1
                            Accessible.name: text
                            onClicked: {
                                if (!splitMode.checked) {
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Banner.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Banner.qml
@ -28,7 +28,7 @@ Popup {
    implicitWidth: 600 // contentLayout.implicitWidth + contentLayout.anchors.leftMargin + contentLayout.anchors.rightMargin
    leftMargin: (mainWindow.width - root.implicitWidth) / 2
    modal: false
-    popupType: ApplicationWindow.PopupType.Banner
+    popupPriority: ApplicationWindow.PopupPriority.Banner
    shouldShow: notification ? (notification.active && !notification.dismissed) : false
    topMargin: 37
--- a/internal/frontend/bridge-gui/bridge-gui/qml/BugReport/QuestionItem.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/BugReport/QuestionItem.qml
@ -13,6 +13,7 @@
 import QtQuick
 import QtQuick.Layouts
 import QtQuick.Controls
 import QtQuick.Controls.impl
 import Proton
 Item {
--- a/internal/frontend/bridge-gui/bridge-gui/qml/ContentWrapper.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/ContentWrapper.qml
@ -114,6 +114,7 @@ Item {
                        colorScheme: leftBar.colorScheme
                        horizontalPadding: 0
                        icon.source: "/qml/icons/ic-question-circle.svg"
                        Accessible.name: qsTr("Help")
                        onClicked: rightContent.showHelpView()
                    }
@ -130,6 +131,7 @@ Item {
                        colorScheme: leftBar.colorScheme
                        horizontalPadding: 0
                        icon.source: "/qml/icons/ic-cog-wheel.svg"
                        Accessible.name: qsTr("Settings")
                        onClicked: rightContent.showGeneralSettings()
                    }
@ -147,6 +149,7 @@ Item {
                        colorScheme: leftBar.colorScheme
                        horizontalPadding: 0
                        icon.source: "/qml/icons/ic-three-dots-vertical.svg"
                        Accessible.name: "..."
                        onClicked: {
                            dotMenu.open();
@ -319,6 +322,7 @@ Item {
                        horizontalPadding: 0
                        icon.source: "/qml/icons/ic-plus.svg"
                        width: 36
                        Accessible.name: qsTr("Add account")
                        onClicked: {
                            root.showLogin("");
--- a/internal/frontend/bridge-gui/bridge-gui/qml/GeneralSettings.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/GeneralSettings.qml
@ -21,6 +21,8 @@ SettingsView {
    property bool _isAdvancedShown: false
    property var notifications
    property var allUsersLoaded: false
    property var hasInternetConnection: true
    fillHeight: false
@ -145,6 +147,19 @@ SettingsView {
        onClicked: Backend.changeColorScheme(darkMode.checked ? "light" : "dark")
    }
    SettingsItem {
        id: trayIconVisible
        Layout.fillWidth: true
        checked: Backend.trayIconVisible
        colorScheme: root.colorScheme
        description: qsTr("Show the Bridge icon in the menu bar. When the Bridge icon is not visible, launch the " +
        "application again to display the main window.")
        text: qsTr("Show the Bridge icon in the menu bar")
        type: SettingsItem.Toggle
        visible: (Backend.goos === "darwin") && root._isAdvancedShown
        onClicked: Backend.trayIconVisible = !trayIconVisible.checked
    }
    SettingsItem {
        id: allMail
        Layout.fillWidth: true
@ -219,6 +234,37 @@ SettingsView {
            Backend.exportTLSCertificates();
        }
    }
    SettingsItem {
        id: repair
        Layout.fillWidth: true
        actionText: qsTr("Repair")
        colorScheme: root.colorScheme
        description: qsTr("Reload all accounts, cached data, and download all emails again. Email clients stay connected to Bridge.")
        text: qsTr("Repair Bridge")
        type: SettingsItem.Button
        visible: root._isAdvancedShown
        enabled: root.allUsersLoaded && Backend.users.count && root.hasInternetConnection
        onClicked: {
            root.notifications.askRepairBridge();
        }
        Connections {
            function onInternetOff() {
                root.hasInternetConnection = false;
                repair.description = qsTr("This feature requires internet access to the Proton servers.")
            }
            function onInternetOn() {
                root.hasInternetConnection = true;
                repair.description = qsTr("Reload all accounts, cached data, and download all emails again. Email clients stay connected to Bridge.")
            }
            function onAllUsersLoaded() {
                root.allUsersLoaded = true;
            }
            target: Backend
        }
    }
    SettingsItem {
        id: reset
        Layout.fillWidth: true
--- a/internal/frontend/bridge-gui/bridge-gui/qml/NotificationDialog.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/NotificationDialog.qml
@ -22,6 +22,7 @@ Dialog {
    default property alias data: additionalChildrenContainer.children
    property var notification
    property bool isUserNotification: false
    modal: true
    shouldShow: notification && notification.active && !notification.dismissed
@ -39,13 +40,13 @@ Dialog {
                    return "";
                }
                switch (root.notification.type) {
-                case Notification.NotificationType.Info:
+                    case Notification.NotificationType.Info:
-                    return "/qml/icons/ic-info.svg";
+                        return "/qml/icons/ic-info.svg";
-                case Notification.NotificationType.Success:
+                    case Notification.NotificationType.Success:
-                    return "/qml/icons/ic-success.svg";
+                        return "/qml/icons/ic-success.svg";
-                case Notification.NotificationType.Warning:
+                    case Notification.NotificationType.Warning:
-                case Notification.NotificationType.Danger:
+                    case Notification.NotificationType.Danger:
-                    return "/qml/icons/ic-alert.svg";
+                        return "/qml/icons/ic-alert.svg";
                }
            }
            sourceSize.height: 64
--- a/internal/frontend/bridge-gui/bridge-gui/qml/NotificationPopups.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/NotificationPopups.qml
@ -105,4 +105,12 @@ Item {
        colorScheme: root.colorScheme
        notification: root.notifications.genericQuestion
    }
    NotificationDialog {
        colorScheme: root.colorScheme
        notification: root.notifications.repairBridge
    }
    UserNotificationDialog {
        colorScheme: root.colorScheme
        notification: root.notifications.userNotification
    }
 }
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Notifications/Notification.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Notifications/Notification.qml
@ -19,7 +19,8 @@ QtObject {
        Info,
        Success,
        Warning,
-        Danger
+        Danger,
        UserNotification
    }
    property list<Action> action
@ -36,6 +37,9 @@ QtObject {
    readonly property var occurred: active ? new Date() : undefined
    property string title // title is used in dialogs only
    property int type
    property string subtitle
    property string username
    onActiveChanged: {
        dismissed = false;
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Notifications/Notifications.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Notifications/Notifications.qml
@ -13,6 +13,8 @@
 import QtQml
 import Qt.labs.platform
 import QtQuick.Controls
 import QtQuick.Layouts
 import QtQuick
 import "../"
 QtObject {
@ -60,7 +62,7 @@ QtObject {
            target: Backend
        }
    }
-    property var all: [root.noInternet, root.imapPortStartupError, root.smtpPortStartupError, root.imapPortChangeError, root.smtpPortChangeError, root.imapConnectionModeChangeError, root.smtpConnectionModeChangeError, root.updateManualReady, root.updateManualRestartNeeded, root.updateManualError, root.updateForce, root.updateForceError, root.updateSilentRestartNeeded, root.updateSilentError, root.updateIsLatestVersion, root.loginConnectionError, root.onlyPaidUsers, root.alreadyLoggedIn, root.enableBeta, root.bugReportSendSuccess, root.bugReportSendError, root.bugReportSendFallback, root.cacheCantMove, root.cacheLocationChangeSuccess, root.enableSplitMode, root.resetBridge, root.changeAllMailVisibility, root.deleteAccount, root.noKeychain, root.rebuildKeychain, root.addressChanged, root.apiCertIssue, root.userBadEvent, root.imapLoginWhileSignedOut, root.genericError, root.genericQuestion]
+    property var all: [root.noInternet, root.imapPortStartupError, root.smtpPortStartupError, root.imapPortChangeError, root.smtpPortChangeError, root.imapConnectionModeChangeError, root.smtpConnectionModeChangeError, root.updateManualReady, root.updateManualRestartNeeded, root.updateManualError, root.updateForce, root.updateForceError, root.updateSilentRestartNeeded, root.updateSilentError, root.updateIsLatestVersion, root.loginConnectionError, root.onlyPaidUsers, root.alreadyLoggedIn, root.enableBeta, root.bugReportSendSuccess, root.bugReportSendError, root.bugReportSendFallback, root.cacheCantMove, root.cacheLocationChangeSuccess, root.enableSplitMode, root.resetBridge, root.changeAllMailVisibility, root.deleteAccount, root.noKeychain, root.rebuildKeychain, root.addressChanged, root.apiCertIssue, root.userBadEvent, root.imapLoginWhileSignedOut, root.genericError, root.genericQuestion, root.hvErrorEvent, root.repairBridge, root.userNotification]
    property Notification alreadyLoggedIn: Notification {
        brief: qsTr("Already signed in")
        description: qsTr("This account is already signed in.")
@ -1130,6 +1132,102 @@ QtObject {
            target: Backend
        }
    }
    property Notification hvErrorEvent: Notification {
        group: Notifications.Group.Configuration
        icon: "./icons/ic-exclamation-circle-filled.svg"
        type: Notification.NotificationType.Danger
        action: Action {
            text: qsTr("OK")
            onTriggered: {
                root.hvErrorEvent.active = false;
            }
        }
        Connections {
            function onLoginHvError(errorMsg) {
                root.hvErrorEvent.active = true;
                root.hvErrorEvent.description = errorMsg;
            }
            target: Backend
        }
    }
    property Notification repairBridge: Notification {
        brief: title
        description: qsTr("This action will reload all accounts, cached data, and re-download emails. Messages may temporarily disappear but will reappear progressively. Email clients stay connected to Bridge.")
        group: Notifications.Group.Configuration | Notifications.Group.Dialogs
        icon: "./icons/ic-exclamation-circle-filled.svg"
        title: qsTr("Repair Bridge?")
        type: Notification.NotificationType.Danger
        action: [
            Action {
                id: repairBridge_cancel
                text: qsTr("Cancel")
                onTriggered: {
                    root.repairBridge.active = false;
                }
            },
            Action {
                id: repairBridge_repair
                text: qsTr("Repair")
                onTriggered: {
                    repairBridge_repair.loading = true;
                    repairBridge_repair.enabled = false;
                    repairBridge_cancel.enabled = false;
                    Backend.triggerRepair();
                }
            }
        ]
        Connections {
            function onAskRepairBridge() {
                root.repairBridge.active = true;
            }
            target: root
        }
        Connections {
            function onRepairStarted() {
                root.repairBridge.active = false;
                repairBridge_repair.loading = false;
                repairBridge_repair.enabled = true;
                repairBridge_cancel.enabled = true;
            }
            target: Backend
        }
    }
    property Notification userNotification: Notification {
        brief: title
        group: Notifications.Group.Dialogs
        type: Notification.NotificationType.UserNotification
        icon: "./icons/ic-exclamation-circle-filled.svg" // If it's not included QML complains
        action: [
            Action {
                text: qsTr("Okay")
                onTriggered: {
                    root.userNotification.active = false;
                    Backend.userNotificationDismissed();
                }
            }
        ]
        Connections {
            function onReceivedUserNotification(notification) {
                const userPrimaryEmailOrUsername = Backend.users.primaryEmailOrUsername(notification.userID)
                root.userNotification.title = notification.title
                root.userNotification.subtitle = notification.subtitle
                root.userNotification.description = notification.body
                root.userNotification.username = userPrimaryEmailOrUsername
                root.userNotification.active = true
            }
            target: Backend
        }
    }
    signal askChangeAllMailVisibility(var isVisibleNow)
    signal askDeleteAccount(var user)
@ -1137,4 +1235,5 @@ QtObject {
    signal askEnableSplitMode(var user)
    signal askQuestion(var title, var description, var option1, var option2, var action1, var action2)
    signal askResetBridge
    signal askRepairBridge
 }
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Proton/ApplicationWindow.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Proton/ApplicationWindow.qml
@ -21,7 +21,7 @@ T.ApplicationWindow {
    id: root
    // popup priority based on types
-    enum PopupType {
+    enum PopupPriority {
        Banner,
        Dialog
    }
@ -73,10 +73,15 @@ T.ApplicationWindow {
            if (obj.shouldShow === false) {
                continue;
            }
-            if (topmost && (topmost.popupType > obj.popupType)) {
+            // User notifications should have display priority
            if (obj.shouldShow && obj.isUserNotification) {
                topmost = obj;
                break;
            }
            if (topmost && (topmost.popupPriority > obj.popupPriority)) {
                continue;
            }
-            if (topmost && (topmost.popupType === obj.popupType) && (topmost.occurred > obj.occurred)) {
+            if (topmost && (topmost.popupPriority === obj.popupPriority) && (topmost.occurred > obj.occurred)) {
                continue;
            }
            topmost = obj;
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Proton/ContextMenu.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Proton/ContextMenu.qml
@ -0,0 +1,79 @@
 // Copyright (c) 2024 Proton AG
 // This file is part of Proton Mail Bridge.
 // Proton Mail Bridge is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 // Proton Mail Bridge is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 // You should have received a copy of the GNU General Public License
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 import QtQuick
 import QtQuick.Controls
 Item {
    property var parentObject: null
    property var colorScheme: null
    property bool readOnly: false
    property bool isPassword: false
    MouseArea {
        id: controlMouseArea
        width: parentObject ? parentObject.width : 0
        height: parentObject ? parentObject.height : 0
        acceptedButtons: Qt.RightButton
        onClicked: controlContextMenu.popup()
        propagateComposedEvents: true
    }
    Menu {
        id: controlContextMenu
        colorScheme: root.colorScheme
        onVisibleChanged: {
            if (controlContextMenu.visible) {
                const hasSelectedText = parentObject.selectedText.length > 0;
                const hasClipboardText = clipboard.text.length > 0;
                copyMenuItem.visible = hasSelectedText && !isPassword;
                cutMenuItem.visible = hasSelectedText && !readOnly && !isPassword;
                pasteMenuItem.visible = hasClipboardText && !readOnly;
                controlContextMenu.visible = copyMenuItem.visible || cutMenuItem.visible || pasteMenuItem.visible;
            }
        }
        MenuItem {
            id: cutMenuItem
            colorScheme: root.colorScheme
            height: visible ? implicitHeight : 0
            text: qsTr("Cut")
            onClicked: {
                parentObject.cut()
            }
        }
        MenuItem {
            id: copyMenuItem
            colorScheme: root.colorScheme
            height: visible ? implicitHeight : 0
            text: qsTr("Copy")
            onTriggered: {
                parentObject.copy()
            }
        }
        MenuItem {
            id: pasteMenuItem
            colorScheme: root.colorScheme
            height: visible ? implicitHeight : 0
            text: qsTr("Paste")
            onTriggered: {
                parentObject.paste()
            }
        }
    }
 }
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Proton/Dialog.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Proton/Dialog.qml
@ -21,7 +21,7 @@ T.Dialog {
    property ColorScheme colorScheme
    readonly property var occurred: shouldShow ? new Date() : undefined
-    readonly property int popupType: ApplicationWindow.PopupType.Dialog
+    readonly property int popupPriority: ApplicationWindow.PopupPriority.Dialog
    property bool shouldShow: false
    function close() {
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Proton/InfoTooltip.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Proton/InfoTooltip.qml
@ -16,6 +16,7 @@
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 import QtQuick
 import QtQuick.Controls
 import QtQuick.Controls.impl
 import QtQuick.Layouts
 ColorImage {
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Proton/LinkLabel.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Proton/LinkLabel.qml
@ -12,6 +12,7 @@
 // along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
 import QtQuick
 import QtQuick.Controls
 import QtQuick.Controls.impl
 import QtQuick.Layouts
 RowLayout {
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Proton/Popup.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Proton/Popup.qml
@ -21,7 +21,7 @@ T.Popup {
    property ColorScheme colorScheme
    readonly property var occurred: shouldShow ? new Date() : undefined
-    property int popupType: ApplicationWindow.PopupType.Banner
+    property int popupPriority: ApplicationWindow.PopupPriority.Banner
    property bool shouldShow: false
    function close() {
--- a/internal/frontend/bridge-gui/bridge-gui/qml/Proton/TextArea.qml
+++ b/internal/frontend/bridge-gui/bridge-gui/qml/Proton/TextArea.qml
@ -362,4 +362,9 @@ FocusScope {
            }
        }
    }
    Proton.ContextMenu {
        parentObject: root
        colorScheme: root.colorScheme
    }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Atanas Janeshliev	a8caec560e	chore: Erasmus Bridge 3.15.0 changelog.	2024-10-29 10:47:33 +01:00
Xavier Michelon	0c21925939	chore: cherry pick changes from Dragon release branch. (cherry picked from commit `6105f32c75`)	2024-10-29 08:25:15 +01:00
Xavier Michelon	19a445e73a	fix(BRIDGE-240): fix user contribution to match our QML naming convention.	2024-10-28 16:06:19 +01:00
Cimbali	96e0070ed2	fix(BRIDGE-240): avoid name clash with 6.8-introduced popupType (cherry picked from commit 834a2f910a30086132d53004fd8f7d770925bdad)	2024-10-28 15:58:37 +01:00
Cimbali	516ff5206d	fix(BRIDGE-240): fix ColorImage Qt crash (cherry picked from commit 5615176ca9eb172f223bec9f85f8ca1d090c2686)	2024-10-28 15:58:37 +01:00
Atanas Janeshliev	4d2b328589	feat(BRIDGE-238): Added host information to sentry events; new sentry event for keychain issues	2024-10-28 11:53:04 +00:00
Xavier Michelon	810be2d423	feat(BRIDGE-215): tweak wording on macOS profile install page.	2024-10-28 10:58:52 +01:00
Atanas Janeshliev	e3d0334b6f	feat(BRIDGE-236): added SMTP observability metrics	2024-10-25 08:25:21 +00:00
Xavier Michelon	fb523e5573	feat(BRIDGE-217): added missing parameter to the CLI help command.	2024-10-24 10:27:32 +02:00
Xavier Michelon	cb8d1a2389	fix(BRIDGE-231): fix reversed header order in messages.	2024-10-23 11:25:49 +00:00
Xavier Michelon	84f0a6722a	chore: README.md update.	2024-10-23 08:57:03 +02:00
Xavier Michelon	c3a495facd	feat(BRIDGE-234): add accessibility name in QML for UI automation.	2024-10-21 16:53:05 +02:00
Gordana Zafirova	9cdc40ca05	test(BRIDGE-232): Add Home Menu Bridge UI e2e automation tests	2024-10-21 12:48:03 +00:00
Atanas Janeshliev	7021b1c2ea	feat(BRIDGE-228): removed sentry events:	2024-10-21 09:16:56 +00:00
Xavier Michelon	607d9df8a9	fix(BRIDGE-235): fix compilation of Bridge GUI Tester on Windows.	2024-10-21 08:40:29 +02:00
Gordana Zafirova	93396145dc	test(BRIDGE-220): Add Bridge E2E UI login/logout tests for Windows	2024-10-18 07:52:46 +00:00
Xavier Michelon	7457fb06d2	feat(BRIDGE-120): use appropriate address key when importing / saving draft.	2024-10-11 12:50:21 +02:00
Xavier Michelon	bee2642aec	chore: update golangci-lint to 1.61.0.	2024-10-09 14:56:18 +02:00
Gordana Zafirova	b481ce2203	test(BRIDGE-131): Integration tests for messages from Proton <-> Gmail	2024-10-09 12:29:42 +00:00
Atanas Janeshliev	040d887aae	feat(BRIDGE-218): observability adapter; gluon observability metrics and tests;	2024-10-08 13:13:07 +00:00
Xavier Michelon	3710dff0cd	feat(BRIDGE-142): bridge icon can be removed from the menu bar on macOS.	2024-10-03 15:29:07 +02:00
Xavier Michelon	f5bc6ad1f0	chore: Colorado Bridge 3.13.0 changelog. (cherry picked from commit `43cbedafb8`)	2024-09-25 07:42:38 +02:00
Xavier Michelon	e8a95e26f6	feat(BRIDGE-207): failure to download or verify an update now fails silently.	2024-09-24 14:06:18 +00:00
Atanas Janeshliev	ebe54ca92e	fix(BRIDGE-210): reduced log level of cache events so they won't be printed to stdout	2024-09-24 13:58:26 +02:00
Atanas Janeshliev	ff7e45f395	feat(BRIDGE-204): removed redundant Sentry events	2024-09-23 15:52:23 +00:00
Atanas Janeshliev	79c63f5785	fix(BRIDGE-106): Fixed import of multipart-related messages; added relevant tests	2024-09-23 10:57:26 +00:00
Atanas Janeshliev	3ca9e625f5	feat(BRIDGE-150): Observability service modification; user distinction utility & heartbeat; various observbility metrics & relevant integration tests	2024-09-23 10:13:05 +00:00
Gjorgji Slamkov	5b874657cb	test(BRIDGE-133): Bridge E2E UI tests for Windows	2024-09-17 05:23:08 +00:00
Atanas Janeshliev	bfe67f3005	fix(BRIDGE-108): fixed GetInitials when empty username is passed; we now overwrite the username in the vault if its value changed, each time we refresh user auth	2024-09-05 08:14:30 +00:00
Gordana Zafirova	99e6f00aaa	test(BRIDGE-124): Fixing failing nightly integration tests due to KB articles issues	2024-08-30 14:23:39 +00:00
Xavier Michelon	ac9ab8ab32	fix(BRIDGE-81): update KB suggestions.	2024-08-30 09:50:41 +02:00
Atanas Janeshliev	f04350c046	feat(BRIDGE-37): Remote notification support	2024-08-29 13:31:37 +02:00
Xavier Michelon	ed1b65731a	feat(BRIDGE-81): kb article suggestion updates + more weight for long keywords.	2024-08-27 16:16:23 +02:00
Atanas Janeshliev	d12928b31c	feat(BRIDGE-122): Observability service implementation	2024-08-27 15:21:41 +02:00
Xavier Michelon	1ea06a95b7	fix(BRIDGE-138): remove deprecated doc.	2024-08-27 08:49:15 +02:00
Atanas Janeshliev	e290cd308b	feat(BRIDGE-119): added support for Feature Flags	2024-08-21 14:54:27 +02:00
Xavier Michelon	3d53bf7477	feat(BRIDGE-116): add command-line switches to enable/disable keychain check on macOS.	2024-08-09 09:53:46 +02:00
Xavier Michelon	84c0b907d7	chore: Bastei Bridge 3.12.0 changelog. (cherry picked from commit `ed5adb18fb`)	2024-08-09 08:32:13 +02:00
Xavier Michelon	b30455b641	chore: Bastei Bridge 3.12.0 changelog. (cherry picked from commit `48a75b0dd7`)	2024-08-09 08:32:13 +02:00
Atanas Janeshliev	db9902e70b	feat(BRIDGE-97): added repair button telemetry (cherry picked from commit `85a91c5572`)	2024-08-09 08:26:56 +02:00
Xavier Michelon	f1f63c1d03	feat(BRIDGE-79): update to the KB suggestion list. (cherry picked from commit `56d4bfbb71`)	2024-08-09 08:23:19 +02:00
Atanas Janeshliev	81a3c2aba8	feat(BRIDGE-88): added context menu for quick actions on input labels: cut, copy, paste	2024-08-07 10:19:40 +00:00
Xavier Michelon	bbfc9beb04	chore: update GPA.	2024-07-30 11:02:17 +02:00
Xavier Michelon	c4dba09ee6	ci: updated devsecops kit to latest.	2024-07-26 08:54:37 +02:00
Atanas Janeshliev	a5435eb1da	ci: BRIDGE-113 adding kits CI/CD component	2024-07-24 12:45:47 +02:00
Gjorgji Slamkov	54c56efdfa	test(GODT-3205): Report results from nightly integration tests to Testmo	2024-07-16 09:04:27 +00:00
Xavier Michelon	fc64dbec59	chore: golangci-lint update.	2024-07-11 16:29:59 +02:00
gzafirova	5d3f084a2b	test(BRIDGE-109): Update KB articles failing integration tests - Change KB article suggestions based on description	2024-07-11 09:28:38 +00:00
Xavier Michelon	606d6c0e3e	chore: temporarily silence GO-2024-2963 in govulncheck	2024-07-11 07:34:51 +02:00
Atanas Janeshliev	9fbb6b4ca5	fix(BRIDGE-67): added detection for username changes on macOS & automatic reconfiguration	2024-06-20 12:32:42 +00:00
Atanas Janeshliev	8688277ee6	ci: supress govulncheck vulns	2024-06-05 12:36:43 +00:00
Atanas Janeshliev	63eb67760e	fix(BRIDGE-90): disable repair button when bridge cannot connect to proton servers; bump GPA	2024-06-05 12:36:43 +00:00
Xavier Michelon	cffab028b2	chore: cherry picked changelog from 3.11 release branch. chore: Alcantara Bridge 3.11.0 changelog. (cherry picked from commit `2569e83e51`) chore: Alcantara Bridge 3.11.0 changelog. (cherry picked from commit `b574ccb6ea`) chore: Alcantara Bridge 3.11.0 changelog. (cherry picked from commit `82607efe1c`) chore: Alcantara Bridge 3.11.1 changelog. (cherry picked from commit `cd8db6fd1c`)	2024-06-04 14:01:16 +00:00
Xavier Michelon	8ea712b052	fix(BRIDGE-15): Apple Mail profile install page was not properly reset before showing. (cherry picked from commit `961dc9435f`)	2024-06-04 11:11:02 +02:00
Atanas Janeshliev	ff0615167b	feat(BRIDGE-75): Bridge repair button/feature implemented	2024-06-03 12:37:23 +00:00
Xavier Michelon	e2b361b9a6	feat(BRIDGE-79): Add New Outlook for Mac KB disclaimer. Update submitted by Laze Dimitrovski	2024-05-30 17:49:22 +02:00
Atanas Janeshliev	1c6bbf1fae	chore: enable GO-2024-2687 in govulncheck	2024-05-29 16:48:02 +02:00
Atanas Janeshliev	e7713fa785	fix(BRIDGE-69): explicitly handle semver panic for last bridge version from vault	2024-05-22 10:54:38 +00:00
Atanas Janeshliev	28ae54b5ca	feat(BRIDGE-16): bump version Go 1.21.9 Qt 6.4.3.	2024-05-21 08:51:28 +02:00
Atanas Janeshliev	00aff40160	fix(BRIDGE-70): hotfix for blocked smtp/imap port causing bridge to quit	2024-05-17 12:35:07 +02:00
Atanas Janeshliev	ab289e6e01	fix(BRIDGE-29): bump gluon version	2024-05-14 15:41:10 +02:00
Atanas Janeshliev	a28dc9f2f3	fix(BRIDGE-49): Configure gitleaks baseline and grype config	2024-05-02 10:59:43 +00:00
Atanas Janeshliev	8a859082cd	ci: added gitleaks and grype	2024-04-29 13:58:48 +02:00
Atanas Janeshliev	1d972835ff	fix(BRIDGE-21): missing panic handling	2024-04-26 13:24:02 +02:00
Atanas Janeshliev	8469e0a661	fix(BRIDGE-17): broken telemetry heartbeat test	2024-04-25 11:16:13 +00:00
Xavier Michelon	6ea970bf97	feat(BRIDGE-23): update gluon to go 1.21.	2024-04-23 14:52:31 +02:00
Xavier Michelon	a05b90e803	feat(BRIDGE-22): update gpa to go 1.21.	2024-04-23 14:50:46 +02:00
Atanas Janeshliev	239ad8b946	fix(BRIDGE-10): bumped gluon version	2024-04-23 12:42:08 +02:00
Jakub Cuth	d9fdbb35bc	fix(GODT-3185): logic mistake.	2024-04-22 07:26:18 +00:00
Jakub Cuth	5769fb9466	ci: windows build missing revision	2024-04-19 10:39:47 +02:00
Xavier Michelon	a4020cebd4	chore: do not use C++ 20 std::ranges.	2024-04-19 08:03:18 +02:00
Atanas Janeshliev	7a8760e2ef	fix(BRIDGE-19): warning instead of error on logs for checksum validation...	2024-04-17 12:59:36 +00:00
Atanas Janeshliev	9552e72ba8	feat(BRIDGE-14): HV3 implementation - GUI & CLI; ownership verification & CAPTCHA are supported	2024-04-12 13:07:22 +00:00
Xavier Michelon	c692c21b87	fix(BRIDGE-8): more robust command-line args parser in bridge-gui. fix(BRIDGE-8): add command-line invocation to log.	2024-04-12 11:16:59 +00:00
Xavier Michelon	bb15efa711	fix(BRIDGE-8): launcher replace session-id if provided instead of adding another one.	2024-04-12 11:16:59 +00:00
Atanas Janeshliev	e94d3be12d	chore: bump testing context bridge version	2024-04-12 11:55:53 +02:00
Xavier Michelon	66569f71a0	fix(BRIDGE-7): add timestamp to test credentials for keychain on macOS.	2024-04-09 10:43:31 +02:00
Xavier Michelon	9bfa79455e	fix(BRIDGE-7): modify keychain test on macOS.	2024-04-08 14:35:36 +02:00
Xavier Michelon	67e802e3a0	feat(BRIDGE-15): fix a stack layout index in comment.	2024-04-08 11:27:28 +02:00
Xavier Michelon	8a5e2007f6	feat(BRIDGE-15): certificate install is now also done during Outlook setup on macOS.	2024-04-04 08:57:30 +02:00
Xavier Michelon	5b92945626	chore: disable GO-2024-2687 in govulncheck	2024-04-04 07:58:16 +02:00
Atanas Janeshliev	4a8a7ef093	fix(BRIDGE-4): logs not being created when invalid flag is passed	2024-03-21 16:32:12 +00:00
Xavier Michelon	2cfda14b1a	fix(BRIDGE-5): add tooltip to tray icon.	2024-03-20 14:55:40 +01:00
Jakub Cuth	312993e08e	feat(GODT-3253): windows cache and paths.	2024-03-15 11:28:52 +01:00
Jakub	b1110b04c9	feat(GODT-3253): make paths.	2024-03-15 11:27:33 +01:00
Jakub	d2bc60d9cb	ci: debug	2024-03-15 11:27:29 +01:00
Jakub	1d8f6c75c8	feat(GODT-3253): use new virtual machine for windows jobs. bump vcpkg to 2024.02.14	2024-03-15 11:23:46 +01:00
Jakub	06daaf8d9f	feat(GODT-3146): don't need to wait for IMAP in tests.	2024-03-14 11:57:55 +01:00
Jakub	cb436fff63	feat(GODT-3146): remove unused	2024-03-13 14:31:53 +01:00
Jakub	921a44f1a3	feat(GODT-3146): keep imap/smtp server always on.	2024-03-13 14:22:23 +01:00
Xavier Michelon	d35af6b686	chore: added bridge-rollout to CI.	2024-03-13 09:25:40 +00:00
Xavier Michelon	4cb938c57f	chore: added bridge-rollout cli tool.	2024-03-13 09:25:40 +00:00
Jakub	232e98d812	chore: Zaehringen Bridge 3.10.0 changelog.	2024-03-13 10:21:52 +01:00
Jakub Cuth	6fadbde4a6	feat(GODT-3185): report cases which leads to wrong address key used	2024-03-13 07:49:25 +00:00
Jakub	d2fbbc3e25	fix(GODT-3163): filter MBOX format delimiter.	2024-03-07 12:30:33 +00:00
Jakub	1c7c342e19	ci(GODT-3304): ignore go vulncheck until go version bumped.	2024-03-07 13:00:16 +01:00
Jakub	8e49c84a12	chore: changelog update.	2024-03-06 08:19:13 +01:00
Jakub	754d80d097	feat(GODT-3193): assume text content type on attachments.	2024-03-01 15:25:37 +00:00
Jakub	63e272e270	feat(GODT-3193): preserve attachment encoding.	2024-03-01 15:25:37 +00:00
Xavier Michelon	54859a34b2	fix(GODT-3290): fix test failing because of leap day.	2024-03-01 10:56:24 +01:00
Jakub	9b1feed68b	feat(GODT-3214): encrypt only with primary key.	2024-02-28 13:42:09 +00:00
Jakub	c9b6cc162b	feat(GODT-3199): add package log field.	2024-02-27 13:07:37 +01:00
Jakub	bf3c90b8e9	test(GODT-1602): rebased GPA changes.	2024-02-26 16:56:52 +01:00
Jakub	8d63fb2301	feat(GODT-2662): enable cache on darwin tart.	2024-02-23 10:33:26 +01:00
Jakub	7953306cc8	feat(GODT-2662): use tart runner for darwin jobs.	2024-02-23 10:00:47 +01:00
Jakub Cuth	37352d44d2	test(GODT-1602): run integration tests against black 🖤	2024-02-19 10:43:35 +00:00
Jakub	2a1aeb208d	test(GODT-3257): quad9 provider test not working on CI.	2024-02-19 10:06:02 +01:00
gzafirova	94fbe260e4	test(GODT-3220): Fix linting issues by deleting a function -Deleted a function that was no longer used GODT-3220	2024-02-14 08:57:48 +01:00
gzafirova	6d4937222e	test(GODT-3220): Rollback to a test scenario for logging in with an alias address -Added test scenario for logging in with an alias address GODT-3220	2024-02-13 10:56:23 +00:00
gzafirova	e33bad7bf1	test(GODT-3220): Add test scenario for sending an HTML msg with public key and multiple attachments to Internal -Added test scenario for sending an HTML msg with public key and multiple attachments to Internal - Verified the message on receipient's side GODT-3220	2024-02-13 10:56:23 +00:00
gzafirova	70fdc91aff	test(GODT-3220): Add test scenario for sending a message to multiple bcc accounts - Added test scenario for sending a message to two bcc accounts - Verified on recipients' side that the message is received GODT-3220	2024-02-13 10:56:23 +00:00
gzafirova	bde8e45b37	test(GODT-3220): Add test scenarios for loging in with an alias address -Added test scenarios for logging in with an alias address and logging in with an alias address that no longer exists GODT-3220	2024-02-13 10:56:23 +00:00
gzafirova	6cb2d944d0	test(GODT-3220): Add test scenarios for logining in with alias address and loging in with an alias address -Added a test scenario for logging in with an alias address -Added a test scenario for logging in with alias address that no longer exists GODT-3220	2024-02-13 10:56:23 +00:00
Jakub	cf0f59afc0	test(GODT-3220): Add scenario cannot login with deleted alias	2024-02-13 10:56:23 +00:00
Jakub	65d8fbbf31	test: keep deleted address in test suite	2024-02-13 10:56:23 +00:00
Gjorgji Slamkov	d919c0accf	test(GODT-3220): Add step definition for logging in with alias address GODT-3220	2024-02-13 10:56:23 +00:00
Gjorgji Slamkov	0ca07066db	test(GODT-3220): Create function for getting the test user by address GODT-3220	2024-02-13 10:56:23 +00:00
		`@ -0,0 +1,2 @@`
							`# Check out for configuration details: https://github.com/anchore/grype?tab=readme-ov-file#configuration`
							`fail-on-severity: "medium"`