style: make the row chart shorter

chore: version bump
chore: simplify tsconfig
2026-06-11 17:27:54 +02:00 · 2025-11-30 21:28:19 +04:00 · 2025-11-30 21:25:25 +04:00 · 2025-11-30 21:18:56 +04:00 · 2025-11-30 21:16:26 +04:00 · 2025-11-30 21:06:09 +04:00
155 changed files with 30488 additions and 14854 deletions
@@ -0,0 +1,6 @@
+---
+description: 
+globs: 
+alwaysApply: true
+---
+If you are modifying the UI, do not add random colors that are not controlled by src/lib/themes.ts file.
@@ -31,19 +31,21 @@ jobs:
          #   build-mode: none
    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0

      - name: Set up pnpm package manager
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda #v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 #v4.2.0
+        with:
+          run_install: false

      - name: Set up Node.js
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.4.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 #v6.0.0
        with:
          node-version-file: .node-version
          cache: "pnpm"

      - name: Setup Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b #master
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 #master
        with:
          toolchain: stable
          targets: x86_64-unknown-linux-gnu
@@ -55,7 +57,7 @@ jobs:
          sudo apt-get install -y libwebkit2gtk-4.1-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev pkg-config xdg-utils

      - name: Rust cache
-        uses: swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 #v2.8.0
+        uses: swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 #v2.8.1
        with:
          workdir: ./src-tauri

@@ -2,6 +2,9 @@ on:
  push:
    branches:
      - main
+  release:
+    types:
+      - published

 permissions:
  contents: write
@@ -15,6 +18,8 @@ jobs:
      contents: write
      pull-requests: write
    steps:
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0
      - name: Contribute List
        uses: akhilmhdh/contributors-readme-action@83ea0b4f1ac928fbfe88b9e8460a932a528eb79f #v2.3.11
        env:
@@ -13,7 +13,7 @@ jobs:
  security-scan:
    name: Security Vulnerability Scan
    if: ${{ github.actor == 'dependabot[bot]' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@b77c075a1235514558f0eb88dbd31e22c45e0cd2" # v2.3.0
    with:
      scan-args: |-
        -r
@@ -69,16 +69,12 @@ jobs:
      - name: Dependabot metadata
        id: metadata
        uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b #v2.4.0
-        secrets: inherit
        with:
-          compat-lookup: true
          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Auto-merge minor and patch updates
-        uses: ridedott/merge-me-action@d288b479e76cb993344ca8b5e0fcaa7d6e667eed #v2.10.123
-        secrets: inherit
-        with:
-          GITHUB_TOKEN: ${{ secrets.SECRET_DEPENDABOT_GITHUB_TOKEN }}
-          MERGE_METHOD: SQUASH
-          PRESET: DEPENDABOT_MINOR
-          MAXIMUM_RETRIES: 5
+      - name: Enable auto-merge for minor and patch updates
+        if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch' }}
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    timeout-minutes: 10
@@ -1,16 +1,16 @@
 name: Greetings

-on: [pull_request_target, issues]
+on:
+  pull_request:
+    types: [opened]

 jobs:
  greeting:
    runs-on: ubuntu-latest
    permissions:
-      issues: write
      pull-requests: write
    steps:
-      - uses: actions/first-interaction@2d4393e6bc0e2efb2e48fba7e06819c3bf61ffc9 #v2.0.0
+      - uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          issue-message: "Thank you for your first issue ❤️ If it's a feature request, please make sure it's clear what you want, why you want it, and how important it is to you. If you posted a bug report, please make sure it includes as much detail as possible."
          pr-message: "Welcome to the community and thank you for your first contribution ❤️ A human will review your PR shortly. Make sure that the pipelines are green, so that the PR is considered ready for a review and could be merged."
@@ -5,6 +5,7 @@ on:
    types: [opened]

 permissions:
+  contents: read
  issues: write
  models: read

@@ -14,7 +15,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0

      - name: Get issue templates
        id: get-templates
@@ -48,11 +49,11 @@ jobs:

      - name: Validate issue with AI
        id: validate
-        uses: actions/ai-inference@9693b137b6566bb66055a713613bf4f0493701eb # v1.2.3
+        uses: actions/ai-inference@a1c11829223a786afe3b5663db904a3aa1eac3a2 # v2.0.1
        with:
          prompt-file: issue_analysis.txt
          system-prompt: |
-            You are an issue validation assistant for Donut Browser, an browser orchestrator. 
+            You are an issue validation assistant for Donut Browser, an anti-detect browser. 

            Analyze the provided issue content and determine if it contains sufficient information based on these requirements:

@@ -90,17 +91,44 @@ jobs:
            ```

            Be constructive and helpful in your feedback. If the issue is incomplete, provide specific guidance on what's needed.
-          model: gpt-4o
+            model: openai/gpt-4o
+
+      - name: Check if first-time contributor
+        id: check-first-time
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUE_AUTHOR: ${{ github.event.issue.user.login }}
+        run: |
+          # Check if user has created issues before (excluding the current one)
+          ISSUE_COUNT=$(gh api "/repos/${{ github.repository }}/issues" \
+            --jq "map(select(.user.login == \"$ISSUE_AUTHOR\" and .number != ${{ github.event.issue.number }})) | length" \
+            --paginate || echo "0")
+          
+          if [ "$ISSUE_COUNT" = "0" ]; then
+            echo "is_first_time=true" >> $GITHUB_OUTPUT
+            echo "✅ First-time contributor detected"
+          else
+            echo "is_first_time=false" >> $GITHUB_OUTPUT
+            echo "ℹ️ Returning contributor"
+          fi

      - name: Parse validation result and take action
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          # Get the AI response
-          VALIDATION_RESULT='${{ steps.validate.outputs.response }}'
+          # Prefer reading from the response file to avoid output truncation
+          RESPONSE_FILE='${{ steps.validate.outputs.response-file }}'
+          if [ -n "$RESPONSE_FILE" ] && [ -f "$RESPONSE_FILE" ]; then
+            RAW_OUTPUT=$(cat "$RESPONSE_FILE")
+          else
+            RAW_OUTPUT='${{ steps.validate.outputs.response }}'
+          fi

-          # Extract JSON from the response (handle potential markdown formatting)
-          JSON_RESULT=$(echo "$VALIDATION_RESULT" | sed -n '/```json/,/```/p' | sed '1d;$d' || echo "$VALIDATION_RESULT")
+          # Extract JSON if wrapped in markdown code fences; otherwise use raw
+          JSON_RESULT=$(printf "%s" "$RAW_OUTPUT" | sed -n '/```json/,/```/p' | sed '1d;$d')
+          if [ -z "$JSON_RESULT" ]; then
+            JSON_RESULT="$RAW_OUTPUT"
+          fi

          # Parse JSON fields
          IS_VALID=$(echo "$JSON_RESULT" | jq -r '.is_valid // false')
@@ -111,41 +139,35 @@ jobs:

          echo "Issue validation result: $IS_VALID"
          echo "Issue type: $ISSUE_TYPE"
+          
+          # Prepare greeting message for first-time contributors
+          IS_FIRST_TIME="${{ steps.check-first-time.outputs.is_first_time }}"
+          GREETING_SECTION=""
+          if [ "$IS_FIRST_TIME" = "true" ]; then
+            GREETING_SECTION="## 👋 Welcome!\n\nThank you for your first issue ❤️ If this is a feature request, please make sure it is clear what you want, why you want it, and how important it is to you. If you posted a bug report, please make sure it includes as much detail as possible.\n\n---\n\n"
+          fi

          if [ "$IS_VALID" = "false" ]; then
            # Create a comment asking for more information
-            cat > comment.md << EOF
-          ## 🤖 Issue Validation
-
-          Thank you for submitting this issue! However, it appears that some required information might be missing to help us better understand and address your concern.
-
-          **Issue Type Detected:** \`$ISSUE_TYPE\`
-
-          **Assessment:** $ASSESSMENT
-
-          ### 📋 Missing Information:
-          $MISSING_INFO
-
-          ### 💡 Suggestions for Improvement:
-          $SUGGESTIONS
-
-          ### 📝 How to Provide Additional Information:
-
-          Please edit your original issue description to include the missing information. Here are our issue templates for reference:
-
-          - **Bug Report Template:** [View Template](.github/ISSUE_TEMPLATE/01-bug-report.md)
-          - **Feature Request Template:** [View Template](.github/ISSUE_TEMPLATE/02-feature-request.md)
-
-          ### 🔧 Quick Tips:
-          - For **bug reports**: Include step-by-step reproduction instructions, your environment details, and any error messages
-          - For **feature requests**: Describe the use case, expected behavior, and why this feature would be valuable
-          - Add **screenshots** or **logs** when applicable
-
-          Once you've updated the issue with the missing information, feel free to remove this comment or reply to let us know you've made the updates.
-
-          ---
-          *This validation was performed automatically to ensure we have all the information needed to help you effectively.*
-          EOF
+            {
+              printf "%b" "$GREETING_SECTION"
+              printf "## 🤖 Issue Validation\n\n"
+              printf "Thank you for submitting this issue! However, it appears that some required information might be missing to help us better understand and address your concern.\n\n"
+              printf "**Issue Type Detected:** \`%s\`\n\n" "$ISSUE_TYPE"
+              printf "**Assessment:** %s\n\n" "$ASSESSMENT"
+              printf "### 📋 Missing Information:\n%s\n\n" "$MISSING_INFO"
+              printf "### 💡 Suggestions for Improvement:\n%s\n\n" "$SUGGESTIONS"
+              printf "### 📝 How to Provide Additional Information:\n\n"
+              printf "Please edit your original issue description to include the missing information. Here are our issue templates for reference:\n\n"
+              printf -- "- **Bug Report Template:** [View Template](.github/ISSUE_TEMPLATE/01-bug-report.md)\n"
+              printf -- "- **Feature Request Template:** [View Template](.github/ISSUE_TEMPLATE/02-feature-request.md)\n\n"
+              printf "### 🔧 Quick Tips:\n"
+              printf -- "- For **bug reports**: Include step-by-step reproduction instructions, your environment details, and any error messages\n"
+              printf -- "- For **feature requests**: Describe the use case, expected behavior, and why this feature would be valuable\n"
+              printf -- "- Add **screenshots** or **logs** when applicable\n\n"
+              printf "Once you have updated the issue with the missing information, feel free to remove this comment or reply to let us know you have made the updates.\n\n"
+              printf -- "---\n*This validation was performed automatically to ensure we have all the information needed to help you effectively.*\n"
+            } > comment.md

            # Post the comment
            gh issue comment ${{ github.event.issue.number }} --body-file comment.md
@@ -156,7 +178,25 @@ jobs:
            echo "✅ Validation comment posted and 'needs-info' label added"
          else
            echo "✅ Issue contains sufficient information"
-            
+
+            # Prepare a summary comment even when valid
+            SUGGESTIONS_SECTION=""
+            if [ -n "$SUGGESTIONS" ]; then
+              SUGGESTIONS_SECTION=$(printf "### 💡 Suggestions:\n%s\n\n" "$SUGGESTIONS")
+            fi
+
+            {
+              printf "%b" "$GREETING_SECTION"
+              printf "## 🤖 Issue Validation\n\n"
+              printf "**Issue Type Detected:** \`%s\`\n\n" "$ISSUE_TYPE"
+              printf "**Assessment:** %s\n\n" "$ASSESSMENT"
+              printf "%b" "$SUGGESTIONS_SECTION"
+              printf -- "---\n*This validation was performed automatically to help triage issues.*\n"
+            } > comment.md
+
+            # Post the summary comment
+            gh issue comment ${{ github.event.issue.number }} --body-file comment.md
+
            # Add appropriate labels based on issue type
            case "$ISSUE_TYPE" in
              "bug_report")
@@ -34,13 +34,15 @@ jobs:
        run: git config --global core.autocrlf false

      - name: Checkout repository code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0

      - name: Set up pnpm package manager
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda #v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 #v4.2.0
+        with:
+          run_install: false

      - name: Set up Node.js
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.4.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 #v6.0.0
        with:
          node-version-file: .node-version
          cache: "pnpm"
@@ -30,9 +30,8 @@ permissions:
 jobs:
  build:
    strategy:
-      fail-fast: true
      matrix:
-        os: [macos-latest]
+        os: [macos-latest, ubuntu-22.04]

    runs-on: ${{ matrix.os }}

@@ -42,19 +41,21 @@ jobs:
        run: git config --global core.autocrlf false

      - name: Checkout repository code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0

      - name: Set up pnpm package manager
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda #v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 #v4.2.0
+        with:
+          run_install: false

      - name: Set up Node.js
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.4.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 #v6.0.0
        with:
          node-version-file: .node-version
          cache: "pnpm"

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b #master
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 #master
        with:
          toolchain: stable
          components: rustfmt, clippy
@@ -66,7 +67,7 @@ jobs:
        run: cargo install banderole

      - name: Install dependencies (Ubuntu only)
-        if: matrix.os == 'ubuntu-latest'
+        if: matrix.os == 'ubuntu-22.04'
        run: |
          sudo apt-get update
          sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev
@@ -78,7 +79,7 @@ jobs:
        shell: bash
        working-directory: ./nodecar
        run: |
-          if [[ "${{ matrix.os }}" == "ubuntu-latest" ]]; then
+          if [[ "${{ matrix.os }}" == "ubuntu-22.04" ]]; then
            pnpm run build:linux-x64
          elif [[ "${{ matrix.os }}" == "macos-latest" ]]; then
            pnpm run build:mac-aarch64
@@ -86,11 +87,16 @@ jobs:
            pnpm run build:win-x64
          fi

+      # TODO: replace with an integration test that fetches everything from rust
+      # - name: Download Camoufox for testing
+      #   run: npx camoufox-js fetch
+      #   continue-on-error: true
+
      - name: Copy nodecar binary to Tauri binaries
        shell: bash
        run: |
          mkdir -p src-tauri/binaries
-          if [[ "${{ matrix.os }}" == "ubuntu-latest" ]]; then
+          if [[ "${{ matrix.os }}" == "ubuntu-22.04" ]]; then
            cp nodecar/nodecar-bin src-tauri/binaries/nodecar-x86_64-unknown-linux-gnu
          elif [[ "${{ matrix.os }}" == "macos-latest" ]]; then
            cp nodecar/nodecar-bin src-tauri/binaries/nodecar-aarch64-apple-darwin
@@ -98,8 +104,33 @@ jobs:
            cp nodecar/nodecar-bin.exe src-tauri/binaries/nodecar-x86_64-pc-windows-msvc.exe
          fi

-      - name: Create empty 'dist' directory
-        run: mkdir dist
+      - name: Build frontend
+        run: pnpm next build
+
+      - name: Get host target
+        id: host_target
+        shell: bash
+        run: |
+          HOST_TARGET=$(rustc -vV | sed -n 's|host: ||p')
+          echo "target=${HOST_TARGET}" >> $GITHUB_OUTPUT
+          echo "Host target: ${HOST_TARGET}"
+
+      - name: Build donut-proxy sidecar
+        shell: bash
+        working-directory: ./src-tauri
+        run: cargo build --bin donut-proxy
+
+      - name: Copy donut-proxy binary to Tauri binaries
+        shell: bash
+        run: |
+          mkdir -p src-tauri/binaries
+          HOST_TARGET="${{ steps.host_target.outputs.target }}"
+          if [[ "$HOST_TARGET" == *"windows"* ]]; then
+            cp src-tauri/target/debug/donut-proxy.exe src-tauri/binaries/donut-proxy-${HOST_TARGET}.exe
+          else
+            cp src-tauri/target/debug/donut-proxy src-tauri/binaries/donut-proxy-${HOST_TARGET}
+            chmod +x src-tauri/binaries/donut-proxy-${HOST_TARGET}
+          fi

      - name: Run rustfmt check
        run: cargo fmt --all -- --check
@@ -50,7 +50,7 @@ jobs:
  scan-scheduled:
    name: Scheduled Security Scan
    if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@b77c075a1235514558f0eb88dbd31e22c45e0cd2" # v2.3.0
    with:
      scan-args: |-
        -r
@@ -63,7 +63,7 @@ jobs:
  scan-pr:
    name: PR Security Scan
    if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@b77c075a1235514558f0eb88dbd31e22c45e0cd2" # v2.3.0
    with:
      scan-args: |-
        -r
@@ -29,7 +29,7 @@ jobs:
  security-scan:
    name: Security Vulnerability Scan
    if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@b77c075a1235514558f0eb88dbd31e22c45e0cd2" # v2.3.0
    with:
      scan-args: |-
        -r
@@ -11,11 +11,11 @@ permissions:
 jobs:
  generate-release-notes:
    runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/v') && !github.event.release.prerelease
+    if: startsWith(github.event.release.tag_name, 'v') && !github.event.release.prerelease

    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0
        with:
          fetch-depth: 0 # Fetch full history to compare with previous release

@@ -23,7 +23,7 @@ jobs:
        id: get-previous-tag
        run: |
          # Get the previous release tag (excluding the current one)
-          CURRENT_TAG="${{ github.ref_name }}"
+          CURRENT_TAG="${{ github.event.release.tag_name }}"
          PREVIOUS_TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | grep -v "$CURRENT_TAG" | head -n 1)

          if [ -z "$PREVIOUS_TAG" ]; then
@@ -58,11 +58,11 @@ jobs:

      - name: Generate release notes with AI
        id: generate-notes
-        uses: actions/ai-inference@9693b137b6566bb66055a713613bf4f0493701eb # v1.2.3
+        uses: actions/ai-inference@a1c11829223a786afe3b5663db904a3aa1eac3a2 # v2.0.1
        with:
          prompt-file: commits.txt
          system-prompt: |
-            You are an expert technical writer tasked with generating comprehensive release notes for Donut Browser, a powerful browser orchestrator.
+            You are an expert technical writer tasked with generating comprehensive release notes for Donut Browser, a powerful anti-detect browser.

            Analyze the provided commit messages and generate well-structured release notes following this format:

@@ -104,8 +104,13 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          # Get the generated release notes
-          RELEASE_NOTES="${{ steps.generate-notes.outputs.response }}"
+          # Prefer reading from the response file to avoid output truncation
+          RESPONSE_FILE='${{ steps.generate-notes.outputs.response-file }}'
+          if [ -n "$RESPONSE_FILE" ] && [ -f "$RESPONSE_FILE" ]; then
+            RELEASE_NOTES=$(cat "$RESPONSE_FILE")
+          else
+            RELEASE_NOTES='${{ steps.generate-notes.outputs.response }}'
+          fi

          # Update the release with the generated notes
          gh api --method PATCH /repos/${{ github.repository }}/releases/${{ github.event.release.id }} \
@@ -13,7 +13,7 @@ env:
 jobs:
  security-scan:
    name: Security Vulnerability Scan
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@b77c075a1235514558f0eb88dbd31e22c45e0cd2" # v2.3.0
    with:
      scan-args: |-
        -r
@@ -67,37 +67,37 @@ jobs:
      matrix:
        include:
          - platform: "macos-latest"
-            args: "--target aarch64-apple-darwin"
+            args: "--target aarch64-apple-darwin --verbose"
            arch: "aarch64"
            target: "aarch64-apple-darwin"
            pkg_target: "latest-macos-arm64"
            nodecar_script: "build:mac-aarch64"
          - platform: "macos-latest"
-            args: "--target x86_64-apple-darwin"
+            args: "--target x86_64-apple-darwin --verbose"
            arch: "x86_64"
            target: "x86_64-apple-darwin"
            pkg_target: "latest-macos-x64"
            nodecar_script: "build:mac-x86_64"
          - platform: "ubuntu-22.04"
-            args: "--target x86_64-unknown-linux-gnu"
+            args: "--target x86_64-unknown-linux-gnu --verbose"
            arch: "x86_64"
            target: "x86_64-unknown-linux-gnu"
            pkg_target: "latest-linux-x64"
            nodecar_script: "build:linux-x64"
          - platform: "ubuntu-22.04-arm"
-            args: "--target aarch64-unknown-linux-gnu"
+            args: "--target aarch64-unknown-linux-gnu --verbose"
            arch: "aarch64"
            target: "aarch64-unknown-linux-gnu"
            pkg_target: "latest-linux-arm64"
            nodecar_script: "build:linux-arm64"
          # - platform: "windows-latest"
-          #   args: "--target x86_64-pc-windows-msvc"
+          #   args: "--target x86_64-pc-windows-msvc --verbose"
          #   arch: "x86_64"
          #   target: "x86_64-pc-windows-msvc"
          #   pkg_target: "latest-win-x64"
          #   nodecar_script: "build:win-x64"
          # - platform: "windows-11-arm"
-          #   args: "--target aarch64-pc-windows-msvc"
+          #   args: "--target aarch64-pc-windows-msvc --verbose"
          #   arch: "aarch64"
          #   target: "aarch64-pc-windows-msvc"
          #   pkg_target: "latest-win-arm64"
@@ -105,18 +105,21 @@ jobs:

    runs-on: ${{ matrix.platform }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
-
-      - name: Setup Node.js
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.4.0
-        with:
-          node-version-file: .node-version
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0

      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda #v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 #v4.2.0
+        with:
+          run_install: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 #v6.0.0
+        with:
+          node-version-file: .node-version
+          cache: "pnpm"

      - name: Setup Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b #master
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 #master
        with:
          toolchain: stable
          targets: ${{ matrix.target }}
@@ -128,7 +131,7 @@ jobs:
          sudo apt-get install -y libwebkit2gtk-4.1-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev pkg-config xdg-utils

      - name: Rust cache
-        uses: swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 #v2.8.0
+        uses: swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 #v2.8.1
        with:
          workdir: ./src-tauri

@@ -154,19 +157,48 @@ jobs:
            cp nodecar/nodecar-bin src-tauri/binaries/nodecar-${{ matrix.target }}
          fi

-      - name: Download Camoufox for testing
-        run: npx camoufox-js fetch
-        continue-on-error: true
+      # - name: Download Camoufox for testing
+      #   run: npx camoufox-js fetch
+      #   continue-on-error: true

      - name: Build frontend
-        run: pnpm build
+        run: pnpm exec next build
+
+      - name: Verify frontend dist exists
+        shell: bash
+        run: |
+          if [ ! -d "dist" ]; then
+            echo "Error: dist directory not found after build"
+            ls -la
+            exit 1
+          fi
+          echo "Frontend dist directory verified at $(pwd)/dist"
+          echo "Checking from src-tauri perspective:"
+          ls -la src-tauri/../dist || echo "Warning: dist not accessible from src-tauri"
+
+      - name: Build donut-proxy sidecar
+        shell: bash
+        working-directory: ./src-tauri
+        run: cargo build --bin donut-proxy --target ${{ matrix.target }} --release
+
+      - name: Copy donut-proxy binary to Tauri binaries
+        shell: bash
+        run: |
+          mkdir -p src-tauri/binaries
+          if [[ "${{ matrix.platform }}" == "windows-latest" ]]; then
+            cp src-tauri/target/${{ matrix.target }}/release/donut-proxy.exe src-tauri/binaries/donut-proxy-${{ matrix.target }}.exe
+          else
+            cp src-tauri/target/${{ matrix.target }}/release/donut-proxy src-tauri/binaries/donut-proxy-${{ matrix.target }}
+            chmod +x src-tauri/binaries/donut-proxy-${{ matrix.target }}
+          fi

      - name: Build Tauri app
-        uses: tauri-apps/tauri-action@564aea5a8075c7a54c167bb0cf5b3255314a7f9d #v0.5.22
+        uses: tauri-apps/tauri-action@19b93bb55601e3e373a93cfb6eb4242e45f5af20 #v0.6.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_REF_NAME: ${{ github.ref_name }}
        with:
+          projectPath: ./src-tauri
          tagName: ${{ github.ref_name }}
          releaseName: "Donut Browser ${{ github.ref_name }}"
          releaseBody: "See the assets to download this version and install."
@@ -174,9 +206,8 @@ jobs:
          prerelease: false
          args: ${{ matrix.args }}

-      - name: Commit CHANGELOG.md
-        uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 #v6.0.1
-        with:
-          branch: main
-          commit_message: "docs: update CHANGELOG.md for ${{ github.ref_name }} [skip ci]"
-          file_pattern: CHANGELOG.md
+#      - name: Commit CHANGELOG.md
+#        uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 #v6.0.1
+#        with:
+#          branch: main
+#          commit_message: "docs: update CHANGELOG.md for ${{ github.ref_name }} [skip ci]"
@@ -12,7 +12,7 @@ env:
 jobs:
  security-scan:
    name: Security Vulnerability Scan
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@b00f71e051ddddc6e46a193c31c8c0bf283bf9e6" # v2.1.0
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@b77c075a1235514558f0eb88dbd31e22c45e0cd2" # v2.3.0
    with:
      scan-args: |-
        -r
@@ -66,37 +66,37 @@ jobs:
      matrix:
        include:
          - platform: "macos-latest"
-            args: "--target aarch64-apple-darwin"
+            args: "--target aarch64-apple-darwin --verbose"
            arch: "aarch64"
            target: "aarch64-apple-darwin"
            pkg_target: "latest-macos-arm64"
            nodecar_script: "build:mac-aarch64"
          - platform: "macos-latest"
-            args: "--target x86_64-apple-darwin"
+            args: "--target x86_64-apple-darwin --verbose"
            arch: "x86_64"
            target: "x86_64-apple-darwin"
            pkg_target: "latest-macos-x64"
            nodecar_script: "build:mac-x86_64"
          - platform: "ubuntu-22.04"
-            args: "--target x86_64-unknown-linux-gnu"
+            args: "--target x86_64-unknown-linux-gnu --verbose"
            arch: "x86_64"
            target: "x86_64-unknown-linux-gnu"
            pkg_target: "latest-linux-x64"
            nodecar_script: "build:linux-x64"
          - platform: "ubuntu-22.04-arm"
-            args: "--target aarch64-unknown-linux-gnu"
+            args: "--target aarch64-unknown-linux-gnu --verbose"
            arch: "aarch64"
            target: "aarch64-unknown-linux-gnu"
            pkg_target: "latest-linux-arm64"
            nodecar_script: "build:linux-arm64"
          - platform: "windows-latest"
-            args: "--target x86_64-pc-windows-msvc"
+            args: "--target x86_64-pc-windows-msvc --verbose"
            arch: "x86_64"
            target: "x86_64-pc-windows-msvc"
            pkg_target: "latest-win-x64"
            nodecar_script: "build:win-x64"
          # - platform: "windows-11-arm"
-          #   args: "--target aarch64-pc-windows-msvc"
+          #   args: "--target aarch64-pc-windows-msvc --verbose"
          #   arch: "aarch64"
          #   target: "aarch64-pc-windows-msvc"
          #   pkg_target: "latest-win-arm64"
@@ -104,18 +104,21 @@ jobs:

    runs-on: ${{ matrix.platform }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
-
-      - name: Setup Node.js
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.4.0
-        with:
-          node-version-file: .node-version
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0

      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda #v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 #v4.2.0
+        with:
+          run_install: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 #v6.0.0
+        with:
+          node-version-file: .node-version
+          cache: "pnpm"

      - name: Setup Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b #master
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 #master
        with:
          toolchain: stable
          targets: ${{ matrix.target }}
@@ -127,7 +130,7 @@ jobs:
          sudo apt-get install -y libwebkit2gtk-4.1-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev pkg-config xdg-utils

      - name: Rust cache
-        uses: swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 #v2.8.0
+        uses: swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 #v2.8.1
        with:
          workdir: ./src-tauri

@@ -153,12 +156,40 @@ jobs:
            cp nodecar/nodecar-bin src-tauri/binaries/nodecar-${{ matrix.target }}
          fi

-      - name: Download Camoufox for testing
-        run: npx camoufox-js fetch
-        continue-on-error: true
+      # - name: Download Camoufox for testing
+      #   run: npx camoufox-js fetch
+      #   continue-on-error: true

      - name: Build frontend
-        run: pnpm build
+        run: pnpm exec next build
+
+      - name: Verify frontend dist exists
+        shell: bash
+        run: |
+          if [ ! -d "dist" ]; then
+            echo "Error: dist directory not found after build"
+            ls -la
+            exit 1
+          fi
+          echo "Frontend dist directory verified at $(pwd)/dist"
+          echo "Checking from src-tauri perspective:"
+          ls -la src-tauri/../dist || echo "Warning: dist not accessible from src-tauri"
+
+      - name: Build donut-proxy sidecar
+        shell: bash
+        working-directory: ./src-tauri
+        run: cargo build --bin donut-proxy --target ${{ matrix.target }} --release
+
+      - name: Copy donut-proxy binary to Tauri binaries
+        shell: bash
+        run: |
+          mkdir -p src-tauri/binaries
+          if [[ "${{ matrix.platform }}" == "windows-latest" ]]; then
+            cp src-tauri/target/${{ matrix.target }}/release/donut-proxy.exe src-tauri/binaries/donut-proxy-${{ matrix.target }}.exe
+          else
+            cp src-tauri/target/${{ matrix.target }}/release/donut-proxy src-tauri/binaries/donut-proxy-${{ matrix.target }}
+            chmod +x src-tauri/binaries/donut-proxy-${{ matrix.target }}
+          fi

      - name: Generate nightly timestamp
        id: timestamp
@@ -170,13 +201,14 @@ jobs:
          echo "Generated timestamp: ${TIMESTAMP}-${COMMIT_HASH}"

      - name: Build Tauri app
-        uses: tauri-apps/tauri-action@564aea5a8075c7a54c167bb0cf5b3255314a7f9d #v0.5.22
+        uses: tauri-apps/tauri-action@19b93bb55601e3e373a93cfb6eb4242e45f5af20 #v0.6.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          BUILD_TAG: "nightly-${{ steps.timestamp.outputs.timestamp }}"
          GITHUB_REF_NAME: "nightly-${{ steps.timestamp.outputs.timestamp }}"
          GITHUB_SHA: ${{ github.sha }}
        with:
+          projectPath: ./src-tauri
          tagName: "nightly-${{ steps.timestamp.outputs.timestamp }}"
          releaseName: "Donut Browser Nightly (Build ${{ steps.timestamp.outputs.timestamp }})"
          releaseBody: "⚠️ **Nightly Release** - This is an automatically generated pre-release build from the latest main branch. Use with caution.\n\nCommit: ${{ github.sha }}\nBuild: ${{ steps.timestamp.outputs.timestamp }}"
@@ -21,6 +21,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Actions Repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0
      - name: Spell Check Repo
-        uses: crate-ci/typos@392b78fe18a52790c53f42456e46124f77346842 #v1.34.0
+        uses: crate-ci/typos@626c4bedb751ce0b7f03262ca97ddda9a076ae1c #v1.39.2
@@ -12,7 +12,7 @@ jobs:
      pull-requests: write

    steps:
-      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          stale-issue-message: "This issue has been inactive for 60 days. Please respond to keep it open."
@@ -1,5 +1,7 @@
 {
  "cSpell.words": [
+    "ABORTIFHUNG",
+    "aboutwelcome",
    "adwaita",
    "ahooks",
    "akhilmhdh",
@@ -15,26 +17,35 @@
    "busctl",
    "CAMOU",
    "camoufox",
+    "catppuccin",
    "cdylib",
    "certifi",
    "CFURL",
    "checkin",
    "chrono",
+    "ciphertext",
+    "cksum",
    "CLICOLOR",
    "clippy",
    "cmdk",
    "codegen",
    "codesign",
+    "commitish",
    "CTYPE",
+    "daijro",
    "dataclasses",
    "datareporting",
    "datas",
+    "DBAPI",
    "dconf",
+    "debuginfo",
    "devedition",
+    "distro",
    "doctest",
    "doesn",
    "domcontentloaded",
    "donutbrowser",
+    "doorhanger",
    "dpkg",
    "dtolnay",
    "dyld",
@@ -43,6 +54,8 @@
    "esac",
    "esbuild",
    "etree",
+    "firstrun",
+    "flate",
    "frontmost",
    "geoip",
    "getcwd",
@@ -58,15 +71,20 @@
    "idlelib",
    "idletime",
    "idna",
+    "infobars",
    "Inno",
    "kdeglobals",
    "keras",
    "KHTML",
+    "killall",
+    "Kolkata",
    "kreadconfig",
+    "langpack",
    "launchservices",
    "letterboxing",
    "libatk",
    "libayatana",
+    "libc",
    "libcairo",
    "libgdk",
    "libglib",
@@ -75,16 +93,22 @@
    "libwebkit",
    "libxdo",
    "localtime",
+    "lpdw",
    "lxml",
+    "lzma",
+    "macchiato",
+    "Matchalk",
    "mmdb",
    "mountpoint",
    "msiexec",
+    "mstone",
    "msvc",
    "msys",
    "Mullvad",
    "mullvadbrowser",
    "mypy",
    "noarchive",
+    "nobrowse",
    "noconfirm",
    "nodecar",
    "nodemon",
@@ -96,13 +120,19 @@
    "orhun",
    "orjson",
    "osascript",
+    "oscpu",
+    "outpath",
    "pathex",
    "pathlib",
    "peerconnection",
+    "pids",
    "pixbuf",
+    "pkexec",
+    "pkill",
    "plasmohq",
    "platformdirs",
    "prefs",
+    "PRIO",
    "propertylist",
    "psutil",
    "pycache",
@@ -112,14 +142,21 @@
    "pyoxidizer",
    "pytest",
    "pyyaml",
+    "reportingpolicy",
    "reqwest",
    "ridedott",
    "rlib",
    "rustc",
+    "rwxr",
    "SARIF",
    "scipy",
    "screeninfo",
+    "selectables",
    "serde",
+    "sessionstore",
+    "setpriority",
+    "setsid",
+    "SETTINGCHANGE",
    "setuptools",
    "shadcn",
    "showcursor",
@@ -127,6 +164,7 @@
    "signon",
    "signum",
    "sklearn",
+    "SMTO",
    "sonner",
    "splitn",
    "sspi",
@@ -143,6 +181,7 @@
    "tasklist",
    "tauri",
    "TERX",
+    "testpass",
    "testuser",
    "timedatectl",
    "titlebar",
@@ -150,6 +189,7 @@
    "Torbrowser",
    "tqdm",
    "trackingprotection",
+    "trailhead",
    "turbopack",
    "turtledemo",
    "udeps",
@@ -169,6 +209,7 @@
    "xfconf",
    "xsettings",
    "zhom",
+    "zipball",
    "zoneinfo"
  ]
 }
@@ -6,3 +6,4 @@
 - Before finishing the task and showing summary, always run "pnpm format && pnpm lint && pnpm test" at the root of the project to ensure that you don't finish with broken application.
 - Anytime you change nodecar's code and try to test, recompile it with "cd nodecar && pnpm build".
 - If there is a global singleton of a struct, only use it inside a method while properly initializing it, unless I have explicitly specified in the request otherwise.
+- If you are modifying the UI, do not add random colors that are not controlled by src/lib/themes.ts file.
@@ -1,7 +1,7 @@
 <div align="center">
  <img src="assets/logo.png" alt="Donut Browser Logo" width="150">
  <h1>Donut Browser</h1>
-  <strong>A powerful browser orchestrator that puts you in control of your browsing experience. 🍩</strong>
+  <strong>A powerful anti-detect browser that puts you in control of your browsing experience. 🍩</strong>
 </div>
 <br>

@@ -25,10 +25,6 @@
  </a>
 </p>

-## Donut Browser
-
-> A free and open source browser orchestrator built with [Tauri](https://v2.tauri.app/).
-
 <picture>
 <source media="(prefers-color-scheme: dark)" srcset="assets/preview-dark.png" />
 <source media="(prefers-color-scheme: light)" srcset="assets/preview.png" />
@@ -38,9 +34,10 @@
 ## Features

 - Create unlimited number of local browser profiles completely isolated from each other
- Proxy support with basic auth for all browsers except for TOR Browser
+- Safely use multiple accounts on one device by using anti-detect browser profiles, powered by [Camoufox](https://camoufox.com)
+- Proxy support with basic auth for all browsers
 - Import profiles from your existing browsers
- Automatic updates both for browsers and for the app itself
+- Automatic updates for browsers
 - Set Donut Browser as your default browser to control in which profile to open links

 ## Download
@@ -1,5 +1,5 @@
 {
-  "$schema": "https://biomejs.dev/schemas/2.0.6/schema.json",
+  "$schema": "https://biomejs.dev/schemas/2.2.0/schema.json",
  "vcs": {
    "enabled": false,
    "clientKind": "git",
@@ -18,11 +18,11 @@
    "rules": {
      "recommended": true,
      "correctness": {
+        "useUniqueElementIds": "off",
        "useHookAtTopLevel": "error"
      },
-      "nursery": {
-        "useUniqueElementIds": "off"
-      },
+      "nursery": "off",
+      "suspicious": "off",
      "a11y": {
        "useSemanticElements": "off"
      }
@@ -1,5 +1,6 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
+/// <reference path="./dist/types/routes.d.ts" />

 // NOTE: This file should not be edited
 // see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
@@ -7,6 +7,9 @@ const nextConfig: NextConfig = {
    unoptimized: true,
  },
  distDir: "dist",
+  compiler: {
+    removeConsole: process.env.NODE_ENV === "production",
+  },
 };

 export default nextConfig;
@@ -23,6 +23,3 @@ fi

 # Copy the file with target triple suffix
 cp "nodecar-bin" "../src-tauri/binaries/nodecar-${TARGET_TRIPLE}${EXT}"
-
-# Also copy a generic version for Tauri to find
-cp "nodecar-bin" "../src-tauri/binaries/nodecar${EXT}"
@@ -8,7 +8,6 @@
    "watch": "nodemon --exec ts-node --esm ./src/index.ts --watch src",
    "dev": "node --loader ts-node/esm ./src/index.ts",
    "start": "tsc && node ./dist/index.js",
-    "test": "tsc && node ./dist/test-proxy.js",
    "rename-binary": "sh ./copy-binary.sh",
    "build": "tsc && banderole bundle . --output nodecar-bin && pnpm rename-binary",
    "build:mac-aarch64": "tsc && banderole bundle . --output nodecar-bin && pnpm rename-binary",
@@ -22,17 +21,18 @@
  "author": "",
  "license": "AGPL-3.0",
  "dependencies": {
-    "@types/node": "^24.1.0",
-    "camoufox-js": "^0.6.2",
-    "commander": "^14.0.0",
-    "dotenv": "^17.2.1",
+    "@types/node": "^24.10.1",
+    "commander": "^14.0.2",
+    "donutbrowser-camoufox-js": "^0.7.0",
+    "dotenv": "^17.2.3",
+    "fingerprint-generator": "^2.1.77",
    "get-port": "^7.1.0",
-    "nodemon": "^3.1.10",
-    "playwright-core": "^1.54.2",
-    "proxy-chain": "^2.5.9",
-    "tmp": "^0.2.3",
+    "nodemon": "^3.1.11",
+    "playwright-core": "^1.57.0",
+    "proxy-chain": "^2.6.0",
+    "tmp": "^0.2.5",
    "ts-node": "^10.9.2",
-    "typescript": "^5.9.2"
+    "typescript": "^5.9.3"
  },
  "devDependencies": {
    "@types/tmp": "^0.2.6"
@@ -1,6 +1,7 @@
 import { spawn } from "node:child_process";
 import path from "node:path";
-import type { LaunchOptions } from "camoufox-js/dist/utils.js";
+import { launchOptions } from "donutbrowser-camoufox-js";
+import type { LaunchOptions } from "donutbrowser-camoufox-js/dist/utils.js";
 import {
  type CamoufoxConfig,
  deleteCamoufoxConfig,
@@ -10,6 +11,102 @@ import {
  saveCamoufoxConfig,
 } from "./camoufox-storage.js";

+/**
+ * Convert camoufox fingerprint format to fingerprint-generator format
+ * @param camoufoxFingerprint The camoufox fingerprint object
+ * @returns fingerprint-generator object
+ */
+function convertCamoufoxToFingerprintGenerator(
+  camoufoxFingerprint: Record<string, any>,
+): any {
+  const fingerprintObj: Record<string, any> = {
+    navigator: {},
+    screen: {},
+    videoCard: {},
+    headers: {},
+    battery: {},
+  };
+
+  // Mapping from camoufox keys to fingerprint-generator structure based on the YAML
+  const mappings: Record<string, string> = {
+    // Navigator properties
+    "navigator.userAgent": "navigator.userAgent",
+    "navigator.platform": "navigator.platform",
+    "navigator.hardwareConcurrency": "navigator.hardwareConcurrency",
+    "navigator.maxTouchPoints": "navigator.maxTouchPoints",
+    "navigator.doNotTrack": "navigator.doNotTrack",
+    "navigator.appCodeName": "navigator.appCodeName",
+    "navigator.appName": "navigator.appName",
+    "navigator.appVersion": "navigator.appVersion",
+    "navigator.oscpu": "navigator.oscpu",
+    "navigator.product": "navigator.product",
+    "navigator.language": "navigator.language",
+    "navigator.languages": "navigator.languages",
+    "navigator.globalPrivacyControl": "navigator.globalPrivacyControl",
+
+    // Screen properties
+    "screen.width": "screen.width",
+    "screen.height": "screen.height",
+    "screen.availWidth": "screen.availWidth",
+    "screen.availHeight": "screen.availHeight",
+    "screen.availTop": "screen.availTop",
+    "screen.availLeft": "screen.availLeft",
+    "screen.colorDepth": "screen.colorDepth",
+    "screen.pixelDepth": "screen.pixelDepth",
+    "window.outerWidth": "screen.outerWidth",
+    "window.outerHeight": "screen.outerHeight",
+    "window.innerWidth": "screen.innerWidth",
+    "window.innerHeight": "screen.innerHeight",
+    "window.screenX": "screen.screenX",
+    "window.screenY": "screen.screenY",
+    "screen.pageXOffset": "screen.pageXOffset",
+    "screen.pageYOffset": "screen.pageYOffset",
+    "window.devicePixelRatio": "screen.devicePixelRatio",
+    "document.body.clientWidth": "screen.clientWidth",
+    "document.body.clientHeight": "screen.clientHeight",
+
+    // WebGL properties
+    "webGl:vendor": "videoCard.vendor",
+    "webGl:renderer": "videoCard.renderer",
+
+    // Headers
+    "headers.Accept-Encoding": "headers.Accept-Encoding",
+
+    // Battery
+    "battery:charging": "battery.charging",
+    "battery:chargingTime": "battery.chargingTime",
+    "battery:dischargingTime": "battery.dischargingTime",
+  };
+
+  // Apply mappings
+  for (const [camoufoxKey, fingerprintPath] of Object.entries(mappings)) {
+    if (camoufoxFingerprint[camoufoxKey] !== undefined) {
+      const pathParts = fingerprintPath.split(".");
+      let current = fingerprintObj;
+
+      // Navigate to the nested property, creating objects as needed
+      for (let i = 0; i < pathParts.length - 1; i++) {
+        const part = pathParts[i];
+        if (!current[part]) {
+          current[part] = {};
+        }
+        current = current[part];
+      }
+
+      // Set the final value
+      const finalKey = pathParts[pathParts.length - 1];
+      current[finalKey] = camoufoxFingerprint[camoufoxKey];
+    }
+  }
+
+  // Handle fonts separately
+  if (camoufoxFingerprint.fonts && Array.isArray(camoufoxFingerprint.fonts)) {
+    fingerprintObj.fonts = camoufoxFingerprint.fonts;
+  }
+
+  return { ...camoufoxFingerprint, ...fingerprintObj };
+}
+
 /**
 * Start a Camoufox instance in a separate process
 * @param options Camoufox launch options
@@ -21,16 +118,23 @@ export async function startCamoufoxProcess(
  options: LaunchOptions = {},
  profilePath?: string,
  url?: string,
+  customConfig?: string,
 ): Promise<CamoufoxConfig> {
  // Generate a unique ID for this instance
  const id = generateCamoufoxId();

+  // Ensure profile path is absolute if provided
+  const absoluteProfilePath = profilePath
+    ? path.resolve(profilePath)
+    : undefined;
+
  // Create the Camoufox configuration
  const config: CamoufoxConfig = {
    id,
-    options,
-    profilePath,
+    options: JSON.parse(JSON.stringify(options)), // Deep clone to avoid reference sharing
+    profilePath: absoluteProfilePath,
    url,
+    customConfig,
  };

  // Save the configuration before starting the process
@@ -163,6 +267,18 @@ export async function startCamoufoxProcess(
  });
 }

+/**
+ * Check if a process is running by PID
+ */
+function isProcessRunning(pid: number): boolean {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
 /**
 * Stop a Camoufox process
 * @param id The Camoufox ID to stop
@@ -175,41 +291,90 @@ export async function stopCamoufoxProcess(id: string): Promise<boolean> {
    return false;
  }

+  const pid = config.processId;
+
  try {
-    const killByPattern = spawn("pkill", ["-f", `camoufox-worker.*${id}`], {
-      stdio: "ignore",
-    });
-
-    // Method 2: If we have a process ID, kill by PID
-    if (config.processId) {
+    // Method 1: If we have a process ID, kill by PID with proper signal sequence
+    if (pid && isProcessRunning(pid)) {
      try {
-        process.kill(config.processId, "SIGTERM");
+        // First try SIGTERM for graceful shutdown
+        process.kill(pid, "SIGTERM");

-        // Give it a moment to terminate gracefully
-        await new Promise((resolve) => setTimeout(resolve, 2000));
-
-        // Force kill if still running
-        try {
-          process.kill(config.processId, "SIGKILL");
-        } catch {
-          // Process already terminated
+        // Wait up to 3 seconds for graceful shutdown
+        for (let i = 0; i < 30; i++) {
+          await new Promise((resolve) => setTimeout(resolve, 100));
+          if (!isProcessRunning(pid)) {
+            break;
+          }
        }
-      } catch (error) {
-        // Process not found or already terminated
+
+        // If still running, force kill
+        if (isProcessRunning(pid)) {
+          process.kill(pid, "SIGKILL");
+          // Wait for SIGKILL to take effect
+          for (let i = 0; i < 20; i++) {
+            await new Promise((resolve) => setTimeout(resolve, 100));
+            if (!isProcessRunning(pid)) {
+              break;
+            }
+          }
+        }
+      } catch {
+        // Process might have already exited
      }
    }

-    // Wait for pattern-based kill command to complete
+    // Method 2: Pattern-based kill as fallback (kills any child processes)
    await new Promise<void>((resolve) => {
+      const killByPattern = spawn(
+        "pkill",
+        ["-TERM", "-f", `camoufox-worker.*${id}`],
+        { stdio: "ignore" },
+      );
      killByPattern.on("exit", () => resolve());
-      // Timeout after 3 seconds
-      setTimeout(() => resolve(), 3000);
+      setTimeout(() => resolve(), 1000);
    });

+    // Wait a moment then force kill any remaining
+    await new Promise((resolve) => setTimeout(resolve, 500));
+
+    await new Promise<void>((resolve) => {
+      const killByPatternForce = spawn(
+        "pkill",
+        ["-KILL", "-f", `camoufox-worker.*${id}`],
+        { stdio: "ignore" },
+      );
+      killByPatternForce.on("exit", () => resolve());
+      setTimeout(() => resolve(), 1000);
+    });
+
+    // Also kill any Firefox processes associated with this profile
+    if (config.profilePath) {
+      await new Promise<void>((resolve) => {
+        const killFirefox = spawn(
+          "pkill",
+          ["-KILL", "-f", config.profilePath!],
+          { stdio: "ignore" },
+        );
+        killFirefox.on("exit", () => resolve());
+        setTimeout(() => resolve(), 1000);
+      });
+    }
+
+    // Verify process is actually dead
+    if (pid && isProcessRunning(pid)) {
+      // Last resort: SIGKILL again
+      try {
+        process.kill(pid, "SIGKILL");
+      } catch {
+        // Ignore
+      }
+    }
+
    // Delete the configuration
    deleteCamoufoxConfig(id);
    return true;
-  } catch (error) {
+  } catch {
    // Delete the configuration even if stopping failed
    deleteCamoufoxConfig(id);
    return false;
@@ -226,3 +391,129 @@ export async function stopAllCamoufoxProcesses(): Promise<void> {
  const stopPromises = configs.map((config) => stopCamoufoxProcess(config.id));
  await Promise.all(stopPromises);
 }
+
+interface GenerateConfigOptions {
+  proxy?: string;
+  maxWidth?: number;
+  maxHeight?: number;
+  minWidth?: number;
+  minHeight?: number;
+  geoip?: string | boolean;
+  blockImages?: boolean;
+  blockWebrtc?: boolean;
+  blockWebgl?: boolean;
+  executablePath?: string;
+  fingerprint?: string;
+  os?: "windows" | "macos" | "linux";
+}
+
+/**
+ * Generate Camoufox configuration using launchOptions
+ * @param options Configuration options
+ * @returns Promise resolving to the generated config JSON string
+ */
+export async function generateCamoufoxConfig(
+  options: GenerateConfigOptions,
+): Promise<string> {
+  try {
+    const launchOpts: any = {
+      headless: false,
+      i_know_what_im_doing: true,
+      config: {
+        disableTheming: true,
+        showcursor: false,
+      },
+    };
+
+    if (options.geoip) {
+      launchOpts.geoip = true;
+    }
+
+    if (options.blockImages) {
+      launchOpts.block_images = true;
+    }
+    if (options.blockWebrtc) {
+      launchOpts.block_webrtc = true;
+    }
+    if (options.blockWebgl) {
+      launchOpts.block_webgl = true;
+    }
+
+    if (options.executablePath) {
+      launchOpts.executable_path = options.executablePath;
+    }
+
+    if (options.proxy) {
+      launchOpts.proxy = options.proxy;
+    }
+
+    // If fingerprint is provided, use it and ignore other options except executable_path and block_*
+    if (options.fingerprint) {
+      try {
+        const camoufoxFingerprint = JSON.parse(options.fingerprint);
+
+        if (camoufoxFingerprint.timezone) {
+          launchOpts.config.timezone = camoufoxFingerprint.timezone;
+        }
+
+        // Convert camoufox fingerprint format to fingerprint-generator format
+        const fingerprintObj =
+          convertCamoufoxToFingerprintGenerator(camoufoxFingerprint);
+        launchOpts.fingerprint = fingerprintObj;
+      } catch (error) {
+        throw new Error(`Invalid fingerprint JSON: ${error}`);
+      }
+    } else {
+      // Use individual options to build configuration
+
+      // Build screen configuration with min/max dimensions
+      const screen: {
+        minWidth?: number;
+        maxWidth?: number;
+        minHeight?: number;
+        maxHeight?: number;
+      } = {};
+
+      if (options.minWidth) screen.minWidth = options.minWidth;
+      if (options.maxWidth) screen.maxWidth = options.maxWidth;
+      if (options.minHeight) screen.minHeight = options.minHeight;
+      if (options.maxHeight) screen.maxHeight = options.maxHeight;
+
+      if (Object.keys(screen).length > 0) {
+        launchOpts.screen = screen;
+      }
+    }
+
+    launchOpts.allowAddonNewTab = true;
+
+    // Add OS option for fingerprint generation
+    if (options.os) {
+      launchOpts.os = options.os;
+    }
+
+    // Generate the configuration using launchOptions
+    const generatedOptions = await launchOptions(launchOpts);
+
+    // Extract the environment variables that contain the config
+    const envVars = generatedOptions.env || {};
+
+    // Reconstruct the config from environment variables using getEnvVars utility
+    let configStr = "";
+    let chunkIndex = 1;
+
+    while (envVars[`CAMOU_CONFIG_${chunkIndex}`]) {
+      configStr += envVars[`CAMOU_CONFIG_${chunkIndex}`];
+      chunkIndex++;
+    }
+
+    if (!configStr) {
+      throw new Error("No configuration generated");
+    }
+
+    // Parse and return the config as JSON string
+    const config = JSON.parse(configStr);
+    return JSON.stringify(config);
+  } catch (error) {
+    throw new Error(`Failed to generate Camoufox config: ${error}`);
+  }
+}
@@ -1,6 +1,6 @@
 import fs from "node:fs";
 import path from "node:path";
-import type { LaunchOptions } from "camoufox-js/dist/utils.js";
+import type { LaunchOptions } from "donutbrowser-camoufox-js/dist/utils.js";
 import tmp from "tmp";

 export interface CamoufoxConfig {
@@ -9,6 +9,7 @@ export interface CamoufoxConfig {
  profilePath?: string;
  url?: string;
  processId?: number;
+  customConfig?: string; // JSON string of the fingerprint config
 }

 const STORAGE_DIR = path.join(tmp.tmpdir, "donutbrowser", "camoufox");
@@ -42,7 +43,10 @@ export function getCamoufoxConfig(id: string): CamoufoxConfig | null {
    const content = fs.readFileSync(filePath, "utf-8");
    return JSON.parse(content) as CamoufoxConfig;
  } catch (error) {
-    console.error(`Error reading Camoufox config ${id}:`, error);
+    console.error({
+      message: `Error reading Camoufox config ${id}`,
+      error: (error as Error).message,
+    });
    return null;
  }
 }
@@ -63,7 +67,10 @@ export function deleteCamoufoxConfig(id: string): boolean {
    fs.unlinkSync(filePath);
    return true;
  } catch (error) {
-    console.error(`Error deleting Camoufox config ${id}:`, error);
+    console.error({
+      message: `Error deleting Camoufox config ${id}`,
+      error: (error as Error).message,
+    });
    return false;
  }
 }
@@ -89,13 +96,21 @@ export function listCamoufoxConfigs(): CamoufoxConfig[] {
          );
          return JSON.parse(content) as CamoufoxConfig;
        } catch (error) {
-          console.error(`Error reading Camoufox config ${file}:`, error);
+          console.error({
+            message: `Error reading Camoufox config ${file}`,
+            error,
+          });
          return null;
        }
      })
-      .filter((config): config is CamoufoxConfig => config !== null);
+      .filter((config): config is CamoufoxConfig => config !== null)
+      .map((config) => {
+        config.options = "Removed for logging" as any;
+        config.customConfig = "Removed for logging" as any;
+        return config;
+      });
  } catch (error) {
-    console.error("Error listing Camoufox configs:", error);
+    console.error({ message: "Error listing Camoufox configs:", error });
    return [];
  }
 }
@@ -114,13 +129,16 @@ export function updateCamoufoxConfig(config: CamoufoxConfig): boolean {
    return true;
  } catch (error) {
    if ((error as NodeJS.ErrnoException).code === "ENOENT") {
-      console.error(
-        `Config ${config.id} was deleted while the app was running`,
-      );
+      console.error({
+        message: `Config ${config.id} was deleted while the app was running`,
+      });
      return false;
    }

-    console.error(`Error updating Camoufox config ${config.id}:`, error);
+    console.error({
+      message: `Error updating Camoufox config ${config.id}`,
+      error,
+    });
    return false;
  }
 }
@@ -130,5 +148,6 @@ export function updateCamoufoxConfig(config: CamoufoxConfig): boolean {
 * @returns A unique ID string
 */
 export function generateCamoufoxId(): string {
-  return `camoufox_${Date.now()}_${Math.floor(Math.random() * 10000)}`;
+  // Include process ID to ensure uniqueness across multiple processes
+  return `camoufox_${Date.now()}_${process.pid}_${Math.floor(Math.random() * 10000)}`;
 }
@@ -1,16 +1,40 @@
-import { Camoufox } from "camoufox-js";
-import type { Page } from "playwright-core";
+import fs from "node:fs";
+import path from "node:path";
+import { launchOptions } from "donutbrowser-camoufox-js";
+import type { LaunchOptions } from "donutbrowser-camoufox-js/dist/utils.js";
+import { type Browser, type BrowserContext, firefox } from "playwright-core";
+import tmp from "tmp";
 import { getCamoufoxConfig, saveCamoufoxConfig } from "./camoufox-storage.js";
+import { getEnvVars, parseProxyString } from "./utils.js";
+
+// Set up debug logging to a file
+const LOG_DIR = path.join(tmp.tmpdir, "donutbrowser", "camoufox-logs");
+if (!fs.existsSync(LOG_DIR)) {
+  fs.mkdirSync(LOG_DIR, { recursive: true });
+}
+
+function debugLog(id: string, message: string, data?: any): void {
+  const logFile = path.join(LOG_DIR, `${id}.log`);
+  const timestamp = new Date().toISOString();
+  const logMessage = data
+    ? `[${timestamp}] ${message}: ${JSON.stringify(data, null, 2)}\n`
+    : `[${timestamp}] ${message}\n`;
+  fs.appendFileSync(logFile, logMessage);
+}

 /**
 * Run a Camoufox browser server as a worker process
 * @param id The Camoufox configuration ID
 */
 export async function runCamoufoxWorker(id: string): Promise<void> {
+  debugLog(id, "Worker starting", { pid: process.pid });
+
  // Get the Camoufox configuration
+  debugLog(id, "Loading Camoufox configuration");
  const config = getCamoufoxConfig(id);

  if (!config) {
+    debugLog(id, "Configuration not found");
    console.error(
      JSON.stringify({
        error: "Configuration not found",
@@ -20,93 +44,384 @@ export async function runCamoufoxWorker(id: string): Promise<void> {
    process.exit(1);
  }

-  // Return success immediately - before any async operations
-  const processId = process.pid;
+  debugLog(id, "Configuration loaded successfully", {
+    profilePath: config.profilePath,
+    hasOptions: !!config.options,
+    hasCustomConfig: !!config.customConfig,
+    hasUrl: !!config.url,
+  });
+
+  config.processId = process.pid;
+  saveCamoufoxConfig(config);

  console.log(
    JSON.stringify({
      success: true,
      id: id,
-      processId,
+      processId: process.pid,
      profilePath: config.profilePath,
      message: "Camoufox worker started successfully",
    }),
  );

-  // Update config with process details
-  config.processId = processId;
-  saveCamoufoxConfig(config);
-
-  // Handle process termination gracefully
-  const gracefulShutdown = async () => {
-    process.exit(0);
-  };
-
-  process.on("SIGTERM", () => void gracefulShutdown());
-  process.on("SIGINT", () => void gracefulShutdown());
-
  // Launch browser in background - this can take time and may fail
  setImmediate(async () => {
-    let page: Page | null = null;
+    debugLog(id, "Starting browser launch in background");
+    let browser: Browser | null = null;
+    let context: BrowserContext | null = null;
+    let windowCheckInterval: NodeJS.Timeout | null = null;
+
+    // Graceful shutdown handler with access to browser and server
+    const gracefulShutdown = async () => {
+      debugLog(id, "Graceful shutdown initiated");
+      try {
+        // Clear any intervals first
+        if (windowCheckInterval) {
+          clearInterval(windowCheckInterval);
+        }
+
+        // Close browser context and server if they exist
+        if (context && !context.pages) {
+          // Context is already closed
+        } else if (context) {
+          await context.close();
+        }
+
+        if (browser?.isConnected()) {
+          await browser.close();
+        }
+      } catch {
+        // Ignore cleanup errors during shutdown
+      }
+      process.exit(0);
+    };
+
+    // Handle various quit signals for proper macOS Command+Q support
+    process.on("SIGTERM", () => void gracefulShutdown());
+    process.on("SIGINT", () => void gracefulShutdown());
+    process.on("SIGHUP", () => void gracefulShutdown());
+    process.on("SIGQUIT", () => void gracefulShutdown());
+
+    // Handle uncaught exceptions and unhandled rejections
+    process.on("uncaughtException", () => void gracefulShutdown());
+    process.on("unhandledRejection", () => void gracefulShutdown());

    try {
-      // Prepare options for Camoufox
-      const camoufoxOptions = { ...config.options };
+      debugLog(id, "Preparing launch options");
+      // Deep clone to avoid reference sharing and ensure fresh configuration for each instance
+      const camoufoxOptions: LaunchOptions = JSON.parse(
+        JSON.stringify(config.options || {}),
+      );
+      debugLog(id, "Base options cloned", {
+        hasOptions: Object.keys(camoufoxOptions).length,
+      });

      // Add profile path if provided
      if (config.profilePath) {
        camoufoxOptions.user_data_dir = config.profilePath;
+        debugLog(id, "Set user_data_dir", { profilePath: config.profilePath });
      }

-      // Remove custom properties before passing to Camoufox
-      camoufoxOptions.disableTheming = true;
-      camoufoxOptions.showcursor = false;
-
-      // Set Firefox preferences for theming
-      if (!camoufoxOptions.firefox_user_prefs) {
-        camoufoxOptions.firefox_user_prefs = {};
+      // Ensure block options are properly set
+      if (camoufoxOptions.block_images) {
+        camoufoxOptions.block_images = true;
      }

-      // Default to non-headless for visibility
-      if (camoufoxOptions.headless === undefined) {
-        camoufoxOptions.headless = false;
+      if (camoufoxOptions.block_webgl) {
+        camoufoxOptions.block_webgl = true;
      }

-      const browser = await Camoufox(camoufoxOptions);
-      const context = await browser.newContext();
+      if (camoufoxOptions.block_webrtc) {
+        camoufoxOptions.block_webrtc = true;
+      }
+
+      // Check for headless mode from config (no environment variable check)
+      if (camoufoxOptions.headless) {
+        camoufoxOptions.headless = true;
+      }
+
+      // Always set these defaults - ensure they are applied for each instance
+      camoufoxOptions.i_know_what_im_doing = true;
+      camoufoxOptions.config = {
+        disableTheming: true,
+        showcursor: false,
+        ...(camoufoxOptions.config || {}),
+      };
+      debugLog(id, "Set default options", {
+        i_know_what_im_doing: true,
+        disableTheming: true,
+        showcursor: false,
+      });
+
+      // Generate fresh options for this specific instance
+      debugLog(id, "Generating launch options via launchOptions function");
+      const generatedOptions = await launchOptions(camoufoxOptions);
+      debugLog(id, "Launch options generated successfully", {
+        hasEnv: !!generatedOptions.env,
+        argsLength: generatedOptions.args?.length || 0,
+      });
+
+      // Start with process environment to ensure proper inheritance
+      let finalEnv = { ...process.env };
+      debugLog(id, "Base environment variables set", {
+        envVarCount: Object.keys(finalEnv).length,
+      });
+
+      // Add generated options environment variables
+      if (generatedOptions.env) {
+        finalEnv = { ...finalEnv, ...generatedOptions.env };
+        debugLog(id, "Added generated environment variables", {
+          generatedEnvCount: Object.keys(generatedOptions.env).length,
+          totalEnvCount: Object.keys(finalEnv).length,
+        });
+      }
+
+      // If we have a custom config from Rust, use it directly as environment variables
+      if (config.customConfig) {
+        debugLog(id, "Processing custom config", {
+          customConfigLength: config.customConfig.length,
+        });
+        try {
+          // Parse the custom config JSON string
+          const customConfigObj = JSON.parse(config.customConfig);
+          debugLog(id, "Custom config parsed successfully", {
+            customConfigKeys: Object.keys(customConfigObj),
+          });
+
+          // Ensure default config values are preserved even with custom config
+          const mergedConfig = {
+            ...customConfigObj,
+            disableTheming: true,
+            showcursor: false,
+            // allowAddonNewTab will be handled from the fingerprint config if present
+          };
+
+          // Convert merged config to environment variables using getEnvVars
+          const customEnvVars = getEnvVars(mergedConfig);
+          debugLog(id, "Custom config converted to environment variables", {
+            customEnvVarCount: Object.keys(customEnvVars).length,
+          });
+
+          // Merge custom config with generated config (custom takes precedence)
+          finalEnv = { ...finalEnv, ...customEnvVars };
+          debugLog(id, "Custom config merged with final environment", {
+            finalEnvCount: Object.keys(finalEnv).length,
+          });
+        } catch (error) {
+          debugLog(id, "Failed to parse custom config", {
+            error: error instanceof Error ? error.message : String(error),
+          });
+          console.error(
+            `Camoufox worker ${id}: Failed to parse custom config, using generated config:`,
+            error,
+          );
+          await gracefulShutdown();
+          return;
+        }
+      } else {
+        debugLog(id, "No custom config provided");
+      }
+      // Prepare profile path for persistent context
+      const profilePath = config.profilePath || "";
+      debugLog(id, "Profile path prepared", { profilePath });
+
+      // Launch persistent context with the final configuration
+      const finalOptions: any = {
+        ...generatedOptions,
+        env: finalEnv,
+      };
+      debugLog(id, "Final launch options prepared", {
+        hasExecutablePath: !!finalOptions.executablePath,
+        hasProxy: !!camoufoxOptions.proxy,
+        profilePath,
+      });
+
+      // If a custom executable path was provided, ensure Playwright uses it
+      if (
+        (camoufoxOptions as any).executable_path &&
+        typeof (camoufoxOptions as any).executable_path === "string"
+      ) {
+        finalOptions.executablePath = (camoufoxOptions as any)
+          .executable_path as string;
+        debugLog(id, "Custom executable path set", {
+          executablePath: finalOptions.executablePath,
+        });
+      }
+
+      // Only add proxy if it exists and is valid
+      if (camoufoxOptions.proxy) {
+        debugLog(id, "Processing proxy configuration", {
+          proxyString: camoufoxOptions.proxy,
+        });
+        try {
+          finalOptions.proxy = parseProxyString(camoufoxOptions.proxy);
+          debugLog(id, "Proxy parsed successfully");
+        } catch (error) {
+          debugLog(id, "Failed to parse proxy", {
+            error: error instanceof Error ? error.message : String(error),
+          });
+          console.error({
+            message: "Failed to parse proxy, launching without proxy",
+            error,
+          });
+          await gracefulShutdown();
+          return;
+        }
+      }
+
+      // Use launchPersistentContext instead of launchServer
+      debugLog(id, "Launching persistent context", { profilePath });
+      context = await firefox.launchPersistentContext(
+        profilePath,
+        finalOptions,
+      );
+      debugLog(id, "Persistent context launched successfully");
+
+      // Get the browser instance from context
+      browser = context.browser();
+      debugLog(id, "Browser instance obtained from context", {
+        browserConnected: browser?.isConnected(),
+      });
+
+      // Handle browser disconnection for proper cleanup
+      if (browser) {
+        browser.on("disconnected", () => void gracefulShutdown());
+        debugLog(id, "Browser disconnect handler registered");
+      }
+
+      // Handle context close for proper cleanup
+      context.on("close", () => void gracefulShutdown());
+      debugLog(id, "Context close handler registered");

      saveCamoufoxConfig(config);

-      // Handle URL opening if provided
-      if (config.url && context) {
-        try {
-          if (!page) {
-            page = await context.newPage();
+      // Monitor for window closure
+      const startWindowMonitoring = () => {
+        debugLog(id, "Starting window monitoring");
+        windowCheckInterval = setInterval(async () => {
+          try {
+            // Check if context is still active
+            if (!context?.pages || context.pages().length === 0) {
+              debugLog(id, "No pages found in context, shutting down");
+              if (windowCheckInterval) {
+                clearInterval(windowCheckInterval);
+              }
+              await gracefulShutdown();
+              return;
+            }
+
+            // Check if browser is still connected (if available)
+            if (browser && !browser.isConnected()) {
+              debugLog(id, "Browser disconnected, shutting down");
+              if (windowCheckInterval) {
+                clearInterval(windowCheckInterval);
+              }
+              await gracefulShutdown();
+              return;
+            }
+
+            // Check pages in the persistent context
+            const pages = context.pages();
+            if (pages.length === 0) {
+              debugLog(id, "No pages in context, shutting down");
+              if (windowCheckInterval) {
+                clearInterval(windowCheckInterval);
+              }
+              await gracefulShutdown();
+            }
+          } catch (error) {
+            debugLog(id, "Error in window monitoring", {
+              error: error instanceof Error ? error.message : String(error),
+            });
+            // If we can't check windows, assume browser is closing
+            if (windowCheckInterval) {
+              clearInterval(windowCheckInterval);
+            }
+            await gracefulShutdown();
          }
-          await page.goto(config.url, {
-            waitUntil: "domcontentloaded",
-            timeout: 30000,
+        }, 1000); // Check every second
+      };
+
+      // Handle URL opening if provided
+      if (config.url) {
+        debugLog(id, "Opening URL in browser", { url: config.url });
+        try {
+          const pages = await context.pages();
+          if (pages.length) {
+            const page = pages[0];
+            debugLog(id, "Navigating to URL");
+            await page.goto(config.url, {
+              waitUntil: "domcontentloaded",
+              timeout: 30000,
+            });
+            debugLog(id, "URL opened successfully");
+
+            // Start monitoring after page is created
+            startWindowMonitoring();
+          } else {
+            debugLog(id, "No pages available to open URL");
+            startWindowMonitoring();
+          }
+        } catch (urlError) {
+          debugLog(id, "Failed to open URL", {
+            error:
+              urlError instanceof Error ? urlError.message : String(urlError),
+          });
+          console.error({
+            message: "Failed to open URL",
+            error: urlError,
          });
-        } catch {
          // URL opening failure doesn't affect startup success
+          // Still start monitoring
+          startWindowMonitoring();
        }
+      } else {
+        debugLog(id, "No URL provided, starting monitoring");
+        // Start monitoring after page is created
+        startWindowMonitoring();
      }

-      // Monitor browser connection
+      // Monitor browser/context connection
+      debugLog(id, "Starting keep-alive monitoring");
      const keepAlive = setInterval(async () => {
        try {
-          if (!browser || !browser.isConnected()) {
+          // Check if context is still active
+          if (!context?.pages) {
+            debugLog(id, "Context not active in keep-alive, shutting down");
            clearInterval(keepAlive);
-            process.exit(0);
+            await gracefulShutdown();
+            return;
          }
-        } catch {
+
+          // Check browser connection if available
+          if (browser && !browser.isConnected()) {
+            debugLog(id, "Browser not connected in keep-alive, shutting down");
+            clearInterval(keepAlive);
+            await gracefulShutdown();
+            return;
+          }
+        } catch (error) {
+          debugLog(id, "Error in keep-alive check", {
+            error: error instanceof Error ? error.message : String(error),
+          });
+          console.error({
+            message: "Error in keepAlive check",
+            error,
+          });
          clearInterval(keepAlive);
-          process.exit(0);
+          await gracefulShutdown();
        }
      }, 2000);
-    } catch {
-      // Browser launch failed, but worker is still "successful"
-      // Process will stay alive due to the main setInterval above
+    } catch (error) {
+      debugLog(id, "Failed to launch Camoufox", {
+        error: error instanceof Error ? error.message : String(error),
+      });
+      console.error({
+        message: "Failed to launch Camoufox",
+        error,
+      });
+      // Browser launch failed, attempt cleanup
+      await gracefulShutdown();
    }
  });

@@ -1,249 +1,44 @@
-import type { LaunchOptions } from "camoufox-js/dist/utils.js";
 import { program } from "commander";
+import type { LaunchOptions } from "donutbrowser-camoufox-js/dist/utils.js";
 import {
+  generateCamoufoxConfig,
  startCamoufoxProcess,
  stopAllCamoufoxProcesses,
  stopCamoufoxProcess,
 } from "./camoufox-launcher.js";
 import { listCamoufoxConfigs } from "./camoufox-storage.js";
 import { runCamoufoxWorker } from "./camoufox-worker.js";
-import {
-  startProxyProcess,
-  stopAllProxyProcesses,
-  stopProxyProcess,
-} from "./proxy-runner";
-import { listProxyConfigs } from "./proxy-storage";
-import { runProxyWorker } from "./proxy-worker";
-
-// Command for proxy management
-program
-  .command("proxy")
-  .argument("<action>", "start, stop, or list proxies")
-  .option("--host <host>", "upstream proxy host")
-  .option("--proxy-port <port>", "upstream proxy port", Number.parseInt)
-  .option("--type <type>", "proxy type (http, https, socks4, socks5)")
-  .option("--username <username>", "proxy username")
-  .option("--password <password>", "proxy password")
-  .option(
-    "-p, --port <number>",
-    "local port to use (random if not specified)",
-    Number.parseInt,
-  )
-  .option("--ignore-certificate", "ignore certificate errors for HTTPS proxies")
-  .option("--id <id>", "proxy ID for stop command")
-  .option(
-    "-u, --upstream <url>",
-    "upstream proxy URL (protocol://[username:password@]host:port)",
-  )
-  .description("manage proxy servers")
-  .action(
-    async (
-      action: string,
-      options: {
-        host?: string;
-        proxyPort?: number;
-        type?: string;
-        username?: string;
-        password?: string;
-        port?: number;
-        ignoreCertificate?: boolean;
-        id?: string;
-        upstream?: string;
-      },
-    ) => {
-      if (action === "start") {
-        let upstreamUrl: string;
-
-        // Build upstream URL from individual components if provided
-        if (options.host && options.proxyPort && options.type) {
-          const protocol =
-            options.type === "socks4" || options.type === "socks5"
-              ? options.type
-              : "http";
-          const auth =
-            options.username && options.password
-              ? `${encodeURIComponent(options.username)}:${encodeURIComponent(
-                  options.password,
-                )}@`
-              : "";
-          upstreamUrl = `${protocol}://${auth}${options.host}:${options.proxyPort}`;
-        } else if (options.upstream) {
-          upstreamUrl = options.upstream;
-        } else {
-          console.error(
-            "Error: Either --upstream URL or --host, --proxy-port, and --type are required",
-          );
-          console.log(
-            "Example: proxy start --host proxy.example.com --proxy-port 9000 --type http --username user --password pass",
-          );
-          process.exit(1);
-          return;
-        }
-
-        try {
-          const config = await startProxyProcess(upstreamUrl, {
-            port: options.port,
-            ignoreProxyCertificate: options.ignoreCertificate,
-          });
-
-          // Output the configuration as JSON for the Rust side to parse
-          console.log(
-            JSON.stringify({
-              id: config.id,
-              localPort: config.localPort,
-              localUrl: config.localUrl,
-              upstreamUrl: config.upstreamUrl,
-            }),
-          );
-
-          // Exit successfully to allow the process to detach
-          process.exit(0);
-        } catch (error: unknown) {
-          console.error(
-            `Failed to start proxy: ${
-              error instanceof Error ? error.message : JSON.stringify(error)
-            }`,
-          );
-          process.exit(1);
-        }
-      } else if (action === "stop") {
-        if (options.id) {
-          const stopped = await stopProxyProcess(options.id);
-          console.log(JSON.stringify({ success: stopped }));
-        } else if (options.upstream) {
-          // Find proxies with this upstream URL
-          const configs = listProxyConfigs().filter(
-            (config) => config.upstreamUrl === options.upstream,
-          );
-
-          if (configs.length === 0) {
-            console.error(`No proxies found for ${options.upstream}`);
-            process.exit(1);
-            return;
-          }
-
-          for (const config of configs) {
-            const stopped = await stopProxyProcess(config.id);
-            console.log(JSON.stringify({ success: stopped }));
-          }
-        } else {
-          await stopAllProxyProcesses();
-          console.log(JSON.stringify({ success: true }));
-        }
-        process.exit(0);
-      } else if (action === "list") {
-        const configs = listProxyConfigs();
-        console.log(JSON.stringify(configs));
-        process.exit(0);
-      } else {
-        console.error("Invalid action. Use 'start', 'stop', or 'list'");
-        process.exit(1);
-      }
-    },
-  );
-
-// Command for proxy worker (internal use)
-program
-  .command("proxy-worker")
-  .argument("<action>", "start a proxy worker")
-  .requiredOption("--id <id>", "proxy configuration ID")
-  .description("run a proxy worker process")
-  .action(async (action: string, options: { id: string }) => {
-    if (action === "start") {
-      await runProxyWorker(options.id);
-    } else {
-      console.error("Invalid action for proxy-worker. Use 'start'");
-      process.exit(1);
-    }
-  });

 // Command for Camoufox management
 program
  .command("camoufox")
-  .argument("<action>", "start, stop, or list Camoufox instances")
+  .argument(
+    "<action>",
+    "start, stop, list, or generate-config Camoufox instances",
+  )
  .option("--id <id>", "Camoufox ID for stop command")
  .option("--profile-path <path>", "profile directory path")
  .option("--url <url>", "URL to open")

-  // Operating system fingerprinting
+  // Config generation options
+  .option("--proxy <proxy>", "proxy URL for config generation")
+  .option("--max-width <width>", "maximum screen width", parseInt)
+  .option("--max-height <height>", "maximum screen height", parseInt)
+  .option("--min-width <width>", "minimum screen width", parseInt)
+  .option("--min-height <height>", "minimum screen height", parseInt)
+  .option("--geoip", "enable geoip")
+  .option("--block-images", "block images")
+  .option("--block-webrtc", "block WebRTC")
+  .option("--block-webgl", "block WebGL")
+  .option("--executable-path <path>", "executable path")
+  .option("--fingerprint <json>", "fingerprint JSON string")
+  .option("--headless", "run in headless mode")
+  .option("--custom-config <json>", "custom config JSON string")
  .option(
    "--os <os>",
-    "OS to emulate (windows, macos, linux, or comma-separated list)",
+    "operating system for fingerprint: windows, macos, linux",
  )

-  // Blocking options
-  .option("--block-images", "block all images")
-  .option("--block-webrtc", "block WebRTC entirely")
-  .option("--block-webgl", "block WebGL")
-
-  // Security options
-  .option("--disable-coop", "disable Cross-Origin-Opener-Policy")
-
-  // Geolocation and IP
-  .option(
-    "--geoip <ip>",
-    "IP address for geolocation spoofing (or 'auto' for automatic)",
-  )
-  .option("--country <country>", "country code for geolocation")
-  .option("--timezone <timezone>", "timezone to spoof")
-  .option("--latitude <lat>", "latitude for geolocation", parseFloat)
-  .option("--longitude <lng>", "longitude for geolocation", parseFloat)
-
-  // UI and behavior
-  .option(
-    "--humanize [duration]",
-    "humanize cursor movement (optional max duration in seconds)",
-    (val) => (val ? parseFloat(val) : true),
-  )
-  .option("--headless", "run in headless mode")
-
-  // Localization
-  .option("--locale <locale>", "locale(s) to use (comma-separated)")
-
-  // Extensions and fonts
-  .option("--addons <addons>", "Firefox addons to load (comma-separated paths)")
-  .option("--fonts <fonts>", "additional fonts to load (comma-separated)")
-  .option("--custom-fonts-only", "use only custom fonts, exclude OS fonts")
-  .option(
-    "--exclude-addons <addons>",
-    "default addons to exclude (comma-separated)",
-  )
-
-  // Screen and window
-  .option("--screen-min-width <width>", "minimum screen width", parseInt)
-  .option("--screen-max-width <width>", "maximum screen width", parseInt)
-  .option("--screen-min-height <height>", "minimum screen height", parseInt)
-  .option("--screen-max-height <height>", "maximum screen height", parseInt)
-  .option("--window-width <width>", "fixed window width", parseInt)
-  .option("--window-height <height>", "fixed window height", parseInt)
-
-  // Advanced options
-  .option("--ff-version <version>", "Firefox version to emulate", parseInt)
-  .option("--main-world-eval", "enable main world script evaluation")
-  .option("--webgl-vendor <vendor>", "WebGL vendor string")
-  .option("--webgl-renderer <renderer>", "WebGL renderer string")
-
-  // Proxy
-  .option(
-    "--proxy <proxy>",
-    "proxy URL (protocol://[username:password@]host:port)",
-  )
-
-  // Cache and performance
-  .option("--disable-cache", "disable browser cache (cache enabled by default)")
-
-  // Environment and debugging
-  .option("--virtual-display <display>", "virtual display number (e.g., :99)")
-  .option("--debug", "enable debug output")
-  .option("--args <args>", "additional browser arguments (comma-separated)")
-  .option("--env <env>", "environment variables (JSON string)")
-
-  // Firefox preferences
-  .option("--firefox-prefs <prefs>", "Firefox user preferences (JSON string)")
-
-  .option("--disable-theming", "disable Firefox theming")
-  .option("--no-showcursor", "disable cursor display")
-
  .description("manage Camoufox browser instances")
  .action(
    async (
@@ -270,11 +65,10 @@ program
          // Security options
          if (options.disableCoop) camoufoxOptions.disable_coop = true;

-          // Geolocation
          if (options.geoip) {
-            camoufoxOptions.geoip =
-              options.geoip === "auto" ? true : (options.geoip as string);
+            camoufoxOptions.geoip = true;
          }
+
          if (options.latitude && options.longitude) {
            camoufoxOptions.geolocation = {
              latitude: options.latitude as number,
@@ -287,9 +81,8 @@ program
          if (options.timezone)
            camoufoxOptions.timezone = options.timezone as string;

-          // UI and behavior
          if (options.humanize)
-            camoufoxOptions.humanize = options.humanize as boolean | number;
+            camoufoxOptions.humanize = options.humanize as boolean;
          if (options.headless) camoufoxOptions.headless = true;

          // Localization
@@ -313,6 +106,16 @@ program
              ",",
            ) as "UBO"[];

+          // Executable path: forward through to camoufox-js and ultimately Playwright
+          if (
+            options.executablePath &&
+            typeof options.executablePath === "string"
+          ) {
+            // camoufox-js uses snake_case for this option
+            (camoufoxOptions as any).executable_path =
+              options.executablePath as string;
+          }
+
          // Screen and window
          const screen: {
            minWidth?: number;
@@ -358,6 +161,11 @@ program
          if (options.virtualDisplay)
            camoufoxOptions.virtual_display = options.virtualDisplay as string;
          if (options.debug) camoufoxOptions.debug = true;
+
+          // Handle headless mode via flag instead of environment variable
+          if (options.headless) {
+            camoufoxOptions.headless = true;
+          }
          if (options.args && typeof options.args === "string")
            camoufoxOptions.args = options.args.split(",");
          if (options.env && typeof options.env === "string") {
@@ -392,24 +200,20 @@ program
                }),
              );
              process.exit(1);
-              return;
            }
          }

-          // Theming and cursor - these are custom properties for camoufox-js
-          if (options.disableTheming) camoufoxOptions.disableTheming = true;
-          if (options.showcursor === false) camoufoxOptions.showcursor = false;
-
-          // Use the launcher to start Camoufox properly
          const config = await startCamoufoxProcess(
            camoufoxOptions,
            typeof options.profilePath === "string"
              ? options.profilePath
              : undefined,
            typeof options.url === "string" ? options.url : undefined,
+            typeof options.customConfig === "string"
+              ? options.customConfig
+              : undefined,
          );

-          // Output the configuration as JSON for the Rust side to parse
          console.log(
            JSON.stringify({
              id: config.id,
@@ -442,8 +246,68 @@ program
        const configs = listCamoufoxConfigs();
        console.log(JSON.stringify(configs));
        process.exit(0);
+      } else if (action === "generate-config") {
+        try {
+          const config = await generateCamoufoxConfig({
+            proxy:
+              typeof options.proxy === "string" ? options.proxy : undefined,
+            maxWidth:
+              typeof options.maxWidth === "number"
+                ? options.maxWidth
+                : undefined,
+            maxHeight:
+              typeof options.maxHeight === "number"
+                ? options.maxHeight
+                : undefined,
+            minWidth:
+              typeof options.minWidth === "number"
+                ? options.minWidth
+                : undefined,
+            minHeight:
+              typeof options.minHeight === "number"
+                ? options.minHeight
+                : undefined,
+            geoip: Boolean(options.geoip),
+            blockImages:
+              typeof options.blockImages === "boolean"
+                ? options.blockImages
+                : undefined,
+            blockWebrtc:
+              typeof options.blockWebrtc === "boolean"
+                ? options.blockWebrtc
+                : undefined,
+            blockWebgl:
+              typeof options.blockWebgl === "boolean"
+                ? options.blockWebgl
+                : undefined,
+            executablePath:
+              typeof options.executablePath === "string"
+                ? options.executablePath
+                : undefined,
+            fingerprint:
+              typeof options.fingerprint === "string"
+                ? options.fingerprint
+                : undefined,
+            os:
+              typeof options.os === "string"
+                ? (options.os as "windows" | "macos" | "linux")
+                : undefined,
+          });
+          console.log(config);
+          process.exit(0);
+        } catch (error: unknown) {
+          console.error({
+            error: "Failed to generate config",
+            message:
+              error instanceof Error ? error.message : JSON.stringify(error),
+          });
+          process.exit(1);
+        }
      } else {
-        console.error("Invalid action. Use 'start', 'stop', or 'list'");
+        console.error({
+          error: "Invalid action",
+          message: "Use 'start', 'stop', 'list', or 'generate-config'",
+        });
        process.exit(1);
      }
    },
@@ -459,7 +323,10 @@ program
    if (action === "start") {
      await runCamoufoxWorker(options.id);
    } else {
-      console.error("Invalid action for camoufox-worker. Use 'start'");
+      console.error({
+        error: "Invalid action for camoufox-worker",
+        message: "Use 'start'",
+      });
      process.exit(1);
    }
  });
@@ -1,124 +0,0 @@
-import { spawn } from "node:child_process";
-import path from "node:path";
-import getPort from "get-port";
-import {
-  type ProxyConfig,
-  deleteProxyConfig,
-  generateProxyId,
-  getProxyConfig,
-  isProcessRunning,
-  listProxyConfigs,
-  saveProxyConfig,
-} from "./proxy-storage";
-
-/**
- * Start a proxy in a separate process
- * @param upstreamUrl The upstream proxy URL
- * @param options Optional configuration
- * @returns Promise resolving to the proxy configuration
- */
-export async function startProxyProcess(
-  upstreamUrl: string,
-  options: { port?: number; ignoreProxyCertificate?: boolean } = {},
-): Promise<ProxyConfig> {
-  // Generate a unique ID for this proxy
-  const id = generateProxyId();
-
-  // Get a random available port if not specified
-  const port = options.port ?? (await getPort());
-
-  // Create the proxy configuration
-  const config: ProxyConfig = {
-    id,
-    upstreamUrl,
-    localPort: port,
-    ignoreProxyCertificate: options.ignoreProxyCertificate ?? false,
-  };
-
-  // Save the configuration before starting the process
-  saveProxyConfig(config);
-
-  // Build the command arguments
-  const args = [
-    path.join(__dirname, "index.js"),
-    "proxy-worker",
-    "start",
-    "--id",
-    id,
-  ];
-
-  // Spawn the process with proper detachment
-  const child = spawn(process.execPath, args, {
-    detached: true,
-    stdio: ["ignore", "ignore", "ignore"], // Completely ignore all stdio
-    cwd: process.cwd(),
-  });
-
-  // Unref the child to allow the parent to exit independently
-  child.unref();
-
-  // Store the process ID and local URL
-  config.pid = child.pid;
-  config.localUrl = `http://127.0.0.1:${port}`;
-
-  // Update the configuration with the process ID
-  saveProxyConfig(config);
-
-  // Give the worker a moment to start before returning
-  await new Promise((resolve) => setTimeout(resolve, 100));
-
-  return config;
-}
-
-/**
- * Stop a proxy process
- * @param id The proxy ID to stop
- * @returns Promise resolving to true if stopped, false if not found
- */
-export async function stopProxyProcess(id: string): Promise<boolean> {
-  const config = getProxyConfig(id);
-
-  if (!config?.pid) {
-    // Try to delete the config anyway in case it exists without a PID
-    deleteProxyConfig(id);
-    return false;
-  }
-
-  try {
-    // Check if the process is running
-    if (isProcessRunning(config.pid)) {
-      // Send SIGTERM to the process
-      process.kill(config.pid, "SIGTERM");
-
-      // Wait a bit to ensure the process has terminated
-      await new Promise((resolve) => setTimeout(resolve, 500));
-
-      // If still running, send SIGKILL
-      if (isProcessRunning(config.pid)) {
-        process.kill(config.pid, "SIGKILL");
-        await new Promise((resolve) => setTimeout(resolve, 200));
-      }
-    }
-
-    // Delete the configuration
-    deleteProxyConfig(id);
-
-    return true;
-  } catch (error) {
-    console.error(`Error stopping proxy ${id}:`, error);
-    // Delete the configuration even if stopping failed
-    deleteProxyConfig(id);
-    return false;
-  }
-}
-
-/**
- * Stop all proxy processes
- * @returns Promise resolving when all proxies are stopped
- */
-export async function stopAllProxyProcesses(): Promise<void> {
-  const configs = listProxyConfigs();
-
-  const stopPromises = configs.map((config) => stopProxyProcess(config.id));
-  await Promise.all(stopPromises);
-}
@@ -1,150 +0,0 @@
-import fs from "node:fs";
-import path from "node:path";
-import tmp from "tmp";
-
-export interface ProxyConfig {
-  id: string;
-  upstreamUrl: string;
-  localPort?: number;
-  ignoreProxyCertificate?: boolean;
-  localUrl?: string;
-  pid?: number;
-}
-
-const STORAGE_DIR = path.join(tmp.tmpdir, "donutbrowser", "proxies");
-
-if (!fs.existsSync(STORAGE_DIR)) {
-  fs.mkdirSync(STORAGE_DIR, { recursive: true });
-}
-
-/**
- * Save a proxy configuration to disk
- * @param config The proxy configuration to save
- */
-export function saveProxyConfig(config: ProxyConfig): void {
-  const filePath = path.join(STORAGE_DIR, `${config.id}.json`);
-  fs.writeFileSync(filePath, JSON.stringify(config, null, 2));
-}
-
-/**
- * Get a proxy configuration by ID
- * @param id The proxy ID
- * @returns The proxy configuration or null if not found
- */
-export function getProxyConfig(id: string): ProxyConfig | null {
-  const filePath = path.join(STORAGE_DIR, `${id}.json`);
-
-  if (!fs.existsSync(filePath)) {
-    return null;
-  }
-
-  try {
-    const content = fs.readFileSync(filePath, "utf-8");
-    return JSON.parse(content) as ProxyConfig;
-  } catch (error) {
-    console.error(`Error reading proxy config ${id}:`, error);
-    return null;
-  }
-}
-
-/**
- * Delete a proxy configuration
- * @param id The proxy ID to delete
- * @returns True if deleted, false if not found
- */
-export function deleteProxyConfig(id: string): boolean {
-  const filePath = path.join(STORAGE_DIR, `${id}.json`);
-
-  if (!fs.existsSync(filePath)) {
-    return false;
-  }
-
-  try {
-    fs.unlinkSync(filePath);
-    return true;
-  } catch (error) {
-    console.error(`Error deleting proxy config ${id}:`, error);
-    return false;
-  }
-}
-
-/**
- * List all saved proxy configurations
- * @returns Array of proxy configurations
- */
-export function listProxyConfigs(): ProxyConfig[] {
-  if (!fs.existsSync(STORAGE_DIR)) {
-    return [];
-  }
-
-  try {
-    return fs
-      .readdirSync(STORAGE_DIR)
-      .filter((file) => file.endsWith(".json"))
-      .map((file) => {
-        try {
-          const content = fs.readFileSync(
-            path.join(STORAGE_DIR, file),
-            "utf-8",
-          );
-          return JSON.parse(content) as ProxyConfig;
-        } catch (error) {
-          console.error(`Error reading proxy config ${file}:`, error);
-          return null;
-        }
-      })
-      .filter((config): config is ProxyConfig => config !== null);
-  } catch (error) {
-    console.error("Error listing proxy configs:", error);
-    return [];
-  }
-}
-
-/**
- * Update a proxy configuration
- * @param config The proxy configuration to update
- * @returns True if updated, false if not found
- */
-export function updateProxyConfig(config: ProxyConfig): boolean {
-  const filePath = path.join(STORAGE_DIR, `${config.id}.json`);
-
-  try {
-    fs.readFileSync(filePath, "utf-8");
-    fs.writeFileSync(filePath, JSON.stringify(config, null, 2));
-    return true;
-  } catch (error) {
-    if ((error as NodeJS.ErrnoException).code === "ENOENT") {
-      console.error(
-        `Config ${config.id} was deleted while the app was running`,
-      );
-      return false;
-    }
-
-    console.error(`Error updating proxy config ${config.id}:`, error);
-    return false;
-  }
-}
-
-/**
- * Check if a proxy process is running
- * @param pid The process ID to check
- * @returns True if running, false otherwise
- */
-export function isProcessRunning(pid: number): boolean {
-  try {
-    // The kill method with signal 0 doesn't actually kill the process
-    // but checks if it exists
-    process.kill(pid, 0);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Generate a unique ID for a proxy
- * @returns A unique ID string
- */
-export function generateProxyId(): string {
-  return `proxy_${Date.now()}_${Math.floor(Math.random() * 10000)}`;
-}
@@ -1,75 +0,0 @@
-import { Server } from "proxy-chain";
-import { getProxyConfig, updateProxyConfig } from "./proxy-storage";
-
-/**
- * Run a proxy server as a worker process
- * @param id The proxy configuration ID
- */
-export async function runProxyWorker(id: string): Promise<void> {
-  // Get the proxy configuration
-  const config = getProxyConfig(id);
-
-  if (!config) {
-    console.error(`Proxy configuration ${id} not found`);
-    process.exit(1);
-  }
-
-  // Create a new proxy server
-  const server = new Server({
-    port: config.localPort,
-    host: "127.0.0.1",
-    prepareRequestFunction: () => {
-      return {
-        upstreamProxyUrl: config.upstreamUrl,
-        ignoreUpstreamProxyCertificate: config.ignoreProxyCertificate ?? false,
-      };
-    },
-  });
-
-  // Handle process termination gracefully
-  const gracefulShutdown = async (signal: string) => {
-    console.log(`Proxy worker ${id} received ${signal}, shutting down...`);
-    try {
-      await server.close(true);
-      console.log(`Proxy worker ${id} shut down successfully`);
-    } catch (error) {
-      console.error(`Error during shutdown for proxy ${id}:`, error);
-    }
-    process.exit(0);
-  };
-
-  process.on("SIGTERM", () => void gracefulShutdown("SIGTERM"));
-  process.on("SIGINT", () => void gracefulShutdown("SIGINT"));
-
-  // Handle uncaught exceptions
-  process.on("uncaughtException", (error) => {
-    console.error(`Uncaught exception in proxy worker ${id}:`, error);
-    process.exit(1);
-  });
-
-  process.on("unhandledRejection", (reason) => {
-    console.error(`Unhandled rejection in proxy worker ${id}:`, reason);
-    process.exit(1);
-  });
-
-  // Start the server
-  try {
-    await server.listen();
-
-    // Update the config with the actual port (in case it was auto-assigned)
-    config.localPort = server.port;
-    config.localUrl = `http://127.0.0.1:${server.port}`;
-    updateProxyConfig(config);
-
-    console.log(`Proxy worker ${id} started on port ${server.port}`);
-    console.log(`Forwarding to upstream proxy: ${config.upstreamUrl}`);
-
-    // Keep the process alive
-    setInterval(() => {
-      // Do nothing, just keep the process alive
-    }, 60000);
-  } catch (error) {
-    console.error(`Failed to start proxy worker ${id}:`, error);
-    process.exit(1);
-  }
-}
@@ -0,0 +1,120 @@
+import type { LaunchOptions } from "playwright-core";
+
+const OS_MAP: { [key: string]: "mac" | "win" | "lin" } = {
+  darwin: "mac",
+  linux: "lin",
+  win32: "win",
+};
+
+const OS_NAME: "mac" | "win" | "lin" = OS_MAP[process.platform];
+
+export function getEnvVars(configMap: Record<string, string>) {
+  const envVars: {
+    [key: string]: string | undefined;
+  } = {};
+  let updatedConfigData: Uint8Array;
+
+  try {
+    // Ensure we're working with a fresh copy of the config
+    const configCopy = JSON.parse(JSON.stringify(configMap));
+    updatedConfigData = new TextEncoder().encode(JSON.stringify(configCopy));
+  } catch (e) {
+    console.error(`Error updating config: ${e}`);
+    process.exit(1);
+  }
+
+  const chunkSize = OS_NAME === "win" ? 2047 : 32767;
+  const configStr = new TextDecoder().decode(updatedConfigData);
+
+  for (let i = 0; i < configStr.length; i += chunkSize) {
+    const chunk = configStr.slice(i, i + chunkSize);
+    const envName = `CAMOU_CONFIG_${Math.floor(i / chunkSize) + 1}`;
+    try {
+      envVars[envName] = chunk;
+    } catch (e) {
+      console.error(`Error setting ${envName}: ${e}`);
+      process.exit(1);
+    }
+  }
+
+  return envVars;
+}
+
+export function parseProxyString(proxyString: LaunchOptions["proxy"] | string) {
+  if (typeof proxyString === "object") {
+    return proxyString;
+  }
+
+  if (!proxyString || typeof proxyString !== "string") {
+    throw new Error("Invalid proxy string provided");
+  }
+
+  // Remove any leading/trailing whitespace
+  const trimmed = proxyString.trim();
+
+  // Handle different proxy string formats:
+  // 1. http://username:password@host:port
+  // 2. host:port
+  // 3. protocol://host:port
+  // 4. username:password@host:port
+
+  let server = "";
+  let username: string | undefined;
+  let password: string | undefined;
+
+  try {
+    // Try parsing as URL first (handles protocol://username:password@host:port)
+    if (trimmed.includes("://")) {
+      const url = new URL(trimmed);
+      // Playwright accepts short form "host:port" for HTTP proxies
+      server = `${url.hostname}:${url.port}`;
+
+      if (url.username) {
+        username = decodeURIComponent(url.username);
+      }
+      if (url.password) {
+        password = decodeURIComponent(url.password);
+      }
+    } else {
+      // Handle formats without protocol
+      let workingString = trimmed;
+
+      // Check for username:password@ prefix
+      const authMatch = workingString.match(/^([^:@]+):([^@]+)@(.+)$/);
+      if (authMatch) {
+        username = authMatch[1];
+        password = authMatch[2];
+        workingString = authMatch[3];
+      }
+
+      // The remaining part should be host:port
+      server = workingString;
+    }
+
+    // Validate that we have a server
+    if (!server) {
+      throw new Error("Could not extract server information");
+    }
+
+    // Basic validation for host:port format
+    if (!server.includes(":") || server.split(":").length !== 2) {
+      throw new Error("Server must be in host:port format");
+    }
+
+    const result: LaunchOptions["proxy"] = { server };
+
+    if (username !== undefined) {
+      result.username = username;
+    }
+
+    if (password !== undefined) {
+      result.password = password;
+    }
+
+    return result;
+  } catch (error) {
+    throw new Error(
+      `Failed to parse proxy string: ${error instanceof Error ? error.message : "Unknown error"}`,
+    );
+  }
+}
@@ -2,7 +2,7 @@
  "name": "donutbrowser",
  "private": true,
  "license": "AGPL-3.0",
-  "version": "0.7.2",
+  "version": "0.13.1",
  "type": "module",
  "scripts": {
    "dev": "next dev --turbopack",
@@ -21,58 +21,70 @@
    "format": "pnpm format:js && pnpm format:rust",
    "cargo": "cd src-tauri && cargo",
    "unused-exports:js": "ts-unused-exports tsconfig.json",
-    "check-unused-commands": "cd src-tauri && cargo run --bin check_unused_commands"
+    "check-unused-commands": "cd src-tauri && cargo test test_no_unused_tauri_commands",
+    "copy-proxy-binary": "cd src-tauri && bash copy-proxy-binary.sh",
+    "prebuild": "pnpm copy-proxy-binary",
+    "pretauri:dev": "pnpm copy-proxy-binary",
+    "precargo": "pnpm copy-proxy-binary"
  },
  "dependencies": {
-    "@radix-ui/react-checkbox": "^1.3.2",
-    "@radix-ui/react-dialog": "^1.1.14",
-    "@radix-ui/react-dropdown-menu": "^2.1.15",
-    "@radix-ui/react-label": "^2.1.7",
-    "@radix-ui/react-popover": "^1.1.14",
-    "@radix-ui/react-progress": "^1.1.7",
-    "@radix-ui/react-radio-group": "^1.3.7",
-    "@radix-ui/react-scroll-area": "^1.2.9",
-    "@radix-ui/react-select": "^2.2.5",
-    "@radix-ui/react-slot": "^1.2.3",
-    "@radix-ui/react-tabs": "^1.1.12",
-    "@radix-ui/react-tooltip": "^1.2.7",
+    "@radix-ui/react-checkbox": "^1.3.3",
+    "@radix-ui/react-dialog": "^1.1.15",
+    "@radix-ui/react-dropdown-menu": "^2.1.16",
+    "@radix-ui/react-label": "^2.1.8",
+    "@radix-ui/react-popover": "^1.1.15",
+    "@radix-ui/react-progress": "^1.1.8",
+    "@radix-ui/react-radio-group": "^1.3.8",
+    "@radix-ui/react-scroll-area": "^1.2.10",
+    "@radix-ui/react-select": "^2.2.6",
+    "@radix-ui/react-slot": "^1.2.4",
+    "@radix-ui/react-tabs": "^1.1.13",
+    "@radix-ui/react-tooltip": "^1.2.8",
    "@tanstack/react-table": "^8.21.3",
-    "@tauri-apps/api": "^2.7.0",
-    "@tauri-apps/plugin-deep-link": "^2.4.1",
-    "@tauri-apps/plugin-dialog": "^2.3.2",
-    "@tauri-apps/plugin-fs": "~2.4.1",
-    "@tauri-apps/plugin-opener": "^2.4.0",
-    "ahooks": "^3.9.0",
+    "@tauri-apps/api": "^2.9.1",
+    "@tauri-apps/plugin-deep-link": "^2.4.5",
+    "@tauri-apps/plugin-dialog": "^2.4.2",
+    "@tauri-apps/plugin-fs": "~2.4.4",
+    "@tauri-apps/plugin-log": "^2.7.1",
+    "@tauri-apps/plugin-opener": "^2.5.2",
+    "ahooks": "^3.9.6",
    "class-variance-authority": "^0.7.1",
    "clsx": "^2.1.1",
    "cmdk": "^1.1.1",
-    "next": "^15.4.5",
+    "color": "^5.0.3",
+    "flag-icons": "^7.5.0",
+    "lucide-react": "^0.555.0",
+    "motion": "^12.23.24",
+    "next": "^16.0.6",
    "next-themes": "^0.4.6",
-    "react": "^19.1.1",
-    "react-dom": "^19.1.1",
+    "radix-ui": "^1.4.3",
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0",
    "react-icons": "^5.5.0",
-    "sonner": "^2.0.6",
-    "tailwind-merge": "^3.3.1",
+    "recharts": "3.5.1",
+    "sonner": "^2.0.7",
+    "tailwind-merge": "^3.4.0",
    "tauri-plugin-macos-permissions-api": "^2.3.0"
  },
  "devDependencies": {
-    "@biomejs/biome": "2.1.3",
-    "@tailwindcss/postcss": "^4.1.11",
-    "@tauri-apps/cli": "^2.7.1",
-    "@types/node": "^24.1.0",
-    "@types/react": "^19.1.9",
-    "@types/react-dom": "^19.1.7",
-    "@vitejs/plugin-react": "^4.7.0",
+    "@biomejs/biome": "2.2.3",
+    "@tailwindcss/postcss": "^4.1.17",
+    "@tauri-apps/cli": "^2.9.5",
+    "@types/color": "^4.2.0",
+    "@types/node": "^24.10.1",
+    "@types/react": "^19.2.7",
+    "@types/react-dom": "^19.2.3",
+    "@vitejs/plugin-react": "^5.1.1",
    "husky": "^9.1.7",
-    "lint-staged": "^16.1.2",
-    "tailwindcss": "^4.1.11",
+    "lint-staged": "^16.2.7",
+    "tailwindcss": "^4.1.17",
    "ts-unused-exports": "^11.0.1",
-    "tw-animate-css": "^1.3.6",
-    "typescript": "~5.9.2"
+    "tw-animate-css": "^1.4.0",
+    "typescript": "~5.9.3"
  },
-  "packageManager": "pnpm@10.13.1",
+  "packageManager": "pnpm@10.14.0+sha512.ad27a79641b49c3e481a16a805baa71817a04bbe06a38d17e60e2eaee83f6a146c6a688125f5792e48dd5ba30e7da52a5cda4c3992b9ccf333f9ce223af84748",
  "lint-staged": {
-    "**/*.{js,jsx,ts,tsx,json,css,md}": [
+    "**/*.{js,jsx,ts,tsx,json,css}": [
      "biome check --fix"
    ],
    "src-tauri/**/*.rs": [
@@ -1,8 +1,10 @@
 packages:
  - nodecar
+
 onlyBuiltDependencies:
  - '@biomejs/biome'
  - '@tailwindcss/oxide'
+  - better-sqlite3
  - esbuild
  - sharp
  - sqlite3
@@ -0,0 +1,4 @@
+[build]
+# Omit jobs setting to use all cores
+
+incremental = true
@@ -1,7 +1,7 @@
 [package]
 name = "donutbrowser"
-version = "0.7.2"
-description = "Simple Yet Powerful Browser Orchestrator"
+version = "0.13.1"
+description = "Simple Yet Powerful Anti-Detect Browser"
 authors = ["zhom@github"]
 edition = "2021"
 default-run = "donutbrowser"
@@ -12,8 +12,17 @@ default-run = "donutbrowser"
 # The `_lib` suffix may seem redundant but it is necessary
 # to make the lib name unique and wouldn't conflict with the bin name.
 # This seems to be only an issue on Windows, see https://github.com/rust-lang/cargo/issues/8519
-name = "donutbrowser"
+name = "donutbrowser_lib"
 crate-type = ["staticlib", "cdylib", "rlib"]
+doctest = false
+
+[[bin]]
+name = "donutbrowser"
+path = "src/main.rs"
+
+[[bin]]
+name = "donut-proxy"
+path = "src/bin/proxy_server.rs"

 [build-dependencies]
 tauri-build = { version = "2", features = [] }
@@ -28,25 +37,46 @@ tauri-plugin-shell = "2"
 tauri-plugin-deep-link = "2"
 tauri-plugin-dialog = "2"
 tauri-plugin-macos-permissions = "2"
+tauri-plugin-log = "2"
+log = "0.4"
+
 directories = "6"
-reqwest = { version = "0.12", features = ["json", "stream"] }
+reqwest = { version = "0.12", features = ["json", "stream", "socks"] }
 tokio = { version = "1", features = ["full", "sync"] }
-sysinfo = "0.36"
+sysinfo = "0.37"
 lazy_static = "1.4"
 base64 = "0.22"
+libc = "0.2"
 async-trait = "0.1"
 futures-util = "0.3"
+zip = "6"
+tar = "0"
+bzip2 = "0"
+flate2 = "1"
+lzma-rs = "0"
+msi-extract = "0"

-uuid = { version = "1.0", features = ["v4", "serde"] }
+uuid = { version = "1.18", features = ["v4", "serde"] }
 url = "2.5"
+urlencoding = "2.1"
 chrono = { version = "0.4", features = ["serde"] }
+axum = "0.8.7"
+tower = "0.5"
+tower-http = { version = "0.6", features = ["cors"] }
+rand = "0.9.2"
+utoipa = { version = "5", features = ["axum_extras", "chrono"] }
+utoipa-axum = "0.2"
+argon2 = "0.5"
+aes-gcm = "0.10"
+hyper = { version = "1.8", features = ["full"] }
+hyper-util = { version = "0.1", features = ["full"] }
+http-body-util = "0.1"
+clap = { version = "4", features = ["derive"] }
+async-socks5 = "0.6"

 [target."cfg(any(target_os = \"macos\", windows, target_os = \"linux\"))".dependencies]
 tauri-plugin-single-instance = { version = "2", features = ["deep-link"] }

-[target.'cfg(windows)'.dependencies]
-zip = "4"
-
 [target.'cfg(target_os = "macos")'.dependencies]
 core-foundation = "0.10"
 objc2 = "0.6.1"
@@ -54,7 +84,7 @@ objc2-app-kit = { version = "0.3.1", features = ["NSWindow"] }

 [target.'cfg(target_os = "windows")'.dependencies]
 winreg = "0.55"
-windows = { version = "0.61", features = [
+windows = { version = "0.62", features = [
  "Win32_Foundation",
  "Win32_System_ProcessStatus",
  "Win32_System_Threading",
@@ -67,19 +97,39 @@ windows = { version = "0.61", features = [
 ] }

 [dev-dependencies]
-tempfile = "3.13.0"
+tempfile = "3.21.0"
 wiremock = "0.6"
-hyper = { version = "1.0", features = ["full"] }
+hyper = { version = "1.8", features = ["full"] }
 hyper-util = { version = "0.1", features = ["full"] }
 http-body-util = "0.1"
 tower = "0.5"
 tower-http = { version = "0.6", features = ["fs", "trace"] }
 futures-util = "0.3"
+serial_test = "3"

 # Integration test configuration
 [[test]]
-name = "nodecar_integration"
-path = "tests/nodecar_integration.rs"
+name = "donut_proxy_integration"
+path = "tests/donut_proxy_integration.rs"
+
+[profile.dev]
+codegen-units = 256
+incremental = true
+opt-level = 0
+# Split debuginfo on macOS for faster linking (ignored on other platforms)
+split-debuginfo = "unpacked"
+
+[profile.release]
+codegen-units = 1
+opt-level = 3
+lto = "thin"
+# Split debuginfo on macOS for faster linking (ignored on other platforms)
+split-debuginfo = "unpacked"
+
+[profile.test]
+# Optimize test builds for faster compilation
+codegen-units = 256
+incremental = true

 [features]
 # by default Tauri runs in production mode
@@ -3,15 +3,15 @@
 <plist version="1.0">
 <dict>
 	<key>NSCameraUsageDescription</key>
-	<string>Donut Browser needs camera access to enable camera functionality in web browsers. Each website will still ask for your permission individually.</string>
+	<string>Donut needs camera access to enable camera functionality in web browsers. Each website will still ask for your permission individually.</string>
 	<key>NSMicrophoneUsageDescription</key>
-	<string>Donut Browser needs microphone access to enable microphone functionality in web browsers. Each website will still ask for your permission individually.</string>
+	<string>Donut needs microphone access to enable microphone functionality in web browsers. Each website will still ask for your permission individually.</string>
 	<key>NSLocalNetworkUsageDescription</key>
-	<string>Donut Browser has proxy functionality that requires local network access. You can deny this functionality if you don't plan on setting proxies for browser profiles.</string>
+	<string>Donut has proxy functionality that requires local network access. You can deny this functionality if you don't plan on setting proxies for browser profiles.</string>
 	<key>CFBundleDisplayName</key>
-	<string>Donut Browser</string>
+	<string>Donut</string>
 	<key>CFBundleName</key>
-	<string>Donut Browser</string>
+	<string>Donut</string>
 	<key>CFBundleIdentifier</key>
 	<string>com.donutbrowser</string>
    <key>CFBundleURLName</key>
@@ -25,7 +25,7 @@
 	<key>LSApplicationCategoryType</key>
 	<string>public.app-category.productivity</string>
 	<key>NSHumanReadableCopyright</key>
-	<string>Copyright © 2025 Donut Browser</string>
+	<string>Copyright © 2025 Donut</string>
 	<key>CFBundleDocumentTypes</key>
 	<array>
 		<dict>
@@ -1,4 +1,6 @@
 fn main() {
+  println!("cargo::rustc-check-cfg=cfg(mobile)");
+
  #[cfg(target_os = "macos")]
  {
    println!("cargo:rustc-link-lib=framework=CoreFoundation");
@@ -26,5 +28,60 @@ fn main() {
    println!("cargo:rustc-env=BUILD_VERSION=dev-{version}");
  }

-  tauri_build::build()
+  // Inject vault password at build time
+  if let Ok(vault_password) = std::env::var("DONUT_BROWSER_VAULT_PASSWORD") {
+    println!("cargo:rustc-env=DONUT_BROWSER_VAULT_PASSWORD={vault_password}");
+  } else {
+    // Use default password if environment variable is not set
+    println!("cargo:rustc-env=DONUT_BROWSER_VAULT_PASSWORD=donutbrowser-api-vault-password");
+  }
+
+  // Tell Cargo to rebuild if the proxy binary source changes
+  println!("cargo:rerun-if-changed=src/bin/proxy_server.rs");
+  println!("cargo:rerun-if-changed=src/proxy_server.rs");
+  println!("cargo:rerun-if-changed=src/proxy_runner.rs");
+  println!("cargo:rerun-if-changed=src/proxy_storage.rs");
+
+  // Only run tauri_build if all external binaries exist
+  // This allows building donut-proxy sidecar without the other binaries present
+  if external_binaries_exist() {
+    tauri_build::build()
+  } else {
+    println!("cargo:warning=Skipping tauri_build: external binaries not found. This is expected when building sidecar binaries.");
+  }
+}
+
+fn external_binaries_exist() -> bool {
+  use std::env;
+  use std::path::PathBuf;
+
+  let manifest_dir = match env::var("CARGO_MANIFEST_DIR") {
+    Ok(dir) => dir,
+    Err(_) => return false,
+  };
+
+  let target = match env::var("TARGET") {
+    Ok(t) => t,
+    Err(_) => return false,
+  };
+
+  let binaries_dir = PathBuf::from(&manifest_dir).join("binaries");
+
+  // Check for both required external binaries
+  let nodecar_name = if target.contains("windows") {
+    format!("nodecar-{}.exe", target)
+  } else {
+    format!("nodecar-{}", target)
+  };
+
+  let donut_proxy_name = if target.contains("windows") {
+    format!("donut-proxy-{}.exe", target)
+  } else {
+    format!("donut-proxy-{}", target)
+  };
+
+  let nodecar_exists = binaries_dir.join(&nodecar_name).exists();
+  let donut_proxy_exists = binaries_dir.join(&donut_proxy_name).exists();
+
+  nodecar_exists && donut_proxy_exists
 }
@@ -5,7 +5,15 @@
  "windows": ["main"],
  "permissions": [
    "core:default",
-    "core:event:default",
+    "core:event:allow-listen",
+    "core:event:allow-emit",
+    "core:event:allow-emit-to",
+    "core:event:allow-unlisten",
+    "core:image:default",
+    "core:menu:default",
+    "core:path:default",
+    "core:tray:default",
+    "core:webview:default",
    "core:window:default",
    "core:window:allow-start-dragging",
    "core:window:allow-close",
@@ -29,6 +37,7 @@
    "macos-permissions:allow-request-microphone-permission",
    "macos-permissions:allow-request-camera-permission",
    "macos-permissions:allow-check-microphone-permission",
-    "macos-permissions:allow-check-camera-permission"
+    "macos-permissions:allow-check-camera-permission",
+    "log:default"
  ]
 }
@@ -0,0 +1,69 @@
+#!/bin/bash
+set -e
+
+# Get the target triple from environment or use default
+TARGET="${TARGET:-$(rustc -vV 2>/dev/null | sed -n 's|host: ||p' || echo "unknown")}"
+MANIFEST_DIR="$(dirname "$0")"
+
+# Determine binary name based on target
+if [[ "$TARGET" == *"windows"* ]]; then
+  BIN_NAME="donut-proxy.exe"
+else
+  BIN_NAME="donut-proxy"
+fi
+
+# Determine source path
+HOST_TARGET=$(rustc -vV 2>/dev/null | sed -n 's|host: ||p' || echo "$TARGET")
+if [[ "$TARGET" == "$HOST_TARGET" ]] || [[ "$TARGET" == "unknown" ]]; then
+  # Native target - use debug or release based on profile
+  if [[ "${PROFILE:-debug}" == "release" ]]; then
+    SRC_DIR="$MANIFEST_DIR/target/release"
+  else
+    SRC_DIR="$MANIFEST_DIR/target/debug"
+  fi
+else
+  # Cross-compilation target
+  if [[ "${PROFILE:-debug}" == "release" ]]; then
+    SRC_DIR="$MANIFEST_DIR/target/$TARGET/release"
+  else
+    SRC_DIR="$MANIFEST_DIR/target/$TARGET/debug"
+  fi
+fi
+
+SOURCE="$SRC_DIR/$BIN_NAME"
+DEST_DIR="$MANIFEST_DIR/binaries"
+# Tauri expects the format: donut-proxy-{target} with hyphens (same as nodecar)
+DEST_NAME="donut-proxy-$TARGET"
+if [[ "$TARGET" == *"windows"* ]]; then
+  DEST_NAME="$DEST_NAME.exe"
+fi
+DEST="$DEST_DIR/$DEST_NAME"
+
+# Create binaries directory if it doesn't exist
+mkdir -p "$DEST_DIR"
+
+# Copy the binary if it exists
+if [[ -f "$SOURCE" ]]; then
+  cp "$SOURCE" "$DEST"
+  echo "Copied $BIN_NAME to $DEST"
+else
+  echo "Warning: Binary not found at $SOURCE"
+  echo "Building donut-proxy binary..."
+  cd "$MANIFEST_DIR"
+  BUILD_ARGS=("build" "--bin" "donut-proxy")
+  if [[ -n "$PROFILE" ]] && [[ "$PROFILE" == "release" ]]; then
+    BUILD_ARGS+=("--release")
+  fi
+  if [[ -n "$TARGET" ]] && [[ "$TARGET" != "unknown" ]] && [[ "$TARGET" != "$HOST_TARGET" ]]; then
+    BUILD_ARGS+=("--target" "$TARGET")
+  fi
+  cargo "${BUILD_ARGS[@]}"
+  if [[ -f "$SOURCE" ]]; then
+    cp "$SOURCE" "$DEST"
+    echo "Built and copied $BIN_NAME to $DEST"
+  else
+    echo "Error: Failed to build donut-proxy binary"
+    exit 1
+  fi
+fi
+
@@ -1,13 +1,16 @@
 [Desktop Entry]
 Version=1.0
 Type=Application
-Name=Donut Browser
-Comment=Simple Yet Powerful Browser Orchestrator
+Name=Donut
+Name[en]=Donut
+GenericName=Web Browser
+X-GNOME-FullName=Donut
+Comment=Simple Yet Powerful Anti-Detect Browser
 Exec=donutbrowser %u
 Icon=donutbrowser
 StartupNotify=true
 NoDisplay=false
-Categories=Network;WebBrowser;Productivity;
+Categories=Network;WebBrowser;
 MimeType=x-scheme-handler/http;x-scheme-handler/https;text/html;application/xhtml+xml;
 StartupWMClass=donutbrowser
 Keywords=browser;web;internet;productivity;
@@ -28,5 +28,11 @@
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
+    <key>com.apple.security.automation.apple-events</key>
+    <true/>
+    <key>com.apple.security.device.usb</key>
+    <true/>
+    <key>com.apple.security.inherit</key>
+    <true/>
 </dict>
 </plist> 
@@ -1,6 +1,5 @@
-use crate::api_client::is_browser_version_nightly;
-use crate::browser_version_service::{BrowserVersionInfo, BrowserVersionService};
-use crate::profile::BrowserProfile;
+use crate::browser_version_manager::{BrowserVersionInfo, BrowserVersionManager};
+use crate::profile::{BrowserProfile, ProfileManager};
 use crate::settings_manager::SettingsManager;
 use serde::{Deserialize, Serialize};
 use std::collections::{HashMap, HashSet};
@@ -29,15 +28,17 @@ pub struct AutoUpdateState {
 }

 pub struct AutoUpdater {
-  version_service: &'static BrowserVersionService,
+  browser_version_manager: &'static BrowserVersionManager,
  settings_manager: &'static SettingsManager,
+  profile_manager: &'static ProfileManager,
 }

 impl AutoUpdater {
  fn new() -> Self {
    Self {
-      version_service: BrowserVersionService::instance(),
+      browser_version_manager: BrowserVersionManager::instance(),
      settings_manager: SettingsManager::instance(),
+      profile_manager: ProfileManager::instance(),
    }
  }

@@ -53,8 +54,8 @@ impl AutoUpdater {
    let mut browser_versions: HashMap<String, Vec<BrowserVersionInfo>> = HashMap::new();

    // Group profiles by browser
-    let profile_manager = crate::profile::ProfileManager::new();
-    let profiles = profile_manager
+    let profiles = self
+      .profile_manager
      .list_profiles()
      .map_err(|e| format!("Failed to list profiles: {e}"))?;
    let mut browser_profiles: HashMap<String, Vec<BrowserProfile>> = HashMap::new();
@@ -62,7 +63,7 @@ impl AutoUpdater {
    for profile in profiles {
      // Only check supported browsers
      if !self
-        .version_service
+        .browser_version_manager
        .is_browser_supported(&profile.browser)
        .unwrap_or(false)
      {
@@ -78,14 +79,14 @@ impl AutoUpdater {
    for (browser, profiles) in browser_profiles {
      // Get cached versions first, then try to fetch if needed
      let versions = if let Some(cached) = self
-        .version_service
+        .browser_version_manager
        .get_cached_browser_versions_detailed(&browser)
      {
        cached
-      } else if self.version_service.should_update_cache(&browser) {
+      } else if self.browser_version_manager.should_update_cache(&browser) {
        // Try to fetch fresh versions
        match self
-          .version_service
+          .browser_version_manager
          .fetch_browser_versions_detailed(&browser, false)
          .await
        {
@@ -108,13 +109,13 @@ impl AutoUpdater {
            let new_version = &update.new_version.parse::<u32>().unwrap();

            let result = new_version - current_version;
-            println!(
+            log::info!(
              "Current version: {current_version}, New version: {new_version}, Result: {result}"
            );
            if result > 400 {
              notifications.push(update);
            } else {
-              println!(
+              log::info!(
                "Skipping chromium update notification: only {result} new versions (need 400+)"
              );
            }
@@ -129,62 +130,66 @@ impl AutoUpdater {
  }

  pub async fn check_for_updates_with_progress(&self, app_handle: &tauri::AppHandle) {
-    println!("Starting auto-update check with progress...");
+    log::info!("Starting auto-update check with progress...");

    // Check for browser updates and trigger auto-downloads
    match self.check_for_updates().await {
      Ok(update_notifications) => {
        if !update_notifications.is_empty() {
-          println!(
+          log::info!(
            "Found {} browser updates to auto-download",
            update_notifications.len()
          );

          // Trigger automatic downloads for each update
          for notification in update_notifications {
-            println!(
+            log::info!(
              "Auto-downloading {} version {}",
-              notification.browser, notification.new_version
+              notification.browser,
+              notification.new_version
            );

            // Clone app_handle for the async task
-            let app_handle_clone = app_handle.clone();
            let browser = notification.browser.clone();
            let new_version = notification.new_version.clone();
            let notification_id = notification.id.clone();
            let affected_profiles = notification.affected_profiles.clone();
+            let app_handle_clone = app_handle.clone();

            // Spawn async task to handle the download and auto-update
            tokio::spawn(async move {
+              // TODO: update the logic to use the downloaded browsers registry instance instead of the static method
              // First, check if browser already exists
-              match crate::browser_runner::is_browser_downloaded(
+              match crate::downloaded_browsers_registry::is_browser_downloaded(
                browser.clone(),
                new_version.clone(),
              ) {
                true => {
-                  println!("Browser {browser} {new_version} already downloaded, proceeding to auto-update profiles");
+                  log::info!("Browser {browser} {new_version} already downloaded, proceeding to auto-update profiles");

                  // Browser already exists, go straight to profile update
-                  match crate::auto_updater::complete_browser_update_with_auto_update(
-                    browser.clone(),
-                    new_version.clone(),
-                  )
-                  .await
+                  match AutoUpdater::instance()
+                    .complete_browser_update_with_auto_update(
+                      &app_handle_clone,
+                      &browser.clone(),
+                      &new_version.clone(),
+                    )
+                    .await
                  {
                    Ok(updated_profiles) => {
-                      println!(
+                      log::info!(
                        "Auto-update completed for {} profiles: {:?}",
                        updated_profiles.len(),
                        updated_profiles
                      );
                    }
                    Err(e) => {
-                      eprintln!("Failed to complete auto-update for {browser}: {e}");
+                      log::error!("Failed to complete auto-update for {browser}: {e}");
                    }
                  }
                }
                false => {
-                  println!("Downloading browser {browser} version {new_version}...");
+                  log::info!("Downloading browser {browser} version {new_version}...");

                  // Emit the auto-update event to trigger frontend handling
                  let auto_update_event = serde_json::json!({
@@ -197,20 +202,20 @@ impl AutoUpdater {
                  if let Err(e) =
                    app_handle_clone.emit("browser-auto-update-available", &auto_update_event)
                  {
-                    eprintln!("Failed to emit auto-update event for {browser}: {e}");
+                    log::error!("Failed to emit auto-update event for {browser}: {e}");
                  } else {
-                    println!("Emitted auto-update event for {browser}");
+                    log::info!("Emitted auto-update event for {browser}");
                  }
                }
              }
            });
          }
        } else {
-          println!("No browser updates needed");
+          log::info!("No browser updates needed");
        }
      }
      Err(e) => {
-        eprintln!("Failed to check for browser updates: {e}");
+        log::error!("Failed to check for browser updates: {e}");
      }
    }
  }
@@ -222,7 +227,8 @@ impl AutoUpdater {
    available_versions: &[BrowserVersionInfo],
  ) -> Result<Option<UpdateNotification>, Box<dyn std::error::Error + Send + Sync>> {
    let current_version = &profile.version;
-    let is_current_nightly = is_browser_version_nightly(&profile.browser, current_version, None);
+    let is_current_nightly =
+      crate::api_client::is_browser_version_nightly(&profile.browser, current_version, None);

    // Find the best available update
    let best_update = available_versions
@@ -230,7 +236,8 @@ impl AutoUpdater {
      .filter(|v| {
        // Only consider versions newer than current
        self.is_version_newer(&v.version, current_version)
-          && is_browser_version_nightly(&profile.browser, &v.version, None) == is_current_nightly
+          && crate::api_client::is_browser_version_nightly(&profile.browser, &v.version, None)
+            == is_current_nightly
      })
      .max_by(|a, b| self.compare_versions(&a.version, &b.version));

@@ -293,11 +300,12 @@ impl AutoUpdater {
  /// Automatically update all affected profile versions after browser download
  pub async fn auto_update_profile_versions(
    &self,
+    app_handle: &tauri::AppHandle,
    browser: &str,
    new_version: &str,
  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
-    let profile_manager = crate::profile::ProfileManager::new();
-    let profiles = profile_manager
+    let profiles = self
+      .profile_manager
      .list_profiles()
      .map_err(|e| format!("Failed to list profiles: {e}"))?;

@@ -314,12 +322,16 @@ impl AutoUpdater {
        // Check if this is an update (newer version)
        if self.is_version_newer(new_version, &profile.version) {
          // Update the profile version
-          match profile_manager.update_profile_version(&profile.name, new_version) {
+          match self.profile_manager.update_profile_version(
+            app_handle,
+            &profile.id.to_string(),
+            new_version,
+          ) {
            Ok(_) => {
              updated_profiles.push(profile.name);
            }
            Err(e) => {
-              eprintln!("Failed to update profile {}: {}", profile.name, e);
+              log::error!("Failed to update profile {}: {}", profile.name, e);
            }
          }
        }
@@ -332,12 +344,13 @@ impl AutoUpdater {
  /// Complete browser update process with auto-update of profile versions
  pub async fn complete_browser_update_with_auto_update(
    &self,
+    app_handle: &tauri::AppHandle,
    browser: &str,
    new_version: &str,
  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
    // Auto-update profile versions first
    let updated_profiles = self
-      .auto_update_profile_versions(browser, new_version)
+      .auto_update_profile_versions(app_handle, browser, new_version)
      .await?;

    // Remove browser from disabled list and clean up auto-update tracking
@@ -347,47 +360,9 @@ impl AutoUpdater {
    state.auto_update_downloads.remove(&download_key);
    self.save_auto_update_state(&state)?;

-    // Always perform cleanup after auto-update - don't fail the update if cleanup fails
-    if let Err(e) = self.cleanup_unused_binaries_internal() {
-      eprintln!("Warning: Failed to cleanup unused binaries after auto-update: {e}");
-    }
-
    Ok(updated_profiles)
  }

-  /// Internal method to cleanup unused binaries (used by auto-cleanup)
-  fn cleanup_unused_binaries_internal(
-    &self,
-  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
-    // Load current profiles
-    let profile_manager = crate::profile::ProfileManager::new();
-    let profiles = profile_manager
-      .list_profiles()
-      .map_err(|e| format!("Failed to load profiles: {e}"))?;
-
-    // Load registry
-    let mut registry = crate::downloaded_browsers::DownloadedBrowsersRegistry::load()
-      .map_err(|e| format!("Failed to load browser registry: {e}"))?;
-
-    // Get active browser versions (all profiles)
-    let active_versions = registry.get_active_browser_versions(&profiles);
-
-    // Get running browser versions (only running profiles)
-    let running_versions = registry.get_running_browser_versions(&profiles);
-
-    // Cleanup unused binaries (but keep running ones)
-    let cleaned_up = registry
-      .cleanup_unused_binaries(&active_versions, &running_versions)
-      .map_err(|e| format!("Failed to cleanup unused binaries: {e}"))?;
-
-    // Save updated registry
-    registry
-      .save()
-      .map_err(|e| format!("Failed to save registry: {e}"))?;
-
-    Ok(cleaned_up)
-  }
-
  /// Check if browser is disabled due to ongoing update
  pub fn is_browser_disabled(
    &self,
@@ -409,17 +384,11 @@ impl AutoUpdater {
  }

  fn is_version_newer(&self, version1: &str, version2: &str) -> bool {
-    // Use the proper VersionComponent comparison from api_client.rs
-    let version_a = crate::api_client::VersionComponent::parse(version1);
-    let version_b = crate::api_client::VersionComponent::parse(version2);
-    version_a > version_b
+    crate::api_client::is_version_newer(version1, version2)
  }

  fn compare_versions(&self, version1: &str, version2: &str) -> std::cmp::Ordering {
-    // Use the proper VersionComponent comparison from api_client.rs
-    let version_a = crate::api_client::VersionComponent::parse(version1);
-    let version_b = crate::api_client::VersionComponent::parse(version2);
-    version_a.cmp(&version_b)
+    crate::api_client::compare_versions(version1, version2)
  }

  fn get_auto_update_state_file(&self) -> PathBuf {
@@ -429,7 +398,7 @@ impl AutoUpdater {
      .join("auto_update_state.json")
  }

-  fn load_auto_update_state(
+  pub fn load_auto_update_state(
    &self,
  ) -> Result<AutoUpdateState, Box<dyn std::error::Error + Send + Sync>> {
    let state_file = self.get_auto_update_state_file();
@@ -443,7 +412,7 @@ impl AutoUpdater {
    Ok(state)
  }

-  fn save_auto_update_state(
+  pub fn save_auto_update_state(
    &self,
    state: &AutoUpdateState,
  ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
@@ -456,6 +425,39 @@ impl AutoUpdater {

    Ok(())
  }
+
+  /// Get pending update versions for a specific browser
+  /// Returns a set of (browser, version) pairs that have pending updates
+  pub fn get_pending_update_versions(
+    &self,
+  ) -> Result<std::collections::HashSet<(String, String)>, Box<dyn std::error::Error + Send + Sync>>
+  {
+    let state = self.load_auto_update_state()?;
+    let mut pending_versions = std::collections::HashSet::new();
+
+    for update in &state.pending_updates {
+      pending_versions.insert((update.browser.clone(), update.new_version.clone()));
+    }
+
+    Ok(pending_versions)
+  }
+
+  /// Get pending update for a specific browser version if it exists
+  pub fn get_pending_update(
+    &self,
+    browser: &str,
+    current_version: &str,
+  ) -> Result<Option<UpdateNotification>, Box<dyn std::error::Error + Send + Sync>> {
+    let state = self.load_auto_update_state()?;
+
+    for update in &state.pending_updates {
+      if update.browser == browser && update.current_version == current_version {
+        return Ok(Some(update.clone()));
+      }
+    }
+
+    Ok(None)
+  }
 }

 // Tauri commands
@@ -471,14 +473,6 @@ pub async fn check_for_browser_updates() -> Result<Vec<UpdateNotification>, Stri
  Ok(grouped)
 }

-#[tauri::command]
-pub async fn is_browser_disabled_for_update(browser: String) -> Result<bool, String> {
-  let updater = AutoUpdater::instance();
-  updater
-    .is_browser_disabled(&browser)
-    .map_err(|e| format!("Failed to check browser status: {e}"))
-}
-
 #[tauri::command]
 pub async fn dismiss_update_notification(notification_id: String) -> Result<(), String> {
  let updater = AutoUpdater::instance();
@@ -489,12 +483,13 @@ pub async fn dismiss_update_notification(notification_id: String) -> Result<(),

 #[tauri::command]
 pub async fn complete_browser_update_with_auto_update(
+  app_handle: tauri::AppHandle,
  browser: String,
  new_version: String,
 ) -> Result<Vec<String>, String> {
  let updater = AutoUpdater::instance();
  updater
-    .complete_browser_update_with_auto_update(&browser, &new_version)
+    .complete_browser_update_with_auto_update(&app_handle, &browser, &new_version)
    .await
    .map_err(|e| format!("Failed to complete browser update: {e}"))
 }
@@ -521,6 +516,8 @@ mod tests {
      release_type: "stable".to_string(),
      camoufox_config: None,
      group_id: None,
+      tags: Vec::new(),
+      note: None,
    }
  }

@@ -780,13 +777,15 @@ mod tests {
    let state_file = test_settings_manager
      .get_settings_dir()
      .join("auto_update_state.json");
-    std::fs::create_dir_all(test_settings_manager.get_settings_dir()).unwrap();
-    let json = serde_json::to_string_pretty(&state).unwrap();
-    std::fs::write(&state_file, json).unwrap();
+    std::fs::create_dir_all(test_settings_manager.get_settings_dir())
+      .expect("Failed to create settings directory");
+    let json = serde_json::to_string_pretty(&state).expect("Failed to serialize state");
+    std::fs::write(&state_file, json).expect("Failed to write state file");

    // Load state
-    let content = std::fs::read_to_string(&state_file).unwrap();
-    let loaded_state: AutoUpdateState = serde_json::from_str(&content).unwrap();
+    let content = std::fs::read_to_string(&state_file).expect("Failed to read state file");
+    let loaded_state: AutoUpdateState =
+      serde_json::from_str(&content).expect("Failed to deserialize state");

    assert_eq!(loaded_state.disabled_browsers.len(), 1);
    assert!(loaded_state.disabled_browsers.contains("firefox"));
@@ -824,11 +823,15 @@ mod tests {
    let state_file = test_settings_manager
      .get_settings_dir()
      .join("auto_update_state.json");
-    std::fs::create_dir_all(test_settings_manager.get_settings_dir()).unwrap();
+    std::fs::create_dir_all(test_settings_manager.get_settings_dir())
+      .expect("Failed to create settings directory");

    // Initially not disabled (empty state file means default state)
    let state = AutoUpdateState::default();
-    assert!(!state.disabled_browsers.contains("firefox"));
+    assert!(
+      !state.disabled_browsers.contains("firefox"),
+      "Firefox should not be disabled initially"
+    );

    // Start update (should disable)
    let mut state = AutoUpdateState::default();
@@ -836,27 +839,41 @@ mod tests {
    state
      .auto_update_downloads
      .insert("firefox-1.1.0".to_string());
-    let json = serde_json::to_string_pretty(&state).unwrap();
-    std::fs::write(&state_file, json).unwrap();
+    let json = serde_json::to_string_pretty(&state).expect("Failed to serialize state");
+    std::fs::write(&state_file, json).expect("Failed to write state file");

    // Check that it's disabled
-    let content = std::fs::read_to_string(&state_file).unwrap();
-    let loaded_state: AutoUpdateState = serde_json::from_str(&content).unwrap();
-    assert!(loaded_state.disabled_browsers.contains("firefox"));
-    assert!(loaded_state.auto_update_downloads.contains("firefox-1.1.0"));
+    let content = std::fs::read_to_string(&state_file).expect("Failed to read state file");
+    let loaded_state: AutoUpdateState =
+      serde_json::from_str(&content).expect("Failed to deserialize state");
+    assert!(
+      loaded_state.disabled_browsers.contains("firefox"),
+      "Firefox should be disabled"
+    );
+    assert!(
+      loaded_state.auto_update_downloads.contains("firefox-1.1.0"),
+      "Firefox download should be tracked"
+    );

    // Complete update (should enable)
    let mut state = loaded_state;
    state.disabled_browsers.remove("firefox");
    state.auto_update_downloads.remove("firefox-1.1.0");
-    let json = serde_json::to_string_pretty(&state).unwrap();
-    std::fs::write(&state_file, json).unwrap();
+    let json = serde_json::to_string_pretty(&state).expect("Failed to serialize final state");
+    std::fs::write(&state_file, json).expect("Failed to write final state file");

    // Check that it's enabled again
-    let content = std::fs::read_to_string(&state_file).unwrap();
-    let final_state: AutoUpdateState = serde_json::from_str(&content).unwrap();
-    assert!(!final_state.disabled_browsers.contains("firefox"));
-    assert!(!final_state.auto_update_downloads.contains("firefox-1.1.0"));
+    let content = std::fs::read_to_string(&state_file).expect("Failed to read final state file");
+    let final_state: AutoUpdateState =
+      serde_json::from_str(&content).expect("Failed to deserialize final state");
+    assert!(
+      !final_state.disabled_browsers.contains("firefox"),
+      "Firefox should be enabled again"
+    );
+    assert!(
+      !final_state.auto_update_downloads.contains("firefox-1.1.0"),
+      "Firefox download should not be tracked anymore"
+    );
  }

  #[test]
@@ -898,21 +915,27 @@ mod tests {
    let state_file = test_settings_manager
      .get_settings_dir()
      .join("auto_update_state.json");
-    std::fs::create_dir_all(test_settings_manager.get_settings_dir()).unwrap();
-    let json = serde_json::to_string_pretty(&state).unwrap();
-    std::fs::write(&state_file, json).unwrap();
+    std::fs::create_dir_all(test_settings_manager.get_settings_dir())
+      .expect("Failed to create settings directory");
+    let json = serde_json::to_string_pretty(&state).expect("Failed to serialize initial state");
+    std::fs::write(&state_file, json).expect("Failed to write initial state file");

    // Dismiss notification (remove from pending updates)
    state
      .pending_updates
      .retain(|n| n.id != "test_notification");
-    let json = serde_json::to_string_pretty(&state).unwrap();
-    std::fs::write(&state_file, json).unwrap();
+    let json = serde_json::to_string_pretty(&state).expect("Failed to serialize updated state");
+    std::fs::write(&state_file, json).expect("Failed to write updated state file");

    // Check that it's removed
-    let content = std::fs::read_to_string(&state_file).unwrap();
-    let loaded_state: AutoUpdateState = serde_json::from_str(&content).unwrap();
-    assert_eq!(loaded_state.pending_updates.len(), 0);
+    let content = std::fs::read_to_string(&state_file).expect("Failed to read updated state file");
+    let loaded_state: AutoUpdateState =
+      serde_json::from_str(&content).expect("Failed to deserialize updated state");
+    assert_eq!(
+      loaded_state.pending_updates.len(),
+      0,
+      "Pending updates should be empty after dismissal"
+    );
  }
 }

@@ -0,0 +1,322 @@
+use clap::{Arg, Command};
+use donutbrowser_lib::proxy_runner::{
+  start_proxy_process_with_profile, stop_all_proxy_processes, stop_proxy_process,
+};
+use donutbrowser_lib::proxy_server::run_proxy_server;
+use donutbrowser_lib::proxy_storage::get_proxy_config;
+use std::process;
+
+fn set_high_priority() {
+  #[cfg(unix)]
+  {
+    unsafe {
+      // Set high priority (negative nice value = higher priority)
+      // -10 is a reasonably high priority without being too aggressive
+      // This may fail without elevated privileges, which is fine
+      let result = libc::setpriority(libc::PRIO_PROCESS, 0, -10);
+      if result == 0 {
+        log::info!("Set process priority to -10 (high priority)");
+      } else {
+        // Try a less aggressive priority if -10 fails
+        let result = libc::setpriority(libc::PRIO_PROCESS, 0, -5);
+        if result == 0 {
+          log::info!("Set process priority to -5 (above normal)");
+        }
+      }
+    }
+  }
+
+  #[cfg(target_os = "linux")]
+  {
+    // Lower OOM score so this process is less likely to be killed under memory pressure
+    // Valid range is -1000 to 1000, lower = less likely to be killed
+    // -500 is a reasonable value that makes us less likely to be killed
+    if let Err(e) = std::fs::write("/proc/self/oom_score_adj", "-500") {
+      log::debug!("Could not set OOM score adjustment: {}", e);
+    } else {
+      log::info!("Set OOM score adjustment to -500");
+    }
+  }
+
+  #[cfg(windows)]
+  {
+    use windows::Win32::System::Threading::{
+      GetCurrentProcess, SetPriorityClass, ABOVE_NORMAL_PRIORITY_CLASS,
+    };
+
+    unsafe {
+      let process = GetCurrentProcess();
+      if SetPriorityClass(process, ABOVE_NORMAL_PRIORITY_CLASS).is_ok() {
+        log::info!("Set process priority to ABOVE_NORMAL_PRIORITY_CLASS");
+      } else {
+        log::debug!("Could not set process priority class");
+      }
+    }
+  }
+}
+
+fn build_proxy_url(
+  proxy_type: &str,
+  host: &str,
+  port: u16,
+  username: Option<&str>,
+  password: Option<&str>,
+) -> String {
+  let mut url = format!("{}://", proxy_type.to_lowercase());
+
+  if let (Some(user), Some(pass)) = (username, password) {
+    let encoded_user = urlencoding::encode(user);
+    let encoded_pass = urlencoding::encode(pass);
+    url.push_str(&format!("{}:{}@", encoded_user, encoded_pass));
+  } else if let Some(user) = username {
+    let encoded_user = urlencoding::encode(user);
+    url.push_str(&format!("{}@", encoded_user));
+  }
+
+  url.push_str(host);
+  url.push(':');
+  url.push_str(&port.to_string());
+
+  url
+}
+
+#[tokio::main(flavor = "multi_thread")]
+async fn main() {
+  // Set up panic handler to log panics before process exits
+  std::panic::set_hook(Box::new(|panic_info| {
+    log::error!("PANIC in proxy worker: {:?}", panic_info);
+    if let Some(location) = panic_info.location() {
+      log::error!(
+        "Location: {}:{}:{}",
+        location.file(),
+        location.line(),
+        location.column()
+      );
+    }
+    if let Some(s) = panic_info.payload().downcast_ref::<&str>() {
+      log::error!("Message: {}", s);
+    }
+  }));
+
+  let matches = Command::new("donut-proxy")
+    .subcommand(
+      Command::new("proxy")
+        .about("Manage proxy servers")
+        .subcommand(
+          Command::new("start")
+            .about("Start a proxy server")
+            .arg(Arg::new("host").long("host").help("Upstream proxy host"))
+            .arg(
+              Arg::new("proxy-port")
+                .long("proxy-port")
+                .value_parser(clap::value_parser!(u16))
+                .help("Upstream proxy port"),
+            )
+            .arg(
+              Arg::new("type")
+                .long("type")
+                .help("Proxy type (http, https, socks4, socks5)"),
+            )
+            .arg(Arg::new("username").long("username").help("Proxy username"))
+            .arg(Arg::new("password").long("password").help("Proxy password"))
+            .arg(
+              Arg::new("port")
+                .short('p')
+                .long("port")
+                .value_parser(clap::value_parser!(u16))
+                .help("Local port to use (random if not specified)"),
+            )
+            .arg(
+              Arg::new("ignore-certificate")
+                .long("ignore-certificate")
+                .help("Ignore certificate errors for HTTPS proxies"),
+            )
+            .arg(
+              Arg::new("upstream")
+                .short('u')
+                .long("upstream")
+                .help("Upstream proxy URL (protocol://[username:password@]host:port)"),
+            )
+            .arg(
+              Arg::new("profile-id")
+                .long("profile-id")
+                .help("ID of the profile this proxy is associated with"),
+            ),
+        )
+        .subcommand(
+          Command::new("stop")
+            .about("Stop a proxy server")
+            .arg(Arg::new("id").long("id").help("Proxy ID to stop"))
+            .arg(
+              Arg::new("upstream")
+                .long("upstream")
+                .help("Stop proxies with this upstream URL"),
+            ),
+        )
+        .subcommand(Command::new("list").about("List all proxy servers")),
+    )
+    .subcommand(
+      Command::new("proxy-worker")
+        .about("Run a proxy worker process (internal use)")
+        .arg(
+          Arg::new("id")
+            .long("id")
+            .required(true)
+            .help("Proxy configuration ID"),
+        )
+        .arg(Arg::new("action").required(true).help("Action (start)")),
+    )
+    .get_matches();
+
+  if let Some(proxy_matches) = matches.subcommand_matches("proxy") {
+    if let Some(start_matches) = proxy_matches.subcommand_matches("start") {
+      let mut upstream_url: Option<String> = None;
+
+      // Build upstream URL from individual components if provided
+      if let (Some(host), Some(port), Some(proxy_type)) = (
+        start_matches.get_one::<String>("host"),
+        start_matches.get_one::<u16>("proxy-port"),
+        start_matches.get_one::<String>("type"),
+      ) {
+        let username = start_matches.get_one::<String>("username");
+        let password = start_matches.get_one::<String>("password");
+        upstream_url = Some(build_proxy_url(
+          proxy_type,
+          host,
+          *port,
+          username.map(|s| s.as_str()),
+          password.map(|s| s.as_str()),
+        ));
+      } else if let Some(upstream) = start_matches.get_one::<String>("upstream") {
+        upstream_url = Some(upstream.clone());
+      }
+
+      let port = start_matches.get_one::<u16>("port").copied();
+      let profile_id = start_matches.get_one::<String>("profile-id").cloned();
+
+      match start_proxy_process_with_profile(upstream_url, port, profile_id).await {
+        Ok(config) => {
+          // Output the configuration as JSON for the Rust side to parse
+          // Use println! here because this needs to go to stdout for parsing
+          println!(
+            "{}",
+            serde_json::json!({
+              "id": config.id,
+              "localPort": config.local_port,
+              "localUrl": config.local_url,
+              "upstreamUrl": config.upstream_url,
+            })
+          );
+          process::exit(0);
+        }
+        Err(e) => {
+          eprintln!("Failed to start proxy: {}", e);
+          process::exit(1);
+        }
+      }
+    } else if let Some(stop_matches) = proxy_matches.subcommand_matches("stop") {
+      if let Some(id) = stop_matches.get_one::<String>("id") {
+        match stop_proxy_process(id).await {
+          Ok(success) => {
+            // Use println! here because this needs to go to stdout for parsing
+            println!("{}", serde_json::json!({ "success": success }));
+            process::exit(0);
+          }
+          Err(e) => {
+            eprintln!("Failed to stop proxy: {}", e);
+            process::exit(1);
+          }
+        }
+      } else if let Some(upstream) = stop_matches.get_one::<String>("upstream") {
+        // Find proxies with this upstream URL
+        let configs = donutbrowser_lib::proxy_storage::list_proxy_configs();
+        let matching_configs: Vec<_> = configs
+          .iter()
+          .filter(|config| config.upstream_url == *upstream)
+          .collect();
+
+        if matching_configs.is_empty() {
+          eprintln!("No proxies found for {}", upstream);
+          process::exit(1);
+        }
+
+        for config in matching_configs {
+          let _ = stop_proxy_process(&config.id).await;
+        }
+
+        // Use println! here because this needs to go to stdout for parsing
+        println!("{}", serde_json::json!({ "success": true }));
+        process::exit(0);
+      } else {
+        // Stop all proxies
+        match stop_all_proxy_processes().await {
+          Ok(_) => {
+            // Use println! here because this needs to go to stdout for parsing
+            println!("{}", serde_json::json!({ "success": true }));
+            process::exit(0);
+          }
+          Err(e) => {
+            eprintln!("Failed to stop all proxies: {}", e);
+            process::exit(1);
+          }
+        }
+      }
+    } else if proxy_matches.subcommand_matches("list").is_some() {
+      let configs = donutbrowser_lib::proxy_storage::list_proxy_configs();
+      // Use println! here because this needs to go to stdout for parsing
+      println!("{}", serde_json::to_string(&configs).unwrap());
+      process::exit(0);
+    } else {
+      log::error!("Invalid action. Use 'start', 'stop', or 'list'");
+      process::exit(1);
+    }
+  } else if let Some(worker_matches) = matches.subcommand_matches("proxy-worker") {
+    let id = worker_matches
+      .get_one::<String>("id")
+      .expect("id is required");
+    let action = worker_matches
+      .get_one::<String>("action")
+      .expect("action is required");
+
+    if action == "start" {
+      // Set high priority so this process is killed last under resource pressure
+      set_high_priority();
+
+      log::error!("Proxy worker starting, looking for config id: {}", id);
+      log::error!("Process PID: {}", std::process::id());
+
+      let config = match get_proxy_config(id) {
+        Some(config) => {
+          log::error!(
+            "Found config: id={}, port={:?}, upstream={}",
+            config.id,
+            config.local_port,
+            config.upstream_url
+          );
+          config
+        }
+        None => {
+          log::error!("Proxy configuration {} not found", id);
+          process::exit(1);
+        }
+      };
+
+      // Run the proxy server - this should never return (infinite loop)
+      log::error!("Starting proxy server for config id: {}", id);
+      if let Err(e) = run_proxy_server(config).await {
+        log::error!("Failed to run proxy server: {}", e);
+        log::error!("Error details: {:?}", e);
+        process::exit(1);
+      }
+      // This should never be reached - run_proxy_server has an infinite loop
+      log::error!("ERROR: Proxy server returned unexpectedly (this should never happen)");
+      process::exit(1);
+    } else {
+      log::error!("Invalid action for proxy-worker. Use 'start'");
+      process::exit(1);
+    }
+  } else {
+    log::error!("No command specified");
+    process::exit(1);
+  }
+}
@@ -1,7 +1,8 @@
 use serde::{Deserialize, Serialize};
 use std::path::{Path, PathBuf};
+use utoipa::ToSchema;

-#[derive(Debug, Clone, Serialize, Deserialize)]
+#[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]
 pub struct ProxySettings {
  pub proxy_type: String, // "http", "https", "socks4", or "socks5"
  pub host: String,
@@ -58,6 +59,8 @@ pub trait Browser: Send + Sync {
    profile_path: &str,
    proxy_settings: Option<&ProxySettings>,
    url: Option<String>,
+    remote_debugging_port: Option<u16>,
+    headless: bool,
  ) -> Result<Vec<String>, Box<dyn std::error::Error>>;
  fn is_version_downloaded(&self, version: &str, binaries_dir: &Path) -> bool;
  fn prepare_executable(&self, executable_path: &Path) -> Result<(), Box<dyn std::error::Error>>;
@@ -168,17 +171,25 @@ mod linux {
    install_dir: &Path,
    browser_type: &BrowserType,
  ) -> Result<PathBuf, Box<dyn std::error::Error>> {
-    // Expected structure: install_dir/<browser>/<binary>
+    // Expected structure examples:
+    // - Firefox/Firefox Developer on Linux often extract to: install_dir/firefox/firefox
+    // - Some archives may extract directly under: install_dir/firefox or install_dir/firefox-bin
+    // - For some flavors we may have: install_dir/<browser_type>/<binary>
    let browser_subdir = install_dir.join(browser_type.as_str());

-    // Try firefox first (preferred), then firefox-bin
+    // Try common firefox executable locations (nested and flat)
    let possible_executables = match browser_type {
-      BrowserType::Firefox | BrowserType::FirefoxDeveloper => {
-        vec![
-          browser_subdir.join("firefox"),
-          browser_subdir.join("firefox-bin"),
-        ]
-      }
+      BrowserType::Firefox | BrowserType::FirefoxDeveloper => vec![
+        // Nested "firefox/firefox" or "firefox/firefox-bin"
+        install_dir.join("firefox").join("firefox"),
+        install_dir.join("firefox").join("firefox-bin"),
+        // Flat under version directory
+        install_dir.join("firefox"),
+        install_dir.join("firefox-bin"),
+        // Under a subdirectory matching the browser type
+        browser_subdir.join("firefox"),
+        browser_subdir.join("firefox-bin"),
+      ],
      BrowserType::MullvadBrowser => {
        vec![
          browser_subdir.join("firefox"),
@@ -191,15 +202,20 @@ mod linux {
      }
      BrowserType::TorBrowser => {
        vec![
-          browser_subdir.join("firefox"),
+          // Common Tor Browser launchers
          browser_subdir.join("tor-browser"),
+          // Firefox-based binaries
+          browser_subdir.join("firefox"),
          browser_subdir.join("firefox-bin"),
+          // Sometimes packaged similarly to Firefox
+          install_dir.join("firefox").join("firefox"),
+          install_dir.join("firefox").join("firefox-bin"),
        ]
      }
      BrowserType::Camoufox => {
        vec![
-          browser_subdir.join("camoufox-bin"),
-          browser_subdir.join("camoufox"),
+          install_dir.join("camoufox-bin"),
+          install_dir.join("camoufox"),
        ]
      }
      _ => vec![],
@@ -213,9 +229,9 @@ mod linux {

    Err(
      format!(
-        "Firefox executable not found in {}/{}",
+        "Executable not found for {} in {}",
+        browser_type.as_str(),
        install_dir.display(),
-        browser_type.as_str()
      )
      .into(),
    )
@@ -226,12 +242,29 @@ mod linux {
    browser_type: &BrowserType,
  ) -> Result<PathBuf, Box<dyn std::error::Error>> {
    let possible_executables = match browser_type {
-      BrowserType::Chromium => vec![install_dir.join("chromium"), install_dir.join("chrome")],
+      BrowserType::Chromium => vec![
+        // Direct paths (for manual installations)
+        install_dir.join("chromium"),
+        install_dir.join("chrome"),
+        install_dir.join("chromium-browser"),
+        // Subdirectory paths (for downloaded archives)
+        install_dir.join("chrome-linux").join("chrome"),
+        install_dir.join("chrome-linux").join("chromium"),
+        install_dir.join("chromium").join("chromium"),
+        install_dir.join("chromium").join("chrome"),
+        // Binary subdirectory
+        install_dir.join("bin").join("chromium"),
+        install_dir.join("bin").join("chrome"),
+      ],
      BrowserType::Brave => vec![
        install_dir.join("brave"),
        install_dir.join("brave-browser"),
        install_dir.join("brave-browser-nightly"),
        install_dir.join("brave-browser-beta"),
+        // Subdirectory paths
+        install_dir.join("brave").join("brave"),
+        install_dir.join("brave-browser").join("brave"),
+        install_dir.join("bin").join("brave"),
      ],
      _ => vec![],
    };
@@ -253,18 +286,21 @@ mod linux {
  }

  pub fn is_firefox_version_downloaded(install_dir: &Path, browser_type: &BrowserType) -> bool {
-    // Expected structure: install_dir/<browser>/<binary>
+    // Expected structure (most common):
+    //   install_dir/<browser>/<binary>
+    // However, Firefox Developer tarballs often extract to a "firefox" subfolder
+    // rather than "firefox-developer". Support both layouts.
    let browser_subdir = install_dir.join(browser_type.as_str());

-    if !browser_subdir.exists() || !browser_subdir.is_dir() {
-      return false;
-    }
-
    let possible_executables = match browser_type {
      BrowserType::Firefox | BrowserType::FirefoxDeveloper => {
        vec![
+          // Preferred: executable inside a subdirectory named after the browser type
          browser_subdir.join("firefox-bin"),
          browser_subdir.join("firefox"),
+          // Fallback: executable inside a generic "firefox" subdirectory
+          install_dir.join("firefox").join("firefox-bin"),
+          install_dir.join("firefox").join("firefox"),
        ]
      }
      BrowserType::MullvadBrowser => {
@@ -286,8 +322,8 @@ mod linux {
      }
      BrowserType::Camoufox => {
        vec![
-          browser_subdir.join("camoufox-bin"),
-          browser_subdir.join("camoufox"),
+          install_dir.join("camoufox-bin"),
+          install_dir.join("camoufox"),
        ]
      }
      _ => vec![],
@@ -304,12 +340,29 @@ mod linux {

  pub fn is_chromium_version_downloaded(install_dir: &Path, browser_type: &BrowserType) -> bool {
    let possible_executables = match browser_type {
-      BrowserType::Chromium => vec![install_dir.join("chromium"), install_dir.join("chrome")],
+      BrowserType::Chromium => vec![
+        // Direct paths (for manual installations)
+        install_dir.join("chromium"),
+        install_dir.join("chrome"),
+        install_dir.join("chromium-browser"),
+        // Subdirectory paths (for downloaded archives)
+        install_dir.join("chrome-linux").join("chrome"),
+        install_dir.join("chrome-linux").join("chromium"),
+        install_dir.join("chromium").join("chromium"),
+        install_dir.join("chromium").join("chrome"),
+        // Binary subdirectory
+        install_dir.join("bin").join("chromium"),
+        install_dir.join("bin").join("chrome"),
+      ],
      BrowserType::Brave => vec![
        install_dir.join("brave"),
        install_dir.join("brave-browser"),
        install_dir.join("brave-browser-nightly"),
        install_dir.join("brave-browser-beta"),
+        // Subdirectory paths
+        install_dir.join("brave").join("brave"),
+        install_dir.join("brave-browser").join("brave"),
+        install_dir.join("bin").join("brave"),
      ],
      _ => vec![],
    };
@@ -325,7 +378,7 @@ mod linux {

  pub fn prepare_executable(executable_path: &Path) -> Result<(), Box<dyn std::error::Error>> {
    // On Linux, ensure the executable has proper permissions
-    println!("Setting execute permissions for: {:?}", executable_path);
+    log::info!("Setting execute permissions for: {:?}", executable_path);

    let metadata = std::fs::metadata(executable_path)?;
    let mut permissions = metadata.permissions();
@@ -336,7 +389,7 @@ mod linux {

    std::fs::set_permissions(executable_path, permissions)?;

-    println!(
+    log::info!(
      "Execute permissions set successfully for: {:?}",
      executable_path
    );
@@ -397,11 +450,18 @@ mod windows {
        install_dir.join("chrome.exe"),
        install_dir.join("chromium-browser.exe"),
        install_dir.join("bin").join("chromium.exe"),
+        // Common archive extraction patterns
+        install_dir.join("chrome-win").join("chrome.exe"),
+        install_dir.join("chromium").join("chromium.exe"),
+        install_dir.join("chromium").join("chrome.exe"),
      ],
      BrowserType::Brave => vec![
        install_dir.join("brave.exe"),
        install_dir.join("brave-browser.exe"),
        install_dir.join("bin").join("brave.exe"),
+        // Subdirectory patterns
+        install_dir.join("brave").join("brave.exe"),
+        install_dir.join("brave-browser").join("brave.exe"),
      ],
      _ => vec![],
    };
@@ -473,11 +533,18 @@ mod windows {
        install_dir.join("chrome.exe"),
        install_dir.join("chromium-browser.exe"),
        install_dir.join("bin").join("chromium.exe"),
+        // Common archive extraction patterns
+        install_dir.join("chrome-win").join("chrome.exe"),
+        install_dir.join("chromium").join("chromium.exe"),
+        install_dir.join("chromium").join("chrome.exe"),
      ],
      BrowserType::Brave => vec![
        install_dir.join("brave.exe"),
        install_dir.join("brave-browser.exe"),
        install_dir.join("bin").join("brave.exe"),
+        // Subdirectory patterns
+        install_dir.join("brave").join("brave.exe"),
+        install_dir.join("brave-browser").join("brave.exe"),
      ],
      _ => vec![],
    };
@@ -541,11 +608,23 @@ impl Browser for FirefoxBrowser {
    profile_path: &str,
    _proxy_settings: Option<&ProxySettings>,
    url: Option<String>,
+    remote_debugging_port: Option<u16>,
+    headless: bool,
  ) -> Result<Vec<String>, Box<dyn std::error::Error>> {
    let mut args = vec!["-profile".to_string(), profile_path.to_string()];

-    // Only use -no-remote for browsers that require it for security (Mullvad, Tor)
-    // Regular Firefox browsers can use remote commands for better URL handling
+    // Add remote debugging if requested
+    if let Some(port) = remote_debugging_port {
+      args.push("--start-debugger-server".to_string());
+      args.push(port.to_string());
+    }
+
+    // Add headless mode if requested
+    if headless {
+      args.push("--headless".to_string());
+    }
+
+    // Use -no-remote for browsers that require it for security (Mullvad, Tor) or when remote debugging
    match self.browser_type {
      BrowserType::MullvadBrowser | BrowserType::TorBrowser => {
        args.push("-no-remote".to_string());
@@ -554,7 +633,11 @@ impl Browser for FirefoxBrowser {
      | BrowserType::FirefoxDeveloper
      | BrowserType::Zen
      | BrowserType::Camoufox => {
-        // Don't use -no-remote so we can communicate with existing instances
+        // Use -no-remote when remote debugging to avoid conflicts
+        if remote_debugging_port.is_some() {
+          args.push("-no-remote".to_string());
+        }
+        // Don't use -no-remote for normal launches so we can communicate with existing instances
      }
      _ => {}
    }
@@ -571,14 +654,14 @@ impl Browser for FirefoxBrowser {
    // Expected structure: binaries/<browser>/<version>
    let browser_dir = binaries_dir.join(self.browser_type.as_str()).join(version);

-    println!("Firefox browser checking version {version} in directory: {browser_dir:?}");
+    log::info!("Firefox browser checking version {version} in directory: {browser_dir:?}");

    if !browser_dir.exists() {
-      println!("Directory does not exist: {browser_dir:?}");
+      log::info!("Directory does not exist: {browser_dir:?}");
      return false;
    }

-    println!("Directory exists, checking for browser files...");
+    log::info!("Directory exists, checking for browser files...");

    #[cfg(target_os = "macos")]
    return macos::is_firefox_version_downloaded(&browser_dir);
@@ -591,7 +674,7 @@ impl Browser for FirefoxBrowser {

    #[cfg(not(any(target_os = "macos", target_os = "linux", target_os = "windows")))]
    {
-      println!("Unsupported platform for browser verification");
+      log::info!("Unsupported platform for browser verification");
      false
    }
  }
@@ -643,6 +726,8 @@ impl Browser for ChromiumBrowser {
    profile_path: &str,
    proxy_settings: Option<&ProxySettings>,
    url: Option<String>,
+    remote_debugging_port: Option<u16>,
+    headless: bool,
  ) -> Result<Vec<String>, Box<dyn std::error::Error>> {
    let mut args = vec![
      format!("--user-data-dir={}", profile_path),
@@ -652,11 +737,25 @@ impl Browser for ChromiumBrowser {
      "--disable-background-timer-throttling".to_string(),
      "--crash-server-url=".to_string(),
      "--disable-updater".to_string(),
+      // Disable quit confirmation and session restore prompts
+      "--disable-session-crashed-bubble".to_string(),
+      "--hide-crash-restore-bubble".to_string(),
+      "--disable-infobars".to_string(),
    ];

+    // Add remote debugging if requested
+    if let Some(port) = remote_debugging_port {
+      args.push("--remote-debugging-address=0.0.0.0".to_string());
+      args.push(format!("--remote-debugging-port={port}"));
+    }
+
+    // Add headless mode if requested
+    if headless {
+      args.push("--headless".to_string());
+    }
+
    // Add proxy configuration if provided
    if let Some(proxy) = proxy_settings {
-      // Apply proxy settings
      args.push(format!(
        "--proxy-server=http://{}:{}",
        proxy.host, proxy.port
@@ -674,14 +773,14 @@ impl Browser for ChromiumBrowser {
    // Expected structure: binaries/<browser>/<version>
    let browser_dir = binaries_dir.join(self.browser_type.as_str()).join(version);

-    println!("Chromium browser checking version {version} in directory: {browser_dir:?}");
+    log::info!("Chromium browser checking version {version} in directory: {browser_dir:?}");

    if !browser_dir.exists() {
-      println!("Directory does not exist: {browser_dir:?}");
+      log::info!("Directory does not exist: {browser_dir:?}");
      return false;
    }

-    println!("Directory exists, checking for browser files...");
+    log::info!("Directory exists, checking for browser files...");

    #[cfg(target_os = "macos")]
    return macos::is_chromium_version_downloaded(&browser_dir);
@@ -694,7 +793,7 @@ impl Browser for ChromiumBrowser {

    #[cfg(not(any(target_os = "macos", target_os = "linux", target_os = "windows")))]
    {
-      println!("Unsupported platform for browser verification");
+      log::info!("Unsupported platform for browser verification");
      false
    }
  }
@@ -742,6 +841,8 @@ impl Browser for CamoufoxBrowser {
    profile_path: &str,
    _proxy_settings: Option<&ProxySettings>,
    url: Option<String>,
+    remote_debugging_port: Option<u16>,
+    headless: bool,
  ) -> Result<Vec<String>, Box<dyn std::error::Error>> {
    // For Camoufox, we handle launching through the camoufox launcher
    // This method won't be used directly, but we provide basic Firefox args as fallback
@@ -751,6 +852,17 @@ impl Browser for CamoufoxBrowser {
      "-no-remote".to_string(),
    ];

+    // Add remote debugging if requested
+    if let Some(port) = remote_debugging_port {
+      args.push("--start-debugger-server".to_string());
+      args.push(port.to_string());
+    }
+
+    // Add headless mode if requested
+    if headless {
+      args.push("--headless".to_string());
+    }
+
    if let Some(url) = url {
      args.push(url);
    }
@@ -789,17 +901,33 @@ impl Browser for CamoufoxBrowser {
  }
 }

-// Factory function to create browser instances
-pub fn create_browser(browser_type: BrowserType) -> Box<dyn Browser> {
-  match browser_type {
-    BrowserType::MullvadBrowser
-    | BrowserType::Firefox
-    | BrowserType::FirefoxDeveloper
-    | BrowserType::Zen
-    | BrowserType::TorBrowser => Box::new(FirefoxBrowser::new(browser_type)),
-    BrowserType::Chromium | BrowserType::Brave => Box::new(ChromiumBrowser::new(browser_type)),
-    BrowserType::Camoufox => Box::new(CamoufoxBrowser::new()),
+pub struct BrowserFactory;
+
+impl BrowserFactory {
+  fn new() -> Self {
+    Self
  }
+
+  pub fn instance() -> &'static BrowserFactory {
+    &BROWSER_FACTORY
+  }
+
+  pub fn create_browser(&self, browser_type: BrowserType) -> Box<dyn Browser> {
+    match browser_type {
+      BrowserType::MullvadBrowser
+      | BrowserType::Firefox
+      | BrowserType::FirefoxDeveloper
+      | BrowserType::Zen
+      | BrowserType::TorBrowser => Box::new(FirefoxBrowser::new(browser_type)),
+      BrowserType::Chromium | BrowserType::Brave => Box::new(ChromiumBrowser::new(browser_type)),
+      BrowserType::Camoufox => Box::new(CamoufoxBrowser::new()),
+    }
+  }
+}
+
+// Factory function to create browser instances (kept for backward compatibility)
+pub fn create_browser(browser_type: BrowserType) -> Box<dyn Browser> {
+  BrowserFactory::instance().create_browser(browser_type)
 }

 // Add GithubRelease and GithubAsset structs to browser.rs if they don't already exist
@@ -877,111 +1005,204 @@ mod tests {
    assert_eq!(BrowserType::TorBrowser.as_str(), "tor-browser");
    assert_eq!(BrowserType::Camoufox.as_str(), "camoufox");

-    // Test from_str
+    // Test from_str - use expect with descriptive messages instead of unwrap
    assert_eq!(
-      BrowserType::from_str("mullvad-browser").unwrap(),
+      BrowserType::from_str("mullvad-browser").expect("mullvad-browser should be valid"),
      BrowserType::MullvadBrowser
    );
    assert_eq!(
-      BrowserType::from_str("firefox").unwrap(),
+      BrowserType::from_str("firefox").expect("firefox should be valid"),
      BrowserType::Firefox
    );
    assert_eq!(
-      BrowserType::from_str("firefox-developer").unwrap(),
+      BrowserType::from_str("firefox-developer").expect("firefox-developer should be valid"),
      BrowserType::FirefoxDeveloper
    );
    assert_eq!(
-      BrowserType::from_str("chromium").unwrap(),
+      BrowserType::from_str("chromium").expect("chromium should be valid"),
      BrowserType::Chromium
    );
-    assert_eq!(BrowserType::from_str("brave").unwrap(), BrowserType::Brave);
-    assert_eq!(BrowserType::from_str("zen").unwrap(), BrowserType::Zen);
    assert_eq!(
-      BrowserType::from_str("tor-browser").unwrap(),
+      BrowserType::from_str("brave").expect("brave should be valid"),
+      BrowserType::Brave
+    );
+    assert_eq!(
+      BrowserType::from_str("zen").expect("zen should be valid"),
+      BrowserType::Zen
+    );
+    assert_eq!(
+      BrowserType::from_str("tor-browser").expect("tor-browser should be valid"),
      BrowserType::TorBrowser
    );
    assert_eq!(
-      BrowserType::from_str("camoufox").unwrap(),
+      BrowserType::from_str("camoufox").expect("camoufox should be valid"),
      BrowserType::Camoufox
    );

-    // Test invalid browser type
-    assert!(BrowserType::from_str("invalid").is_err());
-    assert!(BrowserType::from_str("").is_err());
-    assert!(BrowserType::from_str("Firefox").is_err()); // Case sensitive
+    // Test invalid browser type - these should properly fail
+    let invalid_result = BrowserType::from_str("invalid");
+    assert!(
+      invalid_result.is_err(),
+      "Invalid browser type should return error"
+    );
+
+    let empty_result = BrowserType::from_str("");
+    assert!(empty_result.is_err(), "Empty string should return error");
+
+    let case_sensitive_result = BrowserType::from_str("Firefox");
+    assert!(
+      case_sensitive_result.is_err(),
+      "Case sensitive check should fail"
+    );
  }

  #[test]
  fn test_firefox_launch_args() {
-    // Test regular Firefox (should not use -no-remote)
+    // Test regular Firefox (should not use -no-remote for normal launch)
    let browser = FirefoxBrowser::new(BrowserType::Firefox);
    let args = browser
-      .create_launch_args("/path/to/profile", None, None)
-      .unwrap();
+      .create_launch_args("/path/to/profile", None, None, None, false)
+      .expect("Failed to create launch args for Firefox");
    assert_eq!(args, vec!["-profile", "/path/to/profile"]);
-    assert!(!args.contains(&"-no-remote".to_string()));
+    assert!(
+      !args.contains(&"-no-remote".to_string()),
+      "Firefox should not use -no-remote for normal launch"
+    );

    let args = browser
      .create_launch_args(
        "/path/to/profile",
        None,
        Some("https://example.com".to_string()),
+        None,
+        false,
      )
-      .unwrap();
+      .expect("Failed to create launch args for Firefox with URL");
    assert_eq!(
      args,
      vec!["-profile", "/path/to/profile", "https://example.com"]
    );

-    // Test Mullvad Browser (should use -no-remote)
+    // Test Firefox with remote debugging (should use -no-remote)
+    let args = browser
+      .create_launch_args("/path/to/profile", None, None, Some(9222), false)
+      .expect("Failed to create launch args for Firefox with remote debugging");
+    assert!(
+      args.contains(&"-no-remote".to_string()),
+      "Firefox should use -no-remote for remote debugging"
+    );
+    assert!(
+      args.contains(&"--start-debugger-server".to_string()),
+      "Firefox should include debugger server arg"
+    );
+    assert!(
+      args.contains(&"9222".to_string()),
+      "Firefox should include debugging port"
+    );
+
+    // Test Mullvad Browser (should always use -no-remote)
    let browser = FirefoxBrowser::new(BrowserType::MullvadBrowser);
    let args = browser
-      .create_launch_args("/path/to/profile", None, None)
-      .unwrap();
+      .create_launch_args("/path/to/profile", None, None, None, false)
+      .expect("Failed to create launch args for Mullvad Browser");
    assert_eq!(args, vec!["-profile", "/path/to/profile", "-no-remote"]);

-    // Test Tor Browser (should use -no-remote)
+    // Test Tor Browser (should always use -no-remote)
    let browser = FirefoxBrowser::new(BrowserType::TorBrowser);
    let args = browser
-      .create_launch_args("/path/to/profile", None, None)
-      .unwrap();
+      .create_launch_args("/path/to/profile", None, None, None, false)
+      .expect("Failed to create launch args for Tor Browser");
    assert_eq!(args, vec!["-profile", "/path/to/profile", "-no-remote"]);

-    // Test Zen Browser (should not use -no-remote)
+    // Test Zen Browser (should not use -no-remote for normal launch)
    let browser = FirefoxBrowser::new(BrowserType::Zen);
    let args = browser
-      .create_launch_args("/path/to/profile", None, None)
-      .unwrap();
+      .create_launch_args("/path/to/profile", None, None, None, false)
+      .expect("Failed to create launch args for Zen Browser");
    assert_eq!(args, vec!["-profile", "/path/to/profile"]);
-    assert!(!args.contains(&"-no-remote".to_string()));
+    assert!(
+      !args.contains(&"-no-remote".to_string()),
+      "Zen Browser should not use -no-remote for normal launch"
+    );
+
+    // Test headless mode
+    let args = browser
+      .create_launch_args("/path/to/profile", None, None, None, true)
+      .expect("Failed to create launch args for Zen Browser headless");
+    assert!(
+      args.contains(&"--headless".to_string()),
+      "Browser should include headless flag when requested"
+    );
  }

  #[test]
  fn test_chromium_launch_args() {
    let browser = ChromiumBrowser::new(BrowserType::Chromium);
    let args = browser
-      .create_launch_args("/path/to/profile", None, None)
-      .unwrap();
+      .create_launch_args("/path/to/profile", None, None, None, false)
+      .expect("Failed to create launch args for Chromium");

    // Test that basic required arguments are present
-    assert!(args.contains(&"--user-data-dir=/path/to/profile".to_string()));
-    assert!(args.contains(&"--no-default-browser-check".to_string()));
+    assert!(
+      args.contains(&"--user-data-dir=/path/to/profile".to_string()),
+      "Chromium args should contain user-data-dir"
+    );
+    assert!(
+      args.contains(&"--no-default-browser-check".to_string()),
+      "Chromium args should contain no-default-browser-check"
+    );

    // Test that automatic update disabling arguments are present
-    assert!(args.contains(&"--disable-background-mode".to_string()));
-    assert!(args.contains(&"--disable-component-update".to_string()));
+    assert!(
+      args.contains(&"--disable-background-mode".to_string()),
+      "Chromium args should contain disable-background-mode"
+    );
+    assert!(
+      args.contains(&"--disable-component-update".to_string()),
+      "Chromium args should contain disable-component-update"
+    );

    let args_with_url = browser
      .create_launch_args(
        "/path/to/profile",
        None,
        Some("https://example.com".to_string()),
+        None,
+        false,
      )
-      .unwrap();
-    assert!(args_with_url.contains(&"https://example.com".to_string()));
+      .expect("Failed to create launch args for Chromium with URL");
+    assert!(
+      args_with_url.contains(&"https://example.com".to_string()),
+      "Chromium args should contain the URL"
+    );

    // Verify URL is at the end
-    assert_eq!(args_with_url.last().unwrap(), "https://example.com");
+    assert_eq!(
+      args_with_url.last().expect("Args should not be empty"),
+      "https://example.com"
+    );
+
+    // Test remote debugging
+    let args_with_debug = browser
+      .create_launch_args("/path/to/profile", None, None, Some(9222), false)
+      .expect("Failed to create launch args for Chromium with remote debugging");
+    assert!(
+      args_with_debug.contains(&"--remote-debugging-port=9222".to_string()),
+      "Chromium args should contain remote debugging port"
+    );
+    assert!(
+      args_with_debug.contains(&"--remote-debugging-address=0.0.0.0".to_string()),
+      "Chromium args should contain remote debugging address"
+    );
+
+    // Test headless mode
+    let args_headless = browser
+      .create_launch_args("/path/to/profile", None, None, None, true)
+      .expect("Failed to create launch args for Chromium headless");
+    assert!(
+      args_headless.contains(&"--headless".to_string()),
+      "Chromium args should contain headless flag when requested"
+    );
  }

  #[test]
@@ -1014,16 +1235,45 @@ mod tests {

  #[test]
  fn test_version_downloaded_check() {
-    let temp_dir = TempDir::new().unwrap();
+    let temp_dir = TempDir::new().expect("Failed to create temp directory");
    let binaries_dir = temp_dir.path();

    // Create a mock Firefox browser installation with new path structure: binaries/<browser>/<version>/
    let browser_dir = binaries_dir.join("firefox").join("139.0");
-    fs::create_dir_all(&browser_dir).unwrap();
+    fs::create_dir_all(&browser_dir).expect("Failed to create browser directory");

-    // Create a mock .app directory
-    let app_dir = browser_dir.join("Firefox.app");
-    fs::create_dir_all(&app_dir).unwrap();
+    #[cfg(target_os = "macos")]
+    {
+      // Create a mock .app directory for macOS
+      let app_dir = browser_dir.join("Firefox.app");
+      fs::create_dir_all(&app_dir).expect("Failed to create Firefox.app directory");
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+      // Create a mock firefox subdirectory and executable for Linux
+      let firefox_subdir = browser_dir.join("firefox");
+      fs::create_dir_all(&firefox_subdir).expect("Failed to create firefox subdirectory");
+      let executable_path = firefox_subdir.join("firefox");
+      fs::write(&executable_path, "mock executable").expect("Failed to write mock executable");
+
+      // Set executable permissions on Linux
+      use std::os::unix::fs::PermissionsExt;
+      let mut permissions = executable_path
+        .metadata()
+        .expect("Failed to get file metadata")
+        .permissions();
+      permissions.set_mode(0o755);
+      fs::set_permissions(&executable_path, permissions)
+        .expect("Failed to set executable permissions");
+    }
+
+    #[cfg(target_os = "windows")]
+    {
+      // Create a mock firefox.exe for Windows
+      let executable_path = browser_dir.join("firefox.exe");
+      fs::write(&executable_path, "mock executable").expect("Failed to write mock executable");
+    }

    let browser = FirefoxBrowser::new(BrowserType::Firefox);
    assert!(browser.is_version_downloaded("139.0", binaries_dir));
@@ -1031,36 +1281,76 @@ mod tests {

    // Test with Chromium browser with new path structure
    let chromium_dir = binaries_dir.join("chromium").join("1465660");
-    fs::create_dir_all(&chromium_dir).unwrap();
-    let chromium_app_dir = chromium_dir.join("Chromium.app");
-    fs::create_dir_all(chromium_app_dir.join("Contents").join("MacOS")).unwrap();
+    fs::create_dir_all(&chromium_dir).expect("Failed to create chromium directory");

-    // Create a mock executable
-    let executable_path = chromium_app_dir
-      .join("Contents")
-      .join("MacOS")
-      .join("Chromium");
-    fs::write(&executable_path, "mock executable").unwrap();
+    #[cfg(target_os = "macos")]
+    {
+      let chromium_app_dir = chromium_dir.join("Chromium.app");
+      fs::create_dir_all(chromium_app_dir.join("Contents").join("MacOS"))
+        .expect("Failed to create Chromium.app structure");
+
+      // Create a mock executable
+      let executable_path = chromium_app_dir
+        .join("Contents")
+        .join("MacOS")
+        .join("Chromium");
+      fs::write(&executable_path, "mock executable")
+        .expect("Failed to write mock Chromium executable");
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+      // Create a mock chromium executable for Linux
+      let executable_path = chromium_dir.join("chromium");
+      fs::write(&executable_path, "mock executable")
+        .expect("Failed to write mock chromium executable");
+
+      // Set executable permissions on Linux
+      use std::os::unix::fs::PermissionsExt;
+      let mut permissions = executable_path
+        .metadata()
+        .expect("Failed to get chromium metadata")
+        .permissions();
+      permissions.set_mode(0o755);
+      fs::set_permissions(&executable_path, permissions)
+        .expect("Failed to set chromium permissions");
+    }
+
+    #[cfg(target_os = "windows")]
+    {
+      // Create a mock chromium.exe for Windows
+      let executable_path = chromium_dir.join("chromium.exe");
+      fs::write(&executable_path, "mock executable").expect("Failed to write mock chromium.exe");
+    }

    let chromium_browser = ChromiumBrowser::new(BrowserType::Chromium);
-    assert!(chromium_browser.is_version_downloaded("1465660", binaries_dir));
-    assert!(!chromium_browser.is_version_downloaded("1465661", binaries_dir));
+    assert!(
+      chromium_browser.is_version_downloaded("1465660", binaries_dir),
+      "Chromium version should be detected as downloaded"
+    );
+    assert!(
+      !chromium_browser.is_version_downloaded("1465661", binaries_dir),
+      "Non-existent Chromium version should not be detected as downloaded"
+    );
  }

  #[test]
  fn test_version_downloaded_no_app_directory() {
-    let temp_dir = TempDir::new().unwrap();
+    let temp_dir = TempDir::new().expect("Failed to create temp directory");
    let binaries_dir = temp_dir.path();

-    // Create browser directory but no .app directory with new path structure
+    // Create browser directory but no proper executable structure
    let browser_dir = binaries_dir.join("firefox").join("139.0");
-    fs::create_dir_all(&browser_dir).unwrap();
+    fs::create_dir_all(&browser_dir).expect("Failed to create browser directory");

-    // Create some other files but no .app
-    fs::write(browser_dir.join("readme.txt"), "Some content").unwrap();
+    // Create some other files but no proper executable structure
+    fs::write(browser_dir.join("readme.txt"), "Some content").expect("Failed to write readme file");

    let browser = FirefoxBrowser::new(BrowserType::Firefox);
-    assert!(!browser.is_version_downloaded("139.0", binaries_dir));
+    assert!(
+      !browser.is_version_downloaded("139.0", binaries_dir),
+      "Firefox version should not be detected without proper executable structure"
+    );
  }

  #[test]
@@ -1085,15 +1375,24 @@ mod tests {
    };

    // Test that it can be serialized (implements Serialize)
-    let json = serde_json::to_string(&proxy).unwrap();
-    assert!(json.contains("127.0.0.1"));
-    assert!(json.contains("8080"));
-    assert!(json.contains("http"));
+    let json = serde_json::to_string(&proxy).expect("Failed to serialize proxy settings");
+    assert!(json.contains("127.0.0.1"), "JSON should contain host IP");
+    assert!(json.contains("8080"), "JSON should contain port number");
+    assert!(json.contains("http"), "JSON should contain proxy type");

    // Test that it can be deserialized (implements Deserialize)
-    let deserialized: ProxySettings = serde_json::from_str(&json).unwrap();
-    assert_eq!(deserialized.proxy_type, proxy.proxy_type);
-    assert_eq!(deserialized.host, proxy.host);
-    assert_eq!(deserialized.port, proxy.port);
+    let deserialized: ProxySettings =
+      serde_json::from_str(&json).expect("Failed to deserialize proxy settings");
+    assert_eq!(
+      deserialized.proxy_type, proxy.proxy_type,
+      "Proxy type should match"
+    );
+    assert_eq!(deserialized.host, proxy.host, "Host should match");
+    assert_eq!(deserialized.port, proxy.port, "Port should match");
  }
 }
+
+// Global singleton instance
+lazy_static::lazy_static! {
+  static ref BROWSER_FACTORY: BrowserFactory = BrowserFactory::new();
+}
@@ -30,21 +30,21 @@ pub struct DownloadInfo {
  pub is_archive: bool, // true for .dmg, .zip, etc.
 }

-pub struct BrowserVersionService;
+pub struct BrowserVersionManager {
+  api_client: &'static ApiClient,
+}

-impl BrowserVersionService {
+impl BrowserVersionManager {
  fn new() -> Self {
-    Self
+    Self {
+      api_client: ApiClient::instance(),
+    }
  }

-  pub fn instance() -> &'static BrowserVersionService {
+  pub fn instance() -> &'static BrowserVersionManager {
    &BROWSER_VERSION_SERVICE
  }

-  fn api_client(&self) -> &'static ApiClient {
-    ApiClient::instance()
-  }
-
  /// Check if a browser is supported on the current platform and architecture
  pub fn is_browser_supported(
    &self,
@@ -116,7 +116,17 @@ impl BrowserVersionService {

  /// Get cached browser versions immediately (returns None if no cache exists)
  pub fn get_cached_browser_versions(&self, browser: &str) -> Option<Vec<String>> {
-    self.api_client().load_cached_versions(browser)
+    if browser == "brave" {
+      return self
+        .api_client
+        .get_cached_github_releases("brave")
+        .map(|releases| releases.into_iter().map(|r| r.tag_name).collect());
+    }
+
+    self
+      .api_client
+      .load_cached_versions(browser)
+      .map(|releases| releases.into_iter().map(|r| r.version).collect())
  }

  /// Get cached detailed browser version information immediately
@@ -124,17 +134,29 @@ impl BrowserVersionService {
    &self,
    browser: &str,
  ) -> Option<Vec<BrowserVersionInfo>> {
-    let cached_versions = self.api_client().load_cached_versions(browser)?;
+    if browser == "brave" {
+      if let Some(releases) = self.api_client.get_cached_github_releases("brave") {
+        let detailed_info: Vec<BrowserVersionInfo> = releases
+          .into_iter()
+          .map(|r| BrowserVersionInfo {
+            version: r.tag_name,
+            is_prerelease: r.is_nightly,
+            date: r.published_at,
+          })
+          .collect();
+        return Some(detailed_info);
+      }
+    }
+
+    let cached_releases = self.api_client.load_cached_versions(browser)?;

    // Convert cached versions to detailed info (without dates since cache doesn't store them)
-    let detailed_info: Vec<BrowserVersionInfo> = cached_versions
+    let detailed_info: Vec<BrowserVersionInfo> = cached_releases
      .into_iter()
-      .map(|version| {
-        BrowserVersionInfo {
-          version: version.clone(),
-          is_prerelease: crate::api_client::is_browser_version_nightly(browser, &version, None),
-          date: "".to_string(), // Cache doesn't store dates
-        }
+      .map(|r| BrowserVersionInfo {
+        version: r.version,
+        is_prerelease: r.is_prerelease,
+        date: r.date,
      })
      .collect();

@@ -143,7 +165,7 @@ impl BrowserVersionService {

  /// Check if cache should be updated (expired or doesn't exist)
  pub fn should_update_cache(&self, browser: &str) -> bool {
-    self.api_client().is_cache_expired(browser)
+    self.api_client.is_cache_expired(browser)
  }

  /// Get latest stable and nightly versions for a browser (cached first)
@@ -153,15 +175,6 @@ impl BrowserVersionService {
  ) -> Result<BrowserReleaseTypes, Box<dyn std::error::Error + Send + Sync>> {
    // Try to get from cache first
    if let Some(cached_versions) = self.get_cached_browser_versions_detailed(browser) {
-      // For Chromium, only return stable since all releases are stable
-      if browser == "chromium" {
-        let latest_stable = cached_versions.first().map(|v| v.version.clone());
-        return Ok(BrowserReleaseTypes {
-          stable: latest_stable,
-          nightly: None,
-        });
-      }
-
      let latest_stable = cached_versions
        .iter()
        .find(|v| !v.is_prerelease)
@@ -178,17 +191,6 @@ impl BrowserVersionService {
      });
    }

-    // Fallback to fetching if not cached
-    // For Chromium, only return stable since all releases are stable
-    if browser == "chromium" {
-      let detailed_versions = self.fetch_browser_versions_detailed(browser, false).await?;
-      let latest_stable = detailed_versions.first().map(|v| v.version.clone());
-      return Ok(BrowserReleaseTypes {
-        stable: latest_stable,
-        nightly: None,
-      });
-    }
-
    let detailed_versions = self.fetch_browser_versions_detailed(browser, false).await?;

    let latest_stable = detailed_versions
@@ -227,10 +229,10 @@ impl BrowserVersionService {
  ) -> Result<BrowserVersionsResult, Box<dyn std::error::Error + Send + Sync>> {
    // Get existing cached versions to compare and merge
    let existing_versions = self
-      .api_client()
+      .api_client
      .load_cached_versions(browser)
      .unwrap_or_default();
-    let existing_set: HashSet<String> = existing_versions.into_iter().collect();
+    let existing_set: HashSet<String> = existing_versions.into_iter().map(|r| r.version).collect();

    // Fetch fresh versions from API
    let fresh_versions = match browser {
@@ -262,12 +264,20 @@ impl BrowserVersionService {
    crate::api_client::sort_versions(&mut merged_versions);

    // Save the merged cache (unless explicitly bypassing cache)
-    if !no_caching {
+    if !no_caching && browser != "brave" {
+      let merged_releases: Vec<BrowserRelease> = merged_versions
+        .iter()
+        .map(|v| BrowserRelease {
+          version: v.clone(),
+          date: "".to_string(),
+          is_prerelease: crate::api_client::is_browser_version_nightly(browser, v, None),
+        })
+        .collect();
      if let Err(e) = self
-        .api_client()
-        .save_cached_versions(browser, &merged_versions)
+        .api_client
+        .save_cached_versions(browser, &merged_releases)
      {
-        eprintln!("Failed to save merged cache for {browser}: {e}");
+        log::error!("Failed to save merged cache for {browser}: {e}");
      }
    }

@@ -495,10 +505,10 @@ impl BrowserVersionService {
  ) -> Result<usize, Box<dyn std::error::Error + Send + Sync>> {
    // Get existing cached versions
    let existing_versions = self
-      .api_client()
+      .api_client
      .load_cached_versions(browser)
      .unwrap_or_default();
-    let existing_set: HashSet<String> = existing_versions.into_iter().collect();
+    let existing_set: HashSet<String> = existing_versions.into_iter().map(|r| r.version).collect();

    // Fetch new versions (always bypass cache for background updates)
    let new_versions = self.fetch_browser_versions(browser, true).await?;
@@ -515,11 +525,16 @@ impl BrowserVersionService {
    sort_versions(&mut all_versions);

    // Save the updated cache
-    if let Err(e) = self
-      .api_client()
-      .save_cached_versions(browser, &all_versions)
-    {
-      eprintln!("Failed to save updated cache for {browser}: {e}");
+    let releases: Vec<BrowserRelease> = all_versions
+      .iter()
+      .map(|v| BrowserRelease {
+        version: v.clone(),
+        date: "".to_string(),
+        is_prerelease: crate::api_client::is_browser_version_nightly(browser, v, None),
+      })
+      .collect();
+    if let Err(e) = self.api_client.save_cached_versions(browser, &releases) {
+      log::error!("Failed to save updated cache for {browser}: {e}");
    }

    Ok(new_versions_count)
@@ -824,7 +839,7 @@ impl BrowserVersionService {
    no_caching: bool,
  ) -> Result<Vec<BrowserRelease>, Box<dyn std::error::Error + Send + Sync>> {
    self
-      .api_client()
+      .api_client
      .fetch_firefox_releases_with_caching(no_caching)
      .await
  }
@@ -844,7 +859,7 @@ impl BrowserVersionService {
    no_caching: bool,
  ) -> Result<Vec<BrowserRelease>, Box<dyn std::error::Error + Send + Sync>> {
    self
-      .api_client()
+      .api_client
      .fetch_firefox_developer_releases_with_caching(no_caching)
      .await
  }
@@ -862,7 +877,7 @@ impl BrowserVersionService {
    no_caching: bool,
  ) -> Result<Vec<GithubRelease>, Box<dyn std::error::Error + Send + Sync>> {
    self
-      .api_client()
+      .api_client
      .fetch_mullvad_releases_with_caching(no_caching)
      .await
  }
@@ -886,7 +901,7 @@ impl BrowserVersionService {
    no_caching: bool,
  ) -> Result<Vec<GithubRelease>, Box<dyn std::error::Error + Send + Sync>> {
    self
-      .api_client()
+      .api_client
      .fetch_zen_releases_with_caching(no_caching)
      .await
  }
@@ -896,6 +911,20 @@ impl BrowserVersionService {
    no_caching: bool,
  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
    let releases = self.fetch_brave_releases_detailed(no_caching).await?;
+    // Persist a lightweight versions cache with accurate prerelease info for Brave
+    let converted: Vec<BrowserRelease> = releases
+      .iter()
+      .map(|r| BrowserRelease {
+        version: r.tag_name.clone(),
+        date: r.published_at.clone(),
+        is_prerelease: r.is_nightly,
+      })
+      .collect();
+    // Always save so that other callers without release_name can classify correctly
+    if let Err(e) = self.api_client.save_cached_versions("brave", &converted) {
+      log::error!("Failed to persist Brave versions cache: {e}");
+    }
+
    Ok(releases.into_iter().map(|r| r.tag_name).collect())
  }

@@ -903,10 +932,25 @@ impl BrowserVersionService {
    &self,
    no_caching: bool,
  ) -> Result<Vec<GithubRelease>, Box<dyn std::error::Error + Send + Sync>> {
-    self
-      .api_client()
+    let releases = self
+      .api_client
      .fetch_brave_releases_with_caching(no_caching)
-      .await
+      .await?;
+
+    // Save a parallel versions cache for Brave with accurate prerelease flags
+    let converted: Vec<BrowserRelease> = releases
+      .iter()
+      .map(|r| BrowserRelease {
+        version: r.tag_name.clone(),
+        date: r.published_at.clone(),
+        is_prerelease: r.is_nightly,
+      })
+      .collect();
+    if let Err(e) = self.api_client.save_cached_versions("brave", &converted) {
+      log::error!("Failed to persist Brave versions cache: {e}");
+    }
+
+    Ok(releases)
  }

  async fn fetch_chromium_versions(
@@ -922,7 +966,7 @@ impl BrowserVersionService {
    no_caching: bool,
  ) -> Result<Vec<BrowserRelease>, Box<dyn std::error::Error + Send + Sync>> {
    self
-      .api_client()
+      .api_client
      .fetch_chromium_releases_with_caching(no_caching)
      .await
  }
@@ -940,7 +984,7 @@ impl BrowserVersionService {
    no_caching: bool,
  ) -> Result<Vec<BrowserRelease>, Box<dyn std::error::Error + Send + Sync>> {
    self
-      .api_client()
+      .api_client
      .fetch_tor_releases_with_caching(no_caching)
      .await
  }
@@ -958,12 +1002,23 @@ impl BrowserVersionService {
    no_caching: bool,
  ) -> Result<Vec<GithubRelease>, Box<dyn std::error::Error + Send + Sync>> {
    self
-      .api_client()
+      .api_client
      .fetch_camoufox_releases_with_caching(no_caching)
      .await
  }
 }

+#[tauri::command]
+pub async fn get_browser_release_types(
+  browser_str: String,
+) -> Result<crate::browser_version_manager::BrowserReleaseTypes, String> {
+  let service = BrowserVersionManager::instance();
+  service
+    .get_browser_release_types(&browser_str)
+    .await
+    .map_err(|e| format!("Failed to get release types: {e}"))
+}
+
 #[cfg(test)]
 mod tests {
  use super::*;
@@ -985,13 +1040,13 @@ mod tests {
    )
  }

-  fn create_test_service(_api_client: ApiClient) -> &'static BrowserVersionService {
-    BrowserVersionService::instance()
+  fn create_test_service(_api_client: ApiClient) -> &'static BrowserVersionManager {
+    BrowserVersionManager::instance()
  }

  #[tokio::test]
-  async fn test_browser_version_service_creation() {
-    let _ = BrowserVersionService::instance();
+  async fn test_browser_version_manager_creation() {
+    let _ = BrowserVersionManager::instance();
    // Test passes if we can create the service without panicking
  }

@@ -1017,71 +1072,305 @@ mod tests {

  #[test]
  fn test_get_download_info() {
-    let service = BrowserVersionService::instance();
+    let service = BrowserVersionManager::instance();

-    // Test Firefox
+    // Test Firefox - platform-specific expectations
    let firefox_info = service.get_download_info("firefox", "139.0").unwrap();
-    assert_eq!(firefox_info.filename, "Firefox 139.0.dmg");
+
+    #[cfg(target_os = "macos")]
+    {
+      assert_eq!(firefox_info.filename, "Firefox 139.0.dmg");
+      assert!(firefox_info.is_archive);
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+      assert_eq!(firefox_info.filename, "firefox-139.0.tar.xz");
+      assert!(firefox_info.is_archive);
+    }
+
+    #[cfg(target_os = "windows")]
+    {
+      assert_eq!(firefox_info.filename, "Firefox Setup 139.0.exe");
+      assert!(!firefox_info.is_archive);
+    }
+
    assert!(firefox_info
      .url
      .contains("download-installer.cdn.mozilla.net"));
    assert!(firefox_info.url.contains("/pub/firefox/releases/139.0/"));
-    assert!(firefox_info.is_archive);

    // Test Firefox Developer
    let firefox_dev_info = service
      .get_download_info("firefox-developer", "139.0b1")
      .unwrap();
-    assert_eq!(firefox_dev_info.filename, "Firefox 139.0b1.dmg");
+
+    #[cfg(target_os = "macos")]
+    {
+      assert_eq!(firefox_dev_info.filename, "Firefox 139.0b1.dmg");
+      assert!(firefox_dev_info.is_archive);
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+      assert_eq!(firefox_dev_info.filename, "firefox-139.0b1.tar.xz");
+      assert!(firefox_dev_info.is_archive);
+    }
+
+    #[cfg(target_os = "windows")]
+    {
+      assert_eq!(firefox_dev_info.filename, "Firefox Setup 139.0b1.exe");
+      assert!(!firefox_dev_info.is_archive);
+    }
+
    assert!(firefox_dev_info
      .url
      .contains("download-installer.cdn.mozilla.net"));
    assert!(firefox_dev_info
      .url
      .contains("/pub/devedition/releases/139.0b1/"));
-    assert!(firefox_dev_info.is_archive);

    // Test Mullvad Browser
    let mullvad_info = service
      .get_download_info("mullvad-browser", "14.5a6")
      .unwrap();
-    assert_eq!(mullvad_info.filename, "mullvad-browser-macos-14.5a6.dmg");
-    assert!(mullvad_info.url.contains("mullvad-browser-macos-14.5a6"));
-    assert!(mullvad_info.is_archive);
+
+    #[cfg(target_os = "macos")]
+    {
+      assert_eq!(mullvad_info.filename, "mullvad-browser-macos-14.5a6.dmg");
+      assert!(mullvad_info.url.contains("mullvad-browser-macos-14.5a6"));
+      assert!(mullvad_info.is_archive);
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+      assert_eq!(
+        mullvad_info.filename,
+        "mullvad-browser-x86_64-14.5a6.tar.xz"
+      );
+      assert!(mullvad_info.url.contains("mullvad-browser-x86_64-14.5a6"));
+      assert!(mullvad_info.is_archive);
+    }
+
+    #[cfg(target_os = "windows")]
+    {
+      assert_eq!(
+        mullvad_info.filename,
+        "mullvad-browser-windows-x86_64-14.5a6.exe"
+      );
+      assert!(mullvad_info
+        .url
+        .contains("mullvad-browser-windows-x86_64-14.5a6"));
+      assert!(!mullvad_info.is_archive);
+    }

    // Test Zen Browser
    let zen_info = service.get_download_info("zen", "1.11b").unwrap();
-    assert_eq!(zen_info.filename, "zen-1.11b.dmg");
-    assert!(zen_info.url.contains("zen.macos-universal.dmg"));
-    assert!(zen_info.is_archive);
+
+    #[cfg(target_os = "macos")]
+    {
+      assert_eq!(zen_info.filename, "zen-1.11b.dmg");
+      assert!(zen_info.url.contains("zen.macos-universal.dmg"));
+      assert!(zen_info.is_archive);
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+      assert_eq!(zen_info.filename, "zen-1.11b-x86_64.tar.xz");
+      assert!(zen_info.url.contains("zen.linux-x86_64.tar.xz"));
+      assert!(zen_info.is_archive);
+    }
+
+    #[cfg(target_os = "windows")]
+    {
+      assert_eq!(zen_info.filename, "zen-1.11b.exe");
+      assert!(zen_info.url.contains("zen.installer.exe"));
+      assert!(!zen_info.is_archive);
+    }

    // Test Tor Browser
    let tor_info = service.get_download_info("tor-browser", "14.0.4").unwrap();
-    assert_eq!(tor_info.filename, "tor-browser-macos-14.0.4.dmg");
-    assert!(tor_info.url.contains("tor-browser-macos-14.0.4"));
-    assert!(tor_info.is_archive);
+
+    #[cfg(target_os = "macos")]
+    {
+      assert_eq!(tor_info.filename, "tor-browser-macos-14.0.4.dmg");
+      assert!(tor_info.url.contains("tor-browser-macos-14.0.4"));
+      assert!(tor_info.is_archive);
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+      assert_eq!(tor_info.filename, "tor-browser-linux-x86_64-14.0.4.tar.xz");
+      assert!(tor_info.url.contains("tor-browser-linux-x86_64-14.0.4"));
+      assert!(tor_info.is_archive);
+    }
+
+    #[cfg(target_os = "windows")]
+    {
+      assert_eq!(
+        tor_info.filename,
+        "tor-browser-windows-x86_64-portable-14.0.4.exe"
+      );
+      assert!(tor_info
+        .url
+        .contains("tor-browser-windows-x86_64-portable-14.0.4"));
+      assert!(!tor_info.is_archive);
+    }

    // Test Chromium
    let chromium_info = service.get_download_info("chromium", "1465660").unwrap();
-    assert_eq!(chromium_info.filename, "chromium-1465660-mac.zip");
-    assert!(chromium_info.url.contains("chrome-mac.zip"));
+
+    #[cfg(target_os = "macos")]
+    {
+      assert_eq!(chromium_info.filename, "chromium-1465660-mac.zip");
+      assert!(chromium_info.url.contains("chrome-mac.zip"));
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+      assert_eq!(chromium_info.filename, "chromium-1465660-linux.zip");
+      assert!(chromium_info.url.contains("chrome-linux.zip"));
+    }
+
+    #[cfg(target_os = "windows")]
+    {
+      assert_eq!(chromium_info.filename, "chromium-1465660-win.zip");
+      assert!(chromium_info.url.contains("chrome-win.zip"));
+    }
+
    assert!(chromium_info.is_archive);

    // Test Brave - Note: Brave uses dynamic URL resolution, so get_download_info provides a template URL
    let brave_info = service.get_download_info("brave", "v1.81.9").unwrap();
-    assert_eq!(brave_info.filename, "Brave-Browser-universal.dmg");
-    assert_eq!(brave_info.url, "https://github.com/brave/brave-browser/releases/download/v1.81.9/Brave-Browser-universal.dmg");
-    assert!(brave_info.is_archive);
+
+    #[cfg(target_os = "macos")]
+    {
+      assert_eq!(brave_info.filename, "Brave-Browser-universal.dmg");
+      assert_eq!(brave_info.url, "https://github.com/brave/brave-browser/releases/download/v1.81.9/Brave-Browser-universal.dmg");
+      assert!(brave_info.is_archive);
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+      assert_eq!(brave_info.filename, "brave-browser-v1.81.9-linux-amd64.zip");
+      assert_eq!(brave_info.url, "https://github.com/brave/brave-browser/releases/download/v1.81.9/brave-browser-v1.81.9-linux-amd64.zip");
+      assert!(brave_info.is_archive);
+    }
+
+    #[cfg(target_os = "windows")]
+    {
+      assert_eq!(brave_info.filename, "brave-v1.81.9.exe");
+      assert_eq!(
+        brave_info.url,
+        "https://github.com/brave/brave-browser/releases/download/v1.81.9/brave-v1.81.9.exe"
+      );
+      assert!(!brave_info.is_archive);
+    }

    // Test unsupported browser
    let unsupported_result = service.get_download_info("unsupported", "1.0.0");
    assert!(unsupported_result.is_err());

-    println!("Download info test passed for all browsers");
+    log::info!("Download info test passed for all browsers");
  }
 }

+#[tauri::command]
+pub fn get_supported_browsers() -> Result<Vec<String>, String> {
+  let service = BrowserVersionManager::instance();
+  Ok(service.get_supported_browsers())
+}
+
+#[tauri::command]
+pub fn is_browser_supported_on_platform(browser_str: String) -> Result<bool, String> {
+  let service = BrowserVersionManager::instance();
+  service
+    .is_browser_supported(&browser_str)
+    .map_err(|e| format!("Failed to check browser support: {e}"))
+}
+
+#[tauri::command]
+pub async fn fetch_browser_versions_cached_first(
+  browser_str: String,
+) -> Result<Vec<BrowserVersionInfo>, String> {
+  let service = BrowserVersionManager::instance();
+
+  // Get cached versions immediately if available
+  if let Some(cached_versions) = service.get_cached_browser_versions_detailed(&browser_str) {
+    // Check if we should update cache in background
+    if service.should_update_cache(&browser_str) {
+      // Start background update but return cached data immediately
+      let service_clone = BrowserVersionManager::instance();
+      let browser_str_clone = browser_str.clone();
+      tokio::spawn(async move {
+        if let Err(e) = service_clone
+          .fetch_browser_versions_detailed(&browser_str_clone, false)
+          .await
+        {
+          log::error!("Background version update failed for {browser_str_clone}: {e}");
+        }
+      });
+    }
+    Ok(cached_versions)
+  } else {
+    // No cache available, fetch fresh
+    service
+      .fetch_browser_versions_detailed(&browser_str, false)
+      .await
+      .map_err(|e| format!("Failed to fetch detailed browser versions: {e}"))
+  }
+}
+
+#[tauri::command]
+pub async fn fetch_browser_versions_with_count_cached_first(
+  browser_str: String,
+) -> Result<BrowserVersionsResult, String> {
+  let service = BrowserVersionManager::instance();
+
+  // Get cached versions immediately if available
+  if let Some(cached_versions) = service.get_cached_browser_versions(&browser_str) {
+    // Check if we should update cache in background
+    if service.should_update_cache(&browser_str) {
+      // Start background update but return cached data immediately
+      let service_clone = BrowserVersionManager::instance();
+      let browser_str_clone = browser_str.clone();
+      tokio::spawn(async move {
+        if let Err(e) = service_clone
+          .fetch_browser_versions_with_count(&browser_str_clone, false)
+          .await
+        {
+          log::error!("Background version update failed for {browser_str_clone}: {e}");
+        }
+      });
+    }
+
+    // Return cached data in the expected format
+    Ok(BrowserVersionsResult {
+      versions: cached_versions.clone(),
+      new_versions_count: None, // No new versions when returning cached data
+      total_versions_count: cached_versions.len(),
+    })
+  } else {
+    // No cache available, fetch fresh
+    service
+      .fetch_browser_versions_with_count(&browser_str, false)
+      .await
+      .map_err(|e| format!("Failed to fetch browser versions: {e}"))
+  }
+}
+
+#[tauri::command]
+pub async fn fetch_browser_versions_with_count(
+  browser_str: String,
+) -> Result<BrowserVersionsResult, String> {
+  let service = BrowserVersionManager::instance();
+  service
+    .fetch_browser_versions_with_count(&browser_str, false)
+    .await
+    .map_err(|e| format!("Failed to fetch browser versions: {e}"))
+}
+
 // Global singleton instance
 lazy_static::lazy_static! {
-  static ref BROWSER_VERSION_SERVICE: BrowserVersionService = BrowserVersionService::new();
+  static ref BROWSER_VERSION_SERVICE: BrowserVersionManager = BrowserVersionManager::new();
 }
@@ -1,688 +0,0 @@
-use crate::profile::BrowserProfile;
-use serde::{Deserialize, Serialize};
-use std::collections::HashMap;
-use std::sync::Arc;
-
-use tauri::AppHandle;
-use tauri_plugin_shell::ShellExt;
-use tokio::sync::Mutex as AsyncMutex;
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct CamoufoxConfig {
-  pub os: Option<Vec<String>>,
-  pub block_images: Option<bool>,
-  pub block_webrtc: Option<bool>,
-  pub block_webgl: Option<bool>,
-  pub disable_coop: Option<bool>,
-  pub geoip: Option<serde_json::Value>, // Can be String or bool
-  pub country: Option<String>,
-  pub timezone: Option<String>,
-  pub latitude: Option<f64>,
-  pub longitude: Option<f64>,
-  pub humanize: Option<bool>,
-  pub humanize_duration: Option<f64>,
-  pub headless: Option<bool>,
-  pub locale: Option<Vec<String>>,
-  pub addons: Option<Vec<String>>,
-  pub fonts: Option<Vec<String>>,
-  pub custom_fonts_only: Option<bool>,
-  pub exclude_addons: Option<Vec<String>>,
-  pub screen_min_width: Option<u32>,
-  pub screen_max_width: Option<u32>,
-  pub screen_min_height: Option<u32>,
-  pub screen_max_height: Option<u32>,
-  pub window_width: Option<u32>,
-  pub window_height: Option<u32>,
-  pub ff_version: Option<u32>,
-  pub main_world_eval: Option<bool>,
-  pub webgl_vendor: Option<String>,
-  pub webgl_renderer: Option<String>,
-  pub proxy: Option<String>,
-  pub enable_cache: Option<bool>,
-  pub virtual_display: Option<String>,
-  pub debug: Option<bool>,
-  pub additional_args: Option<Vec<String>>,
-  pub env_vars: Option<HashMap<String, String>>,
-  pub firefox_prefs: Option<HashMap<String, serde_json::Value>>,
-  pub disable_theming: Option<bool>,
-  pub showcursor: Option<bool>,
-}
-
-impl Default for CamoufoxConfig {
-  fn default() -> Self {
-    Self {
-      os: None,
-      block_images: None,
-      block_webrtc: None,
-      block_webgl: None,
-      disable_coop: None,
-      geoip: None,
-      country: None,
-      timezone: None,
-      latitude: None,
-      longitude: None,
-      humanize: None,
-      humanize_duration: None,
-      headless: None,
-      locale: None,
-      addons: None,
-      fonts: None,
-      custom_fonts_only: None,
-      exclude_addons: None,
-      screen_min_width: None,
-      screen_max_width: None,
-      screen_min_height: None,
-      screen_max_height: None,
-      window_width: None,
-      window_height: None,
-      ff_version: None,
-      main_world_eval: None,
-      webgl_vendor: None,
-      webgl_renderer: None,
-      proxy: None,
-      enable_cache: Some(true), // Cache enabled by default
-      virtual_display: None,
-      debug: None,
-      additional_args: None,
-      env_vars: None,
-      firefox_prefs: None,
-      disable_theming: Some(true),
-      showcursor: Some(false),
-    }
-  }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[allow(non_snake_case)]
-pub struct CamoufoxLaunchResult {
-  pub id: String,
-  #[serde(alias = "process_id")]
-  pub processId: Option<u32>,
-  #[serde(alias = "profile_path")]
-  pub profilePath: Option<String>,
-  pub url: Option<String>,
-}
-
-#[derive(Debug)]
-struct CamoufoxInstance {
-  #[allow(dead_code)]
-  id: String,
-  process_id: Option<u32>,
-  profile_path: Option<String>,
-  url: Option<String>,
-}
-
-struct CamoufoxNodecarLauncherInner {
-  instances: HashMap<String, CamoufoxInstance>,
-}
-
-pub struct CamoufoxNodecarLauncher {
-  inner: Arc<AsyncMutex<CamoufoxNodecarLauncherInner>>,
-}
-
-// Global singleton instance
-lazy_static::lazy_static! {
-  static ref GLOBAL_NODECAR_LAUNCHER: CamoufoxNodecarLauncher = CamoufoxNodecarLauncher::new_singleton();
-}
-
-impl CamoufoxNodecarLauncher {
-  pub fn new(_app_handle: AppHandle) -> Self {
-    // Return a reference to the global singleton
-    GLOBAL_NODECAR_LAUNCHER.clone()
-  }
-
-  pub fn new_singleton() -> Self {
-    Self {
-      inner: Arc::new(AsyncMutex::new(CamoufoxNodecarLauncherInner {
-        instances: HashMap::new(),
-      })),
-    }
-  }
-
-  fn clone(&self) -> Self {
-    Self {
-      inner: Arc::clone(&self.inner),
-    }
-  }
-
-  /// Create a test configuration to verify anti-fingerprinting is working
-  pub fn create_test_config() -> CamoufoxConfig {
-    CamoufoxConfig {
-      // Core anti-fingerprinting settings
-      timezone: Some("Europe/London".to_string()),
-      screen_min_width: Some(1440),
-      screen_min_height: Some(900),
-      window_width: Some(1200),
-      window_height: Some(800),
-
-      // Locale settings
-      locale: Some(vec!["en-GB".to_string(), "en-US".to_string()]),
-
-      // WebGL spoofing
-      webgl_vendor: Some("Intel Inc.".to_string()),
-      webgl_renderer: Some("Intel Iris Pro OpenGL Engine".to_string()),
-
-      // Geolocation spoofing (London coordinates)
-      latitude: Some(51.5074),
-      longitude: Some(-0.1278),
-
-      // Font settings
-      fonts: Some(vec![
-        "Arial".to_string(),
-        "Times New Roman".to_string(),
-        "Helvetica".to_string(),
-        "Georgia".to_string(),
-      ]),
-      custom_fonts_only: Some(true),
-
-      // Humanization
-      humanize: Some(true),
-      humanize_duration: Some(2.0),
-
-      // Blocking features
-      block_images: Some(false), // Don't block images for testing
-      block_webrtc: Some(true),
-      block_webgl: Some(false), // Don't block WebGL so we can test spoofing
-
-      // Other settings
-      debug: Some(true),
-      enable_cache: Some(true),
-      headless: Some(false), // Not headless for testing
-      disable_theming: Some(true),
-      showcursor: Some(false),
-
-      ..Default::default()
-    }
-  }
-
-  /// Get the nodecar sidecar command
-  fn get_nodecar_sidecar(
-    &self,
-    app_handle: &AppHandle,
-  ) -> Result<tauri_plugin_shell::process::Command, Box<dyn std::error::Error + Send + Sync>> {
-    let shell = app_handle.shell();
-    let sidecar_command = shell
-      .sidecar("nodecar")
-      .map_err(|e| format!("Failed to create nodecar sidecar: {e}"))?;
-    Ok(sidecar_command)
-  }
-
-  /// Launch Camoufox browser using nodecar sidecar
-  pub async fn launch_camoufox(
-    &self,
-    app_handle: &AppHandle,
-    profile_path: &str,
-    config: &CamoufoxConfig,
-    url: Option<&str>,
-  ) -> Result<CamoufoxLaunchResult, Box<dyn std::error::Error + Send + Sync>> {
-    // Build nodecar command arguments
-    let mut args = vec!["camoufox".to_string(), "start".to_string()];
-
-    // Add profile path
-    args.extend(["--profile-path".to_string(), profile_path.to_string()]);
-
-    // Add URL if provided
-    if let Some(url) = url {
-      args.extend(["--url".to_string(), url.to_string()]);
-    }
-
-    // Add configuration options
-    if let Some(os_list) = &config.os {
-      let os_str = os_list.join(",");
-      args.extend(["--os".to_string(), os_str]);
-    }
-
-    if let Some(block_images) = config.block_images {
-      if block_images {
-        args.push("--block-images".to_string());
-      }
-    }
-
-    if let Some(block_webrtc) = config.block_webrtc {
-      if block_webrtc {
-        args.push("--block-webrtc".to_string());
-      }
-    }
-
-    if let Some(block_webgl) = config.block_webgl {
-      if block_webgl {
-        args.push("--block-webgl".to_string());
-      }
-    }
-
-    if let Some(disable_coop) = config.disable_coop {
-      if disable_coop {
-        args.push("--disable-coop".to_string());
-      }
-    }
-
-    if let Some(geoip) = &config.geoip {
-      match geoip {
-        serde_json::Value::Bool(true) => {
-          args.extend(["--geoip".to_string(), "auto".to_string()]);
-        }
-        serde_json::Value::String(ip) => {
-          args.extend(["--geoip".to_string(), ip.clone()]);
-        }
-        _ => {}
-      }
-    }
-
-    if let Some(country) = &config.country {
-      args.extend(["--country".to_string(), country.clone()]);
-    }
-
-    if let Some(timezone) = &config.timezone {
-      args.extend(["--timezone".to_string(), timezone.clone()]);
-    }
-
-    if let Some(latitude) = config.latitude {
-      args.extend(["--latitude".to_string(), latitude.to_string()]);
-    }
-
-    if let Some(longitude) = config.longitude {
-      args.extend(["--longitude".to_string(), longitude.to_string()]);
-    }
-
-    if let Some(humanize) = config.humanize {
-      if humanize {
-        if let Some(duration) = config.humanize_duration {
-          args.extend(["--humanize".to_string(), duration.to_string()]);
-        } else {
-          args.push("--humanize".to_string());
-        }
-      }
-    }
-
-    if let Some(headless) = config.headless {
-      if headless {
-        args.push("--headless".to_string());
-      }
-    }
-
-    if let Some(locale_list) = &config.locale {
-      let locale_str = locale_list.join(",");
-      args.extend(["--locale".to_string(), locale_str]);
-    }
-
-    if let Some(addons) = &config.addons {
-      let addons_str = addons.join(",");
-      args.extend(["--addons".to_string(), addons_str]);
-    }
-
-    if let Some(fonts) = &config.fonts {
-      let fonts_str = fonts.join(",");
-      args.extend(["--fonts".to_string(), fonts_str]);
-    }
-
-    if let Some(custom_fonts_only) = config.custom_fonts_only {
-      if custom_fonts_only {
-        args.push("--custom-fonts-only".to_string());
-      }
-    }
-
-    if let Some(exclude_addons) = &config.exclude_addons {
-      let exclude_str = exclude_addons.join(",");
-      args.extend(["--exclude-addons".to_string(), exclude_str]);
-    }
-
-    if let Some(screen_min_width) = config.screen_min_width {
-      args.extend([
-        "--screen-min-width".to_string(),
-        screen_min_width.to_string(),
-      ]);
-    }
-
-    if let Some(screen_max_width) = config.screen_max_width {
-      args.extend([
-        "--screen-max-width".to_string(),
-        screen_max_width.to_string(),
-      ]);
-    }
-
-    if let Some(screen_min_height) = config.screen_min_height {
-      args.extend([
-        "--screen-min-height".to_string(),
-        screen_min_height.to_string(),
-      ]);
-    }
-
-    if let Some(screen_max_height) = config.screen_max_height {
-      args.extend([
-        "--screen-max-height".to_string(),
-        screen_max_height.to_string(),
-      ]);
-    }
-
-    if let Some(window_width) = config.window_width {
-      args.extend(["--window-width".to_string(), window_width.to_string()]);
-    }
-
-    if let Some(window_height) = config.window_height {
-      args.extend(["--window-height".to_string(), window_height.to_string()]);
-    }
-
-    if let Some(ff_version) = config.ff_version {
-      args.extend(["--ff-version".to_string(), ff_version.to_string()]);
-    }
-
-    if let Some(main_world_eval) = config.main_world_eval {
-      if main_world_eval {
-        args.push("--main-world-eval".to_string());
-      }
-    }
-
-    if let Some(webgl_vendor) = &config.webgl_vendor {
-      args.extend(["--webgl-vendor".to_string(), webgl_vendor.clone()]);
-    }
-
-    if let Some(webgl_renderer) = &config.webgl_renderer {
-      args.extend(["--webgl-renderer".to_string(), webgl_renderer.clone()]);
-    }
-
-    if let Some(proxy) = &config.proxy {
-      args.extend(["--proxy".to_string(), proxy.clone()]);
-    }
-
-    if let Some(enable_cache) = config.enable_cache {
-      if !enable_cache {
-        args.push("--disable-cache".to_string());
-      }
-    }
-
-    if let Some(virtual_display) = &config.virtual_display {
-      args.extend(["--virtual-display".to_string(), virtual_display.clone()]);
-    }
-
-    if let Some(debug) = config.debug {
-      if debug {
-        args.push("--debug".to_string());
-      }
-    }
-
-    if let Some(additional_args) = &config.additional_args {
-      let args_str = additional_args.join(",");
-      args.extend(["--args".to_string(), args_str]);
-    }
-
-    if let Some(env_vars) = &config.env_vars {
-      let env_json = serde_json::to_string(env_vars)?;
-      args.extend(["--env".to_string(), env_json]);
-    }
-
-    if let Some(firefox_prefs) = &config.firefox_prefs {
-      let prefs_json = serde_json::to_string(firefox_prefs)?;
-      args.extend(["--firefox-prefs".to_string(), prefs_json]);
-    }
-
-    if let Some(disable_theming) = config.disable_theming {
-      if disable_theming {
-        args.push("--disable-theming".to_string());
-      }
-    }
-
-    if let Some(showcursor) = config.showcursor {
-      if showcursor {
-        args.push("--showcursor".to_string());
-      } else {
-        args.push("--no-showcursor".to_string());
-      }
-    }
-
-    // Get the nodecar sidecar command
-    let mut sidecar_command = self.get_nodecar_sidecar(app_handle)?;
-
-    // Add all arguments to the sidecar command
-    for arg in &args {
-      sidecar_command = sidecar_command.arg(arg);
-    }
-
-    // Execute nodecar sidecar command
-    println!("Executing nodecar command with args: {args:?}");
-    let output = sidecar_command.output().await?;
-
-    if !output.status.success() {
-      let stderr = String::from_utf8_lossy(&output.stderr);
-      let stdout = String::from_utf8_lossy(&output.stdout);
-      println!("nodecar camoufox failed - stdout: {stdout}, stderr: {stderr}");
-      return Err(format!("nodecar camoufox failed: {stderr}").into());
-    }
-
-    let stdout = String::from_utf8_lossy(&output.stdout);
-    println!("nodecar camoufox output: {stdout}");
-
-    // Parse the JSON output
-    let launch_result: CamoufoxLaunchResult = serde_json::from_str(&stdout)
-      .map_err(|e| format!("Failed to parse nodecar output as JSON: {e}\nOutput was: {stdout}"))?;
-
-    // Store the instance
-    let instance = CamoufoxInstance {
-      id: launch_result.id.clone(),
-      process_id: launch_result.processId,
-      profile_path: launch_result.profilePath.clone(),
-      url: launch_result.url.clone(),
-    };
-
-    {
-      let mut inner = self.inner.lock().await;
-      inner.instances.insert(launch_result.id.clone(), instance);
-    }
-
-    Ok(launch_result)
-  }
-
-  /// Stop a Camoufox process by ID
-  pub async fn stop_camoufox(
-    &self,
-    app_handle: &AppHandle,
-    id: &str,
-  ) -> Result<bool, Box<dyn std::error::Error + Send + Sync>> {
-    // Get the nodecar sidecar command
-    let sidecar_command = self
-      .get_nodecar_sidecar(app_handle)?
-      .arg("camoufox")
-      .arg("stop")
-      .arg("--id")
-      .arg(id);
-
-    // Execute nodecar stop command
-    let output = sidecar_command.output().await?;
-
-    if !output.status.success() {
-      let _stderr = String::from_utf8_lossy(&output.stderr);
-      return Ok(false);
-    }
-
-    let stdout = String::from_utf8_lossy(&output.stdout);
-    let result: serde_json::Value = serde_json::from_str(&stdout)
-      .map_err(|e| format!("Failed to parse nodecar stop output: {e}"))?;
-
-    let success = result
-      .get("success")
-      .and_then(|v| v.as_bool())
-      .unwrap_or(false);
-
-    if success {
-      // Remove from our tracking
-      let mut inner = self.inner.lock().await;
-      inner.instances.remove(id);
-    }
-
-    Ok(success)
-  }
-
-  /// Find Camoufox server by profile path (for integration with browser_runner)
-  pub async fn find_camoufox_by_profile(
-    &self,
-    profile_path: &str,
-  ) -> Result<Option<CamoufoxLaunchResult>, Box<dyn std::error::Error + Send + Sync>> {
-    // First clean up any dead instances
-    self.cleanup_dead_instances().await?;
-
-    let inner = self.inner.lock().await;
-
-    // Convert paths to canonical form for comparison
-    let target_path = std::path::Path::new(profile_path)
-      .canonicalize()
-      .unwrap_or_else(|_| std::path::Path::new(profile_path).to_path_buf());
-
-    for (id, instance) in inner.instances.iter() {
-      if let Some(instance_profile_path) = &instance.profile_path {
-        let instance_path = std::path::Path::new(instance_profile_path)
-          .canonicalize()
-          .unwrap_or_else(|_| std::path::Path::new(instance_profile_path).to_path_buf());
-
-        if instance_path == target_path {
-          // Verify the server is actually running by checking the process
-          if let Some(process_id) = instance.process_id {
-            if self.is_server_running(process_id).await {
-              println!("Found running Camoufox instance for profile: {profile_path}");
-              return Ok(Some(CamoufoxLaunchResult {
-                id: id.clone(),
-                processId: instance.process_id,
-                profilePath: instance.profile_path.clone(),
-                url: instance.url.clone(),
-              }));
-            } else {
-              println!("Camoufox instance found but process is not running: {id}");
-            }
-          }
-        }
-      }
-    }
-
-    println!("No running Camoufox instance found for profile: {profile_path}");
-    Ok(None)
-  }
-
-  /// Check if servers are still alive and clean up dead instances
-  pub async fn cleanup_dead_instances(
-    &self,
-  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
-    let mut dead_instances = Vec::new();
-    let mut instances_to_remove = Vec::new();
-
-    {
-      let inner = self.inner.lock().await;
-
-      for (id, instance) in inner.instances.iter() {
-        if let Some(process_id) = instance.process_id {
-          // Check if the process is still alive
-          if !self.is_server_running(process_id).await {
-            // Process is dead
-            println!("Camoufox instance {id} (PID: {process_id}) is no longer running");
-            dead_instances.push(id.clone());
-            instances_to_remove.push(id.clone());
-          }
-        } else {
-          // No process_id means it's likely a dead instance
-          println!("Camoufox instance {id} has no PID, marking as dead");
-          dead_instances.push(id.clone());
-          instances_to_remove.push(id.clone());
-        }
-      }
-    }
-
-    // Remove dead instances
-    if !instances_to_remove.is_empty() {
-      let mut inner = self.inner.lock().await;
-      for id in &instances_to_remove {
-        inner.instances.remove(id);
-        println!("Removed dead Camoufox instance: {id}");
-      }
-    }
-
-    Ok(dead_instances)
-  }
-
-  /// Check if a Camoufox server is running with the given process ID
-  async fn is_server_running(&self, process_id: u32) -> bool {
-    // Check if the process is still running
-    use sysinfo::{Pid, System};
-
-    let system = System::new_all();
-    if let Some(process) = system.process(Pid::from(process_id as usize)) {
-      // Check if this is actually a Camoufox process by looking at the command line
-      let cmd = process.cmd();
-      let is_camoufox = cmd.iter().any(|arg| {
-        let arg_str = arg.to_str().unwrap_or("");
-        arg_str.contains("camoufox-worker") || arg_str.contains("camoufox")
-      });
-
-      if is_camoufox {
-        println!("Found running Camoufox process with PID: {process_id}");
-        return true;
-      }
-    }
-
-    false
-  }
-}
-
-pub async fn launch_camoufox_profile_nodecar(
-  app_handle: AppHandle,
-  profile: BrowserProfile,
-  config: CamoufoxConfig,
-  url: Option<String>,
-) -> Result<CamoufoxLaunchResult, String> {
-  let launcher = CamoufoxNodecarLauncher::new(app_handle.clone());
-
-  // Get profile path
-  let browser_runner = crate::browser_runner::BrowserRunner::new();
-  let profiles_dir = browser_runner.get_profiles_dir();
-  let profile_path = profile.get_profile_data_path(&profiles_dir);
-  let profile_path_str = profile_path.to_string_lossy();
-
-  // Check if there's already a running instance for this profile
-  if let Ok(Some(existing)) = launcher.find_camoufox_by_profile(&profile_path_str).await {
-    // If there's an existing instance, stop it first to avoid conflicts
-    let _ = launcher.stop_camoufox(&app_handle, &existing.id).await;
-  }
-
-  // Clean up any dead instances before launching
-  let _ = launcher.cleanup_dead_instances().await;
-
-  launcher
-    .launch_camoufox(&app_handle, &profile_path_str, &config, url.as_deref())
-    .await
-    .map_err(|e| format!("Failed to launch Camoufox via nodecar: {e}"))
-}
-
-#[cfg(test)]
-mod tests {
-  use super::*;
-
-  #[test]
-  fn test_camoufox_config_creation() {
-    let test_config = CamoufoxNodecarLauncher::create_test_config();
-
-    // Verify test config has expected values
-    assert_eq!(test_config.timezone, Some("Europe/London".to_string()));
-    assert_eq!(test_config.screen_min_width, Some(1440));
-    assert_eq!(test_config.screen_min_height, Some(900));
-    assert_eq!(test_config.window_width, Some(1200));
-    assert_eq!(test_config.window_height, Some(800));
-    assert_eq!(test_config.webgl_vendor, Some("Intel Inc.".to_string()));
-    assert_eq!(
-      test_config.webgl_renderer,
-      Some("Intel Iris Pro OpenGL Engine".to_string())
-    );
-    assert_eq!(test_config.latitude, Some(51.5074));
-    assert_eq!(test_config.longitude, Some(-0.1278));
-    assert_eq!(test_config.humanize, Some(true));
-    assert_eq!(test_config.debug, Some(true));
-    assert_eq!(test_config.enable_cache, Some(true));
-    assert_eq!(test_config.headless, Some(false));
-  }
-
-  #[test]
-  fn test_default_config() {
-    let default_config = CamoufoxConfig::default();
-
-    // Verify defaults
-    assert_eq!(default_config.enable_cache, Some(true));
-    assert_eq!(default_config.timezone, None);
-    assert_eq!(default_config.debug, None);
-    assert_eq!(default_config.headless, None);
-  }
-}
@@ -0,0 +1,601 @@
+use crate::browser_runner::BrowserRunner;
+use crate::profile::BrowserProfile;
+use directories::BaseDirs;
+use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
+use std::path::PathBuf;
+use std::sync::Arc;
+use tauri::AppHandle;
+use tauri_plugin_shell::ShellExt;
+use tokio::sync::Mutex as AsyncMutex;
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct CamoufoxConfig {
+  pub proxy: Option<String>,
+  pub screen_max_width: Option<u32>,
+  pub screen_max_height: Option<u32>,
+  pub screen_min_width: Option<u32>,
+  pub screen_min_height: Option<u32>,
+  pub geoip: Option<serde_json::Value>, // Can be String or bool
+  pub block_images: Option<bool>,
+  pub block_webrtc: Option<bool>,
+  pub block_webgl: Option<bool>,
+  pub executable_path: Option<String>,
+  pub fingerprint: Option<String>, // JSON string of the complete fingerprint config
+  pub randomize_fingerprint_on_launch: Option<bool>, // Generate new fingerprint on every launch
+  pub os: Option<String>, // Operating system for fingerprint generation: "windows", "macos", or "linux"
+}
+
+impl Default for CamoufoxConfig {
+  fn default() -> Self {
+    Self {
+      proxy: None,
+      screen_max_width: None,
+      screen_max_height: None,
+      screen_min_width: None,
+      screen_min_height: None,
+      geoip: Some(serde_json::Value::Bool(true)),
+      block_images: None,
+      block_webrtc: None,
+      block_webgl: None,
+      executable_path: None,
+      fingerprint: None,
+      randomize_fingerprint_on_launch: None,
+      os: None,
+    }
+  }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[allow(non_snake_case)]
+pub struct CamoufoxLaunchResult {
+  pub id: String,
+  #[serde(alias = "process_id")]
+  pub processId: Option<u32>,
+  #[serde(alias = "profile_path")]
+  pub profilePath: Option<String>,
+  pub url: Option<String>,
+}
+
+#[derive(Debug)]
+struct CamoufoxInstance {
+  #[allow(dead_code)]
+  id: String,
+  process_id: Option<u32>,
+  profile_path: Option<String>,
+  url: Option<String>,
+}
+
+struct CamoufoxManagerInner {
+  instances: HashMap<String, CamoufoxInstance>,
+}
+
+pub struct CamoufoxManager {
+  inner: Arc<AsyncMutex<CamoufoxManagerInner>>,
+  base_dirs: BaseDirs,
+}
+
+impl CamoufoxManager {
+  fn new() -> Self {
+    Self {
+      inner: Arc::new(AsyncMutex::new(CamoufoxManagerInner {
+        instances: HashMap::new(),
+      })),
+      base_dirs: BaseDirs::new().expect("Failed to get base directories"),
+    }
+  }
+
+  pub fn instance() -> &'static CamoufoxManager {
+    &CAMOUFOX_NODECAR_LAUNCHER
+  }
+
+  pub fn get_profiles_dir(&self) -> PathBuf {
+    let mut path = self.base_dirs.data_local_dir().to_path_buf();
+    path.push(if cfg!(debug_assertions) {
+      "DonutBrowserDev"
+    } else {
+      "DonutBrowser"
+    });
+    path.push("profiles");
+    path
+  }
+
+  /// Generate Camoufox fingerprint configuration during profile creation
+  pub async fn generate_fingerprint_config(
+    &self,
+    app_handle: &AppHandle,
+    profile: &crate::profile::BrowserProfile,
+    config: &CamoufoxConfig,
+  ) -> Result<String, Box<dyn std::error::Error + Send + Sync>> {
+    let mut config_args = vec!["camoufox".to_string(), "generate-config".to_string()];
+
+    // Always ensure executable_path is set to the user's binary location
+    let executable_path = if let Some(path) = &config.executable_path {
+      path.clone()
+    } else {
+      // Use the browser runner helper with the real profile
+      // Use self.browser_runner instead of instance()
+      BrowserRunner::instance()
+        .get_browser_executable_path(profile)
+        .map_err(|e| format!("Failed to get Camoufox executable path: {e}"))?
+        .to_string_lossy()
+        .to_string()
+    };
+    config_args.extend(["--executable-path".to_string(), executable_path]);
+
+    // Pass existing fingerprint if provided (for advanced form partial fingerprints)
+    if let Some(fingerprint) = &config.fingerprint {
+      config_args.extend(["--fingerprint".to_string(), fingerprint.clone()]);
+    }
+
+    if let Some(serde_json::Value::Bool(true)) = &config.geoip {
+      config_args.push("--geoip".to_string());
+    }
+
+    // Add proxy if provided (can be passed directly during fingerprint generation)
+    if let Some(proxy) = &config.proxy {
+      config_args.extend(["--proxy".to_string(), proxy.clone()]);
+    }
+
+    // Add screen dimensions if provided
+    if let Some(max_width) = config.screen_max_width {
+      config_args.extend(["--max-width".to_string(), max_width.to_string()]);
+    }
+
+    if let Some(max_height) = config.screen_max_height {
+      config_args.extend(["--max-height".to_string(), max_height.to_string()]);
+    }
+
+    if let Some(min_width) = config.screen_min_width {
+      config_args.extend(["--min-width".to_string(), min_width.to_string()]);
+    }
+
+    if let Some(min_height) = config.screen_min_height {
+      config_args.extend(["--min-height".to_string(), min_height.to_string()]);
+    }
+
+    // Add block_* options
+    if let Some(block_images) = config.block_images {
+      if block_images {
+        config_args.push("--block-images".to_string());
+      }
+    }
+
+    if let Some(block_webrtc) = config.block_webrtc {
+      if block_webrtc {
+        config_args.push("--block-webrtc".to_string());
+      }
+    }
+
+    if let Some(block_webgl) = config.block_webgl {
+      if block_webgl {
+        config_args.push("--block-webgl".to_string());
+      }
+    }
+
+    // Add OS option for fingerprint generation
+    if let Some(os) = &config.os {
+      config_args.extend(["--os".to_string(), os.clone()]);
+    }
+
+    // Execute config generation command
+    let mut config_sidecar = self.get_nodecar_sidecar(app_handle)?;
+    for arg in &config_args {
+      config_sidecar = config_sidecar.arg(arg);
+    }
+
+    let config_output = config_sidecar.output().await?;
+    if !config_output.status.success() {
+      let stderr = String::from_utf8_lossy(&config_output.stderr);
+      return Err(format!("Failed to generate camoufox fingerprint config: {stderr}").into());
+    }
+
+    Ok(String::from_utf8_lossy(&config_output.stdout).to_string())
+  }
+
+  /// Get the nodecar sidecar command
+  fn get_nodecar_sidecar(
+    &self,
+    app_handle: &AppHandle,
+  ) -> Result<tauri_plugin_shell::process::Command, Box<dyn std::error::Error + Send + Sync>> {
+    let shell = app_handle.shell();
+    let sidecar_command = shell
+      .sidecar("nodecar")
+      .map_err(|e| format!("Failed to create nodecar sidecar: {e}"))?;
+    Ok(sidecar_command)
+  }
+
+  /// Launch Camoufox browser using nodecar sidecar
+  pub async fn launch_camoufox(
+    &self,
+    app_handle: &AppHandle,
+    profile: &crate::profile::BrowserProfile,
+    profile_path: &str,
+    config: &CamoufoxConfig,
+    url: Option<&str>,
+  ) -> Result<CamoufoxLaunchResult, Box<dyn std::error::Error + Send + Sync>> {
+    let custom_config = if let Some(existing_fingerprint) = &config.fingerprint {
+      log::info!("Using existing fingerprint from profile metadata");
+      existing_fingerprint.clone()
+    } else {
+      return Err("No fingerprint provided".into());
+    };
+
+    // Always ensure executable_path is set to the user's binary location
+    let executable_path = if let Some(path) = &config.executable_path {
+      path.clone()
+    } else {
+      // Use the browser runner helper with the real profile
+      // Use self.browser_runner instead of instance()
+      BrowserRunner::instance()
+        .get_browser_executable_path(profile)
+        .map_err(|e| format!("Failed to get Camoufox executable path: {e}"))?
+        .to_string_lossy()
+        .to_string()
+    };
+
+    // Build nodecar command arguments
+    let mut args = vec!["camoufox".to_string(), "start".to_string()];
+
+    // Add profile path - ensure it's an absolute path
+    let absolute_profile_path = std::path::Path::new(profile_path)
+      .canonicalize()
+      .unwrap_or_else(|_| std::path::Path::new(profile_path).to_path_buf())
+      .to_string_lossy()
+      .to_string();
+    args.extend(["--profile-path".to_string(), absolute_profile_path]);
+
+    // Add URL if provided
+    if let Some(url) = url {
+      args.extend(["--url".to_string(), url.to_string()]);
+    }
+
+    // Always add the executable path
+    args.extend(["--executable-path".to_string(), executable_path]);
+
+    // Always add the generated custom config
+    args.extend(["--custom-config".to_string(), custom_config]);
+
+    // Add proxy if provided
+    if let Some(proxy) = &config.proxy {
+      args.extend(["--proxy".to_string(), proxy.clone()]);
+    }
+
+    // Add headless flag for tests
+    if std::env::var("CAMOUFOX_HEADLESS").is_ok() {
+      args.push("--headless".to_string());
+    }
+
+    // Get the nodecar sidecar command
+    let mut sidecar_command = self.get_nodecar_sidecar(app_handle)?;
+
+    // Add all arguments to the sidecar command
+    for arg in &args {
+      sidecar_command = sidecar_command.arg(arg);
+    }
+
+    // Execute nodecar sidecar command
+    log::info!("Executing nodecar command with args: {args:?}");
+    let output = sidecar_command.output().await?;
+
+    if !output.status.success() {
+      let stderr = String::from_utf8_lossy(&output.stderr);
+      let stdout = String::from_utf8_lossy(&output.stdout);
+      log::info!("nodecar camoufox failed - stdout: {stdout}, stderr: {stderr}");
+      return Err(format!("nodecar camoufox failed: {stderr}").into());
+    }
+
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    log::info!("nodecar camoufox output: {stdout}");
+
+    // Parse the JSON output
+    let launch_result: CamoufoxLaunchResult = serde_json::from_str(&stdout)
+      .map_err(|e| format!("Failed to parse nodecar output as JSON: {e}\nOutput was: {stdout}"))?;
+
+    // Store the instance
+    let instance = CamoufoxInstance {
+      id: launch_result.id.clone(),
+      process_id: launch_result.processId,
+      profile_path: launch_result.profilePath.clone(),
+      url: launch_result.url.clone(),
+    };
+
+    {
+      let mut inner = self.inner.lock().await;
+      inner.instances.insert(launch_result.id.clone(), instance);
+    }
+
+    Ok(launch_result)
+  }
+
+  /// Stop a Camoufox process by ID
+  pub async fn stop_camoufox(
+    &self,
+    app_handle: &AppHandle,
+    id: &str,
+  ) -> Result<bool, Box<dyn std::error::Error + Send + Sync>> {
+    // Get the nodecar sidecar command
+    let sidecar_command = self
+      .get_nodecar_sidecar(app_handle)?
+      .arg("camoufox")
+      .arg("stop")
+      .arg("--id")
+      .arg(id);
+
+    // Execute nodecar stop command
+    let output = sidecar_command.output().await?;
+
+    if !output.status.success() {
+      let _stderr = String::from_utf8_lossy(&output.stderr);
+      return Ok(false);
+    }
+
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    let result: serde_json::Value = serde_json::from_str(&stdout)
+      .map_err(|e| format!("Failed to parse nodecar stop output: {e}"))?;
+
+    let success = result
+      .get("success")
+      .and_then(|v| v.as_bool())
+      .unwrap_or(false);
+
+    if success {
+      // Remove from our tracking
+      let mut inner = self.inner.lock().await;
+      inner.instances.remove(id);
+    }
+
+    Ok(success)
+  }
+
+  /// Find Camoufox server by profile path (for integration with browser_runner)
+  /// This method first checks in-memory instances, then scans system processes
+  /// to detect Camoufox instances that may have been started before the app restarted.
+  pub async fn find_camoufox_by_profile(
+    &self,
+    profile_path: &str,
+  ) -> Result<Option<CamoufoxLaunchResult>, Box<dyn std::error::Error + Send + Sync>> {
+    // First clean up any dead instances
+    self.cleanup_dead_instances().await?;
+
+    // Convert paths to canonical form for comparison
+    let target_path = std::path::Path::new(profile_path)
+      .canonicalize()
+      .unwrap_or_else(|_| std::path::Path::new(profile_path).to_path_buf());
+
+    // Check in-memory instances first
+    {
+      let inner = self.inner.lock().await;
+
+      for (id, instance) in inner.instances.iter() {
+        if let Some(instance_profile_path) = &instance.profile_path {
+          let instance_path = std::path::Path::new(instance_profile_path)
+            .canonicalize()
+            .unwrap_or_else(|_| std::path::Path::new(instance_profile_path).to_path_buf());
+
+          if instance_path == target_path {
+            // Verify the server is actually running by checking the process
+            if let Some(process_id) = instance.process_id {
+              if self.is_server_running(process_id).await {
+                // Found running Camoufox instance
+                return Ok(Some(CamoufoxLaunchResult {
+                  id: id.clone(),
+                  processId: instance.process_id,
+                  profilePath: instance.profile_path.clone(),
+                  url: instance.url.clone(),
+                }));
+              }
+            }
+          }
+        }
+      }
+    }
+
+    // If not found in in-memory instances, scan system processes
+    // This handles the case where the app was restarted but Camoufox is still running
+    if let Some((pid, found_profile_path)) = self.find_camoufox_process_by_profile(&target_path) {
+      log::info!(
+        "Found running Camoufox process (PID: {}) for profile path via system scan",
+        pid
+      );
+
+      // Register this instance in our tracking
+      let instance_id = format!("recovered_{}", pid);
+      let mut inner = self.inner.lock().await;
+      inner.instances.insert(
+        instance_id.clone(),
+        CamoufoxInstance {
+          id: instance_id.clone(),
+          process_id: Some(pid),
+          profile_path: Some(found_profile_path.clone()),
+          url: None,
+        },
+      );
+
+      return Ok(Some(CamoufoxLaunchResult {
+        id: instance_id,
+        processId: Some(pid),
+        profilePath: Some(found_profile_path),
+        url: None,
+      }));
+    }
+
+    Ok(None)
+  }
+
+  /// Scan system processes to find a Camoufox process using a specific profile path
+  fn find_camoufox_process_by_profile(
+    &self,
+    target_path: &std::path::Path,
+  ) -> Option<(u32, String)> {
+    use sysinfo::{ProcessRefreshKind, RefreshKind, System};
+
+    let system = System::new_with_specifics(
+      RefreshKind::nothing().with_processes(ProcessRefreshKind::everything()),
+    );
+
+    let target_path_str = target_path.to_string_lossy();
+
+    for (pid, process) in system.processes() {
+      let cmd = process.cmd();
+      if cmd.is_empty() {
+        continue;
+      }
+
+      // Check if this is a Camoufox/Firefox process
+      let exe_name = process.name().to_string_lossy().to_lowercase();
+      let is_firefox_like = exe_name.contains("firefox")
+        || exe_name.contains("camoufox")
+        || exe_name.contains("firefox-bin");
+
+      if !is_firefox_like {
+        continue;
+      }
+
+      // Check if the command line contains our profile path
+      for (i, arg) in cmd.iter().enumerate() {
+        if let Some(arg_str) = arg.to_str() {
+          // Check for -profile argument followed by our path
+          if arg_str == "-profile" && i + 1 < cmd.len() {
+            if let Some(next_arg) = cmd.get(i + 1).and_then(|a| a.to_str()) {
+              let cmd_path = std::path::Path::new(next_arg)
+                .canonicalize()
+                .unwrap_or_else(|_| std::path::Path::new(next_arg).to_path_buf());
+
+              if cmd_path == target_path {
+                return Some((pid.as_u32(), next_arg.to_string()));
+              }
+            }
+          }
+
+          // Also check if the argument contains the profile path directly
+          if arg_str.contains(&*target_path_str) {
+            return Some((pid.as_u32(), target_path_str.to_string()));
+          }
+        }
+      }
+    }
+
+    None
+  }
+
+  /// Check if servers are still alive and clean up dead instances
+  pub async fn cleanup_dead_instances(
+    &self,
+  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
+    let mut dead_instances = Vec::new();
+    let mut instances_to_remove = Vec::new();
+
+    {
+      let inner = self.inner.lock().await;
+
+      for (id, instance) in inner.instances.iter() {
+        if let Some(process_id) = instance.process_id {
+          // Check if the process is still alive
+          if !self.is_server_running(process_id).await {
+            // Process is dead
+            // Camoufox instance is no longer running
+            dead_instances.push(id.clone());
+            instances_to_remove.push(id.clone());
+          }
+        } else {
+          // No process_id means it's likely a dead instance
+          // Camoufox instance has no PID, marking as dead
+          dead_instances.push(id.clone());
+          instances_to_remove.push(id.clone());
+        }
+      }
+    }
+
+    // Remove dead instances
+    if !instances_to_remove.is_empty() {
+      let mut inner = self.inner.lock().await;
+      for id in &instances_to_remove {
+        inner.instances.remove(id);
+        // Removed dead Camoufox instance
+      }
+    }
+
+    Ok(dead_instances)
+  }
+
+  /// Check if a Camoufox server is running with the given process ID
+  async fn is_server_running(&self, process_id: u32) -> bool {
+    // Check if the process is still running
+    use sysinfo::{Pid, System};
+
+    let system = System::new_all();
+    if let Some(process) = system.process(Pid::from(process_id as usize)) {
+      // Check if this is actually a Camoufox process by looking at the command line
+      let cmd = process.cmd();
+      let is_camoufox = cmd.iter().any(|arg| {
+        let arg_str = arg.to_str().unwrap_or("");
+        arg_str.contains("camoufox-worker") || arg_str.contains("camoufox")
+      });
+
+      if is_camoufox {
+        // Found running Camoufox process
+        return true;
+      }
+    }
+
+    false
+  }
+}
+
+impl CamoufoxManager {
+  pub async fn launch_camoufox_profile_nodecar(
+    &self,
+    app_handle: AppHandle,
+    profile: BrowserProfile,
+    config: CamoufoxConfig,
+    url: Option<String>,
+  ) -> Result<CamoufoxLaunchResult, String> {
+    // Get profile path
+    let profiles_dir = self.get_profiles_dir();
+    let profile_path = profile.get_profile_data_path(&profiles_dir);
+    let profile_path_str = profile_path.to_string_lossy();
+
+    // Check if there's already a running instance for this profile
+    if let Ok(Some(existing)) = self.find_camoufox_by_profile(&profile_path_str).await {
+      // If there's an existing instance, stop it first to avoid conflicts
+      let _ = self.stop_camoufox(&app_handle, &existing.id).await;
+    }
+
+    // Clean up any dead instances before launching
+    let _ = self.cleanup_dead_instances().await;
+
+    self
+      .launch_camoufox(
+        &app_handle,
+        &profile,
+        &profile_path_str,
+        &config,
+        url.as_deref(),
+      )
+      .await
+      .map_err(|e| format!("Failed to launch Camoufox via nodecar: {e}"))
+  }
+}
+
+#[cfg(test)]
+mod tests {
+  use super::*;
+
+  #[test]
+  fn test_default_config() {
+    let default_config = CamoufoxConfig::default();
+
+    // Verify defaults
+    assert_eq!(default_config.geoip, Some(serde_json::Value::Bool(true)));
+    assert_eq!(default_config.proxy, None);
+    assert_eq!(default_config.fingerprint, None);
+    assert_eq!(default_config.randomize_fingerprint_on_launch, None);
+    assert_eq!(default_config.os, None);
+  }
+}
+
+// Global singleton instance
+lazy_static::lazy_static! {
+  static ref CAMOUFOX_NODECAR_LAUNCHER: CamoufoxManager = CamoufoxManager::new();
+}
@@ -1,5 +1,45 @@
 use tauri::command;

+pub struct DefaultBrowser {}
+
+impl DefaultBrowser {
+  fn new() -> Self {
+    Self {}
+  }
+
+  pub fn instance() -> &'static DefaultBrowser {
+    &DEFAULT_BROWSER
+  }
+
+  pub async fn is_default_browser(&self) -> Result<bool, String> {
+    #[cfg(target_os = "macos")]
+    return macos::is_default_browser();
+
+    #[cfg(target_os = "windows")]
+    return windows::is_default_browser();
+
+    #[cfg(target_os = "linux")]
+    return linux::is_default_browser();
+
+    #[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
+    Err("Unsupported platform".to_string())
+  }
+
+  pub async fn set_as_default_browser(&self) -> Result<(), String> {
+    #[cfg(target_os = "macos")]
+    return macos::set_as_default_browser();
+
+    #[cfg(target_os = "windows")]
+    return windows::set_as_default_browser();
+
+    #[cfg(target_os = "linux")]
+    return linux::set_as_default_browser();
+
+    #[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
+    Err("Unsupported platform".to_string())
+  }
+}
+
 #[cfg(target_os = "macos")]
 mod macos {
  use core_foundation::base::OSStatus;
@@ -158,7 +198,7 @@ mod windows {
    app_key
      .set_value(
        "ApplicationDescription",
-        &"Donut Browser - Simple Yet Powerful Browser Orchestrator",
+        &"Donut Browser - Simple Yet Powerful Anti-Detect Browser",
      )
      .map_err(|e| format!("Failed to set ApplicationDescription: {}", e))?;

@@ -174,7 +214,7 @@ mod windows {
    capabilities
      .set_value(
        "ApplicationDescription",
-        &"Donut Browser - Simple Yet Powerful Browser Orchestrator",
+        &"Donut Browser - Simple Yet Powerful Anti-Detect Browser",
      )
      .map_err(|e| format!("Failed to set Capabilities description: {}", e))?;

@@ -482,66 +522,19 @@ mod linux {
  }
 }

+// Global singleton instance
+lazy_static::lazy_static! {
+  static ref DEFAULT_BROWSER: DefaultBrowser = DefaultBrowser::new();
+}
+
 #[command]
 pub async fn is_default_browser() -> Result<bool, String> {
-  #[cfg(target_os = "macos")]
-  return macos::is_default_browser();
-
-  #[cfg(target_os = "windows")]
-  return windows::is_default_browser();
-
-  #[cfg(target_os = "linux")]
-  return linux::is_default_browser();
-
-  #[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
-  Err("Unsupported platform".to_string())
+  let default_browser = DefaultBrowser::instance();
+  default_browser.is_default_browser().await
 }

 #[command]
 pub async fn set_as_default_browser() -> Result<(), String> {
-  #[cfg(target_os = "macos")]
-  return macos::set_as_default_browser();
-
-  #[cfg(target_os = "windows")]
-  return windows::set_as_default_browser();
-
-  #[cfg(target_os = "linux")]
-  return linux::set_as_default_browser();
-
-  #[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
-  Err("Unsupported platform".to_string())
-}
-
-#[tauri::command]
-pub async fn open_url_with_profile(
-  app_handle: tauri::AppHandle,
-  profile_name: String,
-  url: String,
-) -> Result<(), String> {
-  use crate::browser_runner::BrowserRunner;
-
-  let runner = BrowserRunner::new();
-
-  // Get the profile by name
-  let profiles = runner
-    .list_profiles()
-    .map_err(|e| format!("Failed to list profiles: {e}"))?;
-  let profile = profiles
-    .into_iter()
-    .find(|p| p.name == profile_name)
-    .ok_or_else(|| format!("Profile '{profile_name}' not found"))?;
-
-  println!("Opening URL '{url}' with profile '{profile_name}'");
-
-  // Use launch_or_open_url which handles both launching new instances and opening in existing ones
-  runner
-    .launch_or_open_url(app_handle, &profile, Some(url.clone()), None)
-    .await
-    .map_err(|e| {
-      println!("Failed to open URL with profile '{profile_name}': {e}");
-      format!("Failed to open URL with profile: {e}")
-    })?;
-
-  println!("Successfully opened URL '{url}' with profile '{profile_name}'");
-  Ok(())
+  let default_browser = DefaultBrowser::instance();
+  default_browser.set_as_default_browser().await
 }
@@ -1,496 +0,0 @@
-use directories::BaseDirs;
-use serde::{Deserialize, Serialize};
-use std::collections::HashMap;
-use std::fs;
-use std::path::PathBuf;
-
-#[derive(Debug, Serialize, Deserialize, Clone)]
-pub struct DownloadedBrowserInfo {
-  pub browser: String,
-  pub version: String,
-  pub file_path: PathBuf,
-}
-
-#[derive(Debug, Serialize, Deserialize, Default)]
-pub struct DownloadedBrowsersRegistry {
-  pub browsers: HashMap<String, HashMap<String, DownloadedBrowserInfo>>, // browser -> version -> info
-}
-
-impl DownloadedBrowsersRegistry {
-  pub fn new() -> Self {
-    Self::default()
-  }
-
-  pub fn load() -> Result<Self, Box<dyn std::error::Error + Send + Sync>> {
-    let registry_path = Self::get_registry_path()?;
-
-    if !registry_path.exists() {
-      return Ok(Self::new());
-    }
-
-    let content = fs::read_to_string(&registry_path)?;
-    let registry: DownloadedBrowsersRegistry = serde_json::from_str(&content)?;
-    Ok(registry)
-  }
-
-  pub fn save(&self) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-    let registry_path = Self::get_registry_path()?;
-
-    // Ensure parent directory exists
-    if let Some(parent) = registry_path.parent() {
-      fs::create_dir_all(parent)?;
-    }
-
-    let content = serde_json::to_string_pretty(self)?;
-    fs::write(&registry_path, content)?;
-    Ok(())
-  }
-
-  fn get_registry_path() -> Result<PathBuf, Box<dyn std::error::Error + Send + Sync>> {
-    let base_dirs = BaseDirs::new().ok_or("Failed to get base directories")?;
-    let mut path = base_dirs.data_local_dir().to_path_buf();
-    path.push(if cfg!(debug_assertions) {
-      "DonutBrowserDev"
-    } else {
-      "DonutBrowser"
-    });
-    path.push("data");
-    path.push("downloaded_browsers.json");
-    Ok(path)
-  }
-
-  pub fn add_browser(&mut self, info: DownloadedBrowserInfo) {
-    self
-      .browsers
-      .entry(info.browser.clone())
-      .or_default()
-      .insert(info.version.clone(), info);
-  }
-
-  pub fn remove_browser(&mut self, browser: &str, version: &str) -> Option<DownloadedBrowserInfo> {
-    self.browsers.get_mut(browser)?.remove(version)
-  }
-
-  pub fn is_browser_downloaded(&self, browser: &str, version: &str) -> bool {
-    self
-      .browsers
-      .get(browser)
-      .and_then(|versions| versions.get(version))
-      .is_some()
-  }
-
-  pub fn get_downloaded_versions(&self, browser: &str) -> Vec<String> {
-    self
-      .browsers
-      .get(browser)
-      .map(|versions| versions.keys().cloned().collect())
-      .unwrap_or_default()
-  }
-
-  pub fn mark_download_started(&mut self, browser: &str, version: &str, file_path: PathBuf) {
-    let info = DownloadedBrowserInfo {
-      browser: browser.to_string(),
-      version: version.to_string(),
-      file_path,
-    };
-    self.add_browser(info);
-  }
-
-  pub fn mark_download_completed(&mut self, browser: &str, version: &str) -> Result<(), String> {
-    if self
-      .browsers
-      .get(browser)
-      .and_then(|versions| versions.get(version))
-      .is_some()
-    {
-      Ok(())
-    } else {
-      Err(format!("Browser {browser}:{version} not found in registry"))
-    }
-  }
-
-  pub fn cleanup_failed_download(
-    &mut self,
-    browser: &str,
-    version: &str,
-  ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-    if let Some(info) = self.remove_browser(browser, version) {
-      // Clean up any files that might have been left behind
-      if info.file_path.exists() {
-        if info.file_path.is_dir() {
-          fs::remove_dir_all(&info.file_path)?;
-        } else {
-          fs::remove_file(&info.file_path)?;
-        }
-      }
-
-      // Also clean up the browser directory if it exists
-      let base_dirs = BaseDirs::new().ok_or("Failed to get base directories")?;
-      let mut browser_dir = base_dirs.data_local_dir().to_path_buf();
-      browser_dir.push(if cfg!(debug_assertions) {
-        "DonutBrowserDev"
-      } else {
-        "DonutBrowser"
-      });
-      browser_dir.push("binaries");
-      browser_dir.push(browser);
-      browser_dir.push(version);
-
-      if browser_dir.exists() {
-        fs::remove_dir_all(&browser_dir)?;
-      }
-    }
-    Ok(())
-  }
-
-  /// Find and remove unused browser binaries that are not referenced by any active profiles
-  pub fn cleanup_unused_binaries(
-    &mut self,
-    active_profiles: &[(String, String)], // (browser, version) pairs
-    running_profiles: &[(String, String)], // (browser, version) pairs for running profiles
-  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
-    let active_set: std::collections::HashSet<(String, String)> =
-      active_profiles.iter().cloned().collect();
-    let running_set: std::collections::HashSet<(String, String)> =
-      running_profiles.iter().cloned().collect();
-    let mut cleaned_up = Vec::new();
-
-    // Collect all downloaded browsers that are not in active profiles
-    let mut to_remove = Vec::new();
-    for (browser, versions) in &self.browsers {
-      for version in versions.keys() {
-        let browser_version = (browser.clone(), version.clone());
-
-        // Don't remove if it's used by any active profile
-        if active_set.contains(&browser_version) {
-          println!("Keeping: {browser} {version} (in use by profile)");
-          continue;
-        }
-
-        // Don't remove if it's currently running (even if not in active profiles)
-        if running_set.contains(&browser_version) {
-          println!("Keeping: {browser} {version} (currently running)");
-          continue;
-        }
-
-        // Mark for removal
-        to_remove.push(browser_version);
-        println!("Marking for removal: {browser} {version} (not used by any profile)");
-      }
-    }
-
-    // Remove unused binaries
-    for (browser, version) in to_remove {
-      if let Err(e) = self.cleanup_failed_download(&browser, &version) {
-        eprintln!("Failed to cleanup unused binary {browser}:{version}: {e}");
-      } else {
-        cleaned_up.push(format!("{browser} {version}"));
-        println!("Successfully removed unused binary: {browser} {version}");
-      }
-    }
-
-    if cleaned_up.is_empty() {
-      println!("No unused binaries found to clean up");
-    } else {
-      println!("Cleaned up {} unused binaries", cleaned_up.len());
-    }
-
-    Ok(cleaned_up)
-  }
-
-  /// Get all browsers and versions referenced by active profiles
-  pub fn get_active_browser_versions(
-    &self,
-    profiles: &[crate::profile::BrowserProfile],
-  ) -> Vec<(String, String)> {
-    profiles
-      .iter()
-      .map(|profile| (profile.browser.clone(), profile.version.clone()))
-      .collect()
-  }
-
-  /// Verify that all registered browsers actually exist on disk and clean up stale entries
-  pub fn verify_and_cleanup_stale_entries(
-    &mut self,
-    browser_runner: &crate::browser_runner::BrowserRunner,
-  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
-    use crate::browser::{create_browser, BrowserType};
-    let mut cleaned_up = Vec::new();
-    let binaries_dir = browser_runner.get_binaries_dir();
-
-    let browsers_to_check: Vec<(String, String)> = self
-      .browsers
-      .iter()
-      .flat_map(|(browser, versions)| {
-        versions
-          .keys()
-          .map(|version| (browser.clone(), version.clone()))
-      })
-      .collect();
-
-    for (browser_str, version) in browsers_to_check {
-      if let Ok(browser_type) = BrowserType::from_str(&browser_str) {
-        let browser = create_browser(browser_type);
-        if !browser.is_version_downloaded(&version, &binaries_dir) {
-          // Files don't exist, remove from registry
-          if let Some(_removed) = self.remove_browser(&browser_str, &version) {
-            cleaned_up.push(format!("{browser_str} {version}"));
-            println!("Removed stale registry entry for {browser_str} {version}");
-          }
-        }
-      }
-    }
-
-    if !cleaned_up.is_empty() {
-      self.save()?;
-    }
-
-    Ok(cleaned_up)
-  }
-
-  /// Get all browsers and versions that are currently running
-  pub fn get_running_browser_versions(
-    &self,
-    profiles: &[crate::profile::BrowserProfile],
-  ) -> Vec<(String, String)> {
-    profiles
-      .iter()
-      .filter(|profile| profile.process_id.is_some())
-      .map(|profile| (profile.browser.clone(), profile.version.clone()))
-      .collect()
-  }
-
-  /// Scan the binaries directory and sync with registry
-  /// This ensures the registry reflects what's actually on disk
-  pub fn sync_with_binaries_directory(
-    &mut self,
-    binaries_dir: &std::path::Path,
-  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
-    let mut changes = Vec::new();
-
-    if !binaries_dir.exists() {
-      return Ok(changes);
-    }
-
-    // Scan for actual browser directories
-    for browser_entry in fs::read_dir(binaries_dir)? {
-      let browser_entry = browser_entry?;
-      let browser_path = browser_entry.path();
-
-      if !browser_path.is_dir() {
-        continue;
-      }
-
-      let browser_name = browser_path
-        .file_name()
-        .and_then(|n| n.to_str())
-        .unwrap_or("");
-
-      if browser_name.is_empty() || browser_name.starts_with('.') {
-        continue;
-      }
-
-      // Scan for version directories within this browser
-      for version_entry in fs::read_dir(&browser_path)? {
-        let version_entry = version_entry?;
-        let version_path = version_entry.path();
-
-        if !version_path.is_dir() {
-          continue;
-        }
-
-        let version_name = version_path
-          .file_name()
-          .and_then(|n| n.to_str())
-          .unwrap_or("");
-
-        if version_name.is_empty() || version_name.starts_with('.') {
-          continue;
-        }
-
-        // Check if this browser/version is already in registry
-        if !self.is_browser_downloaded(browser_name, version_name) {
-          // Add to registry
-          let info = DownloadedBrowserInfo {
-            browser: browser_name.to_string(),
-            version: version_name.to_string(),
-            file_path: version_path.clone(),
-          };
-          self.add_browser(info);
-          changes.push(format!("Added {browser_name} {version_name} to registry"));
-        }
-      }
-    }
-
-    if !changes.is_empty() {
-      self.save()?;
-    }
-
-    Ok(changes)
-  }
-
-  /// Comprehensive cleanup that removes unused binaries and syncs registry
-  pub fn comprehensive_cleanup(
-    &mut self,
-    binaries_dir: &std::path::Path,
-    active_profiles: &[(String, String)],
-    running_profiles: &[(String, String)],
-  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
-    let mut cleanup_results = Vec::new();
-
-    // First, sync registry with actual binaries on disk
-    let sync_results = self.sync_with_binaries_directory(binaries_dir)?;
-    cleanup_results.extend(sync_results);
-
-    // Then perform the regular cleanup
-    let regular_cleanup = self.cleanup_unused_binaries(active_profiles, running_profiles)?;
-    cleanup_results.extend(regular_cleanup);
-
-    // Finally, verify and cleanup stale entries
-    let stale_cleanup = self.verify_and_cleanup_stale_entries_simple(binaries_dir)?;
-    cleanup_results.extend(stale_cleanup);
-
-    if !cleanup_results.is_empty() {
-      self.save()?;
-    }
-
-    Ok(cleanup_results)
-  }
-
-  /// Simplified version of verify_and_cleanup_stale_entries that doesn't need BrowserRunner
-  pub fn verify_and_cleanup_stale_entries_simple(
-    &mut self,
-    binaries_dir: &std::path::Path,
-  ) -> Result<Vec<String>, Box<dyn std::error::Error + Send + Sync>> {
-    let mut cleaned_up = Vec::new();
-    let mut browsers_to_remove = Vec::new();
-
-    for (browser_str, versions) in &self.browsers {
-      for version in versions.keys() {
-        // Check if the browser directory actually exists
-        let browser_dir = binaries_dir.join(browser_str).join(version);
-        if !browser_dir.exists() {
-          browsers_to_remove.push((browser_str.clone(), version.clone()));
-        }
-      }
-    }
-
-    // Remove stale entries
-    for (browser_str, version) in browsers_to_remove {
-      if let Some(_removed) = self.remove_browser(&browser_str, &version) {
-        cleaned_up.push(format!(
-          "Removed stale registry entry for {browser_str} {version}"
-        ));
-      }
-    }
-
-    Ok(cleaned_up)
-  }
-}
-
-#[cfg(test)]
-mod tests {
-  use super::*;
-
-  #[test]
-  fn test_registry_creation() {
-    let registry = DownloadedBrowsersRegistry::new();
-    assert!(registry.browsers.is_empty());
-  }
-
-  #[test]
-  fn test_add_and_get_browser() {
-    let mut registry = DownloadedBrowsersRegistry::new();
-    let info = DownloadedBrowserInfo {
-      browser: "firefox".to_string(),
-      version: "139.0".to_string(),
-      file_path: PathBuf::from("/test/path"),
-    };
-
-    registry.add_browser(info.clone());
-
-    assert!(registry.is_browser_downloaded("firefox", "139.0"));
-    assert!(!registry.is_browser_downloaded("firefox", "140.0"));
-    assert!(!registry.is_browser_downloaded("chrome", "139.0"));
-  }
-
-  #[test]
-  fn test_get_downloaded_versions() {
-    let mut registry = DownloadedBrowsersRegistry::new();
-
-    let info1 = DownloadedBrowserInfo {
-      browser: "firefox".to_string(),
-      version: "139.0".to_string(),
-      file_path: PathBuf::from("/test/path1"),
-    };
-
-    let info2 = DownloadedBrowserInfo {
-      browser: "firefox".to_string(),
-      version: "140.0".to_string(),
-      file_path: PathBuf::from("/test/path2"),
-    };
-
-    let info3 = DownloadedBrowserInfo {
-      browser: "firefox".to_string(),
-      version: "141.0".to_string(),
-      file_path: PathBuf::from("/test/path3"),
-    };
-
-    registry.add_browser(info1);
-    registry.add_browser(info2);
-    registry.add_browser(info3);
-
-    let versions = registry.get_downloaded_versions("firefox");
-    assert_eq!(versions.len(), 3);
-    assert!(versions.contains(&"139.0".to_string()));
-    assert!(versions.contains(&"140.0".to_string()));
-    assert!(versions.contains(&"141.0".to_string()));
-  }
-
-  #[test]
-  fn test_mark_download_lifecycle() {
-    let mut registry = DownloadedBrowsersRegistry::new();
-
-    // Mark download started
-    registry.mark_download_started("firefox", "139.0", PathBuf::from("/test/path"));
-
-    // Should be considered downloaded immediately
-    assert!(registry.is_browser_downloaded("firefox", "139.0"));
-
-    // Mark as completed
-    registry
-      .mark_download_completed("firefox", "139.0")
-      .unwrap();
-
-    // Should still be considered downloaded
-    assert!(registry.is_browser_downloaded("firefox", "139.0"));
-  }
-
-  #[test]
-  fn test_remove_browser() {
-    let mut registry = DownloadedBrowsersRegistry::new();
-    let info = DownloadedBrowserInfo {
-      browser: "firefox".to_string(),
-      version: "139.0".to_string(),
-      file_path: PathBuf::from("/test/path"),
-    };
-
-    registry.add_browser(info);
-    assert!(registry.is_browser_downloaded("firefox", "139.0"));
-
-    let removed = registry.remove_browser("firefox", "139.0");
-    assert!(removed.is_some());
-    assert!(!registry.is_browser_downloaded("firefox", "139.0"));
-  }
-
-  #[test]
-  fn test_twilight_download() {
-    let mut registry = DownloadedBrowsersRegistry::new();
-
-    // Mark twilight download started
-    registry.mark_download_started("zen", "twilight", PathBuf::from("/test/zen-twilight"));
-
-    // Check that it's registered
-    assert!(registry.is_browser_downloaded("zen", "twilight"));
-  }
-}
@@ -1,13 +1,19 @@
 use reqwest::Client;
 use serde::{Deserialize, Serialize};
-use std::fs::File;
 use std::io;
 use std::path::{Path, PathBuf};
+use std::sync::Mutex;
 use tauri::Emitter;

 use crate::api_client::ApiClient;
-use crate::browser::BrowserType;
-use crate::browser_version_service::DownloadInfo;
+use crate::browser::{create_browser, BrowserType};
+use crate::browser_version_manager::DownloadInfo;
+
+// Global state to track currently downloading browser-version pairs
+lazy_static::lazy_static! {
+  static ref DOWNLOADING_BROWSERS: std::sync::Arc<Mutex<std::collections::HashSet<String>>> =
+    std::sync::Arc::new(Mutex::new(std::collections::HashSet::new()));
+}

 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct DownloadProgress {
@@ -24,21 +30,37 @@ pub struct DownloadProgress {
 pub struct Downloader {
  client: Client,
  api_client: &'static ApiClient,
+  registry: &'static crate::downloaded_browsers_registry::DownloadedBrowsersRegistry,
+  version_service: &'static crate::browser_version_manager::BrowserVersionManager,
+  extractor: &'static crate::extraction::Extractor,
+  geoip_downloader: &'static crate::geoip_downloader::GeoIPDownloader,
 }

 impl Downloader {
-  pub fn new() -> Self {
+  fn new() -> Self {
    Self {
      client: Client::new(),
      api_client: ApiClient::instance(),
+      registry: crate::downloaded_browsers_registry::DownloadedBrowsersRegistry::instance(),
+      version_service: crate::browser_version_manager::BrowserVersionManager::instance(),
+      extractor: crate::extraction::Extractor::instance(),
+      geoip_downloader: crate::geoip_downloader::GeoIPDownloader::instance(),
    }
  }

+  pub fn instance() -> &'static Downloader {
+    &DOWNLOADER
+  }
+
  #[cfg(test)]
  pub fn new_with_api_client(_api_client: ApiClient) -> Self {
    Self {
      client: Client::new(),
      api_client: ApiClient::instance(),
+      registry: crate::downloaded_browsers_registry::DownloadedBrowsersRegistry::instance(),
+      version_service: crate::browser_version_manager::BrowserVersionManager::instance(),
+      extractor: crate::extraction::Extractor::instance(),
+      geoip_downloader: crate::geoip_downloader::GeoIPDownloader::instance(),
    }
  }

@@ -82,7 +104,7 @@ impl Downloader {
        let releases = match self.api_client.fetch_zen_releases_with_caching(true).await {
          Ok(releases) => releases,
          Err(e) => {
-            eprintln!("Failed to fetch Zen releases: {e}");
+            log::error!("Failed to fetch Zen releases: {e}");
            return Err(format!("Failed to fetch Zen releases from GitHub API: {e}. This might be due to GitHub API rate limiting or network issues. Please try again later.").into());
          }
        };
@@ -393,43 +415,125 @@ impl Downloader {
    let is_twilight =
      browser_type == BrowserType::Zen && version.to_lowercase().contains("twilight");

-    // Emit initial progress
+    // Determine if we have a partial file to resume
+    let mut existing_size: u64 = 0;
+    if let Ok(meta) = std::fs::metadata(&file_path) {
+      existing_size = meta.len();
+    }
+
+    // Build request, add Range only if we have bytes. If the server responds with 416 (Range Not
+    // Satisfiable), delete the partial file and retry once without the Range header.
+    let response = {
+      let mut request = self
+        .client
+        .get(&download_url)
+        .header(
+          "User-Agent",
+          "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36",
+        );
+
+      if existing_size > 0 {
+        request = request.header("Range", format!("bytes={existing_size}-"));
+      }
+
+      let first = request.send().await?;
+
+      if first.status().as_u16() == 416 && existing_size > 0 {
+        // Partial file on disk is not acceptable to the server — remove it and retry from scratch
+        let _ = std::fs::remove_file(&file_path);
+        existing_size = 0;
+
+        let retry = self
+          .client
+          .get(&download_url)
+          .header(
+            "User-Agent",
+            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36",
+          )
+          .send()
+          .await?;
+        retry
+      } else {
+        first
+      }
+    };
+
+    // Check if the response is successful (200 OK or 206 Partial Content)
+    if !(response.status().is_success() || response.status().as_u16() == 206) {
+      return Err(format!("Download failed with status: {}", response.status()).into());
+    }
+
+    // Determine total size
+    let mut total_size = response.content_length();
+
+    // If resuming (206) and Content-Range is present, parse total
+    if response.status().as_u16() == 206 {
+      if let Some(content_range) = response.headers().get(reqwest::header::CONTENT_RANGE) {
+        if let Ok(cr) = content_range.to_str() {
+          // Format: bytes start-end/total
+          if let Some((_, total_str)) = cr.split('/').collect::<Vec<_>>().split_first() {
+            if let Some(total_str) = total_str.first() {
+              if let Ok(total) = total_str.parse::<u64>() {
+                total_size = Some(total);
+              }
+            }
+          }
+        }
+      } else if let Some(len) = response.headers().get(reqwest::header::CONTENT_LENGTH) {
+        // Fallback: total = existing + incoming length
+        if let Ok(len_str) = len.to_str() {
+          if let Ok(incoming) = len_str.parse::<u64>() {
+            total_size = Some(existing_size + incoming);
+          }
+        }
+      }
+    } else if existing_size > 0 && response.status().is_success() {
+      // Server ignored range or we asked from 0; if 200 and existing file has content, start fresh
+      // Truncate existing file so we don't append duplicate bytes
+      let _ = std::fs::remove_file(&file_path);
+      existing_size = 0;
+    }
+
+    let mut downloaded = existing_size;
+    let start_time = std::time::Instant::now();
+    let mut last_update = start_time;
+
+    // Emit initial progress AFTER we've established total size and resume state
+    let initial_percentage = if let Some(total) = total_size {
+      if total > 0 {
+        (existing_size as f64 / total as f64) * 100.0
+      } else {
+        0.0
+      }
+    } else {
+      0.0
+    };
+
+    let initial_stage = if is_twilight {
+      "downloading (twilight rolling release)".to_string()
+    } else {
+      "downloading".to_string()
+    };
+
    let progress = DownloadProgress {
      browser: browser_type.as_str().to_string(),
      version: version.to_string(),
-      downloaded_bytes: 0,
-      total_bytes: None,
-      percentage: 0.0,
+      downloaded_bytes: existing_size,
+      total_bytes: total_size,
+      percentage: initial_percentage,
      speed_bytes_per_sec: 0.0,
      eta_seconds: None,
-      stage: if is_twilight {
-        "downloading (twilight rolling release)".to_string()
-      } else {
-        "downloading".to_string()
-      },
+      stage: initial_stage,
    };

    let _ = app_handle.emit("download-progress", &progress);

-    // Start download
-    let response = self
-      .client
-      .get(&download_url)
-      .header("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36")
-      .send()
-      .await?;
-
-    // Check if the response is successful
-    if !response.status().is_success() {
-      return Err(format!("Download failed with status: {}", response.status()).into());
-    }
-
-    let total_size = response.content_length();
-    let mut downloaded = 0u64;
-    let start_time = std::time::Instant::now();
-    let mut last_update = start_time;
-
-    let mut file = File::create(&file_path)?;
+    // Open file in append mode (resuming) or create new
+    use std::fs::OpenOptions;
+    let mut file = OpenOptions::new()
+      .create(true)
+      .append(true)
+      .open(&file_path)?;
    let mut stream = response.bytes_stream();

    use futures_util::StreamExt;
@@ -442,13 +546,19 @@ impl Downloader {
      // Update progress every 100ms to avoid too many events
      if now.duration_since(last_update).as_millis() >= 100 {
        let elapsed = start_time.elapsed().as_secs_f64();
+        // Compute speed based only on bytes downloaded in this session to avoid inflated values when resuming
+        let downloaded_since_start = downloaded.saturating_sub(existing_size);
        let speed = if elapsed > 0.0 {
-          downloaded as f64 / elapsed
+          downloaded_since_start as f64 / elapsed
        } else {
          0.0
        };
        let percentage = if let Some(total) = total_size {
-          (downloaded as f64 / total as f64) * 100.0
+          if total > 0 {
+            (downloaded as f64 / total as f64) * 100.0
+          } else {
+            0.0
+          }
        } else {
          0.0
        };
@@ -482,6 +592,327 @@ impl Downloader {

    Ok(file_path)
  }
+
+  /// Download a browser binary, verify it, and register it in the downloaded browsers registry
+  pub async fn download_browser_full(
+    &self,
+    app_handle: &tauri::AppHandle,
+    browser_str: String,
+    version: String,
+  ) -> Result<String, Box<dyn std::error::Error + Send + Sync>> {
+    // Check if this browser-version pair is already being downloaded
+    let download_key = format!("{browser_str}-{version}");
+    {
+      let mut downloading = DOWNLOADING_BROWSERS.lock().unwrap();
+      if downloading.contains(&download_key) {
+        return Err(format!("Browser '{browser_str}' version '{version}' is already being downloaded. Please wait for the current download to complete.").into());
+      }
+      // Mark this browser-version pair as being downloaded
+      downloading.insert(download_key.clone());
+    }
+
+    let browser_type =
+      BrowserType::from_str(&browser_str).map_err(|e| format!("Invalid browser type: {e}"))?;
+    let browser = create_browser(browser_type.clone());
+
+    // Use injected registry instance
+
+    // Get binaries directory - we need to get it from somewhere
+    // This is a bit tricky since we don't have access to BrowserRunner's get_binaries_dir
+    // We'll need to replicate this logic
+    let binaries_dir = if let Some(base_dirs) = directories::BaseDirs::new() {
+      let mut path = base_dirs.data_local_dir().to_path_buf();
+      path.push(if cfg!(debug_assertions) {
+        "DonutBrowserDev"
+      } else {
+        "DonutBrowser"
+      });
+      path.push("binaries");
+      path
+    } else {
+      return Err("Failed to get base directories".into());
+    };
+
+    // Check if registry thinks it's downloaded, but also verify files actually exist
+    if self.registry.is_browser_downloaded(&browser_str, &version) {
+      let actually_exists = browser.is_version_downloaded(&version, &binaries_dir);
+
+      if actually_exists {
+        // Remove from downloading set since it's already downloaded
+        let mut downloading = DOWNLOADING_BROWSERS.lock().unwrap();
+        downloading.remove(&download_key);
+        return Ok(version);
+      } else {
+        // Registry says it's downloaded but files don't exist - clean up registry
+        log::info!("Registry indicates {browser_str} {version} is downloaded, but files are missing. Cleaning up registry entry.");
+        self.registry.remove_browser(&browser_str, &version);
+        self
+          .registry
+          .save()
+          .map_err(|e| format!("Failed to save cleaned registry: {e}"))?;
+      }
+    }
+
+    // Check if browser is supported on current platform before attempting download
+    if !self
+      .version_service
+      .is_browser_supported(&browser_str)
+      .unwrap_or(false)
+    {
+      // Remove from downloading set on error
+      let mut downloading = DOWNLOADING_BROWSERS.lock().unwrap();
+      downloading.remove(&download_key);
+      return Err(
+        format!(
+          "Browser '{}' is not supported on your platform ({} {}). Supported browsers: {}",
+          browser_str,
+          std::env::consts::OS,
+          std::env::consts::ARCH,
+          self.version_service.get_supported_browsers().join(", ")
+        )
+        .into(),
+      );
+    }
+
+    let download_info = self
+      .version_service
+      .get_download_info(&browser_str, &version)
+      .map_err(|e| format!("Failed to get download info: {e}"))?;
+
+    // Create browser directory
+    let mut browser_dir = binaries_dir.clone();
+    browser_dir.push(&browser_str);
+    browser_dir.push(&version);
+
+    std::fs::create_dir_all(&browser_dir)
+      .map_err(|e| format!("Failed to create browser directory: {e}"))?;
+
+    // Mark download as started (but don't add to registry yet)
+    self
+      .registry
+      .mark_download_started(&browser_str, &version, browser_dir.clone());
+
+    // Attempt to download the archive. If the download fails but an archive with the
+    // expected filename already exists (manual download), continue using that file.
+    let download_path: PathBuf = match self
+      .download_browser(
+        app_handle,
+        browser_type.clone(),
+        &version,
+        &download_info,
+        &browser_dir,
+      )
+      .await
+    {
+      Ok(path) => path,
+      Err(e) => {
+        // Do NOT continue with extraction on failed downloads. Partial files may exist but are invalid.
+        // Clean registry entry and stop here so the UI can show a single, clear error.
+        let _ = self.registry.remove_browser(&browser_str, &version);
+        let _ = self.registry.save();
+        let mut downloading = DOWNLOADING_BROWSERS.lock().unwrap();
+        downloading.remove(&download_key);
+        return Err(format!("Failed to download browser: {e}").into());
+      }
+    };
+
+    // Use the extraction module
+    if download_info.is_archive {
+      match self
+        .extractor
+        .extract_browser(
+          app_handle,
+          browser_type.clone(),
+          &version,
+          &download_path,
+          &browser_dir,
+        )
+        .await
+      {
+        Ok(_) => {
+          // Do not remove the archive here. We keep it until verification succeeds.
+        }
+        Err(e) => {
+          // Do not remove the archive or extracted files. Just drop the registry entry
+          // so it won't be reported as downloaded.
+          let _ = self.registry.remove_browser(&browser_str, &version);
+          let _ = self.registry.save();
+          // Remove browser-version pair from downloading set on error
+          {
+            let mut downloading = DOWNLOADING_BROWSERS.lock().unwrap();
+            downloading.remove(&download_key);
+          }
+          return Err(format!("Failed to extract browser: {e}").into());
+        }
+      }
+
+      // Give filesystem a moment to settle after extraction
+      tokio::time::sleep(tokio::time::Duration::from_millis(500)).await;
+    }
+
+    // Emit verification progress
+    let progress = DownloadProgress {
+      browser: browser_str.clone(),
+      version: version.clone(),
+      downloaded_bytes: 0,
+      total_bytes: None,
+      percentage: 100.0,
+      speed_bytes_per_sec: 0.0,
+      eta_seconds: None,
+      stage: "verifying".to_string(),
+    };
+    let _ = app_handle.emit("download-progress", &progress);
+
+    // Verify the browser was downloaded correctly
+    log::info!("Verifying download for browser: {browser_str}, version: {version}");
+
+    // Use the browser's own verification method
+    if !browser.is_version_downloaded(&version, &binaries_dir) {
+      // Provide detailed error information for debugging
+      let browser_dir = binaries_dir.join(&browser_str).join(&version);
+      let mut error_details = format!(
+        "Browser download completed but verification failed for {} {}. Expected directory: {}",
+        browser_str,
+        version,
+        browser_dir.display()
+      );
+
+      // List what files actually exist
+      if browser_dir.exists() {
+        error_details.push_str("\nFiles found in directory:");
+        if let Ok(entries) = std::fs::read_dir(&browser_dir) {
+          for entry in entries.flatten() {
+            let path = entry.path();
+            let file_type = if path.is_dir() { "DIR" } else { "FILE" };
+            error_details.push_str(&format!("\n  {} {}", file_type, path.display()));
+          }
+        } else {
+          error_details.push_str("\n  (Could not read directory contents)");
+        }
+      } else {
+        error_details.push_str("\nDirectory does not exist!");
+      }
+
+      // For Camoufox on Linux, provide specific expected files
+      if browser_str == "camoufox" && cfg!(target_os = "linux") {
+        let camoufox_subdir = browser_dir.join("camoufox");
+        error_details.push_str("\nExpected Camoufox executable locations:");
+        error_details.push_str(&format!("\n  {}/camoufox-bin", camoufox_subdir.display()));
+        error_details.push_str(&format!("\n  {}/camoufox", camoufox_subdir.display()));
+
+        if camoufox_subdir.exists() {
+          error_details.push_str(&format!(
+            "\nCamoufox subdirectory exists: {}",
+            camoufox_subdir.display()
+          ));
+          if let Ok(entries) = std::fs::read_dir(&camoufox_subdir) {
+            error_details.push_str("\nFiles in camoufox subdirectory:");
+            for entry in entries.flatten() {
+              let path = entry.path();
+              let file_type = if path.is_dir() { "DIR" } else { "FILE" };
+              error_details.push_str(&format!("\n  {} {}", file_type, path.display()));
+            }
+          }
+        } else {
+          error_details.push_str(&format!(
+            "\nCamoufox subdirectory does not exist: {}",
+            camoufox_subdir.display()
+          ));
+        }
+      }
+
+      // Do not delete files on verification failure; keep archive for manual retry.
+      let _ = self.registry.remove_browser(&browser_str, &version);
+      let _ = self.registry.save();
+      // Remove browser-version pair from downloading set on verification failure
+      {
+        let mut downloading = DOWNLOADING_BROWSERS.lock().unwrap();
+        downloading.remove(&download_key);
+      }
+      return Err(error_details.into());
+    }
+
+    // Mark completion in registry - only now add to registry after verification
+    if let Err(e) =
+      self
+        .registry
+        .mark_download_completed(&browser_str, &version, browser_dir.clone())
+    {
+      log::warn!("Warning: Could not mark {browser_str} {version} as completed in registry: {e}");
+    }
+    self
+      .registry
+      .save()
+      .map_err(|e| format!("Failed to save registry: {e}"))?;
+
+    // Now that verification succeeded, remove the archive file if it exists
+    if download_info.is_archive {
+      let archive_path = browser_dir.join(&download_info.filename);
+      if archive_path.exists() {
+        if let Err(e) = std::fs::remove_file(&archive_path) {
+          log::warn!("Warning: Could not delete archive file after verification: {e}");
+        }
+      }
+    }
+
+    // If this is Camoufox, automatically download GeoIP database
+    if browser_str == "camoufox" {
+      // Check if GeoIP database is already available
+      if !crate::geoip_downloader::GeoIPDownloader::is_geoip_database_available() {
+        log::info!("Downloading GeoIP database for Camoufox...");
+
+        match self
+          .geoip_downloader
+          .download_geoip_database(app_handle)
+          .await
+        {
+          Ok(_) => {
+            log::info!("GeoIP database downloaded successfully");
+          }
+          Err(e) => {
+            log::error!("Failed to download GeoIP database: {e}");
+            // Don't fail the browser download if GeoIP download fails
+          }
+        }
+      } else {
+        log::info!("GeoIP database already available");
+      }
+    }
+
+    // Emit completion
+    let progress = DownloadProgress {
+      browser: browser_str.clone(),
+      version: version.clone(),
+      downloaded_bytes: 0,
+      total_bytes: None,
+      percentage: 100.0,
+      speed_bytes_per_sec: 0.0,
+      eta_seconds: Some(0.0),
+      stage: "completed".to_string(),
+    };
+    let _ = app_handle.emit("download-progress", &progress);
+
+    // Remove browser-version pair from downloading set
+    {
+      let mut downloading = DOWNLOADING_BROWSERS.lock().unwrap();
+      downloading.remove(&download_key);
+    }
+
+    Ok(version)
+  }
+}
+
+#[tauri::command]
+pub async fn download_browser(
+  app_handle: tauri::AppHandle,
+  browser_str: String,
+  version: String,
+) -> Result<String, String> {
+  let downloader = Downloader::instance();
+  downloader
+    .download_browser_full(&app_handle, browser_str, version)
+    .await
+    .map_err(|e| format!("Failed to download browser: {e}"))
 }

 #[cfg(test)]
@@ -489,7 +920,7 @@ mod tests {
  use super::*;
  use crate::api_client::ApiClient;
  use crate::browser::BrowserType;
-  use crate::browser_version_service::DownloadInfo;
+  use crate::browser_version_manager::DownloadInfo;

  use tempfile::TempDir;
  use wiremock::matchers::{method, path};
@@ -716,3 +1147,8 @@ mod tests {
    assert_eq!(downloaded_content.len(), test_content.len());
  }
 }
+
+// Global singleton instance
+lazy_static::lazy_static! {
+  static ref DOWNLOADER: Downloader = Downloader::new();
+}
@@ -1,4 +1,5 @@
 use crate::browser::GithubRelease;
+use crate::profile::manager::ProfileManager;
 use directories::BaseDirs;
 use reqwest::Client;
 use serde::{Deserialize, Serialize};
@@ -14,6 +15,11 @@ pub struct GeoIPDownloadProgress {
  pub stage: String, // "downloading", "extracting", "completed"
  pub percentage: f64,
  pub message: String,
+  // Extra fields to mirror browser download progress payload
+  pub downloaded_bytes: Option<u64>,
+  pub total_bytes: Option<u64>,
+  pub speed_bytes_per_sec: Option<f64>,
+  pub eta_seconds: Option<f64>,
 }

 pub struct GeoIPDownloader {
@@ -21,12 +27,16 @@ pub struct GeoIPDownloader {
 }

 impl GeoIPDownloader {
-  pub fn new() -> Self {
+  fn new() -> Self {
    Self {
      client: Client::new(),
    }
  }

+  pub fn instance() -> &'static GeoIPDownloader {
+    &GEOIP_DOWNLOADER
+  }
+
  /// Create a new downloader with custom client (for testing)
  #[cfg(test)]
  pub fn new_with_client(client: Client) -> Self {
@@ -66,6 +76,25 @@ impl GeoIPDownloader {
      false
    }
  }
+  /// Check if GeoIP database is missing for Camoufox profiles
+  pub fn check_missing_geoip_database(
+    &self,
+  ) -> Result<bool, Box<dyn std::error::Error + Send + Sync>> {
+    // Get all profiles
+    let profiles = ProfileManager::instance()
+      .list_profiles()
+      .map_err(|e| format!("Failed to list profiles: {e}"))?;
+
+    // Check if there are any Camoufox profiles
+    let has_camoufox_profiles = profiles.iter().any(|profile| profile.browser == "camoufox");
+
+    if has_camoufox_profiles {
+      // Check if GeoIP database is available
+      return Ok(!Self::is_geoip_database_available());
+    }
+
+    Ok(false)
+  }

  fn find_city_mmdb_asset(&self, release: &GithubRelease) -> Option<String> {
    for asset in &release.assets {
@@ -87,6 +116,10 @@ impl GeoIPDownloader {
        stage: "downloading".to_string(),
        percentage: 0.0,
        message: "Starting GeoIP database download".to_string(),
+        downloaded_bytes: Some(0),
+        total_bytes: None,
+        speed_bytes_per_sec: Some(0.0),
+        eta_seconds: None,
      },
    );

@@ -118,26 +151,51 @@ impl GeoIPDownloader {
    }

    let total_size = response.content_length().unwrap_or(0);
-    let mut downloaded = 0;
+    let mut downloaded: u64 = 0;
    let mut file = fs::File::create(&mmdb_path).await?;
    let mut stream = response.bytes_stream();

    use futures_util::StreamExt;
+    use std::time::Instant;
+    let start_time = Instant::now();
+    let mut last_update = Instant::now();
    while let Some(chunk) = stream.next().await {
      let chunk = chunk?;
      downloaded += chunk.len() as u64;
      file.write_all(&chunk).await?;

-      if total_size > 0 {
-        let percentage = (downloaded as f64 / total_size as f64) * 100.0;
+      let now = Instant::now();
+      if now.duration_since(last_update).as_millis() >= 100 {
+        let elapsed = start_time.elapsed().as_secs_f64();
+        let speed = if elapsed > 0.0 {
+          downloaded as f64 / elapsed
+        } else {
+          0.0
+        };
+        let percentage = if total_size > 0 {
+          (downloaded as f64 / total_size as f64) * 100.0
+        } else {
+          0.0
+        };
+        let eta = if speed > 0.0 && total_size > 0 {
+          Some((total_size.saturating_sub(downloaded)) as f64 / speed)
+        } else {
+          None
+        };
+
        let _ = app_handle.emit(
          "geoip-download-progress",
          GeoIPDownloadProgress {
            stage: "downloading".to_string(),
            percentage,
            message: format!("Downloaded {downloaded} / {total_size} bytes"),
+            downloaded_bytes: Some(downloaded),
+            total_bytes: Some(total_size),
+            speed_bytes_per_sec: Some(speed),
+            eta_seconds: eta,
          },
        );
+        last_update = now;
      }
    }

@@ -150,6 +208,10 @@ impl GeoIPDownloader {
        stage: "completed".to_string(),
        percentage: 100.0,
        message: "GeoIP database download completed".to_string(),
+        downloaded_bytes: Some(downloaded),
+        total_bytes: Some(total_size),
+        speed_bytes_per_sec: Some(0.0),
+        eta_seconds: Some(0.0),
      },
    );

@@ -176,6 +238,19 @@ impl GeoIPDownloader {
  }
 }

+#[tauri::command]
+pub fn check_missing_geoip_database() -> Result<bool, String> {
+  let geoip_downloader = GeoIPDownloader::instance();
+  geoip_downloader
+    .check_missing_geoip_database()
+    .map_err(|e| format!("Failed to check missing GeoIP database: {e}"))
+}
+
+// Global singleton instance
+lazy_static::lazy_static! {
+  static ref GEOIP_DOWNLOADER: GeoIPDownloader = GeoIPDownloader::new();
+}
+
 #[cfg(test)]
 mod tests {
  use super::*;
@@ -289,11 +364,25 @@ mod tests {

  #[test]
  fn test_is_geoip_database_available() {
-    // This test will return false unless the database actually exists
-    // In a real environment, this would check the actual file system
+    // Test that the function works correctly regardless of file system state
    let is_available = GeoIPDownloader::is_geoip_database_available();
-    // We can't assert a specific value since it depends on the system state
-    // But we can verify the function doesn't panic
-    println!("GeoIP database available: {is_available}");
+
+    // The function should return a boolean value (either true or false)
+    // The function should return a boolean value - we just verify it doesn't panic
+    // and returns the expected result based on file existence
+
+    // Verify the function logic by checking if the path resolution works
+    let mmdb_path_result = GeoIPDownloader::get_mmdb_file_path();
+    assert!(
+      mmdb_path_result.is_ok(),
+      "Should be able to get MMDB file path"
+    );
+
+    let mmdb_path = mmdb_path_result.unwrap();
+    let expected_available = mmdb_path.exists();
+    assert_eq!(
+      is_available, expected_available,
+      "Function result should match actual file existence"
+    );
  }
 }
@@ -2,8 +2,9 @@ use directories::BaseDirs;
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::fs;
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 use std::sync::Mutex;
+use tauri::Emitter;

 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct ProfileGroup {
@@ -25,16 +26,37 @@ struct GroupsData {

 pub struct GroupManager {
  base_dirs: BaseDirs,
+  data_dir_override: Option<PathBuf>,
 }

 impl GroupManager {
  pub fn new() -> Self {
    Self {
      base_dirs: BaseDirs::new().expect("Failed to get base directories"),
+      data_dir_override: std::env::var("DONUTBROWSER_DATA_DIR")
+        .ok()
+        .map(PathBuf::from),
+    }
+  }
+
+  // Helper for tests to override data directory without global env var
+  #[allow(dead_code)]
+  pub fn with_data_dir_override(dir: &Path) -> Self {
+    Self {
+      base_dirs: BaseDirs::new().expect("Failed to get base directories"),
+      data_dir_override: Some(dir.to_path_buf()),
    }
  }

  fn get_groups_file_path(&self) -> PathBuf {
+    if let Some(dir) = &self.data_dir_override {
+      let mut override_path = dir.clone();
+      // Ensure the directory exists before returning the path
+      let _ = fs::create_dir_all(&override_path);
+      override_path.push("groups.json");
+      return override_path;
+    }
+
    let mut path = self.base_dirs.data_local_dir().to_path_buf();
    path.push(if cfg!(debug_assertions) {
      "DonutBrowserDev"
@@ -76,7 +98,11 @@ impl GroupManager {
    Ok(groups_data.groups)
  }

-  pub fn create_group(&self, name: String) -> Result<ProfileGroup, Box<dyn std::error::Error>> {
+  pub fn create_group(
+    &self,
+    app_handle: &tauri::AppHandle,
+    name: String,
+  ) -> Result<ProfileGroup, Box<dyn std::error::Error>> {
    let mut groups_data = self.load_groups_data()?;

    // Check if group with this name already exists
@@ -92,11 +118,17 @@ impl GroupManager {
    groups_data.groups.push(group.clone());
    self.save_groups_data(&groups_data)?;

+    // Emit event for reactive UI updates
+    if let Err(e) = app_handle.emit("groups-changed", ()) {
+      log::error!("Failed to emit groups-changed event: {e}");
+    }
+
    Ok(group)
  }

  pub fn update_group(
    &self,
+    app_handle: &tauri::AppHandle,
    id: String,
    name: String,
  ) -> Result<ProfileGroup, Box<dyn std::error::Error>> {
@@ -121,10 +153,20 @@ impl GroupManager {
    let updated_group = group.clone();

    self.save_groups_data(&groups_data)?;
+
+    // Emit event for reactive UI updates
+    if let Err(e) = app_handle.emit("groups-changed", ()) {
+      log::error!("Failed to emit groups-changed event: {e}");
+    }
+
    Ok(updated_group)
  }

-  pub fn delete_group(&self, id: String) -> Result<(), Box<dyn std::error::Error>> {
+  pub fn delete_group(
+    &self,
+    app_handle: &tauri::AppHandle,
+    id: String,
+  ) -> Result<(), Box<dyn std::error::Error>> {
    let mut groups_data = self.load_groups_data()?;

    let initial_len = groups_data.groups.len();
@@ -135,6 +177,12 @@ impl GroupManager {
    }

    self.save_groups_data(&groups_data)?;
+
+    // Emit event for reactive UI updates
+    if let Err(e) = app_handle.emit("groups-changed", ()) {
+      log::error!("Failed to emit groups-changed event: {e}");
+    }
+
    Ok(())
  }

@@ -152,29 +200,26 @@ impl GroupManager {
      }
    }

-    // Create result with counts
+    // Create result including all groups (even those with 0 count)
    let mut result = Vec::new();
    for group in groups {
      let count = group_counts.get(&group.id).copied().unwrap_or(0);
-      if count > 0 {
-        result.push(GroupWithCount {
-          id: group.id,
-          name: group.name,
-          count,
-        });
-      }
+      result.push(GroupWithCount {
+        id: group.id,
+        name: group.name,
+        count,
+      });
    }

-    // Add default group count (profiles without group_id)
+    // Add default group count (profiles without group_id), always include even if 0
    let default_count = profiles.iter().filter(|p| p.group_id.is_none()).count();
-    if default_count > 0 {
-      let default_group = GroupWithCount {
-        id: "default".to_string(),
-        name: "Default".to_string(),
-        count: default_count,
-      };
-      result.insert(0, default_group);
-    }
+    let default_group = GroupWithCount {
+      id: "default".to_string(),
+      name: "Default".to_string(),
+      count: default_count,
+    };
+    // Insert at the beginning for consistent ordering with UI expectations
+    result.insert(0, default_group);

    Ok(result)
  }
@@ -204,7 +249,7 @@ pub async fn get_profile_groups() -> Result<Vec<ProfileGroup>, String> {

 #[tauri::command]
 pub async fn get_groups_with_profile_counts() -> Result<Vec<GroupWithCount>, String> {
-  let profile_manager = crate::profile::ProfileManager::new();
+  let profile_manager = crate::profile::ProfileManager::instance();
  let profiles = profile_manager
    .list_profiles()
    .map_err(|e| format!("Failed to list profiles: {e}"))?;
@@ -212,44 +257,58 @@ pub async fn get_groups_with_profile_counts() -> Result<Vec<GroupWithCount>, Str
 }

 #[tauri::command]
-pub async fn create_profile_group(name: String) -> Result<ProfileGroup, String> {
+pub async fn create_profile_group(
+  app_handle: tauri::AppHandle,
+  name: String,
+) -> Result<ProfileGroup, String> {
  let group_manager = GROUP_MANAGER.lock().unwrap();
  group_manager
-    .create_group(name)
+    .create_group(&app_handle, name)
    .map_err(|e| format!("Failed to create group: {e}"))
 }

 #[tauri::command]
-pub async fn update_profile_group(group_id: String, name: String) -> Result<ProfileGroup, String> {
+pub async fn update_profile_group(
+  app_handle: tauri::AppHandle,
+  group_id: String,
+  name: String,
+) -> Result<ProfileGroup, String> {
  let group_manager = GROUP_MANAGER.lock().unwrap();
  group_manager
-    .update_group(group_id, name)
+    .update_group(&app_handle, group_id, name)
    .map_err(|e| format!("Failed to update group: {e}"))
 }

 #[tauri::command]
-pub async fn delete_profile_group(group_id: String) -> Result<(), String> {
+pub async fn delete_profile_group(
+  app_handle: tauri::AppHandle,
+  group_id: String,
+) -> Result<(), String> {
  let group_manager = GROUP_MANAGER.lock().unwrap();
  group_manager
-    .delete_group(group_id)
+    .delete_group(&app_handle, group_id)
    .map_err(|e| format!("Failed to delete group: {e}"))
 }

 #[tauri::command]
 pub async fn assign_profiles_to_group(
-  profile_names: Vec<String>,
+  app_handle: tauri::AppHandle,
+  profile_ids: Vec<String>,
  group_id: Option<String>,
 ) -> Result<(), String> {
-  let profile_manager = crate::profile::ProfileManager::new();
+  let profile_manager = crate::profile::ProfileManager::instance();
  profile_manager
-    .assign_profiles_to_group(profile_names, group_id)
+    .assign_profiles_to_group(&app_handle, profile_ids, group_id)
    .map_err(|e| format!("Failed to assign profiles to group: {e}"))
 }

 #[tauri::command]
-pub async fn delete_selected_profiles(profile_names: Vec<String>) -> Result<(), String> {
-  let profile_manager = crate::profile::ProfileManager::new();
+pub async fn delete_selected_profiles(
+  app_handle: tauri::AppHandle,
+  profile_ids: Vec<String>,
+) -> Result<(), String> {
+  let profile_manager = crate::profile::ProfileManager::instance();
  profile_manager
-    .delete_multiple_profiles(profile_names)
+    .delete_multiple_profiles(&app_handle, profile_ids)
    .map_err(|e| format!("Failed to delete profiles: {e}"))
 }
@@ -3,20 +3,22 @@ use std::env;
 use std::sync::Mutex;
 use tauri::{Emitter, Manager, Runtime, WebviewUrl, WebviewWindow, WebviewWindowBuilder};
 use tauri_plugin_deep_link::DeepLinkExt;
+use tauri_plugin_log::{Target, TargetKind};

 // Store pending URLs that need to be handled when the window is ready
 static PENDING_URLS: Mutex<Vec<String>> = Mutex::new(Vec::new());

 mod api_client;
+mod api_server;
 mod app_auto_updater;
 mod auto_updater;
 mod browser;
 mod browser_runner;
-mod browser_version_service;
-mod camoufox;
+mod browser_version_manager;
+mod camoufox_manager;
 mod default_browser;
-mod download;
-mod downloaded_browsers;
+mod downloaded_browsers_registry;
+mod downloader;
 mod extraction;
 mod geoip_downloader;
 mod group_manager;
@@ -24,37 +26,53 @@ mod platform_browser;
 mod profile;
 mod profile_importer;
 mod proxy_manager;
+pub mod proxy_runner;
+pub mod proxy_server;
+pub mod proxy_storage;
 mod settings_manager;
-mod system_utils;
-mod theme_detector;
+pub mod traffic_stats;
+// mod theme_detector; // removed: theme detection handled in webview via CSS prefers-color-scheme
+mod tag_manager;
 mod version_updater;

-extern crate lazy_static;
-
 use browser_runner::{
-  check_browser_exists, check_browser_status, check_missing_binaries, create_browser_profile_new,
-  delete_profile, download_browser, ensure_all_binaries_exist, fetch_browser_versions_cached_first,
-  fetch_browser_versions_with_count, fetch_browser_versions_with_count_cached_first,
-  get_browser_release_types, get_downloaded_browser_versions, get_supported_browsers,
-  is_browser_supported_on_platform, kill_browser_profile, launch_browser_profile,
-  list_browser_profiles, rename_profile, update_camoufox_config, update_profile_proxy,
-  update_profile_version,
+  check_browser_exists, kill_browser_profile, launch_browser_profile, open_url_with_profile,
 };

+use profile::manager::{
+  check_browser_status, create_browser_profile_new, delete_profile, list_browser_profiles,
+  rename_profile, update_camoufox_config, update_profile_note, update_profile_proxy,
+  update_profile_tags,
+};
+
+use browser_version_manager::{
+  fetch_browser_versions_cached_first, fetch_browser_versions_with_count,
+  fetch_browser_versions_with_count_cached_first, get_supported_browsers,
+  is_browser_supported_on_platform,
+};
+
+use downloaded_browsers_registry::{
+  check_missing_binaries, ensure_all_binaries_exist, get_downloaded_browser_versions,
+};
+
+use downloader::download_browser;
+
 use settings_manager::{
-  clear_all_version_cache_and_refetch, get_app_settings, get_table_sorting_settings,
-  save_app_settings, save_table_sorting_settings, should_show_settings_on_startup,
+  get_app_settings, get_table_sorting_settings, save_app_settings, save_table_sorting_settings,
+  should_show_settings_on_startup,
 };

-use default_browser::{is_default_browser, open_url_with_profile, set_as_default_browser};
+use tag_manager::get_all_tags;
+
+use default_browser::{is_default_browser, set_as_default_browser};

 use version_updater::{
-  get_version_update_status, get_version_updater, trigger_manual_version_update,
+  clear_all_version_cache_and_refetch, get_version_update_status, get_version_updater,
+  trigger_manual_version_update,
 };

 use auto_updater::{
  check_for_browser_updates, complete_browser_update_with_auto_update, dismiss_update_notification,
-  is_browser_disabled_for_update,
 };

 use app_auto_updater::{
@@ -63,15 +81,17 @@ use app_auto_updater::{

 use profile_importer::{detect_existing_profiles, import_browser_profile};

-use theme_detector::get_system_theme;
-
-use system_utils::{get_system_locale, get_system_timezone};
-
 use group_manager::{
  assign_profiles_to_group, create_profile_group, delete_profile_group, delete_selected_profiles,
  get_groups_with_profile_counts, get_profile_groups, update_profile_group,
 };

+use geoip_downloader::{check_missing_geoip_database, GeoIPDownloader};
+
+use browser_version_manager::get_browser_release_types;
+
+use api_server::{get_api_server_status, start_api_server, stop_api_server};
+
 // Trait to extend WebviewWindow with transparent titlebar functionality
 pub trait WindowExt {
  #[cfg(target_os = "macos")]
@@ -117,13 +137,42 @@ impl<R: Runtime> WindowExt for WebviewWindow<R> {
  }
 }

+#[tauri::command]
+async fn warm_up_nodecar(app: tauri::AppHandle) -> Result<(), String> {
+  use tauri_plugin_shell::ShellExt;
+  use tokio::time::{timeout, Duration};
+
+  let start_time = std::time::Instant::now();
+
+  // Use sidecar to execute a fast, harmless command that ensures the binary is loaded
+  let cmd = app
+    .shell()
+    .sidecar("nodecar")
+    .map_err(|e| format!("Failed to create nodecar sidecar: {e}"))?
+    .arg("help");
+
+  let exec_future = async { cmd.output().await };
+  match timeout(Duration::from_secs(120), exec_future).await {
+    Ok(Ok(_output)) => {
+      let duration = start_time.elapsed();
+      log::info!(
+        "Nodecar warm-up (frontend-triggered) completed in {:.2}s",
+        duration.as_secs_f64()
+      );
+      Ok(())
+    }
+    Ok(Err(e)) => Err(format!("Failed to execute nodecar for warm-up: {e}")),
+    Err(_) => Err("Nodecar warm-up timed out after 120s".to_string()),
+  }
+}
+
 #[tauri::command]
 async fn handle_url_open(app: tauri::AppHandle, url: String) -> Result<(), String> {
-  println!("handle_url_open called with URL: {url}");
+  log::info!("handle_url_open called with URL: {url}");

  // Check if the main window exists and is ready
  if let Some(window) = app.get_webview_window("main") {
-    println!("Main window exists");
+    log::debug!("Main window exists");

    // Try to show and focus the window first
    let _ = window.show();
@@ -135,7 +184,7 @@ async fn handle_url_open(app: tauri::AppHandle, url: String) -> Result<(), Strin
      .map_err(|e| format!("Failed to emit URL open event: {e}"))?;
  } else {
    // Window doesn't exist yet - add to pending URLs
-    println!("Main window doesn't exist, adding URL to pending list");
+    log::debug!("Main window doesn't exist, adding URL to pending list");
    let mut pending = PENDING_URLS.lock().unwrap();
    pending.push(url);
  }
@@ -145,11 +194,12 @@ async fn handle_url_open(app: tauri::AppHandle, url: String) -> Result<(), Strin

 #[tauri::command]
 async fn create_stored_proxy(
+  app_handle: tauri::AppHandle,
  name: String,
  proxy_settings: crate::browser::ProxySettings,
 ) -> Result<crate::proxy_manager::StoredProxy, String> {
  crate::proxy_manager::PROXY_MANAGER
-    .create_stored_proxy(name, proxy_settings)
+    .create_stored_proxy(&app_handle, name, proxy_settings)
    .map_err(|e| format!("Failed to create stored proxy: {e}"))
 }

@@ -160,36 +210,128 @@ async fn get_stored_proxies() -> Result<Vec<crate::proxy_manager::StoredProxy>,

 #[tauri::command]
 async fn update_stored_proxy(
+  app_handle: tauri::AppHandle,
  proxy_id: String,
  name: Option<String>,
  proxy_settings: Option<crate::browser::ProxySettings>,
 ) -> Result<crate::proxy_manager::StoredProxy, String> {
  crate::proxy_manager::PROXY_MANAGER
-    .update_stored_proxy(&proxy_id, name, proxy_settings)
+    .update_stored_proxy(&app_handle, &proxy_id, name, proxy_settings)
    .map_err(|e| format!("Failed to update stored proxy: {e}"))
 }

 #[tauri::command]
-async fn delete_stored_proxy(proxy_id: String) -> Result<(), String> {
+async fn delete_stored_proxy(app_handle: tauri::AppHandle, proxy_id: String) -> Result<(), String> {
  crate::proxy_manager::PROXY_MANAGER
-    .delete_stored_proxy(&proxy_id)
+    .delete_stored_proxy(&app_handle, &proxy_id)
    .map_err(|e| format!("Failed to delete stored proxy: {e}"))
 }

+#[tauri::command]
+async fn check_proxy_validity(
+  proxy_id: String,
+  proxy_settings: crate::browser::ProxySettings,
+) -> Result<crate::proxy_manager::ProxyCheckResult, String> {
+  crate::proxy_manager::PROXY_MANAGER
+    .check_proxy_validity(&proxy_id, &proxy_settings)
+    .await
+}
+
+#[tauri::command]
+fn get_cached_proxy_check(proxy_id: String) -> Option<crate::proxy_manager::ProxyCheckResult> {
+  crate::proxy_manager::PROXY_MANAGER.get_cached_proxy_check(&proxy_id)
+}
+
+#[tauri::command]
+async fn is_geoip_database_available() -> Result<bool, String> {
+  Ok(GeoIPDownloader::is_geoip_database_available())
+}
+
+#[tauri::command]
+async fn get_all_traffic_snapshots() -> Result<Vec<crate::traffic_stats::TrafficSnapshot>, String> {
+  Ok(
+    crate::traffic_stats::list_traffic_stats()
+      .into_iter()
+      .map(|s| s.to_snapshot())
+      .collect(),
+  )
+}
+
+#[tauri::command]
+async fn clear_all_traffic_stats() -> Result<(), String> {
+  crate::traffic_stats::clear_all_traffic_stats()
+    .map_err(|e| format!("Failed to clear traffic stats: {e}"))
+}
+
+#[tauri::command]
+async fn get_traffic_stats_for_period(
+  profile_id: String,
+  seconds: u64,
+) -> Result<Option<crate::traffic_stats::FilteredTrafficStats>, String> {
+  Ok(crate::traffic_stats::get_traffic_stats_for_period(
+    &profile_id,
+    seconds,
+  ))
+}
+
+#[tauri::command]
+async fn download_geoip_database(app_handle: tauri::AppHandle) -> Result<(), String> {
+  let downloader = GeoIPDownloader::instance();
+  downloader
+    .download_geoip_database(&app_handle)
+    .await
+    .map_err(|e| format!("Failed to download GeoIP database: {e}"))
+}
+
 #[cfg_attr(mobile, tauri::mobile_entry_point)]
 pub fn run() {
  let args: Vec<String> = env::args().collect();
  let startup_url = args.iter().find(|arg| arg.starts_with("http")).cloned();

  if let Some(url) = startup_url.clone() {
-    println!("Found startup URL in command line: {url}");
+    log::info!("Found startup URL in command line: {url}");
    let mut pending = PENDING_URLS.lock().unwrap();
    pending.push(url.clone());
  }

+  // Configure logging plugin with separate logs for dev and production
+  let log_file_name = if cfg!(debug_assertions) {
+    "DonutBrowserDev"
+  } else {
+    "DonutBrowser"
+  };
+
  tauri::Builder::default()
+    .plugin(
+      tauri_plugin_log::Builder::new()
+        .clear_targets() // Clear default targets to avoid duplicates
+        .target(Target::new(TargetKind::Stdout))
+        .target(Target::new(TargetKind::Webview))
+        .target(Target::new(TargetKind::LogDir {
+          file_name: Some(log_file_name.to_string()),
+        }))
+        .max_file_size(100_000) // 100KB
+        .level(log::LevelFilter::Info)
+        .format(|out, message, record| {
+          use chrono::Local;
+          let now = Local::now();
+          let timestamp = format!(
+            "{}.{:03}",
+            now.format("%Y-%m-%d %H:%M:%S"),
+            now.timestamp_subsec_millis()
+          );
+          out.finish(format_args!(
+            "[{}][{}][{}] {}",
+            timestamp,
+            record.target(),
+            record.level(),
+            message
+          ))
+        })
+        .build(),
+    )
    .plugin(tauri_plugin_single_instance::init(|_, args, _cwd| {
-      println!("Single instance triggered with args: {args:?}");
+      log::info!("Single instance triggered with args: {args:?}");
    }))
    .plugin(tauri_plugin_deep_link::init())
    .plugin(tauri_plugin_fs::init())
@@ -202,7 +344,7 @@ pub fn run() {
      #[allow(unused_variables)]
      let win_builder = WebviewWindowBuilder::new(app, "main", WebviewUrl::default())
        .title("Donut Browser")
-        .inner_size(900.0, 600.0)
+        .inner_size(800.0, 500.0)
        .resizable(false)
        .fullscreen(false)
        .center()
@@ -216,38 +358,18 @@ pub fn run() {
      #[cfg(target_os = "macos")]
      {
        if let Err(e) = window.set_transparent_titlebar(true) {
-          eprintln!("Failed to set transparent titlebar: {e}");
+          log::warn!("Failed to set transparent titlebar: {e}");
        }
      }

-      // Migrate profiles to UUID format if needed (async)
-      println!("Checking for profile migration...");
-      let browser_runner = browser_runner::BrowserRunner::new();
-      tauri::async_runtime::spawn(async move {
-        match browser_runner.migrate_profiles_to_uuid().await {
-          Ok(migrated) => {
-            if !migrated.is_empty() {
-              println!(
-                "Successfully migrated {} profiles: {:?}",
-                migrated.len(),
-                migrated
-              );
-            }
-          }
-          Err(e) => {
-            eprintln!("Warning: Failed to migrate profiles: {e}");
-          }
-        }
-      });
-
      // Set up deep link handler
      let handle = app.handle().clone();

-      #[cfg(any(windows, target_os = "linux"))]
+      #[cfg(windows)]
      {
-        // For Windows and Linux, register all deep links at runtime for development
+        // For Windows, register all deep links at runtime
        if let Err(e) = app.deep_link().register_all() {
-          eprintln!("Failed to register deep links: {e}");
+          log::warn!("Failed to register deep links: {e}");
        }
      }

@@ -255,7 +377,7 @@ pub fn run() {
      {
        // On macOS, try to register deep links for development builds
        if let Err(e) = app.deep_link().register_all() {
-          eprintln!(
+          log::debug!(
            "Note: Deep link registration failed on macOS (this is normal for production): {e}"
          );
        }
@@ -265,11 +387,11 @@ pub fn run() {
        let handle = handle.clone();
        move |event| {
          let urls = event.urls();
-          println!("Deep link event received with {} URLs", urls.len());
+          log::info!("Deep link event received with {} URLs", urls.len());

          for url in urls {
            let url_string = url.to_string();
-            println!("Deep link received: {url_string}");
+            log::info!("Deep link received: {url_string}");

            // Clone the handle for each async task
            let handle_clone = handle.clone();
@@ -277,7 +399,7 @@ pub fn run() {
            // Handle the URL asynchronously
            tauri::async_runtime::spawn(async move {
              if let Err(e) = handle_url_open(handle_clone, url_string.clone()).await {
-                eprintln!("Failed to handle deep link URL: {e}");
+                log::error!("Failed to handle deep link URL: {e}");
              }
            });
          }
@@ -287,9 +409,9 @@ pub fn run() {
      if let Some(startup_url) = startup_url {
        let handle_clone = handle.clone();
        tauri::async_runtime::spawn(async move {
-          println!("Processing startup URL from command line: {startup_url}");
+          log::info!("Processing startup URL from command line: {startup_url}");
          if let Err(e) = handle_url_open(handle_clone, startup_url.clone()).await {
-            eprintln!("Failed to handle startup URL: {e}");
+            log::error!("Failed to handle startup URL: {e}");
          }
        });
      }
@@ -309,7 +431,7 @@ pub fn run() {
        {
          let updater_guard = version_updater.lock().await;
          if let Err(e) = updater_guard.start_background_updates().await {
-            eprintln!("Failed to start background updates: {e}");
+            log::error!("Failed to start background updates: {e}");
          }
        }
      });
@@ -340,111 +462,260 @@ pub fn run() {
        };

        for url in pending_urls {
-          println!("Processing pending URL: {url}");
+          log::info!("Processing pending URL: {url}");
          if let Err(e) = handle_url_open(handle_pending.clone(), url).await {
-            eprintln!("Failed to handle pending URL: {e}");
+            log::error!("Failed to handle pending URL: {e}");
          }
        }
      });

      // Start periodic cleanup task for unused binaries
      tauri::async_runtime::spawn(async move {
-        let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(300)); // Every 5 minutes
+        let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(43200)); // Every 12 hours

        loop {
          interval.tick().await;

-          let browser_runner = crate::browser_runner::BrowserRunner::new();
-          if let Err(e) = browser_runner.cleanup_unused_binaries_internal() {
-            eprintln!("Periodic cleanup failed: {e}");
+          let registry =
+            crate::downloaded_browsers_registry::DownloadedBrowsersRegistry::instance();
+          if let Err(e) = registry.cleanup_unused_binaries() {
+            log::error!("Periodic cleanup failed: {e}");
          } else {
-            println!("Periodic cleanup completed successfully");
+            log::debug!("Periodic cleanup completed successfully");
          }
        }
      });

      let app_handle_update = app.handle().clone();
      tauri::async_runtime::spawn(async move {
-        println!("Starting app update check at startup...");
+        log::info!("Starting app update check at startup...");
        let updater = app_auto_updater::AppAutoUpdater::instance();
        match updater.check_for_updates().await {
          Ok(Some(update_info)) => {
-            println!(
+            log::info!(
              "App update available: {} -> {}",
-              update_info.current_version, update_info.new_version
+              update_info.current_version,
+              update_info.new_version
            );
            // Emit update available event to the frontend
            if let Err(e) = app_handle_update.emit("app-update-available", &update_info) {
-              eprintln!("Failed to emit app update event: {e}");
+              log::error!("Failed to emit app update event: {e}");
            } else {
-              println!("App update event emitted successfully");
+              log::debug!("App update event emitted successfully");
            }
          }
          Ok(None) => {
-            println!("No app updates available");
+            log::debug!("No app updates available");
          }
          Err(e) => {
-            eprintln!("Failed to check for app updates: {e}");
+            log::error!("Failed to check for app updates: {e}");
          }
        }
      });

      // Start Camoufox cleanup task
-      let app_handle_cleanup = app.handle().clone();
+      let _app_handle_cleanup = app.handle().clone();
      tauri::async_runtime::spawn(async move {
-        let launcher = crate::camoufox::CamoufoxNodecarLauncher::new(app_handle_cleanup);
+        let camoufox_manager = crate::camoufox_manager::CamoufoxManager::instance();
        let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(5));

        loop {
          interval.tick().await;

-          match launcher.cleanup_dead_instances().await {
-            Ok(dead_instances) => {
-              if !dead_instances.is_empty() {
-                println!(
-                  "Cleaned up {} dead Camoufox instances",
-                  dead_instances.len()
-                );
-              }
+          match camoufox_manager.cleanup_dead_instances().await {
+            Ok(_) => {
+              // Cleanup completed silently
            }
            Err(e) => {
-              eprintln!("Error during Camoufox cleanup: {e}");
+              log::error!("Error during Camoufox cleanup: {e}");
            }
          }
        }
      });

-      // Warm up nodecar binary in the background
+      // Check and download GeoIP database at startup if needed
+      let app_handle_geoip = app.handle().clone();
      tauri::async_runtime::spawn(async move {
-        println!("Starting nodecar warm-up...");
-        let start_time = std::time::Instant::now();
+        // Wait a bit for the app to fully initialize
+        tokio::time::sleep(tokio::time::Duration::from_secs(2)).await;

-        // Send a ping request to nodecar to trigger unpacking/warm-up
-        match tokio::process::Command::new("nodecar")
-          .arg("--version")
-          .output()
-          .await
-        {
-          Ok(output) => {
-            let duration = start_time.elapsed();
-            if output.status.success() {
-              println!(
-                "Nodecar warm-up completed successfully in {:.2}s",
-                duration.as_secs_f64()
-              );
+        let geoip_downloader = crate::geoip_downloader::GeoIPDownloader::instance();
+        match geoip_downloader.check_missing_geoip_database() {
+          Ok(true) => {
+            log::info!(
+              "GeoIP database is missing for Camoufox profiles, downloading at startup..."
+            );
+            let geoip_downloader = GeoIPDownloader::instance();
+            if let Err(e) = geoip_downloader
+              .download_geoip_database(&app_handle_geoip)
+              .await
+            {
+              log::error!("Failed to download GeoIP database at startup: {e}");
            } else {
-              println!(
-                "Nodecar warm-up completed with non-zero exit code in {:.2}s",
-                duration.as_secs_f64()
-              );
+              log::info!("GeoIP database downloaded successfully at startup");
+            }
+          }
+          Ok(false) => {
+            // No Camoufox profiles or GeoIP database already available
+          }
+          Err(e) => {
+            log::error!("Failed to check GeoIP database status at startup: {e}");
+          }
+        }
+      });
+
+      // Start proxy cleanup task for dead browser processes
+      let app_handle_proxy_cleanup = app.handle().clone();
+      tauri::async_runtime::spawn(async move {
+        let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(30));
+
+        loop {
+          interval.tick().await;
+
+          match crate::proxy_manager::PROXY_MANAGER
+            .cleanup_dead_proxies(app_handle_proxy_cleanup.clone())
+            .await
+          {
+            Ok(dead_pids) => {
+              if !dead_pids.is_empty() {
+                log::info!(
+                  "Cleaned up proxies for {} dead browser processes",
+                  dead_pids.len()
+                );
+              }
+            }
+            Err(e) => {
+              log::error!("Error during proxy cleanup: {e}");
+            }
+          }
+        }
+      });
+
+      // Periodically broadcast browser running status to the frontend
+      let app_handle_status = app.handle().clone();
+      tauri::async_runtime::spawn(async move {
+        let mut interval = tokio::time::interval(tokio::time::Duration::from_millis(500));
+        let mut last_running_states: std::collections::HashMap<String, bool> =
+          std::collections::HashMap::new();
+
+        loop {
+          interval.tick().await;
+
+          let runner = crate::browser_runner::BrowserRunner::instance();
+          // If listing profiles fails, skip this tick
+          let profiles = match runner.profile_manager.list_profiles() {
+            Ok(p) => p,
+            Err(e) => {
+              log::warn!("Failed to list profiles in status checker: {e}");
+              continue;
+            }
+          };
+
+          for profile in profiles {
+            // Check browser status and track changes
+            match runner
+              .check_browser_status(app_handle_status.clone(), &profile)
+              .await
+            {
+              Ok(is_running) => {
+                let profile_id = profile.id.to_string();
+                let last_state = last_running_states
+                  .get(&profile_id)
+                  .copied()
+                  .unwrap_or(false);
+
+                // Only emit event if state actually changed
+                if last_state != is_running {
+                  log::debug!(
+                    "Status checker detected change for profile {}: {} -> {}",
+                    profile.name,
+                    last_state,
+                    is_running
+                  );
+
+                  #[derive(serde::Serialize)]
+                  struct RunningChangedPayload {
+                    id: String,
+                    is_running: bool,
+                  }
+
+                  let payload = RunningChangedPayload {
+                    id: profile_id.clone(),
+                    is_running,
+                  };
+
+                  if let Err(e) = app_handle_status.emit("profile-running-changed", &payload) {
+                    log::warn!("Failed to emit profile running changed event: {e}");
+                  } else {
+                    log::debug!(
+                      "Status checker emitted profile-running-changed event for {}: running={}",
+                      profile.name,
+                      is_running
+                    );
+                  }
+
+                  last_running_states.insert(profile_id, is_running);
+                } else {
+                  // Update the state even if unchanged to ensure we have it tracked
+                  last_running_states.insert(profile_id, is_running);
+                }
+              }
+              Err(e) => {
+                log::warn!("Status check failed for profile {}: {}", profile.name, e);
+                continue;
+              }
+            }
+          }
+        }
+      });
+
+      // Nodecar warm-up is now triggered from the frontend to allow UI blocking overlay
+
+      // Start API server if enabled in settings
+      let app_handle_api = app.handle().clone();
+      tauri::async_runtime::spawn(async move {
+        match crate::settings_manager::get_app_settings(app_handle_api.clone()).await {
+          Ok(settings) => {
+            if settings.api_enabled {
+              log::info!("API is enabled in settings, starting API server...");
+              match crate::api_server::start_api_server_internal(settings.api_port, &app_handle_api)
+                .await
+              {
+                Ok(port) => {
+                  log::info!("API server started successfully on port {port}");
+                  // Emit success toast to frontend
+                  if let Err(e) = app_handle_api.emit(
+                    "show-toast",
+                    crate::api_server::ToastPayload {
+                      message: "API server started successfully".to_string(),
+                      variant: "success".to_string(),
+                      title: "Local API Started".to_string(),
+                      description: Some(format!("API server running on port {port}")),
+                    },
+                  ) {
+                    log::error!("Failed to emit API start toast: {e}");
+                  }
+                }
+                Err(e) => {
+                  log::error!("Failed to start API server at startup: {e}");
+                  // Emit error toast to frontend
+                  if let Err(toast_err) = app_handle_api.emit(
+                    "show-toast",
+                    crate::api_server::ToastPayload {
+                      message: "Failed to start API server".to_string(),
+                      variant: "error".to_string(),
+                      title: "Failed to Start Local API".to_string(),
+                      description: Some(format!("Error: {e}")),
+                    },
+                  ) {
+                    log::error!("Failed to emit API error toast: {toast_err}");
+                  }
+                }
+              }
            }
          }
          Err(e) => {
-            let duration = start_time.elapsed();
-            println!(
-              "Nodecar warm-up failed after {:.2}s: {e}",
-              duration.as_secs_f64()
-            );
+            log::error!("Failed to load app settings for API startup: {e}");
          }
        }
      });
@@ -464,9 +735,11 @@ pub fn run() {
      fetch_browser_versions_cached_first,
      fetch_browser_versions_with_count_cached_first,
      get_downloaded_browser_versions,
+      get_all_tags,
      get_browser_release_types,
      update_profile_proxy,
-      update_profile_version,
+      update_profile_tags,
+      update_profile_note,
      check_browser_status,
      kill_browser_profile,
      rename_profile,
@@ -482,24 +755,23 @@ pub fn run() {
      trigger_manual_version_update,
      get_version_update_status,
      check_for_browser_updates,
-      is_browser_disabled_for_update,
      dismiss_update_notification,
      complete_browser_update_with_auto_update,
      check_for_app_updates,
      check_for_app_updates_manual,
      download_and_install_app_update,
-      get_system_theme,
      detect_existing_profiles,
      import_browser_profile,
      check_missing_binaries,
+      check_missing_geoip_database,
      ensure_all_binaries_exist,
      create_stored_proxy,
      get_stored_proxies,
      update_stored_proxy,
      delete_stored_proxy,
+      check_proxy_validity,
+      get_cached_proxy_check,
      update_camoufox_config,
-      get_system_locale,
-      get_system_timezone,
      get_profile_groups,
      get_groups_with_profile_counts,
      create_profile_group,
@@ -507,6 +779,15 @@ pub fn run() {
      delete_profile_group,
      assign_profiles_to_group,
      delete_selected_profiles,
+      is_geoip_database_available,
+      download_geoip_database,
+      warm_up_nodecar,
+      start_api_server,
+      stop_api_server,
+      get_api_server_status,
+      get_all_traffic_snapshots,
+      clear_all_traffic_stats,
+      get_traffic_stats_for_period
    ])
    .run(tauri::generate_context!())
    .expect("error while running tauri application");
@@ -2,5 +2,5 @@
 #![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]

 fn main() {
-  donutbrowser::run()
+  donutbrowser_lib::run()
 }
@@ -8,6 +8,7 @@ use std::process::Command;
 #[cfg(target_os = "macos")]
 pub mod macos {
  use super::*;
+  use sysinfo::{Pid, System};

  pub fn is_tor_or_mullvad_browser(exe_name: &str, cmd: &[OsString], browser_type: &str) -> bool {
    match browser_type {
@@ -47,8 +48,39 @@ pub mod macos {
    executable_path: &std::path::Path,
    args: &[String],
  ) -> Result<std::process::Child, Box<dyn std::error::Error + Send + Sync>> {
-    println!("Launching browser on macOS: {executable_path:?} with args: {args:?}");
-    Ok(Command::new(executable_path).args(args).spawn()?)
+    log::info!("Launching browser on macOS: {executable_path:?} with args: {args:?}");
+    // If the executable is inside an app bundle, launch via Launch Services so
+    // macOS recognizes the real application for privacy permissions (e.g. Screen Recording).
+    // This ensures TCC prompts are attributed to the browser app, not our launcher.
+    let mut current = Some(executable_path);
+    let mut app_bundle: Option<std::path::PathBuf> = None;
+    while let Some(path) = current {
+      if let Some(file_name) = path.file_name().and_then(|s| s.to_str()) {
+        if file_name.ends_with(".app") {
+          app_bundle = Some(path.to_path_buf());
+          break;
+        }
+      }
+      current = path.parent();
+    }
+
+    if let Some(app_path) = app_bundle {
+      // Use `open -n -a <App>.app --args ...` to launch the app bundle.
+      // Note: The returned child PID will belong to `open`, not the browser.
+      // The caller should resolve the actual browser PID after launch.
+      let mut cmd = Command::new("open");
+      cmd.arg("-n");
+      cmd.arg("-a");
+      cmd.arg(app_path);
+      cmd.arg("--args");
+      for a in args {
+        cmd.arg(a);
+      }
+      Ok(cmd.spawn()?)
+    } else {
+      // Fallback: direct spawn if this is not an app bundle
+      Ok(Command::new(executable_path).args(args).spawn()?)
+    }
  }

  pub async fn open_url_in_existing_browser_firefox_like(
@@ -62,7 +94,7 @@ pub mod macos {
    let profile_data_path = profile.get_profile_data_path(profiles_dir);

    // First try: Use Firefox remote command
-    println!("Trying Firefox remote command for PID: {pid}");
+    log::info!("Trying Firefox remote command for PID: {pid}");
    let browser = create_browser(browser_type);
    if let Ok(executable_path) = browser.get_executable_path(browser_dir) {
      let remote_args = vec![
@@ -76,17 +108,17 @@ pub mod macos {

      match remote_output {
        Ok(output) if output.status.success() => {
-          println!("Firefox remote command succeeded");
+          log::info!("Firefox remote command succeeded");
          return Ok(());
        }
        Ok(output) => {
          let stderr = String::from_utf8_lossy(&output.stderr);
-          println!(
+          log::info!(
            "Firefox remote command failed with stderr: {stderr}, trying AppleScript fallback"
          );
        }
        Err(e) => {
-          println!("Firefox remote command error: {e}, trying AppleScript fallback");
+          log::info!("Firefox remote command error: {e}, trying AppleScript fallback");
        }
      }
    }
@@ -164,12 +196,12 @@ end try
      "#
    );

-    println!("Executing AppleScript fallback for Firefox-based browser (PID: {pid})...");
+    log::info!("Executing AppleScript fallback for Firefox-based browser (PID: {pid})...");
    let output = Command::new("osascript").args(["-e", &script]).output()?;

    if !output.status.success() {
      let error_msg = String::from_utf8_lossy(&output.stderr);
-      println!("AppleScript failed: {error_msg}");
+      log::info!("AppleScript failed: {error_msg}");
      return Err(
        format!(
          "Both Firefox remote command and AppleScript failed. AppleScript error: {error_msg}"
@@ -177,12 +209,172 @@ end try
        .into(),
      );
    } else {
-      println!("AppleScript succeeded");
+      log::info!("AppleScript succeeded");
    }

    Ok(())
  }

+  pub async fn kill_browser_process_impl(
+    pid: u32,
+    profile_data_path: Option<&str>,
+  ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+    log::info!("Attempting to kill browser process with PID: {pid}");
+
+    let mut pids_to_kill = vec![pid];
+
+    let descendants = get_all_descendant_pids(pid).await;
+    pids_to_kill.extend(descendants);
+
+    if let Some(profile_path) = profile_data_path {
+      let additional_pids = find_processes_by_profile_path(profile_path).await;
+      for p in additional_pids {
+        if !pids_to_kill.contains(&p) {
+          log::info!("Found additional process {} using profile path", p);
+          pids_to_kill.push(p);
+        }
+      }
+    }
+
+    log::info!("Total processes to kill: {:?}", pids_to_kill);
+
+    for &p in &pids_to_kill {
+      log::info!("Sending SIGKILL to PID: {p}");
+      let _ = Command::new("kill")
+        .args(["-KILL", &p.to_string()])
+        .output();
+    }
+
+    let pid_str = pid.to_string();
+
+    let _ = Command::new("pkill")
+      .args(["-KILL", "-P", &pid_str])
+      .output();
+
+    let _ = Command::new("pkill")
+      .args(["-KILL", "-g", &pid_str])
+      .output();
+
+    for &p in &pids_to_kill {
+      let system = System::new_all();
+      if system.process(Pid::from(p as usize)).is_some() {
+        log::info!("Process {p} still running, retrying kill");
+        let _ = Command::new("kill")
+          .args(["-KILL", &p.to_string()])
+          .output();
+      }
+    }
+
+    tokio::time::sleep(tokio::time::Duration::from_millis(500)).await;
+
+    let system = System::new_all();
+    let mut still_running = Vec::new();
+    for &p in &pids_to_kill {
+      if system.process(Pid::from(p as usize)).is_some() {
+        still_running.push(p);
+      }
+    }
+
+    if !still_running.is_empty() {
+      log::info!(
+        "Processes {:?} still running, trying final termination",
+        still_running
+      );
+
+      for p in &still_running {
+        let _ = Command::new("/bin/kill")
+          .args(["-KILL", &p.to_string()])
+          .output();
+      }
+
+      tokio::time::sleep(tokio::time::Duration::from_millis(1000)).await;
+
+      let system = System::new_all();
+      let mut final_still_running = Vec::new();
+      for &p in &pids_to_kill {
+        if system.process(Pid::from(p as usize)).is_some() {
+          final_still_running.push(p);
+        }
+      }
+
+      if !final_still_running.is_empty() {
+        log::error!(
+          "ERROR: Processes {:?} could not be terminated despite aggressive attempts",
+          final_still_running
+        );
+        return Err(
+          format!(
+            "Failed to terminate browser processes {:?} - still running",
+            final_still_running
+          )
+          .into(),
+        );
+      }
+    }
+
+    log::info!("Browser termination completed for PID: {pid}");
+    Ok(())
+  }
+
+  async fn find_processes_by_profile_path(profile_path: &str) -> Vec<u32> {
+    use sysinfo::System;
+
+    let mut pids = Vec::new();
+    let system = System::new_all();
+
+    for (pid, process) in system.processes() {
+      let cmd = process.cmd();
+      if cmd.is_empty() {
+        continue;
+      }
+
+      // Check if any command line argument contains the profile path
+      let has_profile = cmd.iter().any(|arg| {
+        if let Some(arg_str) = arg.to_str() {
+          arg_str.contains(profile_path)
+        } else {
+          false
+        }
+      });
+
+      if has_profile {
+        pids.push(pid.as_u32());
+      }
+    }
+
+    pids
+  }
+
+  // Recursively find all descendant processes
+  async fn get_all_descendant_pids(parent_pid: u32) -> Vec<u32> {
+    use sysinfo::System;
+
+    let system = System::new_all();
+    let mut descendants = Vec::new();
+    let mut to_check = vec![parent_pid];
+    let mut checked = std::collections::HashSet::new();
+
+    while let Some(current_pid) = to_check.pop() {
+      if checked.contains(&current_pid) {
+        continue;
+      }
+      checked.insert(current_pid);
+
+      // Find direct children of current_pid
+      for (pid, process) in system.processes() {
+        let pid_u32 = pid.as_u32();
+        if let Some(parent) = process.parent() {
+          if parent.as_u32() == current_pid && !checked.contains(&pid_u32) {
+            descendants.push(pid_u32);
+            to_check.push(pid_u32);
+          }
+        }
+      }
+    }
+
+    descendants
+  }
+
  pub async fn open_url_in_existing_browser_tor_mullvad(
    profile: &BrowserProfile,
    url: &str,
@@ -192,10 +384,10 @@ end try
  ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    let pid = profile.process_id.unwrap();

-    println!("Opening URL in TOR/Mullvad browser using file-based approach (PID: {pid})");
+    log::info!("Opening URL in TOR/Mullvad browser using file-based approach (PID: {pid})");

    // Method 1: Try using a temporary HTML file approach
-    println!("Attempting file-based URL opening for TOR/Mullvad browser");
+    log::info!("Attempting file-based URL opening for TOR/Mullvad browser");

    let temp_dir = std::env::temp_dir();
    let temp_file_name = format!("donut_browser_url_{}.html", std::process::id());
@@ -220,7 +412,7 @@ end try

    match std::fs::write(&temp_file_path, html_content) {
      Ok(()) => {
-        println!("Created temporary HTML file: {temp_file_path:?}");
+        log::info!("Created temporary HTML file: {temp_file_path:?}");

        let browser = create_browser(browser_type.clone());
        if let Ok(executable_path) = browser.get_executable_path(browser_dir) {
@@ -241,15 +433,15 @@ end try

          match open_result {
            Ok(output) if output.status.success() => {
-              println!("Successfully opened URL using file-based approach");
+              log::info!("Successfully opened URL using file-based approach");
              return Ok(());
            }
            Ok(output) => {
              let stderr = String::from_utf8_lossy(&output.stderr);
-              println!("File-based approach failed: {stderr}");
+              log::info!("File-based approach failed: {stderr}");
            }
            Err(e) => {
-              println!("File-based approach error: {e}");
+              log::info!("File-based approach error: {e}");
            }
          }
        }
@@ -257,12 +449,12 @@ end try
        let _ = std::fs::remove_file(&temp_file_path);
      }
      Err(e) => {
-        println!("Failed to create temporary HTML file: {e}");
+        log::info!("Failed to create temporary HTML file: {e}");
      }
    }

    // Method 2: Try using the 'open' command directly with the URL
-    println!("Attempting direct URL opening with 'open' command");
+    log::info!("Attempting direct URL opening with 'open' command");

    let browser = create_browser(browser_type.clone());
    if let Ok(executable_path) = browser.get_executable_path(browser_dir) {
@@ -272,15 +464,15 @@ end try

      match direct_open_result {
        Ok(output) if output.status.success() => {
-          println!("Successfully opened URL using direct 'open' command");
+          log::info!("Successfully opened URL using direct 'open' command");
          return Ok(());
        }
        Ok(output) => {
          let stderr = String::from_utf8_lossy(&output.stderr);
-          println!("Direct 'open' command failed: {stderr}");
+          log::info!("Direct 'open' command failed: {stderr}");
        }
        Err(e) => {
-          println!("Direct 'open' command error: {e}");
+          log::info!("Direct 'open' command error: {e}");
        }
      }
    }
@@ -309,7 +501,7 @@ end try
    let pid = profile.process_id.unwrap();

    // First, try using the browser's built-in URL opening capability
-    println!("Trying Chromium URL opening for PID: {pid}");
+    log::info!("Trying Chromium URL opening for PID: {pid}");

    let browser = create_browser(browser_type);
    if let Ok(executable_path) = browser.get_executable_path(browser_dir) {
@@ -323,15 +515,15 @@ end try

      match remote_output {
        Ok(output) if output.status.success() => {
-          println!("Chromium URL opening succeeded");
+          log::info!("Chromium URL opening succeeded");
          return Ok(());
        }
        Ok(output) => {
          let stderr = String::from_utf8_lossy(&output.stderr);
-          println!("Chromium URL opening failed: {stderr}, trying AppleScript");
+          log::info!("Chromium URL opening failed: {stderr}, trying AppleScript");
        }
        Err(e) => {
-          println!("Chromium URL opening error: {e}, trying AppleScript");
+          log::info!("Chromium URL opening error: {e}, trying AppleScript");
        }
      }
    }
@@ -409,54 +601,21 @@ end try
      "#
    );

-    println!("Executing AppleScript for Chromium-based browser (PID: {pid})...");
+    log::info!("Executing AppleScript for Chromium-based browser (PID: {pid})...");
    let output = Command::new("osascript").args(["-e", &script]).output()?;

    if !output.status.success() {
      let error_msg = String::from_utf8_lossy(&output.stderr);
-      println!("AppleScript failed: {error_msg}");
+      log::info!("AppleScript failed: {error_msg}");
      return Err(
        format!("Failed to open URL in existing Chromium-based browser: {error_msg}").into(),
      );
    } else {
-      println!("AppleScript succeeded");
+      log::info!("AppleScript succeeded");
    }

    Ok(())
  }
-
-  pub async fn kill_browser_process_impl(
-    pid: u32,
-  ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-    println!("Attempting to kill browser process with PID: {pid}");
-
-    // First try SIGTERM (graceful shutdown)
-    let output = Command::new("kill")
-      .args(["-TERM", &pid.to_string()])
-      .output()
-      .map_err(|e| format!("Failed to execute kill command: {e}"))?;
-
-    if !output.status.success() {
-      // If SIGTERM fails, try SIGKILL (force kill)
-      let output = Command::new("kill")
-        .args(["-KILL", &pid.to_string()])
-        .output()?;
-
-      if !output.status.success() {
-        return Err(
-          format!(
-            "Failed to kill process {}: {}",
-            pid,
-            String::from_utf8_lossy(&output.stderr)
-          )
-          .into(),
-        );
-      }
-    }
-
-    println!("Successfully killed browser process with PID: {pid}");
-    Ok(())
-  }
 }

 #[cfg(target_os = "windows")]
@@ -503,9 +662,10 @@ pub mod windows {
    executable_path: &std::path::Path,
    args: &[String],
  ) -> Result<std::process::Child, Box<dyn std::error::Error + Send + Sync>> {
-    println!(
+    log::info!(
      "Launching browser on Windows: {:?} with args: {:?}",
-      executable_path, args
+      executable_path,
+      args
    );

    // Check if the executable exists
@@ -544,7 +704,7 @@ pub mod windows {
      .spawn()
      .map_err(|e| format!("Failed to launch browser process: {}", e))?;

-    println!(
+    log::info!(
      "Successfully launched browser process with PID: {}",
      child.id()
    );
@@ -696,41 +856,10 @@ pub mod windows {
      cmd.current_dir(parent_dir);
    }

-    let output = cmd.output()?;
-
-    if !output.status.success() {
-      // Try fallback without --new-window
-      let mut fallback_cmd = Command::new(&executable_path);
-      fallback_cmd.args([
-        &format!(
-          "--user-data-dir={}",
-          profile
-            .get_profile_data_path(profiles_dir)
-            .to_string_lossy()
-        ),
-        url,
-      ]);
-
-      if let Some(parent_dir) = browser_dir
-        .parent()
-        .or_else(|| browser_dir.ancestors().nth(1))
-      {
-        fallback_cmd.current_dir(parent_dir);
-      }
-
-      let fallback_output = fallback_cmd.output()?;
-
-      if !fallback_output.status.success() {
-        return Err(
-          format!(
-            "Failed to open URL in existing Chromium-based browser: {}",
-            String::from_utf8_lossy(&fallback_output.stderr)
-          )
-          .into(),
-        );
-      }
-    }
-
+    // Do not call output() to avoid blocking the UI thread while the browser processes the request.
+    // Spawn the helper process and return immediately. This applies to Chromium-based browsers
+    // including Brave to prevent UI freezes observed in production.
+    let _child = cmd.spawn()?;
    Ok(())
  }

@@ -742,7 +871,7 @@ pub mod windows {
    let system = System::new_all();
    if let Some(process) = system.process(Pid::from(pid as usize)) {
      if process.kill() {
-        println!("Successfully killed browser process with PID: {pid}");
+        log::info!("Successfully killed browser process with PID: {pid}");
        return Ok(());
      }
    }
@@ -758,7 +887,7 @@ pub mod windows {
    match output {
      Ok(result) => {
        if result.status.success() {
-          println!("Successfully killed browser process with PID: {pid} using taskkill");
+          log::info!("Successfully killed browser process with PID: {pid} using taskkill");
          Ok(())
        } else {
          Err(
@@ -793,9 +922,10 @@ pub mod linux {
    executable_path: &std::path::Path,
    args: &[String],
  ) -> Result<std::process::Child, Box<dyn std::error::Error + Send + Sync>> {
-    println!(
+    log::info!(
      "Launching browser on Linux: {:?} with args: {:?}",
-      executable_path, args
+      executable_path,
+      args
    );

    // Check if the executable exists and is executable
@@ -859,7 +989,7 @@ pub mod linux {
      // Set the combined LD_LIBRARY_PATH
      if !ld_library_path.is_empty() {
        cmd.env("LD_LIBRARY_PATH", ld_library_path.join(":"));
-        println!("Set LD_LIBRARY_PATH to: {}", ld_library_path.join(":"));
+        log::info!("Set LD_LIBRARY_PATH to: {}", ld_library_path.join(":"));
      }
    }

@@ -876,7 +1006,7 @@ pub mod linux {

    // Disable GPU acceleration if running in headless environments
    if std::env::var("DISPLAY").is_err() || std::env::var("WAYLAND_DISPLAY").is_err() {
-      println!("No display detected, browser may fail to start");
+      log::info!("No display detected, browser may fail to start");
    }

    // Attempt to spawn with better error handling for architecture issues
@@ -1000,7 +1130,7 @@ pub mod linux {
      return Err(format!("Process {} not found", pid).into());
    }

-    println!("Successfully killed browser process with PID: {pid}");
+    log::info!("Successfully killed browser process with PID: {pid}");
    Ok(())
  }
 }
@@ -1,4 +1,4 @@
-use crate::camoufox::CamoufoxConfig;
+use crate::camoufox_manager::CamoufoxConfig;
 use serde::{Deserialize, Serialize};
 use std::path::{Path, PathBuf};

@@ -20,6 +20,10 @@ pub struct BrowserProfile {
  pub camoufox_config: Option<CamoufoxConfig>, // Camoufox configuration
  #[serde(default)]
  pub group_id: Option<String>, // Reference to profile group
+  #[serde(default)]
+  pub tags: Vec<String>, // Free-form tags
+  #[serde(default)]
+  pub note: Option<String>, // User note
 }

 pub fn default_release_type() -> String {
@@ -5,7 +5,8 @@ use std::fs::{self, create_dir_all};
 use std::path::{Path, PathBuf};

 use crate::browser::BrowserType;
-use crate::browser_runner::BrowserRunner;
+use crate::downloaded_browsers_registry::DownloadedBrowsersRegistry;
+use crate::profile::ProfileManager;

 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct DetectedProfile {
@@ -17,17 +18,23 @@ pub struct DetectedProfile {

 pub struct ProfileImporter {
  base_dirs: BaseDirs,
-  browser_runner: BrowserRunner,
+  downloaded_browsers_registry: &'static DownloadedBrowsersRegistry,
+  profile_manager: &'static ProfileManager,
 }

 impl ProfileImporter {
-  pub fn new() -> Self {
+  fn new() -> Self {
    Self {
      base_dirs: BaseDirs::new().expect("Failed to get base directories"),
-      browser_runner: BrowserRunner::new(),
+      downloaded_browsers_registry: DownloadedBrowsersRegistry::instance(),
+      profile_manager: ProfileManager::instance(),
    }
  }

+  pub fn instance() -> &'static ProfileImporter {
+    &PROFILE_IMPORTER
+  }
+
  /// Detect existing browser profiles on the system
  pub fn detect_existing_profiles(
    &self,
@@ -49,14 +56,11 @@ impl ProfileImporter {
    // Detect Chromium profiles
    detected_profiles.extend(self.detect_chromium_profiles()?);

-    // Detect Mullvad Browser profiles
-    detected_profiles.extend(self.detect_mullvad_browser_profiles()?);
-
    // Detect Zen Browser profiles
    detected_profiles.extend(self.detect_zen_browser_profiles()?);

-    // Detect TOR Browser profiles
-    detected_profiles.extend(self.detect_tor_browser_profiles()?);
+    // NOTE: Mullvad and Tor Browser profile imports are no longer supported.
+    // We intentionally do not detect these profiles to avoid offering them in the UI.

    // Remove duplicates based on path
    let mut seen_paths = HashSet::new();
@@ -240,45 +244,6 @@ impl ProfileImporter {
    Ok(profiles)
  }

-  /// Detect Mullvad Browser profiles
-  fn detect_mullvad_browser_profiles(
-    &self,
-  ) -> Result<Vec<DetectedProfile>, Box<dyn std::error::Error>> {
-    let mut profiles = Vec::new();
-
-    #[cfg(target_os = "macos")]
-    {
-      let mullvad_dir = self
-        .base_dirs
-        .home_dir()
-        .join("Library/Application Support/MullvadBrowser/Profiles");
-      profiles.extend(self.scan_firefox_profiles_dir(&mullvad_dir, "mullvad-browser")?);
-    }
-
-    #[cfg(target_os = "windows")]
-    {
-      // Primary location in AppData\Roaming
-      let app_data = self.base_dirs.data_dir();
-      let mullvad_dir = app_data.join("MullvadBrowser/Profiles");
-      profiles.extend(self.scan_firefox_profiles_dir(&mullvad_dir, "mullvad-browser")?);
-
-      // Also check common installation locations
-      let local_app_data = self.base_dirs.data_local_dir();
-      let mullvad_local_dir = local_app_data.join("MullvadBrowser/Profiles");
-      if mullvad_local_dir.exists() {
-        profiles.extend(self.scan_firefox_profiles_dir(&mullvad_local_dir, "mullvad-browser")?);
-      }
-    }
-
-    #[cfg(target_os = "linux")]
-    {
-      let mullvad_dir = self.base_dirs.home_dir().join(".mullvad-browser");
-      profiles.extend(self.scan_firefox_profiles_dir(&mullvad_dir, "mullvad-browser")?);
-    }
-
-    Ok(profiles)
-  }
-
  /// Detect Zen Browser profiles
  fn detect_zen_browser_profiles(
    &self,
@@ -310,107 +275,6 @@ impl ProfileImporter {
    Ok(profiles)
  }

-  /// Detect TOR Browser profiles
-  fn detect_tor_browser_profiles(
-    &self,
-  ) -> Result<Vec<DetectedProfile>, Box<dyn std::error::Error>> {
-    let mut profiles = Vec::new();
-
-    #[cfg(target_os = "macos")]
-    {
-      // TOR Browser on macOS is typically in Applications
-      let tor_dir = self
-        .base_dirs
-        .home_dir()
-        .join("Library/Application Support/TorBrowser-Data/Browser/profile.default");
-
-      if tor_dir.exists() {
-        profiles.push(DetectedProfile {
-          browser: "tor-browser".to_string(),
-          name: "TOR Browser - Default Profile".to_string(),
-          path: tor_dir.to_string_lossy().to_string(),
-          description: "Default TOR Browser profile".to_string(),
-        });
-      }
-    }
-
-    #[cfg(target_os = "windows")]
-    {
-      // Check common TOR Browser installation locations on Windows
-      let possible_paths = [
-        // Default installation in user directory
-        (
-          "Desktop",
-          "Desktop/Tor Browser/Browser/TorBrowser/Data/Browser/profile.default",
-        ),
-        // AppData locations
-        (
-          "AppData/Roaming",
-          "TorBrowser/Browser/TorBrowser/Data/Browser/profile.default",
-        ),
-        (
-          "AppData/Local",
-          "TorBrowser/Browser/TorBrowser/Data/Browser/profile.default",
-        ),
-      ];
-
-      let home_dir = self.base_dirs.home_dir();
-
-      for (location_name, relative_path) in &possible_paths {
-        let tor_dir = home_dir.join(relative_path);
-        if tor_dir.exists() {
-          profiles.push(DetectedProfile {
-            browser: "tor-browser".to_string(),
-            name: format!("TOR Browser - {} Profile", location_name),
-            path: tor_dir.to_string_lossy().to_string(),
-            description: format!("TOR Browser profile from {}", location_name),
-          });
-        }
-      }
-
-      // Also check AppData directories if available
-      let app_data = self.base_dirs.data_dir();
-      let tor_app_data =
-        app_data.join("TorBrowser/Browser/TorBrowser/Data/Browser/profile.default");
-      if tor_app_data.exists() {
-        profiles.push(DetectedProfile {
-          browser: "tor-browser".to_string(),
-          name: "TOR Browser - AppData Profile".to_string(),
-          path: tor_app_data.to_string_lossy().to_string(),
-          description: "TOR Browser profile from AppData".to_string(),
-        });
-      }
-    }
-
-    #[cfg(target_os = "linux")]
-    {
-      // Common TOR Browser locations on Linux
-      let possible_paths = [
-        ".local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default",
-        "tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default",
-        ".tor-browser/Browser/TorBrowser/Data/Browser/profile.default",
-        "Downloads/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default",
-      ];
-
-      let home_dir = self.base_dirs.home_dir();
-
-      for relative_path in &possible_paths {
-        let tor_dir = home_dir.join(relative_path);
-        if tor_dir.exists() {
-          profiles.push(DetectedProfile {
-            browser: "tor-browser".to_string(),
-            name: "TOR Browser - Default Profile".to_string(),
-            path: tor_dir.to_string_lossy().to_string(),
-            description: "TOR Browser profile".to_string(),
-          });
-          break; // Only add the first one found to avoid duplicates
-        }
-      }
-    }
-
-    Ok(profiles)
-  }
-
  /// Scan Firefox-style profiles directory
  fn scan_firefox_profiles_dir(
    &self,
@@ -645,6 +509,11 @@ impl ProfileImporter {
    browser_type: &str,
    new_profile_name: &str,
  ) -> Result<(), Box<dyn std::error::Error>> {
+    // Disable imports for Mullvad and Tor browsers
+    if browser_type == "mullvad-browser" || browser_type == "tor-browser" {
+      return Err("Importing Mullvad Browser or Tor Browser profiles is not supported".into());
+    }
+
    // Validate that source path exists
    let source_path = Path::new(source_path);
    if !source_path.exists() {
@@ -656,7 +525,7 @@ impl ProfileImporter {
      .map_err(|_| format!("Invalid browser type: {browser_type}"))?;

    // Check if a profile with this name already exists
-    let existing_profiles = self.browser_runner.list_profiles()?;
+    let existing_profiles = self.profile_manager.list_profiles()?;
    if existing_profiles
      .iter()
      .any(|p| p.name.to_lowercase() == new_profile_name.to_lowercase())
@@ -666,7 +535,7 @@ impl ProfileImporter {

    // Generate UUID for new profile and create the directory structure
    let profile_id = uuid::Uuid::new_v4();
-    let profiles_dir = self.browser_runner.get_profiles_dir();
+    let profiles_dir = self.profile_manager.get_profiles_dir();
    let new_profile_uuid_dir = profiles_dir.join(profile_id.to_string());
    let new_profile_data_dir = new_profile_uuid_dir.join("profile");

@@ -691,12 +560,14 @@ impl ProfileImporter {
      release_type: "stable".to_string(),
      camoufox_config: None,
      group_id: None,
+      tags: Vec::new(),
+      note: None,
    };

    // Save the profile metadata
-    self.browser_runner.save_profile(&profile)?;
+    self.profile_manager.save_profile(&profile)?;

-    println!(
+    log::info!(
      "Successfully imported profile '{}' from '{}'",
      new_profile_name,
      source_path.display()
@@ -711,9 +582,9 @@ impl ProfileImporter {
    browser_type: &str,
  ) -> Result<String, Box<dyn std::error::Error>> {
    // Check if any version of the browser is downloaded
-    let registry =
-      crate::downloaded_browsers::DownloadedBrowsersRegistry::load().unwrap_or_default();
-    let downloaded_versions = registry.get_downloaded_versions(browser_type);
+    let downloaded_versions = self
+      .downloaded_browsers_registry
+      .get_downloaded_versions(browser_type);

    if let Some(version) = downloaded_versions.first() {
      return Ok(version.clone());
@@ -755,7 +626,7 @@ impl ProfileImporter {
 // Tauri commands
 #[tauri::command]
 pub async fn detect_existing_profiles() -> Result<Vec<DetectedProfile>, String> {
-  let importer = ProfileImporter::new();
+  let importer = ProfileImporter::instance();
  importer
    .detect_existing_profiles()
    .map_err(|e| format!("Failed to detect existing profiles: {e}"))
@@ -767,8 +638,216 @@ pub async fn import_browser_profile(
  browser_type: String,
  new_profile_name: String,
 ) -> Result<(), String> {
-  let importer = ProfileImporter::new();
+  let importer = ProfileImporter::instance();
  importer
    .import_profile(&source_path, &browser_type, &new_profile_name)
    .map_err(|e| format!("Failed to import profile: {e}"))
 }
+
+// Global singleton instance
+lazy_static::lazy_static! {
+  static ref PROFILE_IMPORTER: ProfileImporter = ProfileImporter::new();
+}
+
+#[cfg(test)]
+mod tests {
+  use super::*;
+  use std::env;
+  use tempfile::TempDir;
+
+  fn create_test_profile_importer() -> (ProfileImporter, TempDir) {
+    let temp_dir = TempDir::new().expect("Failed to create temp directory");
+
+    // Set up a temporary home directory for testing
+    env::set_var("HOME", temp_dir.path());
+
+    let importer = ProfileImporter::new();
+    (importer, temp_dir)
+  }
+
+  #[test]
+  fn test_profile_importer_creation() {
+    let (_importer, _temp_dir) = create_test_profile_importer();
+    // Test passes if no panic occurs
+  }
+
+  #[test]
+  fn test_get_browser_display_name() {
+    let (importer, _temp_dir) = create_test_profile_importer();
+
+    assert_eq!(importer.get_browser_display_name("firefox"), "Firefox");
+    assert_eq!(
+      importer.get_browser_display_name("firefox-developer"),
+      "Firefox Developer"
+    );
+    assert_eq!(
+      importer.get_browser_display_name("chromium"),
+      "Chrome/Chromium"
+    );
+    assert_eq!(importer.get_browser_display_name("brave"), "Brave");
+    assert_eq!(
+      importer.get_browser_display_name("mullvad-browser"),
+      "Mullvad Browser"
+    );
+    assert_eq!(importer.get_browser_display_name("zen"), "Zen Browser");
+    assert_eq!(
+      importer.get_browser_display_name("tor-browser"),
+      "Tor Browser"
+    );
+    assert_eq!(
+      importer.get_browser_display_name("unknown"),
+      "Unknown Browser"
+    );
+  }
+
+  #[test]
+  fn test_detect_existing_profiles_no_panic() {
+    let (importer, _temp_dir) = create_test_profile_importer();
+
+    // This should not panic even if no browser profiles exist
+    let result = importer.detect_existing_profiles();
+    assert!(result.is_ok(), "detect_existing_profiles should not fail");
+
+    let _profiles = result.unwrap();
+    // We can't assert specific profiles since they depend on the system
+    // but we can verify the result is a valid Vec
+    // We can't assert specific profiles since they depend on the system
+    // but we can verify the result is a valid Vec (length check is always true for Vec, but shows intent)
+  }
+
+  #[test]
+  fn test_scan_firefox_profiles_dir_nonexistent() {
+    let (importer, temp_dir) = create_test_profile_importer();
+
+    let nonexistent_dir = temp_dir.path().join("nonexistent");
+    let result = importer.scan_firefox_profiles_dir(&nonexistent_dir, "firefox");
+
+    assert!(
+      result.is_ok(),
+      "Should handle nonexistent directory gracefully"
+    );
+    let profiles = result.unwrap();
+    assert!(
+      profiles.is_empty(),
+      "Should return empty vector for nonexistent directory"
+    );
+  }
+
+  #[test]
+  fn test_scan_chrome_profiles_dir_nonexistent() {
+    let (importer, temp_dir) = create_test_profile_importer();
+
+    let nonexistent_dir = temp_dir.path().join("nonexistent");
+    let result = importer.scan_chrome_profiles_dir(&nonexistent_dir, "chromium");
+
+    assert!(
+      result.is_ok(),
+      "Should handle nonexistent directory gracefully"
+    );
+    let profiles = result.unwrap();
+    assert!(
+      profiles.is_empty(),
+      "Should return empty vector for nonexistent directory"
+    );
+  }
+
+  #[test]
+  fn test_parse_firefox_profiles_ini_empty() {
+    let (importer, _temp_dir) = create_test_profile_importer();
+
+    let empty_content = "";
+    let profiles_dir = Path::new("/tmp");
+    let result = importer.parse_firefox_profiles_ini(empty_content, profiles_dir, "firefox");
+
+    assert!(result.is_ok(), "Should handle empty profiles.ini");
+    let profiles = result.unwrap();
+    assert!(
+      profiles.is_empty(),
+      "Should return empty vector for empty content"
+    );
+  }
+
+  #[test]
+  fn test_parse_firefox_profiles_ini_valid() {
+    let (importer, temp_dir) = create_test_profile_importer();
+
+    // Create a mock profile directory
+    let profiles_dir = temp_dir.path().join("profiles");
+    let profile_dir = profiles_dir.join("test.profile");
+    fs::create_dir_all(&profile_dir).expect("Should create profile directory");
+
+    // Create a prefs.js file to make it look like a valid profile
+    let prefs_file = profile_dir.join("prefs.js");
+    fs::write(&prefs_file, "// Firefox preferences").expect("Should create prefs.js");
+
+    let profiles_ini_content = r#"
+[Profile0]
+Name=Test Profile
+IsRelative=1
+Path=test.profile
+"#;
+
+    let result =
+      importer.parse_firefox_profiles_ini(profiles_ini_content, &profiles_dir, "firefox");
+
+    assert!(result.is_ok(), "Should parse valid profiles.ini");
+    let profiles = result.unwrap();
+    assert_eq!(profiles.len(), 1, "Should find one profile");
+    assert_eq!(profiles[0].name, "Firefox - Test Profile");
+    assert_eq!(profiles[0].browser, "firefox");
+  }
+
+  #[test]
+  fn test_copy_directory_recursive() {
+    let temp_dir = TempDir::new().expect("Failed to create temp directory");
+
+    // Create source directory structure
+    let source_dir = temp_dir.path().join("source");
+    let source_subdir = source_dir.join("subdir");
+    fs::create_dir_all(&source_subdir).expect("Should create source directories");
+
+    // Create some test files
+    let source_file1 = source_dir.join("file1.txt");
+    let source_file2 = source_subdir.join("file2.txt");
+    fs::write(&source_file1, "content1").expect("Should create file1");
+    fs::write(&source_file2, "content2").expect("Should create file2");
+
+    // Create destination directory
+    let dest_dir = temp_dir.path().join("dest");
+
+    // Copy recursively
+    let result = ProfileImporter::copy_directory_recursive(&source_dir, &dest_dir);
+    assert!(result.is_ok(), "Should copy directory successfully");
+
+    // Verify files were copied
+    let dest_file1 = dest_dir.join("file1.txt");
+    let dest_file2 = dest_dir.join("subdir").join("file2.txt");
+
+    assert!(dest_file1.exists(), "file1.txt should be copied");
+    assert!(dest_file2.exists(), "file2.txt should be copied");
+
+    let content1 = fs::read_to_string(&dest_file1).expect("Should read file1");
+    let content2 = fs::read_to_string(&dest_file2).expect("Should read file2");
+
+    assert_eq!(content1, "content1", "file1 content should match");
+    assert_eq!(content2, "content2", "file2 content should match");
+  }
+
+  #[test]
+  fn test_get_default_version_for_browser_no_versions() {
+    let (importer, _temp_dir) = create_test_profile_importer();
+
+    // This should fail since no versions are downloaded in test environment
+    let result = importer.get_default_version_for_browser("firefox");
+    assert!(
+      result.is_err(),
+      "Should fail when no versions are available"
+    );
+
+    let error_msg = result.unwrap_err().to_string();
+    assert!(
+      error_msg.contains("No downloaded versions found"),
+      "Error should mention no versions found"
+    );
+  }
+}
@@ -0,0 +1,269 @@
+use crate::proxy_storage::{
+  delete_proxy_config, generate_proxy_id, get_proxy_config, is_process_running, list_proxy_configs,
+  save_proxy_config, ProxyConfig,
+};
+use std::process::Stdio;
+lazy_static::lazy_static! {
+  static ref PROXY_PROCESSES: std::sync::Mutex<std::collections::HashMap<String, u32>> =
+    std::sync::Mutex::new(std::collections::HashMap::new());
+}
+
+pub async fn start_proxy_process(
+  upstream_url: Option<String>,
+  port: Option<u16>,
+) -> Result<ProxyConfig, Box<dyn std::error::Error>> {
+  start_proxy_process_with_profile(upstream_url, port, None).await
+}
+
+pub async fn start_proxy_process_with_profile(
+  upstream_url: Option<String>,
+  port: Option<u16>,
+  profile_id: Option<String>,
+) -> Result<ProxyConfig, Box<dyn std::error::Error>> {
+  let id = generate_proxy_id();
+  let upstream = upstream_url.unwrap_or_else(|| "DIRECT".to_string());
+
+  // Get available port if not specified
+  let local_port = port.unwrap_or_else(|| {
+    // Find an available port
+    let listener = std::net::TcpListener::bind("127.0.0.1:0").unwrap();
+    listener.local_addr().unwrap().port()
+  });
+
+  let config =
+    ProxyConfig::new(id.clone(), upstream, Some(local_port)).with_profile_id(profile_id.clone());
+  save_proxy_config(&config)?;
+
+  // Log profile_id for debugging
+  if let Some(ref pid) = profile_id {
+    log::info!("Saved proxy config {} with profile_id: {}", id, pid);
+  } else {
+    log::info!("Saved proxy config {} without profile_id", id);
+  }
+
+  // Spawn proxy worker process in the background using std::process::Command
+  // This ensures proper process detachment on Unix systems
+  let exe = std::env::current_exe()?;
+
+  #[cfg(unix)]
+  {
+    use std::os::unix::process::CommandExt;
+    use std::process::Command as StdCommand;
+
+    let mut cmd = StdCommand::new(&exe);
+    cmd.arg("proxy-worker");
+    cmd.arg("start");
+    cmd.arg("--id");
+    cmd.arg(&id);
+
+    cmd.stdin(Stdio::null());
+    cmd.stdout(Stdio::null());
+
+    #[cfg(debug_assertions)]
+    {
+      let log_path = std::path::PathBuf::from("/tmp").join(format!("donut-proxy-{}.log", id));
+      if let Ok(file) = std::fs::File::create(&log_path) {
+        log::error!("Proxy worker stderr will be logged to: {:?}", log_path);
+        cmd.stderr(Stdio::from(file));
+      } else {
+        cmd.stderr(Stdio::null());
+      }
+    }
+    #[cfg(not(debug_assertions))]
+    {
+      cmd.stderr(Stdio::null());
+    }
+
+    // Properly detach the process on Unix by creating a new session
+    unsafe {
+      cmd.pre_exec(|| {
+        // Create a new process group so the process survives parent exit
+        libc::setsid();
+
+        // Set high priority so the proxy is killed last under resource pressure
+        // Negative nice value = higher priority. Try -10, fall back to -5 if it fails.
+        if libc::setpriority(libc::PRIO_PROCESS, 0, -10) != 0 {
+          let _ = libc::setpriority(libc::PRIO_PROCESS, 0, -5);
+        }
+
+        Ok(())
+      });
+    }
+
+    // Spawn detached process
+    let child = cmd.spawn()?;
+    let pid = child.id();
+
+    // Store PID
+    {
+      let mut processes = PROXY_PROCESSES.lock().unwrap();
+      processes.insert(id.clone(), pid);
+    }
+
+    // Update config with PID
+    let mut config_with_pid = config.clone();
+    config_with_pid.pid = Some(pid);
+    save_proxy_config(&config_with_pid)?;
+
+    // Don't wait for the child - it's detached
+    drop(child);
+  }
+
+  #[cfg(windows)]
+  {
+    use std::os::windows::process::CommandExt;
+    use std::process::Command as StdCommand;
+    use windows::Win32::Foundation::CloseHandle;
+    use windows::Win32::System::Threading::{
+      OpenProcess, SetPriorityClass, ABOVE_NORMAL_PRIORITY_CLASS, PROCESS_SET_INFORMATION,
+    };
+
+    let mut cmd = StdCommand::new(&exe);
+    cmd.arg("proxy-worker");
+    cmd.arg("start");
+    cmd.arg("--id");
+    cmd.arg(&id);
+
+    cmd.stdin(Stdio::null());
+    cmd.stdout(Stdio::null());
+    cmd.stderr(Stdio::null());
+
+    // On Windows, use CREATE_NEW_PROCESS_GROUP flag for proper detachment
+    const CREATE_NEW_PROCESS_GROUP: u32 = 0x00000200;
+    cmd.creation_flags(CREATE_NEW_PROCESS_GROUP);
+
+    let child = cmd.spawn()?;
+    let pid = child.id();
+
+    // Set high priority so the proxy is killed last under resource pressure
+    unsafe {
+      if let Ok(handle) = OpenProcess(PROCESS_SET_INFORMATION, false, pid) {
+        let _ = SetPriorityClass(handle, ABOVE_NORMAL_PRIORITY_CLASS);
+        let _ = CloseHandle(handle);
+      }
+    }
+
+    // Store PID
+    {
+      let mut processes = PROXY_PROCESSES.lock().unwrap();
+      processes.insert(id.clone(), pid);
+    }
+
+    // Update config with PID
+    let mut config_with_pid = config.clone();
+    config_with_pid.pid = Some(pid);
+    save_proxy_config(&config_with_pid)?;
+
+    drop(child);
+  }
+
+  // Give the process a moment to start up before checking
+  tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
+
+  // Wait for the worker to bind to the port and update config
+  // Since we pre-allocated the port, the worker should bind immediately
+  // We check quickly with short intervals to make startup fast
+  let mut attempts = 0;
+  let max_attempts = 40; // 4 seconds max (40 * 100ms) - give it more time to start
+
+  loop {
+    // Use shorter sleep for faster startup
+    tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
+
+    if let Some(updated_config) = get_proxy_config(&id) {
+      // Check if local_url is set (worker has bound and updated config)
+      if let Some(ref local_url) = updated_config.local_url {
+        if !local_url.is_empty() {
+          if let Some(port) = updated_config.local_port {
+            // Try to connect immediately - port should be ready since we pre-allocated it
+            match tokio::time::timeout(
+              tokio::time::Duration::from_millis(100),
+              tokio::net::TcpStream::connect(("127.0.0.1", port)),
+            )
+            .await
+            {
+              Ok(Ok(_stream)) => {
+                // Port is listening and accepting connections!
+                return Ok(updated_config);
+              }
+              Ok(Err(_)) | Err(_) => {
+                // Port not ready yet, continue waiting
+              }
+            }
+          }
+        }
+      }
+    }
+
+    attempts += 1;
+    if attempts >= max_attempts {
+      // Try to get the config one more time for better error message
+      if let Some(config) = get_proxy_config(&id) {
+        // Check if process is still running
+        let process_running = config.pid.map(is_process_running).unwrap_or(false);
+        return Err(
+          format!(
+            "Proxy worker failed to start in time. Config: id={}, local_url={:?}, local_port={:?}, pid={:?}, process_running={}",
+            config.id, config.local_url, config.local_port, config.pid, process_running
+          )
+          .into(),
+        );
+      }
+      return Err(
+        format!(
+          "Proxy worker failed to start in time. Config not found for id: {}",
+          id
+        )
+        .into(),
+      );
+    }
+  }
+}
+
+pub async fn stop_proxy_process(id: &str) -> Result<bool, Box<dyn std::error::Error>> {
+  let config = get_proxy_config(id);
+
+  if let Some(config) = config {
+    if let Some(pid) = config.pid {
+      // Kill the process
+      #[cfg(unix)]
+      {
+        use std::process::Command;
+        let _ = Command::new("kill")
+          .arg("-TERM")
+          .arg(pid.to_string())
+          .output();
+      }
+      #[cfg(windows)]
+      {
+        use std::process::Command;
+        let _ = Command::new("taskkill")
+          .args(["/F", "/PID", &pid.to_string()])
+          .output();
+      }
+
+      // Wait a bit for the process to exit
+      tokio::time::sleep(tokio::time::Duration::from_millis(500)).await;
+
+      // Remove from tracking
+      {
+        let mut processes = PROXY_PROCESSES.lock().unwrap();
+        processes.remove(id);
+      }
+
+      // Delete the config file
+      delete_proxy_config(id);
+      return Ok(true);
+    }
+  }
+
+  Ok(false)
+}
+
+pub async fn stop_all_proxy_processes() -> Result<(), Box<dyn std::error::Error>> {
+  let configs = list_proxy_configs();
+  for config in configs {
+    let _ = stop_proxy_process(&config.id).await;
+  }
+  Ok(())
+}
@@ -0,0 +1,888 @@
+use crate::proxy_storage::ProxyConfig;
+use crate::traffic_stats::{get_traffic_tracker, init_traffic_tracker};
+use http_body_util::{BodyExt, Full};
+use hyper::body::Bytes;
+use hyper::server::conn::http1;
+use hyper::service::service_fn;
+use hyper::{Method, Request, Response, StatusCode};
+use hyper_util::rt::TokioIo;
+use std::convert::Infallible;
+use std::io;
+use std::net::SocketAddr;
+use std::pin::Pin;
+use std::sync::atomic::{AtomicU64, Ordering};
+use std::sync::Arc;
+use std::task::{Context, Poll};
+use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt, ReadBuf};
+use tokio::net::TcpListener;
+use tokio::net::TcpStream;
+use url::Url;
+
+/// Wrapper stream that counts bytes read and written
+struct CountingStream<S> {
+  inner: S,
+  bytes_read: Arc<AtomicU64>,
+  bytes_written: Arc<AtomicU64>,
+}
+
+impl<S> CountingStream<S> {
+  fn new(inner: S) -> Self {
+    Self {
+      inner,
+      bytes_read: Arc::new(AtomicU64::new(0)),
+      bytes_written: Arc::new(AtomicU64::new(0)),
+    }
+  }
+}
+
+impl<S: AsyncRead + Unpin> AsyncRead for CountingStream<S> {
+  fn poll_read(
+    mut self: Pin<&mut Self>,
+    cx: &mut Context<'_>,
+    buf: &mut ReadBuf<'_>,
+  ) -> Poll<io::Result<()>> {
+    let filled_before = buf.filled().len();
+    let result = Pin::new(&mut self.inner).poll_read(cx, buf);
+    if let Poll::Ready(Ok(())) = &result {
+      let bytes_read = buf.filled().len() - filled_before;
+      if bytes_read > 0 {
+        self
+          .bytes_read
+          .fetch_add(bytes_read as u64, Ordering::Relaxed);
+        // Update global tracker - count as received (data coming into proxy)
+        if let Some(tracker) = get_traffic_tracker() {
+          tracker.add_bytes_received(bytes_read as u64);
+        }
+      }
+    }
+    result
+  }
+}
+
+impl<S: AsyncWrite + Unpin> AsyncWrite for CountingStream<S> {
+  fn poll_write(
+    mut self: Pin<&mut Self>,
+    cx: &mut Context<'_>,
+    buf: &[u8],
+  ) -> Poll<io::Result<usize>> {
+    let result = Pin::new(&mut self.inner).poll_write(cx, buf);
+    if let Poll::Ready(Ok(n)) = &result {
+      self.bytes_written.fetch_add(*n as u64, Ordering::Relaxed);
+      // Update global tracker - count as sent (data going out of proxy)
+      if let Some(tracker) = get_traffic_tracker() {
+        tracker.add_bytes_sent(*n as u64);
+      }
+    }
+    result
+  }
+
+  fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+    Pin::new(&mut self.inner).poll_flush(cx)
+  }
+
+  fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+    Pin::new(&mut self.inner).poll_shutdown(cx)
+  }
+}
+
+// Wrapper to prepend consumed bytes to a stream
+struct PrependReader {
+  prepended: Vec<u8>,
+  prepended_pos: usize,
+  inner: TcpStream,
+}
+
+impl AsyncRead for PrependReader {
+  fn poll_read(
+    mut self: Pin<&mut Self>,
+    cx: &mut Context<'_>,
+    buf: &mut ReadBuf<'_>,
+  ) -> Poll<io::Result<()>> {
+    // First, read from prepended bytes if any
+    if self.prepended_pos < self.prepended.len() {
+      let available = self.prepended.len() - self.prepended_pos;
+      let to_copy = available.min(buf.remaining());
+      buf.put_slice(&self.prepended[self.prepended_pos..self.prepended_pos + to_copy]);
+      self.prepended_pos += to_copy;
+      return Poll::Ready(Ok(()));
+    }
+
+    // Then read from inner stream
+    Pin::new(&mut self.inner).poll_read(cx, buf)
+  }
+}
+
+impl AsyncWrite for PrependReader {
+  fn poll_write(
+    mut self: Pin<&mut Self>,
+    cx: &mut Context<'_>,
+    buf: &[u8],
+  ) -> Poll<io::Result<usize>> {
+    Pin::new(&mut self.inner).poll_write(cx, buf)
+  }
+
+  fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+    Pin::new(&mut self.inner).poll_flush(cx)
+  }
+
+  fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+    Pin::new(&mut self.inner).poll_shutdown(cx)
+  }
+}
+
+async fn handle_request(
+  req: Request<hyper::body::Incoming>,
+  upstream_url: Option<String>,
+) -> Result<Response<Full<Bytes>>, Infallible> {
+  // Handle CONNECT method for HTTPS tunneling
+  if req.method() == Method::CONNECT {
+    return handle_connect(req, upstream_url).await;
+  }
+
+  // Handle regular HTTP requests
+  handle_http(req, upstream_url).await
+}
+
+async fn handle_connect(
+  req: Request<hyper::body::Incoming>,
+  upstream_url: Option<String>,
+) -> Result<Response<Full<Bytes>>, Infallible> {
+  let authority = req.uri().authority().cloned();
+
+  if let Some(authority) = authority {
+    let target_addr = format!("{}", authority);
+
+    // Parse target host and port
+    let (target_host, target_port) = if let Some(colon_pos) = target_addr.find(':') {
+      let host = &target_addr[..colon_pos];
+      let port: u16 = target_addr[colon_pos + 1..].parse().unwrap_or(443);
+      (host, port)
+    } else {
+      (&target_addr[..], 443)
+    };
+
+    // If no upstream proxy, connect directly
+    if upstream_url.is_none()
+      || upstream_url
+        .as_ref()
+        .map(|s| s == "DIRECT")
+        .unwrap_or(false)
+    {
+      match TcpStream::connect(&target_addr).await {
+        Ok(_stream) => {
+          let mut response = Response::new(Full::new(Bytes::from("")));
+          *response.status_mut() = StatusCode::from_u16(200).unwrap();
+          return Ok(response);
+        }
+        Err(e) => {
+          log::error!("Failed to connect to {}: {}", target_addr, e);
+          let mut response =
+            Response::new(Full::new(Bytes::from(format!("Connection failed: {}", e))));
+          *response.status_mut() = StatusCode::BAD_GATEWAY;
+          return Ok(response);
+        }
+      }
+    }
+
+    // Connect through upstream proxy
+    let upstream = match upstream_url.as_ref().and_then(|u| Url::parse(u).ok()) {
+      Some(url) => url,
+      None => {
+        let mut response = Response::new(Full::new(Bytes::from("Invalid upstream URL")));
+        *response.status_mut() = StatusCode::BAD_GATEWAY;
+        return Ok(response);
+      }
+    };
+
+    let scheme = upstream.scheme();
+    match scheme {
+      "http" | "https" => {
+        // Use manual CONNECT for HTTP/HTTPS proxies
+        match connect_via_http_proxy(&upstream, target_host, target_port).await {
+          Ok(_) => {
+            let mut response = Response::new(Full::new(Bytes::from("")));
+            *response.status_mut() = StatusCode::from_u16(200).unwrap();
+            Ok(response)
+          }
+          Err(e) => {
+            log::error!("HTTP proxy CONNECT failed: {}", e);
+            let mut response = Response::new(Full::new(Bytes::from(format!(
+              "Proxy connection failed: {}",
+              e
+            ))));
+            *response.status_mut() = StatusCode::BAD_GATEWAY;
+            Ok(response)
+          }
+        }
+      }
+      "socks4" | "socks5" => {
+        // Use async-socks5 for SOCKS proxies
+        let host = upstream.host_str().unwrap_or("127.0.0.1");
+        let port = upstream.port().unwrap_or(1080);
+        let socks_addr = format!("{}:{}", host, port);
+
+        let username = upstream.username();
+        let password = upstream.password().unwrap_or("");
+
+        match connect_via_socks(
+          &socks_addr,
+          target_host,
+          target_port,
+          scheme == "socks5",
+          if !username.is_empty() {
+            Some((username, password))
+          } else {
+            None
+          },
+        )
+        .await
+        {
+          Ok(_stream) => {
+            let mut response = Response::new(Full::new(Bytes::from("")));
+            *response.status_mut() = StatusCode::from_u16(200).unwrap();
+            Ok(response)
+          }
+          Err(e) => {
+            log::error!("SOCKS connection failed: {}", e);
+            let mut response = Response::new(Full::new(Bytes::from(format!(
+              "SOCKS connection failed: {}",
+              e
+            ))));
+            *response.status_mut() = StatusCode::BAD_GATEWAY;
+            Ok(response)
+          }
+        }
+      }
+      _ => {
+        let mut response = Response::new(Full::new(Bytes::from("Unsupported upstream scheme")));
+        *response.status_mut() = StatusCode::BAD_GATEWAY;
+        Ok(response)
+      }
+    }
+  } else {
+    let mut response = Response::new(Full::new(Bytes::from("Bad Request")));
+    *response.status_mut() = StatusCode::BAD_REQUEST;
+    Ok(response)
+  }
+}
+
+async fn connect_via_http_proxy(
+  upstream: &Url,
+  target_host: &str,
+  target_port: u16,
+) -> Result<TcpStream, Box<dyn std::error::Error>> {
+  let proxy_host = upstream.host_str().unwrap_or("127.0.0.1");
+  let proxy_port = upstream.port().unwrap_or(8080);
+  let mut stream = TcpStream::connect((proxy_host, proxy_port)).await?;
+
+  // Add proxy authentication if provided
+  let mut connect_req = format!(
+    "CONNECT {}:{} HTTP/1.1\r\nHost: {}:{}\r\n",
+    target_host, target_port, target_host, target_port
+  );
+
+  if !upstream.username().is_empty() {
+    use base64::{engine::general_purpose, Engine as _};
+    let username = upstream.username();
+    let password = upstream.password().unwrap_or("");
+    let auth = general_purpose::STANDARD.encode(format!("{}:{}", username, password));
+    connect_req.push_str(&format!("Proxy-Authorization: Basic {}\r\n", auth));
+  }
+
+  connect_req.push_str("\r\n");
+
+  stream.write_all(connect_req.as_bytes()).await?;
+
+  let mut buffer = [0u8; 4096];
+  let n = stream.read(&mut buffer).await?;
+  let response = String::from_utf8_lossy(&buffer[..n]);
+
+  if response.starts_with("HTTP/1.1 200") || response.starts_with("HTTP/1.0 200") {
+    Ok(stream)
+  } else {
+    Err(format!("Upstream proxy CONNECT failed: {}", response).into())
+  }
+}
+
+async fn connect_via_socks(
+  socks_addr: &str,
+  target_host: &str,
+  target_port: u16,
+  is_socks5: bool,
+  auth: Option<(&str, &str)>,
+) -> Result<TcpStream, Box<dyn std::error::Error>> {
+  let mut stream = TcpStream::connect(socks_addr).await?;
+
+  if is_socks5 {
+    // SOCKS5 connection using async_socks5
+    use async_socks5::{connect, AddrKind, Auth};
+
+    let target = if let Ok(ip) = target_host.parse::<std::net::IpAddr>() {
+      AddrKind::Ip(std::net::SocketAddr::new(ip, target_port))
+    } else {
+      AddrKind::Domain(target_host.to_string(), target_port)
+    };
+
+    let auth_info: Option<Auth> = auth.map(|(user, pass)| Auth {
+      username: user.to_string(),
+      password: pass.to_string(),
+    });
+
+    connect(&mut stream, target, auth_info).await?;
+    Ok(stream)
+  } else {
+    // SOCKS4 - simplified implementation
+    let ip: std::net::IpAddr = target_host.parse()?;
+
+    let mut request = vec![0x04, 0x01]; // SOCKS4, CONNECT
+    request.extend_from_slice(&target_port.to_be_bytes());
+    match ip {
+      std::net::IpAddr::V4(ipv4) => {
+        request.extend_from_slice(&ipv4.octets());
+      }
+      std::net::IpAddr::V6(_) => {
+        return Err("SOCKS4 does not support IPv6".into());
+      }
+    }
+    request.push(0); // NULL terminator for userid
+
+    stream.write_all(&request).await?;
+
+    let mut response = [0u8; 8];
+    stream.read_exact(&mut response).await?;
+
+    if response[1] != 0x5A {
+      return Err("SOCKS4 connection failed".into());
+    }
+
+    Ok(stream)
+  }
+}
+
+async fn handle_http(
+  req: Request<hyper::body::Incoming>,
+  upstream_url: Option<String>,
+) -> Result<Response<Full<Bytes>>, Infallible> {
+  // Use reqwest for all HTTP requests as it handles proxies better
+  // This is faster and more reliable than trying to use hyper-proxy with version conflicts
+  use reqwest::Client;
+
+  // Extract domain for traffic tracking
+  let domain = req
+    .uri()
+    .host()
+    .map(|h| h.to_string())
+    .unwrap_or_else(|| "unknown".to_string());
+
+  let client_builder = Client::builder();
+  let client = if let Some(ref upstream) = upstream_url {
+    if upstream == "DIRECT" {
+      client_builder.build().unwrap_or_default()
+    } else {
+      // Build reqwest client with proxy
+      match build_reqwest_client_with_proxy(upstream) {
+        Ok(c) => c,
+        Err(e) => {
+          log::error!("Failed to create proxy client: {}", e);
+          let mut response = Response::new(Full::new(Bytes::from(format!(
+            "Proxy configuration error: {}",
+            e
+          ))));
+          *response.status_mut() = StatusCode::BAD_GATEWAY;
+          return Ok(response);
+        }
+      }
+    }
+  } else {
+    client_builder.build().unwrap_or_default()
+  };
+
+  // Convert hyper request to reqwest request
+  let uri = req.uri().to_string();
+  let method = req.method().clone();
+  let headers = req.headers().clone();
+
+  let mut request_builder = match method.as_str() {
+    "GET" => client.get(&uri),
+    "POST" => client.post(&uri),
+    "PUT" => client.put(&uri),
+    "DELETE" => client.delete(&uri),
+    "PATCH" => client.patch(&uri),
+    "HEAD" => client.head(&uri),
+    _ => {
+      let mut response = Response::new(Full::new(Bytes::from("Unsupported method")));
+      *response.status_mut() = StatusCode::METHOD_NOT_ALLOWED;
+      return Ok(response);
+    }
+  };
+
+  // Copy headers, but skip proxy-specific headers that shouldn't be forwarded
+  for (name, value) in headers.iter() {
+    // Skip proxy-specific headers - these are for the local proxy, not the upstream
+    if name.as_str().eq_ignore_ascii_case("proxy-authorization")
+      || name.as_str().eq_ignore_ascii_case("proxy-connection")
+      || name.as_str().eq_ignore_ascii_case("proxy-authenticate")
+    {
+      continue;
+    }
+    if let Ok(val) = value.to_str() {
+      request_builder = request_builder.header(name.as_str(), val);
+    }
+  }
+
+  // Get body
+  let body_bytes = match req.collect().await {
+    Ok(collected) => collected.to_bytes(),
+    Err(_) => Bytes::new(),
+  };
+
+  if !body_bytes.is_empty() {
+    request_builder = request_builder.body(body_bytes.to_vec());
+  }
+
+  // Execute request
+  match request_builder.send().await {
+    Ok(response) => {
+      let status = response.status();
+      let headers = response.headers().clone();
+      let body = response.bytes().await.unwrap_or_default();
+
+      // Record request in traffic tracker
+      let response_size = body.len() as u64;
+      if let Some(tracker) = get_traffic_tracker() {
+        tracker.record_request(&domain, body_bytes.len() as u64, response_size);
+      }
+
+      let mut hyper_response = Response::new(Full::new(body));
+      *hyper_response.status_mut() = StatusCode::from_u16(status.as_u16()).unwrap();
+
+      // Copy response headers
+      for (name, value) in headers.iter() {
+        if let Ok(val) = value.to_str() {
+          hyper_response
+            .headers_mut()
+            .insert(name, val.parse().unwrap());
+        }
+      }
+
+      Ok(hyper_response)
+    }
+    Err(e) => {
+      log::error!("Request failed: {}", e);
+      let mut response = Response::new(Full::new(Bytes::from(format!("Request failed: {}", e))));
+      *response.status_mut() = StatusCode::BAD_GATEWAY;
+      Ok(response)
+    }
+  }
+}
+
+fn build_reqwest_client_with_proxy(
+  upstream_url: &str,
+) -> Result<reqwest::Client, Box<dyn std::error::Error>> {
+  use reqwest::Proxy;
+
+  let client_builder = reqwest::Client::builder();
+
+  // Parse the upstream URL
+  let url = Url::parse(upstream_url)?;
+  let scheme = url.scheme();
+
+  let proxy = match scheme {
+    "http" | "https" => {
+      // For HTTP/HTTPS proxies, reqwest handles them directly
+      Proxy::http(upstream_url)?
+    }
+    "socks5" => {
+      // For SOCKS5, reqwest supports it directly
+      Proxy::all(upstream_url)?
+    }
+    "socks4" => {
+      // SOCKS4 is not directly supported by reqwest, would need custom handling
+      return Err("SOCKS4 not supported for HTTP requests via reqwest".into());
+    }
+    _ => {
+      return Err(format!("Unsupported proxy scheme: {}", scheme).into());
+    }
+  };
+
+  Ok(client_builder.proxy(proxy).build()?)
+}
+
+pub async fn run_proxy_server(config: ProxyConfig) -> Result<(), Box<dyn std::error::Error>> {
+  log::error!(
+    "Proxy worker starting, looking for config id: {}",
+    config.id
+  );
+
+  // Load the config from disk to get the latest state
+  let config = match crate::proxy_storage::get_proxy_config(&config.id) {
+    Some(c) => c,
+    None => {
+      log::error!("Config not found for id: {}", config.id);
+      return Err("Config not found".into());
+    }
+  };
+
+  log::error!(
+    "Found config: id={}, port={:?}, upstream={}, profile_id={:?}",
+    config.id,
+    config.local_port,
+    config.upstream_url,
+    config.profile_id
+  );
+
+  log::error!("Starting proxy server for config id: {}", config.id);
+
+  // Initialize traffic tracker with profile ID if available
+  // This can now be called multiple times to update the tracker
+  init_traffic_tracker(config.id.clone(), config.profile_id.clone());
+  log::error!(
+    "Traffic tracker initialized for proxy: {} (profile_id: {:?})",
+    config.id,
+    config.profile_id
+  );
+
+  // Verify tracker was initialized correctly
+  if let Some(tracker) = crate::traffic_stats::get_traffic_tracker() {
+    log::error!(
+      "Tracker verified: proxy_id={}, profile_id={:?}",
+      tracker.proxy_id,
+      tracker.profile_id
+    );
+  } else {
+    log::error!("WARNING: Tracker was not initialized!");
+  }
+
+  // Determine the bind address
+  let bind_addr = SocketAddr::from(([127, 0, 0, 1], config.local_port.unwrap_or(0)));
+
+  log::error!("Attempting to bind proxy server to {}", bind_addr);
+
+  // Bind to the port
+  let listener = TcpListener::bind(bind_addr).await?;
+  let actual_port = listener.local_addr()?.port();
+
+  log::error!("Successfully bound to port {}", actual_port);
+
+  // Update config with actual port and local_url
+  let mut updated_config = config.clone();
+  updated_config.local_port = Some(actual_port);
+  updated_config.local_url = Some(format!("http://127.0.0.1:{}", actual_port));
+
+  // Save the updated config
+  log::error!(
+    "Saving updated config with local_url={:?}",
+    updated_config.local_url
+  );
+  if !crate::proxy_storage::update_proxy_config(&updated_config) {
+    log::error!("Failed to update proxy config");
+    return Err("Failed to update proxy config".into());
+  }
+
+  let upstream_url = if updated_config.upstream_url == "DIRECT" {
+    None
+  } else {
+    Some(updated_config.upstream_url.clone())
+  };
+
+  log::error!("Proxy server bound to 127.0.0.1:{}", actual_port);
+  log::error!(
+    "Proxy server listening on 127.0.0.1:{} (ready to accept connections)",
+    actual_port
+  );
+  log::error!("Proxy server entering accept loop - process should stay alive");
+
+  // Start a background task to periodically flush traffic stats to disk
+  tokio::spawn(async move {
+    let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(1));
+    loop {
+      interval.tick().await;
+      if let Some(tracker) = get_traffic_tracker() {
+        if let Err(e) = tracker.flush_to_disk() {
+          log::error!("Failed to flush traffic stats: {}", e);
+        }
+      }
+    }
+  });
+
+  // Keep the runtime alive with an infinite loop
+  // This ensures the process doesn't exit even if there are no active connections
+  loop {
+    match listener.accept().await {
+      Ok((mut stream, _)) => {
+        let upstream = upstream_url.clone();
+
+        tokio::task::spawn(async move {
+          // Read first bytes to detect CONNECT requests
+          // CONNECT requests need special handling for tunneling
+          let mut peek_buffer = [0u8; 8];
+          match stream.read(&mut peek_buffer).await {
+            Ok(n) if n >= 7 => {
+              let request_start = String::from_utf8_lossy(&peek_buffer[..n.min(7)]);
+              if request_start.starts_with("CONNECT") {
+                // Handle CONNECT request manually for tunneling
+                let mut full_request = Vec::with_capacity(4096);
+                full_request.extend_from_slice(&peek_buffer[..n]);
+
+                // Read the rest of the CONNECT request
+                let mut remaining = [0u8; 4096];
+                loop {
+                  match stream.read(&mut remaining).await {
+                    Ok(0) => break,
+                    Ok(m) => {
+                      full_request.extend_from_slice(&remaining[..m]);
+                      if full_request.ends_with(b"\r\n\r\n") || full_request.ends_with(b"\n\n") {
+                        break;
+                      }
+                    }
+                    Err(_) => break,
+                  }
+                }
+
+                // Handle CONNECT manually
+                log::error!(
+                  "DEBUG: Handling CONNECT manually for: {}",
+                  String::from_utf8_lossy(&full_request[..full_request.len().min(100)])
+                );
+                if let Err(e) = handle_connect_from_buffer(stream, full_request, upstream).await {
+                  log::error!("Error handling CONNECT request: {:?}", e);
+                } else {
+                  log::error!("DEBUG: CONNECT handled successfully");
+                }
+                return;
+              }
+              // Not CONNECT - reconstruct stream with consumed bytes prepended
+              let prepended_bytes = peek_buffer[..n].to_vec();
+              let prepended_reader = PrependReader {
+                prepended: prepended_bytes,
+                prepended_pos: 0,
+                inner: stream,
+              };
+              let io = TokioIo::new(prepended_reader);
+              let service = service_fn(move |req| handle_request(req, upstream.clone()));
+
+              if let Err(err) = http1::Builder::new().serve_connection(io, service).await {
+                log::error!("Error serving connection: {:?}", err);
+              }
+              return;
+            }
+            _ => {}
+          }
+
+          // For non-CONNECT requests, use hyper's HTTP handling
+          let io = TokioIo::new(stream);
+          let service = service_fn(move |req| handle_request(req, upstream.clone()));
+
+          if let Err(err) = http1::Builder::new().serve_connection(io, service).await {
+            log::error!("Error serving connection: {:?}", err);
+          }
+        });
+      }
+      Err(e) => {
+        log::error!("Error accepting connection: {:?}", e);
+        // Continue accepting connections even if one fails
+        // Add a small delay to avoid busy-waiting on errors
+        tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
+      }
+    }
+  }
+}
+
+async fn handle_connect_from_buffer(
+  mut client_stream: TcpStream,
+  request_buffer: Vec<u8>,
+  upstream_url: Option<String>,
+) -> Result<(), Box<dyn std::error::Error>> {
+  // Parse the CONNECT request from the buffer
+  let request_str = String::from_utf8_lossy(&request_buffer);
+  let lines: Vec<&str> = request_str.lines().collect();
+
+  if lines.is_empty() {
+    let _ = client_stream
+      .write_all(b"HTTP/1.1 400 Bad Request\r\n\r\n")
+      .await;
+    return Err("Empty CONNECT request".into());
+  }
+
+  // Parse CONNECT request: "CONNECT host:port HTTP/1.1"
+  let parts: Vec<&str> = lines[0].split_whitespace().collect();
+  if parts.len() < 2 || parts[0] != "CONNECT" {
+    let _ = client_stream
+      .write_all(b"HTTP/1.1 400 Bad Request\r\n\r\n")
+      .await;
+    return Err("Invalid CONNECT request".into());
+  }
+
+  let target = parts[1];
+  let (target_host, target_port) = if let Some(colon_pos) = target.find(':') {
+    let host = &target[..colon_pos];
+    let port: u16 = target[colon_pos + 1..].parse().unwrap_or(443);
+    (host, port)
+  } else {
+    (target, 443)
+  };
+
+  // Record domain access in traffic tracker
+  let domain = target_host.to_string();
+  if let Some(tracker) = get_traffic_tracker() {
+    tracker.record_request(&domain, 0, 0);
+  }
+
+  // Connect to target (directly or via upstream proxy)
+  let target_stream = if upstream_url.is_none()
+    || upstream_url
+      .as_ref()
+      .map(|s| s == "DIRECT")
+      .unwrap_or(false)
+  {
+    // Direct connection
+    TcpStream::connect((target_host, target_port)).await?
+  } else {
+    // Connect via upstream proxy
+    let upstream = Url::parse(upstream_url.as_ref().unwrap())?;
+    let scheme = upstream.scheme();
+
+    match scheme {
+      "http" | "https" => {
+        // Connect via HTTP proxy CONNECT
+        let proxy_host = upstream.host_str().unwrap_or("127.0.0.1");
+        let proxy_port = upstream.port().unwrap_or(8080);
+        let mut proxy_stream = TcpStream::connect((proxy_host, proxy_port)).await?;
+
+        // Add authentication if provided
+        let mut connect_req = format!(
+          "CONNECT {}:{} HTTP/1.1\r\nHost: {}:{}\r\n",
+          target_host, target_port, target_host, target_port
+        );
+
+        if !upstream.username().is_empty() {
+          use base64::{engine::general_purpose, Engine as _};
+          let username = upstream.username();
+          let password = upstream.password().unwrap_or("");
+          let auth = general_purpose::STANDARD.encode(format!("{}:{}", username, password));
+          connect_req.push_str(&format!("Proxy-Authorization: Basic {}\r\n", auth));
+        }
+
+        connect_req.push_str("\r\n");
+
+        // Send CONNECT request to upstream proxy
+        proxy_stream.write_all(connect_req.as_bytes()).await?;
+
+        // Read response
+        let mut buffer = [0u8; 4096];
+        let n = proxy_stream.read(&mut buffer).await?;
+        let response = String::from_utf8_lossy(&buffer[..n]);
+
+        if !response.starts_with("HTTP/1.1 200") && !response.starts_with("HTTP/1.0 200") {
+          return Err(format!("Upstream proxy CONNECT failed: {}", response).into());
+        }
+
+        proxy_stream
+      }
+      "socks4" | "socks5" => {
+        // Connect via SOCKS proxy
+        let socks_host = upstream.host_str().unwrap_or("127.0.0.1");
+        let socks_port = upstream.port().unwrap_or(1080);
+        let socks_addr = format!("{}:{}", socks_host, socks_port);
+
+        let username = upstream.username();
+        let password = upstream.password().unwrap_or("");
+
+        connect_via_socks(
+          &socks_addr,
+          target_host,
+          target_port,
+          scheme == "socks5",
+          if !username.is_empty() {
+            Some((username, password))
+          } else {
+            None
+          },
+        )
+        .await?
+      }
+      _ => {
+        return Err(format!("Unsupported upstream proxy scheme: {}", scheme).into());
+      }
+    }
+  };
+
+  // Send 200 Connection Established response to client
+  // CRITICAL: Must flush after writing to ensure response is sent before tunneling
+  client_stream
+    .write_all(b"HTTP/1.1 200 Connection Established\r\n\r\n")
+    .await?;
+  client_stream.flush().await?;
+
+  log::error!("DEBUG: Sent 200 Connection Established response, starting tunnel");
+
+  // Now tunnel data bidirectionally with counting
+  // Wrap streams to count bytes transferred
+  let counting_client = CountingStream::new(client_stream);
+  let counting_target = CountingStream::new(target_stream);
+
+  // Get references for final stats
+  let client_read_counter = counting_client.bytes_read.clone();
+  let client_write_counter = counting_client.bytes_written.clone();
+  let target_read_counter = counting_target.bytes_read.clone();
+  let target_write_counter = counting_target.bytes_written.clone();
+
+  // Split streams for bidirectional copying
+  let (mut client_read, mut client_write) = tokio::io::split(counting_client);
+  let (mut target_read, mut target_write) = tokio::io::split(counting_target);
+
+  log::error!("DEBUG: Starting bidirectional tunnel");
+
+  // Spawn two tasks to forward data in both directions
+  let client_to_target = tokio::spawn(async move {
+    let result = tokio::io::copy(&mut client_read, &mut target_write).await;
+    match result {
+      Ok(bytes) => {
+        log::error!("DEBUG: Tunneled {} bytes from client->target", bytes);
+      }
+      Err(e) => {
+        log::error!("Error forwarding client->target: {:?}", e);
+      }
+    }
+  });
+
+  let target_to_client = tokio::spawn(async move {
+    let result = tokio::io::copy(&mut target_read, &mut client_write).await;
+    match result {
+      Ok(bytes) => {
+        log::error!("DEBUG: Tunneled {} bytes from target->client", bytes);
+      }
+      Err(e) => {
+        log::error!("Error forwarding target->client: {:?}", e);
+      }
+    }
+  });
+
+  // Wait for either direction to finish (connection closed)
+  tokio::select! {
+    _ = client_to_target => {
+      log::error!("DEBUG: Client->target tunnel closed");
+    }
+    _ = target_to_client => {
+      log::error!("DEBUG: Target->client tunnel closed");
+    }
+  }
+
+  // Log final byte counts and update domain stats
+  let final_sent =
+    client_read_counter.load(Ordering::Relaxed) + target_write_counter.load(Ordering::Relaxed);
+  let final_recv =
+    target_read_counter.load(Ordering::Relaxed) + client_write_counter.load(Ordering::Relaxed);
+  log::error!(
+    "DEBUG: Tunnel closed - sent: {} bytes, received: {} bytes",
+    final_sent,
+    final_recv
+  );
+
+  // Update domain-specific byte counts now that tunnel is complete
+  if let Some(tracker) = get_traffic_tracker() {
+    tracker.update_domain_bytes(&domain, final_sent, final_recv);
+  }
+
+  Ok(())
+}
@@ -0,0 +1,125 @@
+#[cfg(test)]
+mod tests {
+  use super::*;
+  use crate::proxy_runner::{start_proxy_process, stop_proxy_process};
+  use crate::proxy_storage::{delete_proxy_config, generate_proxy_id, list_proxy_configs};
+  use std::process::Command;
+  use std::time::Duration;
+  use tokio::net::TcpStream;
+  use tokio::time::sleep;
+
+  #[tokio::test]
+  async fn test_proxy_storage() {
+    // Test proxy config storage
+    let id = generate_proxy_id();
+    let config = crate::proxy_storage::ProxyConfig::new(id.clone(), "DIRECT".to_string(), Some(8080));
+
+    // Save config
+    crate::proxy_storage::save_proxy_config(&config).unwrap();
+
+    // Load config
+    let loaded = crate::proxy_storage::get_proxy_config(&id).unwrap();
+    assert_eq!(loaded.id, id);
+    assert_eq!(loaded.upstream_url, "DIRECT");
+    assert_eq!(loaded.local_port, Some(8080));
+
+    // Delete config
+    assert!(crate::proxy_storage::delete_proxy_config(&id));
+    assert!(crate::proxy_storage::get_proxy_config(&id).is_none());
+  }
+
+  #[tokio::test]
+  async fn test_proxy_id_generation() {
+    let id1 = generate_proxy_id();
+    let id2 = generate_proxy_id();
+    assert_ne!(id1, id2);
+    assert!(id1.starts_with("proxy_"));
+  }
+
+  #[tokio::test]
+  async fn test_proxy_process_lifecycle() {
+    // Start a direct proxy
+    let config = start_proxy_process(None, Some(0)).await.unwrap();
+    let id = config.id.clone();
+
+    // Verify config was saved
+    let loaded = crate::proxy_storage::get_proxy_config(&id).unwrap();
+    assert_eq!(loaded.id, id);
+
+    // Wait a bit for the proxy to start
+    sleep(Duration::from_millis(500)).await;
+
+    // Stop the proxy
+    let stopped = stop_proxy_process(&id).await.unwrap();
+    assert!(stopped);
+
+    // Verify config was deleted
+    assert!(crate::proxy_storage::get_proxy_config(&id).is_none());
+  }
+
+  #[tokio::test]
+  async fn test_proxy_with_upstream_http() {
+    // Start a proxy with HTTP upstream (using a non-existent proxy for testing)
+    let upstream_url = "http://127.0.0.1:9999";
+    let config = start_proxy_process(Some(upstream_url.to_string()), Some(0))
+      .await
+      .unwrap();
+
+    let id = config.id.clone();
+
+    // Wait a bit
+    sleep(Duration::from_millis(500)).await;
+
+    // Clean up
+    let _ = stop_proxy_process(&id).await;
+  }
+
+  #[tokio::test]
+  async fn test_proxy_with_upstream_socks5() {
+    // Start a proxy with SOCKS5 upstream
+    let upstream_url = "socks5://127.0.0.1:1080";
+    let config = start_proxy_process(Some(upstream_url.to_string()), Some(0))
+      .await
+      .unwrap();
+
+    let id = config.id.clone();
+
+    // Wait a bit
+    sleep(Duration::from_millis(500)).await;
+
+    // Clean up
+    let _ = stop_proxy_process(&id).await;
+  }
+
+  #[tokio::test]
+  async fn test_proxy_port_assignment() {
+    // Start multiple proxies and verify they get different ports
+    let config1 = start_proxy_process(None, None).await.unwrap();
+    sleep(Duration::from_millis(100)).await;
+    let config2 = start_proxy_process(None, None).await.unwrap();
+
+    // They should have different IDs
+    assert_ne!(config1.id, config2.id);
+
+    // Clean up
+    let _ = stop_proxy_process(&config1.id).await;
+    let _ = stop_proxy_process(&config2.id).await;
+  }
+
+  #[tokio::test]
+  async fn test_proxy_list() {
+    // Start a few proxies
+    let config1 = start_proxy_process(None, None).await.unwrap();
+    sleep(Duration::from_millis(100)).await;
+    let config2 = start_proxy_process(None, None).await.unwrap();
+
+    // List all proxies
+    let configs = list_proxy_configs();
+    assert!(configs.len() >= 2);
+
+    // Clean up
+    let _ = stop_proxy_process(&config1.id).await;
+    let _ = stop_proxy_process(&config2.id).await;
+  }
+}
+
@@ -0,0 +1,138 @@
+use directories::BaseDirs;
+use serde::{Deserialize, Serialize};
+use std::fs;
+use std::path::PathBuf;
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ProxyConfig {
+  pub id: String,
+  pub upstream_url: String, // Can be "DIRECT" for direct proxy
+  pub local_port: Option<u16>,
+  pub ignore_proxy_certificate: Option<bool>,
+  pub local_url: Option<String>,
+  pub pid: Option<u32>,
+  #[serde(default)]
+  pub profile_id: Option<String>,
+}
+
+impl ProxyConfig {
+  pub fn new(id: String, upstream_url: String, local_port: Option<u16>) -> Self {
+    Self {
+      id,
+      upstream_url,
+      local_port,
+      ignore_proxy_certificate: None,
+      local_url: None,
+      pid: None,
+      profile_id: None,
+    }
+  }
+
+  pub fn with_profile_id(mut self, profile_id: Option<String>) -> Self {
+    self.profile_id = profile_id;
+    self
+  }
+}
+
+pub fn get_storage_dir() -> PathBuf {
+  let base_dirs = BaseDirs::new().expect("Failed to get base directories");
+  let mut path = base_dirs.data_local_dir().to_path_buf();
+  path.push(if cfg!(debug_assertions) {
+    "DonutBrowserDev"
+  } else {
+    "DonutBrowser"
+  });
+  path.push("proxies");
+  path
+}
+
+pub fn save_proxy_config(config: &ProxyConfig) -> Result<(), Box<dyn std::error::Error>> {
+  let storage_dir = get_storage_dir();
+  fs::create_dir_all(&storage_dir)?;
+
+  let file_path = storage_dir.join(format!("{}.json", config.id));
+  let content = serde_json::to_string_pretty(config)?;
+  fs::write(&file_path, content)?;
+
+  Ok(())
+}
+
+pub fn get_proxy_config(id: &str) -> Option<ProxyConfig> {
+  let storage_dir = get_storage_dir();
+  let file_path = storage_dir.join(format!("{}.json", id));
+
+  if !file_path.exists() {
+    return None;
+  }
+
+  match fs::read_to_string(&file_path) {
+    Ok(content) => serde_json::from_str(&content).ok(),
+    Err(_) => None,
+  }
+}
+
+pub fn delete_proxy_config(id: &str) -> bool {
+  let storage_dir = get_storage_dir();
+  let file_path = storage_dir.join(format!("{}.json", id));
+
+  if !file_path.exists() {
+    return false;
+  }
+
+  fs::remove_file(&file_path).is_ok()
+}
+
+pub fn list_proxy_configs() -> Vec<ProxyConfig> {
+  let storage_dir = get_storage_dir();
+
+  if !storage_dir.exists() {
+    return Vec::new();
+  }
+
+  let mut configs = Vec::new();
+  if let Ok(entries) = fs::read_dir(&storage_dir) {
+    for entry in entries.flatten() {
+      let path = entry.path();
+      if path.extension().is_some_and(|ext| ext == "json") {
+        if let Ok(content) = fs::read_to_string(&path) {
+          if let Ok(config) = serde_json::from_str::<ProxyConfig>(&content) {
+            configs.push(config);
+          }
+        }
+      }
+    }
+  }
+
+  configs
+}
+
+pub fn update_proxy_config(config: &ProxyConfig) -> bool {
+  let storage_dir = get_storage_dir();
+  let file_path = storage_dir.join(format!("{}.json", config.id));
+
+  if !file_path.exists() {
+    return false;
+  }
+
+  match serde_json::to_string_pretty(config) {
+    Ok(content) => fs::write(&file_path, content).is_ok(),
+    Err(_) => false,
+  }
+}
+
+pub fn generate_proxy_id() -> String {
+  format!(
+    "proxy_{}_{}",
+    std::time::SystemTime::now()
+      .duration_since(std::time::UNIX_EPOCH)
+      .unwrap()
+      .as_secs(),
+    rand::random::<u32>()
+  )
+}
+
+pub fn is_process_running(pid: u32) -> bool {
+  use sysinfo::{Pid, System};
+  let system = System::new_all();
+  system.process(Pid::from(pid as usize)).is_some()
+}
@@ -3,8 +3,11 @@ use serde::{Deserialize, Serialize};
 use std::fs::{self, create_dir_all};
 use std::path::PathBuf;

-use crate::api_client::ApiClient;
-use crate::version_updater;
+use aes_gcm::{
+  aead::{Aead, AeadCore, KeyInit, OsRng},
+  Aes256Gcm, Key, Nonce,
+};
+use argon2::{password_hash::SaltString, Argon2, PasswordHasher};

 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct TableSortingSettings {
@@ -25,22 +28,35 @@ impl Default for TableSortingSettings {
 pub struct AppSettings {
  #[serde(default)]
  pub set_as_default_browser: bool,
-  #[serde(default)]
-  pub show_settings_on_startup: bool,
  #[serde(default = "default_theme")]
  pub theme: String, // "light", "dark", or "system"
+  #[serde(default)]
+  pub custom_theme: Option<std::collections::HashMap<String, String>>, // CSS var name -> value (e.g., "--background": "#1a1b26")
+  #[serde(default)]
+  pub api_enabled: bool,
+  #[serde(default = "default_api_port")]
+  pub api_port: u16,
+  #[serde(default)]
+  pub api_token: Option<String>, // Displayed token for user to copy
 }

 fn default_theme() -> String {
  "system".to_string()
 }

+fn default_api_port() -> u16 {
+  10108
+}
+
 impl Default for AppSettings {
  fn default() -> Self {
    Self {
      set_as_default_browser: false,
-      show_settings_on_startup: true,
      theme: "system".to_string(),
+      custom_theme: None,
+      api_enabled: false,
+      api_port: 10108,
+      api_token: None,
    }
  }
 }
@@ -94,17 +110,17 @@ impl SettingsManager {
      Ok(settings) => {
        // Save the settings back to ensure any missing fields are written with defaults
        if let Err(e) = self.save_settings(&settings) {
-          eprintln!("Warning: Failed to update settings file with defaults: {e}");
+          log::warn!("Warning: Failed to update settings file with defaults: {e}");
        }
        Ok(settings)
      }
      Err(e) => {
-        eprintln!("Warning: Failed to parse settings file, using defaults: {e}");
+        log::warn!("Warning: Failed to parse settings file, using defaults: {e}");
        let default_settings = AppSettings::default();

        // Try to save default settings to fix the corrupted file
        if let Err(save_error) = self.save_settings(&default_settings) {
-          eprintln!("Warning: Failed to save default settings: {save_error}");
+          log::warn!("Warning: Failed to save default settings: {save_error}");
        }

        Ok(default_settings)
@@ -151,30 +167,260 @@ impl SettingsManager {
  }

  pub fn should_show_settings_on_startup(&self) -> Result<bool, Box<dyn std::error::Error>> {
-    let settings = self.load_settings()?;
+    // Always return false - we don't show settings on startup anymore
+    Ok(false)
+  }

-    // Show prompt if:
-    // 1. User wants to see the prompt
-    // 2. Donut Browser is not set as default
-    // 3. User hasn't explicitly disabled the default browser setting
-    Ok(settings.show_settings_on_startup && !settings.set_as_default_browser)
+  fn get_vault_password() -> String {
+    env!("DONUT_BROWSER_VAULT_PASSWORD").to_string()
+  }
+
+  pub async fn generate_api_token(
+    &self,
+    app_handle: &tauri::AppHandle,
+  ) -> Result<String, Box<dyn std::error::Error>> {
+    // Generate a secure random token (base64 encoded for URL safety)
+    let token_bytes: [u8; 32] = {
+      use rand::RngCore;
+      let mut rng = rand::rng();
+      let mut bytes = [0u8; 32];
+      rng.fill_bytes(&mut bytes);
+      bytes
+    };
+    use base64::{engine::general_purpose, Engine as _};
+    let token = general_purpose::URL_SAFE_NO_PAD.encode(token_bytes);
+
+    // Store token securely
+    self.store_api_token(app_handle, &token).await?;
+
+    Ok(token)
+  }
+
+  pub async fn store_api_token(
+    &self,
+    _app_handle: &tauri::AppHandle,
+    token: &str,
+  ) -> Result<(), Box<dyn std::error::Error>> {
+    // Store token in an encrypted file using Argon2 + AES-GCM
+    let token_file = self.get_settings_dir().join("api_token.dat");
+
+    // Create directory if it doesn't exist
+    if let Some(parent) = token_file.parent() {
+      std::fs::create_dir_all(parent)?;
+    }
+
+    let vault_password = Self::get_vault_password();
+
+    // Generate a random salt for Argon2
+    let salt = SaltString::generate(&mut OsRng);
+
+    // Use Argon2 to derive a 32-byte key from the vault password
+    let argon2 = Argon2::default();
+    let password_hash = argon2
+      .hash_password(vault_password.as_bytes(), &salt)
+      .map_err(|e| format!("Argon2 key derivation failed: {e}"))?;
+    let hash_value = password_hash.hash.unwrap();
+    let hash_bytes = hash_value.as_bytes();
+
+    // Take first 32 bytes for AES-256 key
+    let key_bytes: [u8; 32] = hash_bytes[..32]
+      .try_into()
+      .map_err(|_| "Invalid key length")?;
+    let key = Key::<Aes256Gcm>::from(key_bytes);
+    let cipher = Aes256Gcm::new(&key);
+
+    // Generate a random nonce
+    let nonce = Aes256Gcm::generate_nonce(&mut OsRng);
+
+    // Encrypt the token
+    let ciphertext = cipher
+      .encrypt(&nonce, token.as_bytes())
+      .map_err(|e| format!("Encryption failed: {e}"))?;
+
+    // Create file data with header, salt, nonce, and encrypted data
+    let mut file_data = Vec::new();
+    file_data.extend_from_slice(b"DBAPI"); // 5-byte header
+    file_data.push(2u8); // Version 2 (Argon2 + AES-GCM)
+
+    // Store salt length and salt
+    let salt_str = salt.as_str();
+    file_data.push(salt_str.len() as u8);
+    file_data.extend_from_slice(salt_str.as_bytes());
+
+    // Store nonce (12 bytes for AES-GCM)
+    file_data.extend_from_slice(&nonce);
+
+    // Store ciphertext length and ciphertext
+    file_data.extend_from_slice(&(ciphertext.len() as u32).to_le_bytes());
+    file_data.extend_from_slice(&ciphertext);
+
+    std::fs::write(token_file, file_data)?;
+    Ok(())
+  }
+
+  pub async fn get_api_token(
+    &self,
+    _app_handle: &tauri::AppHandle,
+  ) -> Result<Option<String>, Box<dyn std::error::Error>> {
+    let token_file = self.get_settings_dir().join("api_token.dat");
+
+    if !token_file.exists() {
+      return Ok(None);
+    }
+
+    let file_data = std::fs::read(token_file)?;
+
+    // Validate header
+    if file_data.len() < 6 || &file_data[0..5] != b"DBAPI" {
+      return Ok(None);
+    }
+
+    let version = file_data[5];
+
+    // Only support Argon2 + AES-GCM (version 2)
+    if version != 2 {
+      return Ok(None);
+    }
+
+    // Argon2 + AES-GCM decryption
+    let mut offset = 6;
+
+    // Read salt
+    if offset >= file_data.len() {
+      return Ok(None);
+    }
+    let salt_len = file_data[offset] as usize;
+    offset += 1;
+
+    if offset + salt_len > file_data.len() {
+      return Ok(None);
+    }
+    let salt_bytes = &file_data[offset..offset + salt_len];
+    let salt_str = std::str::from_utf8(salt_bytes).map_err(|_| "Invalid salt encoding")?;
+    let salt = SaltString::from_b64(salt_str).map_err(|_| "Invalid salt format")?;
+    offset += salt_len;
+
+    // Read nonce (12 bytes)
+    if offset + 12 > file_data.len() {
+      return Ok(None);
+    }
+    let nonce_bytes: [u8; 12] = file_data[offset..offset + 12]
+      .try_into()
+      .map_err(|_| "Invalid nonce length")?;
+    let nonce = Nonce::from(nonce_bytes);
+    offset += 12;
+
+    // Read ciphertext
+    if offset + 4 > file_data.len() {
+      return Ok(None);
+    }
+    let ciphertext_len = u32::from_le_bytes([
+      file_data[offset],
+      file_data[offset + 1],
+      file_data[offset + 2],
+      file_data[offset + 3],
+    ]) as usize;
+    offset += 4;
+
+    if offset + ciphertext_len > file_data.len() {
+      return Ok(None);
+    }
+    let ciphertext = &file_data[offset..offset + ciphertext_len];
+
+    // Derive key using Argon2
+    let vault_password = Self::get_vault_password();
+    let argon2 = Argon2::default();
+    let password_hash = argon2
+      .hash_password(vault_password.as_bytes(), &salt)
+      .map_err(|e| format!("Argon2 key derivation failed: {e}"))?;
+    let hash_value = password_hash.hash.unwrap();
+    let hash_bytes = hash_value.as_bytes();
+
+    let key_bytes: [u8; 32] = hash_bytes[..32]
+      .try_into()
+      .map_err(|_| "Invalid key length")?;
+    let key = Key::<Aes256Gcm>::from(key_bytes);
+    let cipher = Aes256Gcm::new(&key);
+
+    // Decrypt the token
+    let plaintext = cipher
+      .decrypt(&nonce, ciphertext)
+      .map_err(|_| "Decryption failed")?;
+
+    match String::from_utf8(plaintext) {
+      Ok(token) => Ok(Some(token)),
+      Err(_) => Ok(None),
+    }
+  }
+
+  pub async fn remove_api_token(
+    &self,
+    _app_handle: &tauri::AppHandle,
+  ) -> Result<(), Box<dyn std::error::Error>> {
+    let token_file = self.get_settings_dir().join("api_token.dat");
+
+    if token_file.exists() {
+      std::fs::remove_file(token_file)?;
+    }
+
+    Ok(())
  }
 }

 #[tauri::command]
-pub async fn get_app_settings() -> Result<AppSettings, String> {
+pub async fn get_app_settings(app_handle: tauri::AppHandle) -> Result<AppSettings, String> {
  let manager = SettingsManager::instance();
-  manager
+  let mut settings = manager
    .load_settings()
-    .map_err(|e| format!("Failed to load settings: {e}"))
+    .map_err(|e| format!("Failed to load settings: {e}"))?;
+
+  // Always load token for display purposes if it exists
+  settings.api_token = manager
+    .get_api_token(&app_handle)
+    .await
+    .map_err(|e| format!("Failed to load API token: {e}"))?;
+
+  Ok(settings)
 }

 #[tauri::command]
-pub async fn save_app_settings(settings: AppSettings) -> Result<(), String> {
+pub async fn save_app_settings(
+  app_handle: tauri::AppHandle,
+  mut settings: AppSettings,
+) -> Result<AppSettings, String> {
  let manager = SettingsManager::instance();
+
+  if settings.api_enabled {
+    if let Some(ref token) = settings.api_token {
+      manager
+        .store_api_token(&app_handle, token)
+        .await
+        .map_err(|e| format!("Failed to store API token: {e}"))?;
+    } else {
+      let token = manager
+        .generate_api_token(&app_handle)
+        .await
+        .map_err(|e| format!("Failed to generate API token: {e}"))?;
+      settings.api_token = Some(token);
+    }
+  }
+
+  // If API is being disabled, remove the token
+  if !settings.api_enabled {
+    manager
+      .remove_api_token(&app_handle)
+      .await
+      .map_err(|e| format!("Failed to remove API token: {e}"))?;
+    settings.api_token = None;
+  }
+
+  let mut persist_settings = settings.clone();
+  persist_settings.api_token = None;
  manager
-    .save_settings(&settings)
-    .map_err(|e| format!("Failed to save settings: {e}"))
+    .save_settings(&persist_settings)
+    .map_err(|e| format!("Failed to save settings: {e}"))?;
+
+  Ok(settings)
 }

 #[tauri::command]
@@ -201,29 +447,221 @@ pub async fn save_table_sorting_settings(sorting: TableSortingSettings) -> Resul
    .map_err(|e| format!("Failed to save table sorting settings: {e}"))
 }

-#[tauri::command]
-pub async fn clear_all_version_cache_and_refetch(
-  app_handle: tauri::AppHandle,
-) -> Result<(), String> {
-  let api_client = ApiClient::instance();
-
-  // Clear all cache first
-  api_client
-    .clear_all_cache()
-    .map_err(|e| format!("Failed to clear version cache: {e}"))?;
-
-  let updater = version_updater::get_version_updater();
-  let updater_guard = updater.lock().await;
-
-  updater_guard
-    .trigger_manual_update(&app_handle)
-    .await
-    .map_err(|e| format!("Failed to trigger version update: {e}"))?;
-
-  Ok(())
-}
-
 // Global singleton instance
 lazy_static::lazy_static! {
  static ref SETTINGS_MANAGER: SettingsManager = SettingsManager::new();
 }
+
+#[cfg(test)]
+mod tests {
+  use super::*;
+  use std::env;
+  use tempfile::TempDir;
+
+  fn create_test_settings_manager() -> (SettingsManager, TempDir) {
+    let temp_dir = TempDir::new().expect("Failed to create temp directory");
+
+    // Set up a temporary home directory for testing
+    env::set_var("HOME", temp_dir.path());
+
+    let manager = SettingsManager::new();
+    (manager, temp_dir)
+  }
+
+  #[test]
+  fn test_settings_manager_creation() {
+    let (_manager, _temp_dir) = create_test_settings_manager();
+    // Test passes if no panic occurs
+  }
+
+  #[test]
+  fn test_default_app_settings() {
+    let default_settings = AppSettings::default();
+
+    assert!(
+      !default_settings.set_as_default_browser,
+      "Default should not set as default browser"
+    );
+    assert_eq!(
+      default_settings.theme, "system",
+      "Default theme should be system"
+    );
+  }
+
+  #[test]
+  fn test_default_table_sorting_settings() {
+    let default_sorting = TableSortingSettings::default();
+
+    assert_eq!(
+      default_sorting.column, "name",
+      "Default sort column should be name"
+    );
+    assert_eq!(
+      default_sorting.direction, "asc",
+      "Default sort direction should be asc"
+    );
+  }
+
+  #[test]
+  fn test_load_settings_nonexistent_file() {
+    let (manager, _temp_dir) = create_test_settings_manager();
+
+    let result = manager.load_settings();
+    assert!(
+      result.is_ok(),
+      "Should handle nonexistent settings file gracefully"
+    );
+
+    let settings = result.unwrap();
+    assert!(
+      !settings.set_as_default_browser,
+      "Should return default settings"
+    );
+    assert_eq!(settings.theme, "system", "Should return default theme");
+  }
+
+  #[test]
+  fn test_save_and_load_settings() {
+    let (manager, _temp_dir) = create_test_settings_manager();
+
+    let test_settings = AppSettings {
+      set_as_default_browser: true,
+      theme: "dark".to_string(),
+      custom_theme: None,
+      api_enabled: false,
+      api_port: 10108,
+      api_token: None,
+    };
+
+    // Save settings
+    let save_result = manager.save_settings(&test_settings);
+    assert!(save_result.is_ok(), "Should save settings successfully");
+
+    // Load settings back
+    let load_result = manager.load_settings();
+    assert!(load_result.is_ok(), "Should load settings successfully");
+
+    let loaded_settings = load_result.unwrap();
+    assert!(
+      loaded_settings.set_as_default_browser,
+      "Loaded settings should match saved"
+    );
+    assert_eq!(
+      loaded_settings.theme, "dark",
+      "Loaded theme should match saved"
+    );
+  }
+
+  #[test]
+  fn test_load_table_sorting_nonexistent_file() {
+    let (manager, _temp_dir) = create_test_settings_manager();
+
+    let result = manager.load_table_sorting();
+    assert!(
+      result.is_ok(),
+      "Should handle nonexistent sorting file gracefully"
+    );
+
+    let sorting = result.unwrap();
+    assert_eq!(sorting.column, "name", "Should return default sorting");
+    assert_eq!(sorting.direction, "asc", "Should return default direction");
+  }
+
+  #[test]
+  fn test_save_and_load_table_sorting() {
+    let (manager, _temp_dir) = create_test_settings_manager();
+
+    let test_sorting = TableSortingSettings {
+      column: "browser".to_string(),
+      direction: "desc".to_string(),
+    };
+
+    // Save sorting
+    let save_result = manager.save_table_sorting(&test_sorting);
+    assert!(save_result.is_ok(), "Should save sorting successfully");
+
+    // Load sorting back
+    let load_result = manager.load_table_sorting();
+    assert!(load_result.is_ok(), "Should load sorting successfully");
+
+    let loaded_sorting = load_result.unwrap();
+    assert_eq!(
+      loaded_sorting.column, "browser",
+      "Loaded column should match saved"
+    );
+    assert_eq!(
+      loaded_sorting.direction, "desc",
+      "Loaded direction should match saved"
+    );
+  }
+
+  #[test]
+  fn test_should_show_settings_on_startup() {
+    let (manager, _temp_dir) = create_test_settings_manager();
+
+    let result = manager.should_show_settings_on_startup();
+    assert!(result.is_ok(), "Should not fail");
+
+    let should_show = result.unwrap();
+    assert!(
+      !should_show,
+      "Should always return false as per implementation"
+    );
+  }
+
+  #[test]
+  fn test_load_corrupted_settings_file() {
+    let (manager, _temp_dir) = create_test_settings_manager();
+
+    // Create settings directory
+    let settings_dir = manager.get_settings_dir();
+    fs::create_dir_all(&settings_dir).expect("Should create settings directory");
+
+    // Write corrupted JSON
+    let settings_file = manager.get_settings_file();
+    fs::write(&settings_file, "{ invalid json }").expect("Should write corrupted file");
+
+    // Should handle corrupted file gracefully
+    let result = manager.load_settings();
+    assert!(
+      result.is_ok(),
+      "Should handle corrupted settings file gracefully"
+    );
+
+    let settings = result.unwrap();
+    assert!(
+      !settings.set_as_default_browser,
+      "Should return default settings for corrupted file"
+    );
+    assert_eq!(
+      settings.theme, "system",
+      "Should return default theme for corrupted file"
+    );
+  }
+
+  #[test]
+  fn test_settings_file_paths() {
+    let (manager, _temp_dir) = create_test_settings_manager();
+
+    let settings_dir = manager.get_settings_dir();
+    let settings_file = manager.get_settings_file();
+    let sorting_file = manager.get_table_sorting_file();
+
+    assert!(
+      settings_dir.to_string_lossy().contains("settings"),
+      "Settings dir should contain 'settings'"
+    );
+    assert!(
+      settings_file
+        .to_string_lossy()
+        .ends_with("app_settings.json"),
+      "Settings file should end with app_settings.json"
+    );
+    assert!(
+      sorting_file
+        .to_string_lossy()
+        .ends_with("table_sorting.json"),
+      "Sorting file should end with table_sorting.json"
+    );
+  }
+}
@@ -1,331 +0,0 @@
-use serde::{Deserialize, Serialize};
-use std::process::Command;
-
-#[derive(Debug, Serialize, Deserialize, Clone)]
-pub struct SystemLocale {
-  pub locale: String,
-  pub language: String,
-  pub country: String,
-}
-
-#[derive(Debug, Serialize, Deserialize, Clone)]
-pub struct SystemTimezone {
-  pub timezone: String,
-  pub offset: String,
-}
-
-pub struct SystemUtils;
-
-impl SystemUtils {
-  pub fn new() -> Self {
-    Self
-  }
-
-  /// Detect the system's locale settings
-  pub fn detect_system_locale(&self) -> SystemLocale {
-    #[cfg(target_os = "macos")]
-    return macos::detect_system_locale();
-
-    #[cfg(target_os = "linux")]
-    return linux::detect_system_locale();
-
-    #[cfg(target_os = "windows")]
-    return windows::detect_system_locale();
-
-    #[cfg(not(any(target_os = "macos", target_os = "linux", target_os = "windows")))]
-    return SystemLocale {
-      locale: "en-US".to_string(),
-      language: "en".to_string(),
-      country: "US".to_string(),
-    };
-  }
-
-  /// Detect the system's timezone settings
-  pub fn detect_system_timezone(&self) -> SystemTimezone {
-    #[cfg(target_os = "macos")]
-    return macos::detect_system_timezone();
-
-    #[cfg(target_os = "linux")]
-    return linux::detect_system_timezone();
-
-    #[cfg(target_os = "windows")]
-    return windows::detect_system_timezone();
-
-    #[cfg(not(any(target_os = "macos", target_os = "linux", target_os = "windows")))]
-    return SystemTimezone {
-      timezone: "UTC".to_string(),
-      offset: "+00:00".to_string(),
-    };
-  }
-}
-
-#[cfg(target_os = "macos")]
-mod macos {
-  use super::*;
-
-  pub fn detect_system_locale() -> SystemLocale {
-    // Try to get the system locale from macOS
-    if let Ok(output) = Command::new("defaults")
-      .args(["read", "-g", "AppleLocale"])
-      .output()
-    {
-      if output.status.success() {
-        let locale_str = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        return parse_locale(&locale_str);
-      }
-    }
-
-    // Fallback to environment variables
-    detect_locale_from_env()
-  }
-
-  pub fn detect_system_timezone() -> SystemTimezone {
-    // Try to get timezone from macOS system
-    if let Ok(output) = Command::new("date").arg("+%Z").output() {
-      if output.status.success() {
-        let tz_abbr = String::from_utf8_lossy(&output.stdout).trim().to_string();
-
-        // Get the full timezone name
-        if let Ok(tz_output) = Command::new("systemsetup").args(["-gettimezone"]).output() {
-          if tz_output.status.success() {
-            let tz_full = String::from_utf8_lossy(&tz_output.stdout);
-            if let Some(tz_name) = tz_full.strip_prefix("Time Zone: ") {
-              let tz_clean = tz_name.trim().to_string();
-              if !tz_clean.is_empty() {
-                return SystemTimezone {
-                  timezone: tz_clean,
-                  offset: tz_abbr,
-                };
-              }
-            }
-          }
-        }
-      }
-    }
-
-    // Fallback to reading /etc/localtime link
-    detect_timezone_from_files()
-  }
-}
-
-#[cfg(target_os = "linux")]
-mod linux {
-  use super::*;
-
-  pub fn detect_system_locale() -> SystemLocale {
-    // Try to get locale from locale command
-    if let Ok(output) = Command::new("locale").output() {
-      if output.status.success() {
-        let output_str = String::from_utf8_lossy(&output.stdout);
-        for line in output_str.lines() {
-          if line.starts_with("LANG=") {
-            let locale_value = line.strip_prefix("LANG=").unwrap_or("");
-            let locale_clean = locale_value.trim_matches('"');
-            return parse_locale(locale_clean);
-          }
-        }
-      }
-    }
-
-    // Fallback to environment variables
-    detect_locale_from_env()
-  }
-
-  pub fn detect_system_timezone() -> SystemTimezone {
-    // Try to read /etc/timezone first (Debian/Ubuntu)
-    if let Ok(tz_content) = std::fs::read_to_string("/etc/timezone") {
-      let tz_name = tz_content.trim().to_string();
-      if !tz_name.is_empty() {
-        return SystemTimezone {
-          timezone: tz_name,
-          offset: get_timezone_offset(),
-        };
-      }
-    }
-
-    // Try timedatectl (systemd systems)
-    if let Ok(output) = Command::new("timedatectl")
-      .args(["show", "--property=Timezone", "--value"])
-      .output()
-    {
-      if output.status.success() {
-        let tz_name = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        if !tz_name.is_empty() {
-          return SystemTimezone {
-            timezone: tz_name,
-            offset: get_timezone_offset(),
-          };
-        }
-      }
-    }
-
-    // Fallback to reading /etc/localtime symlink
-    detect_timezone_from_files()
-  }
-
-  fn get_timezone_offset() -> String {
-    if let Ok(output) = Command::new("date").arg("+%z").output() {
-      if output.status.success() {
-        return String::from_utf8_lossy(&output.stdout).trim().to_string();
-      }
-    }
-    "+00:00".to_string()
-  }
-}
-
-#[cfg(target_os = "windows")]
-mod windows {
-  use super::*;
-
-  pub fn detect_system_locale() -> SystemLocale {
-    // Try to get locale from Windows registry/powershell
-    if let Ok(output) = Command::new("powershell")
-      .args([
-        "-Command",
-        "Get-Culture | Select-Object -ExpandProperty Name",
-      ])
-      .output()
-    {
-      if output.status.success() {
-        let locale_str = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        return parse_locale(&locale_str);
-      }
-    }
-
-    // Fallback to environment variables
-    detect_locale_from_env()
-  }
-
-  pub fn detect_system_timezone() -> SystemTimezone {
-    // Try to get timezone from Windows
-    if let Ok(output) = Command::new("powershell")
-      .args([
-        "-Command",
-        "Get-TimeZone | Select-Object -ExpandProperty Id",
-      ])
-      .output()
-    {
-      if output.status.success() {
-        let tz_id = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        if !tz_id.is_empty() {
-          return SystemTimezone {
-            timezone: tz_id,
-            offset: get_windows_timezone_offset(),
-          };
-        }
-      }
-    }
-
-    // Fallback
-    SystemTimezone {
-      timezone: "UTC".to_string(),
-      offset: "+00:00".to_string(),
-    }
-  }
-
-  fn get_windows_timezone_offset() -> String {
-    if let Ok(output) = Command::new("powershell")
-      .args([
-        "-Command",
-        "Get-TimeZone | Select-Object -ExpandProperty BaseUtcOffset",
-      ])
-      .output()
-    {
-      if output.status.success() {
-        let offset_str = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        // Convert Windows offset format to standard format
-        if let Some(colon_pos) = offset_str.find(':') {
-          let hours = &offset_str[..colon_pos];
-          let minutes = &offset_str[colon_pos + 1..];
-          if let (Ok(h), Ok(m)) = (hours.parse::<i32>(), minutes.parse::<i32>()) {
-            return format!("{:+03}:{:02}", h, m);
-          }
-        }
-      }
-    }
-    "+00:00".to_string()
-  }
-}
-
-// Helper functions used across platforms
-fn parse_locale(locale_str: &str) -> SystemLocale {
-  // Remove encoding suffix if present (e.g., "en_US.UTF-8" -> "en_US")
-  let locale_base = locale_str.split('.').next().unwrap_or(locale_str);
-
-  // Split language and country (e.g., "en_US" -> ["en", "US"])
-  let parts: Vec<&str> = locale_base.split(&['_', '-']).collect();
-
-  let language = parts.first().unwrap_or(&"en").to_string();
-  let country = parts.get(1).unwrap_or(&"US").to_string();
-
-  // Convert to standard format (e.g., "en-US")
-  let standard_locale = if parts.len() >= 2 {
-    format!("{}-{}", language, country.to_uppercase())
-  } else {
-    format!("{language}-US")
-  };
-
-  SystemLocale {
-    locale: standard_locale,
-    language,
-    country: country.to_uppercase(),
-  }
-}
-
-fn detect_locale_from_env() -> SystemLocale {
-  // Check environment variables in order of preference
-  let env_vars = ["LANG", "LC_ALL", "LC_CTYPE", "LANGUAGE"];
-
-  for var in &env_vars {
-    if let Ok(value) = std::env::var(var) {
-      if !value.is_empty() {
-        return parse_locale(&value);
-      }
-    }
-  }
-
-  // Default fallback
-  SystemLocale {
-    locale: "en-US".to_string(),
-    language: "en".to_string(),
-    country: "US".to_string(),
-  }
-}
-
-fn detect_timezone_from_files() -> SystemTimezone {
-  // Try to read timezone from /etc/localtime symlink
-  if let Ok(link_target) = std::fs::read_link("/etc/localtime") {
-    if let Some(tz_path) = link_target.to_str() {
-      // Extract timezone name from path like /usr/share/zoneinfo/America/New_York
-      if let Some(zoneinfo_pos) = tz_path.find("zoneinfo/") {
-        let tz_name = &tz_path[zoneinfo_pos + 9..];
-        if !tz_name.is_empty() {
-          return SystemTimezone {
-            timezone: tz_name.to_string(),
-            offset: "+00:00".to_string(), // Could be improved with actual offset calculation
-          };
-        }
-      }
-    }
-  }
-
-  // Default fallback
-  SystemTimezone {
-    timezone: "UTC".to_string(),
-    offset: "+00:00".to_string(),
-  }
-}
-
-/// Tauri command to get system locale
-#[tauri::command]
-pub async fn get_system_locale() -> Result<SystemLocale, String> {
-  let utils = SystemUtils::new();
-  Ok(utils.detect_system_locale())
-}
-
-/// Tauri command to get system timezone
-#[tauri::command]
-pub async fn get_system_timezone() -> Result<SystemTimezone, String> {
-  let utils = SystemUtils::new();
-  Ok(utils.detect_system_timezone())
-}
@@ -0,0 +1,114 @@
+use crate::profile::BrowserProfile;
+use directories::BaseDirs;
+use serde::{Deserialize, Serialize};
+use std::collections::BTreeSet;
+use std::fs;
+use std::path::{Path, PathBuf};
+
+#[derive(Debug, Serialize, Deserialize, Default, Clone)]
+struct TagsData {
+  tags: Vec<String>,
+}
+
+pub struct TagManager {
+  base_dirs: BaseDirs,
+  data_dir_override: Option<PathBuf>,
+}
+
+impl TagManager {
+  pub fn new() -> Self {
+    Self {
+      base_dirs: BaseDirs::new().expect("Failed to get base directories"),
+      data_dir_override: std::env::var("DONUTBROWSER_DATA_DIR")
+        .ok()
+        .map(PathBuf::from),
+    }
+  }
+
+  // Helper for tests to override data directory without global env var
+  #[allow(dead_code)]
+  pub fn with_data_dir_override(dir: &Path) -> Self {
+    Self {
+      base_dirs: BaseDirs::new().expect("Failed to get base directories"),
+      data_dir_override: Some(dir.to_path_buf()),
+    }
+  }
+
+  fn get_tags_file_path(&self) -> PathBuf {
+    if let Some(dir) = &self.data_dir_override {
+      let mut override_path = dir.clone();
+      let _ = fs::create_dir_all(&override_path);
+      override_path.push("tags.json");
+      return override_path;
+    }
+
+    let mut path = self.base_dirs.data_local_dir().to_path_buf();
+    path.push(if cfg!(debug_assertions) {
+      "DonutBrowserDev"
+    } else {
+      "DonutBrowser"
+    });
+    path.push("data");
+    path.push("tags.json");
+    path
+  }
+
+  fn load_tags_data(&self) -> Result<TagsData, Box<dyn std::error::Error>> {
+    let file_path = self.get_tags_file_path();
+    if !file_path.exists() {
+      return Ok(TagsData::default());
+    }
+    let content = fs::read_to_string(file_path)?;
+    let data: TagsData = serde_json::from_str(&content)?;
+    Ok(data)
+  }
+
+  fn save_tags_data(&self, data: &TagsData) -> Result<(), Box<dyn std::error::Error>> {
+    let file_path = self.get_tags_file_path();
+    if let Some(parent) = file_path.parent() {
+      fs::create_dir_all(parent)?;
+    }
+    let json = serde_json::to_string_pretty(data)?;
+    fs::write(file_path, json)?;
+    Ok(())
+  }
+
+  pub fn get_all_tags(&self) -> Result<Vec<String>, Box<dyn std::error::Error>> {
+    let mut all = self.load_tags_data()?.tags;
+    // Ensure deterministic order
+    all.sort();
+    all.dedup();
+    Ok(all)
+  }
+
+  pub fn rebuild_from_profiles(
+    &self,
+    profiles: &[BrowserProfile],
+  ) -> Result<Vec<String>, Box<dyn std::error::Error>> {
+    // Build a set of all tags currently used by any profile
+    let mut set: BTreeSet<String> = BTreeSet::new();
+    for profile in profiles {
+      for tag in &profile.tags {
+        // Store exactly as provided (no normalization) to preserve characters
+        set.insert(tag.clone());
+      }
+    }
+    let combined: Vec<String> = set.into_iter().collect();
+    self.save_tags_data(&TagsData {
+      tags: combined.clone(),
+    })?;
+    Ok(combined)
+  }
+}
+
+#[tauri::command]
+pub fn get_all_tags() -> Result<Vec<String>, String> {
+  let tag_manager = crate::tag_manager::TAG_MANAGER.lock().unwrap();
+  tag_manager
+    .get_all_tags()
+    .map_err(|e| format!("Failed to get tags: {e}"))
+}
+
+lazy_static::lazy_static! {
+  pub static ref TAG_MANAGER: std::sync::Mutex<TagManager> = std::sync::Mutex::new(TagManager::new());
+}
@@ -1,539 +0,0 @@
-use serde::{Deserialize, Serialize};
-use std::process::Command;
-
-#[derive(Debug, Serialize, Deserialize, Clone)]
-pub struct SystemTheme {
-  pub theme: String, // "light", "dark", or "unknown"
-}
-
-pub struct ThemeDetector;
-
-impl ThemeDetector {
-  pub fn new() -> Self {
-    Self
-  }
-
-  /// Detect the system theme preference
-  pub fn detect_system_theme(&self) -> SystemTheme {
-    #[cfg(target_os = "linux")]
-    return linux::detect_system_theme();
-
-    #[cfg(target_os = "macos")]
-    return macos::detect_system_theme();
-
-    #[cfg(target_os = "windows")]
-    return windows::detect_system_theme();
-
-    #[cfg(not(any(target_os = "linux", target_os = "macos", target_os = "windows")))]
-    return SystemTheme {
-      theme: "unknown".to_string(),
-    };
-  }
-}
-
-#[cfg(target_os = "linux")]
-mod linux {
-  use super::*;
-
-  pub fn detect_system_theme() -> SystemTheme {
-    // Try multiple methods in order of preference
-
-    // 1. Try GNOME/GTK settings via gsettings
-    if let Ok(theme) = detect_gnome_theme() {
-      return SystemTheme { theme };
-    }
-
-    // 2. Try KDE Plasma settings via kreadconfig5/kreadconfig6
-    if let Ok(theme) = detect_kde_theme() {
-      return SystemTheme { theme };
-    }
-
-    // 3. Try XFCE settings via xfconf-query
-    if let Ok(theme) = detect_xfce_theme() {
-      return SystemTheme { theme };
-    }
-
-    // 4. Try looking at current GTK theme name
-    if let Ok(theme) = detect_gtk_theme() {
-      return SystemTheme { theme };
-    }
-
-    // 5. Try dconf directly (fallback for GNOME-based systems)
-    if let Ok(theme) = detect_dconf_theme() {
-      return SystemTheme { theme };
-    }
-
-    // 6. Try environment variables
-    if let Ok(theme) = detect_env_theme() {
-      return SystemTheme { theme };
-    }
-
-    // 7. Try freedesktop portal
-    if let Ok(theme) = detect_portal_theme() {
-      return SystemTheme { theme };
-    }
-
-    // 8. Try looking at system color scheme files
-    if let Ok(theme) = detect_system_files_theme() {
-      return SystemTheme { theme };
-    }
-
-    // Fallback to unknown
-    SystemTheme {
-      theme: "unknown".to_string(),
-    }
-  }
-
-  fn detect_gnome_theme() -> Result<String, Box<dyn std::error::Error>> {
-    // Check if gsettings is available
-    if !is_command_available("gsettings") {
-      return Err("gsettings not available".into());
-    }
-
-    // Try GNOME color scheme first (modern way)
-    if let Ok(output) = Command::new("gsettings")
-      .args(["get", "org.gnome.desktop.interface", "color-scheme"])
-      .output()
-    {
-      if output.status.success() {
-        let scheme = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        match scheme.as_str() {
-          "'prefer-dark'" => return Ok("dark".to_string()),
-          "'prefer-light'" => return Ok("light".to_string()),
-          _ => {}
-        }
-      }
-    }
-
-    // Fallback to GTK theme name detection
-    if let Ok(output) = Command::new("gsettings")
-      .args(["get", "org.gnome.desktop.interface", "gtk-theme"])
-      .output()
-    {
-      if output.status.success() {
-        let theme_name = String::from_utf8_lossy(&output.stdout)
-          .trim()
-          .trim_matches('\'')
-          .to_lowercase();
-
-        if theme_name.contains("dark") || theme_name.contains("night") {
-          return Ok("dark".to_string());
-        } else if theme_name.contains("light") || theme_name.contains("adwaita") {
-          return Ok("light".to_string());
-        }
-      }
-    }
-
-    Err("Could not detect GNOME theme".into())
-  }
-
-  fn detect_kde_theme() -> Result<String, Box<dyn std::error::Error>> {
-    // Try KDE Plasma 6 first
-    if is_command_available("kreadconfig6") {
-      if let Ok(output) = Command::new("kreadconfig6")
-        .args([
-          "--file",
-          "kdeglobals",
-          "--group",
-          "KDE",
-          "--key",
-          "LookAndFeelPackage",
-        ])
-        .output()
-      {
-        if output.status.success() {
-          let theme = String::from_utf8_lossy(&output.stdout)
-            .trim()
-            .to_lowercase();
-          if theme.contains("dark") || theme.contains("breezedark") {
-            return Ok("dark".to_string());
-          } else if theme.contains("light") || theme.contains("breeze") {
-            return Ok("light".to_string());
-          }
-        }
-      }
-
-      // Try color scheme as well
-      if let Ok(output) = Command::new("kreadconfig6")
-        .args([
-          "--file",
-          "kdeglobals",
-          "--group",
-          "General",
-          "--key",
-          "ColorScheme",
-        ])
-        .output()
-      {
-        if output.status.success() {
-          let scheme = String::from_utf8_lossy(&output.stdout)
-            .trim()
-            .to_lowercase();
-          if scheme.contains("dark") || scheme.contains("breezedark") {
-            return Ok("dark".to_string());
-          } else if scheme.contains("light") || scheme.contains("breeze") {
-            return Ok("light".to_string());
-          }
-        }
-      }
-    }
-
-    // Try KDE Plasma 5 as fallback
-    if is_command_available("kreadconfig5") {
-      if let Ok(output) = Command::new("kreadconfig5")
-        .args([
-          "--file",
-          "kdeglobals",
-          "--group",
-          "KDE",
-          "--key",
-          "LookAndFeelPackage",
-        ])
-        .output()
-      {
-        if output.status.success() {
-          let theme = String::from_utf8_lossy(&output.stdout)
-            .trim()
-            .to_lowercase();
-          if theme.contains("dark") || theme.contains("breezedark") {
-            return Ok("dark".to_string());
-          } else if theme.contains("light") || theme.contains("breeze") {
-            return Ok("light".to_string());
-          }
-        }
-      }
-    }
-
-    Err("Could not detect KDE theme".into())
-  }
-
-  fn detect_xfce_theme() -> Result<String, Box<dyn std::error::Error>> {
-    if !is_command_available("xfconf-query") {
-      return Err("xfconf-query not available".into());
-    }
-
-    // Check XFCE theme
-    if let Ok(output) = Command::new("xfconf-query")
-      .args(["-c", "xsettings", "-p", "/Net/ThemeName"])
-      .output()
-    {
-      if output.status.success() {
-        let theme = String::from_utf8_lossy(&output.stdout)
-          .trim()
-          .to_lowercase();
-        if theme.contains("dark") || theme.contains("night") {
-          return Ok("dark".to_string());
-        } else if theme.contains("light") {
-          return Ok("light".to_string());
-        }
-      }
-    }
-
-    // Check XFCE window manager theme as backup
-    if let Ok(output) = Command::new("xfconf-query")
-      .args(["-c", "xfwm4", "-p", "/general/theme"])
-      .output()
-    {
-      if output.status.success() {
-        let theme = String::from_utf8_lossy(&output.stdout)
-          .trim()
-          .to_lowercase();
-        if theme.contains("dark") || theme.contains("night") {
-          return Ok("dark".to_string());
-        } else if theme.contains("light") {
-          return Ok("light".to_string());
-        }
-      }
-    }
-
-    Err("Could not detect XFCE theme".into())
-  }
-
-  fn detect_gtk_theme() -> Result<String, Box<dyn std::error::Error>> {
-    // Try to read GTK3 settings file
-    if let Ok(home) = std::env::var("HOME") {
-      let gtk3_settings = std::path::Path::new(&home).join(".config/gtk-3.0/settings.ini");
-      if gtk3_settings.exists() {
-        if let Ok(content) = std::fs::read_to_string(gtk3_settings) {
-          for line in content.lines() {
-            if line.starts_with("gtk-theme-name=") {
-              let theme_name = line.split('=').nth(1).unwrap_or("").trim().to_lowercase();
-              if theme_name.contains("dark") || theme_name.contains("night") {
-                return Ok("dark".to_string());
-              } else if theme_name.contains("light") || theme_name.contains("adwaita") {
-                return Ok("light".to_string());
-              }
-            }
-          }
-        }
-      }
-
-      // Try GTK4 settings
-      let gtk4_settings = std::path::Path::new(&home).join(".config/gtk-4.0/settings.ini");
-      if gtk4_settings.exists() {
-        if let Ok(content) = std::fs::read_to_string(gtk4_settings) {
-          for line in content.lines() {
-            if line.starts_with("gtk-theme-name=") {
-              let theme_name = line.split('=').nth(1).unwrap_or("").trim().to_lowercase();
-              if theme_name.contains("dark") || theme_name.contains("night") {
-                return Ok("dark".to_string());
-              } else if theme_name.contains("light") || theme_name.contains("adwaita") {
-                return Ok("light".to_string());
-              }
-            }
-          }
-        }
-      }
-    }
-
-    Err("Could not detect GTK theme".into())
-  }
-
-  fn detect_dconf_theme() -> Result<String, Box<dyn std::error::Error>> {
-    if !is_command_available("dconf") {
-      return Err("dconf not available".into());
-    }
-
-    // Try reading color scheme directly from dconf
-    if let Ok(output) = Command::new("dconf")
-      .args(["read", "/org/gnome/desktop/interface/color-scheme"])
-      .output()
-    {
-      if output.status.success() {
-        let scheme = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        match scheme.as_str() {
-          "'prefer-dark'" => return Ok("dark".to_string()),
-          "'prefer-light'" => return Ok("light".to_string()),
-          _ => {}
-        }
-      }
-    }
-
-    // Try reading GTK theme from dconf
-    if let Ok(output) = Command::new("dconf")
-      .args(["read", "/org/gnome/desktop/interface/gtk-theme"])
-      .output()
-    {
-      if output.status.success() {
-        let theme_name = String::from_utf8_lossy(&output.stdout)
-          .trim()
-          .trim_matches('\'')
-          .to_lowercase();
-
-        if theme_name.contains("dark") || theme_name.contains("night") {
-          return Ok("dark".to_string());
-        } else if theme_name.contains("light") || theme_name.contains("adwaita") {
-          return Ok("light".to_string());
-        }
-      }
-    }
-
-    Err("Could not detect dconf theme".into())
-  }
-
-  fn detect_env_theme() -> Result<String, Box<dyn std::error::Error>> {
-    // Check common environment variables
-    if let Ok(theme) = std::env::var("GTK_THEME") {
-      let theme_lower = theme.to_lowercase();
-      if theme_lower.contains("dark") || theme_lower.contains("night") {
-        return Ok("dark".to_string());
-      } else if theme_lower.contains("light") {
-        return Ok("light".to_string());
-      }
-    }
-
-    if let Ok(theme) = std::env::var("QT_STYLE_OVERRIDE") {
-      let theme_lower = theme.to_lowercase();
-      if theme_lower.contains("dark") || theme_lower.contains("night") {
-        return Ok("dark".to_string());
-      } else if theme_lower.contains("light") {
-        return Ok("light".to_string());
-      }
-    }
-
-    Err("Could not detect theme from environment".into())
-  }
-
-  fn detect_portal_theme() -> Result<String, Box<dyn std::error::Error>> {
-    if !is_command_available("busctl") {
-      return Err("busctl not available".into());
-    }
-
-    // Try to query the color scheme via org.freedesktop.portal.Settings
-    if let Ok(output) = Command::new("busctl")
-      .args([
-        "--user",
-        "call",
-        "org.freedesktop.portal.Desktop",
-        "/org/freedesktop/portal/desktop",
-        "org.freedesktop.portal.Settings",
-        "Read",
-        "ss",
-        "org.freedesktop.appearance",
-        "color-scheme",
-      ])
-      .output()
-    {
-      if output.status.success() {
-        let response = String::from_utf8_lossy(&output.stdout);
-        // Parse DBus response - look for preference values
-        if response.contains(" 1 ") {
-          return Ok("dark".to_string());
-        } else if response.contains(" 2 ") {
-          return Ok("light".to_string());
-        }
-      }
-    }
-
-    Err("Could not detect portal theme".into())
-  }
-
-  fn detect_system_files_theme() -> Result<String, Box<dyn std::error::Error>> {
-    // Check if we're in a dark terminal (heuristic)
-    if let Ok(term) = std::env::var("TERM") {
-      let term_lower = term.to_lowercase();
-      if term_lower.contains("dark") || term_lower.contains("night") {
-        return Ok("dark".to_string());
-      }
-    }
-
-    // Check if we can determine from desktop session
-    if let Ok(desktop) = std::env::var("XDG_CURRENT_DESKTOP") {
-      let desktop_lower = desktop.to_lowercase();
-      // Some desktops default to dark
-      if desktop_lower.contains("i3") || desktop_lower.contains("sway") {
-        // Window managers often use dark themes by default
-        return Ok("dark".to_string());
-      }
-    }
-
-    Err("Could not detect theme from system files".into())
-  }
-
-  fn is_command_available(command: &str) -> bool {
-    Command::new("which")
-      .arg(command)
-      .output()
-      .map(|output| output.status.success())
-      .unwrap_or(false)
-  }
-}
-
-#[cfg(target_os = "macos")]
-mod macos {
-  use super::*;
-
-  pub fn detect_system_theme() -> SystemTheme {
-    // macOS theme detection using osascript
-    if let Ok(output) = Command::new("osascript")
-      .args([
-        "-e",
-        "tell application \"System Events\" to tell appearance preferences to get dark mode",
-      ])
-      .output()
-    {
-      if output.status.success() {
-        let result = String::from_utf8_lossy(&output.stdout).to_string();
-        let result = result.trim();
-        match result {
-          "true" => {
-            return SystemTheme {
-              theme: "dark".to_string(),
-            }
-          }
-          "false" => {
-            return SystemTheme {
-              theme: "light".to_string(),
-            }
-          }
-          _ => {}
-        }
-      }
-    }
-
-    // Fallback method using defaults
-    if let Ok(output) = Command::new("defaults")
-      .args(["read", "-g", "AppleInterfaceStyle"])
-      .output()
-    {
-      if output.status.success() {
-        let style = String::from_utf8_lossy(&output.stdout).to_string();
-        let style = style.trim();
-        if style.to_lowercase() == "dark" {
-          return SystemTheme {
-            theme: "dark".to_string(),
-          };
-        }
-      }
-    }
-
-    // Default to light if we can't determine
-    SystemTheme {
-      theme: "light".to_string(),
-    }
-  }
-}
-
-#[cfg(target_os = "windows")]
-mod windows {
-  use super::*;
-
-  pub fn detect_system_theme() -> SystemTheme {
-    // Windows theme detection via registry
-    // This is a simplified implementation - you might want to use winreg crate for better registry access
-    if let Ok(output) = Command::new("reg")
-      .args([
-        "query",
-        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",
-        "/v",
-        "AppsUseLightTheme",
-      ])
-      .output()
-    {
-      if output.status.success() {
-        let result = String::from_utf8_lossy(&output.stdout);
-        if result.contains("0x0") {
-          return SystemTheme {
-            theme: "dark".to_string(),
-          };
-        } else if result.contains("0x1") {
-          return SystemTheme {
-            theme: "light".to_string(),
-          };
-        }
-      }
-    }
-
-    // Default to light if we can't determine
-    SystemTheme {
-      theme: "light".to_string(),
-    }
-  }
-}
-
-// Command to expose this functionality to the frontend
-#[tauri::command]
-pub fn get_system_theme() -> SystemTheme {
-  let detector = ThemeDetector::new();
-  detector.detect_system_theme()
-}
-
-#[cfg(test)]
-mod tests {
-  use super::*;
-
-  #[test]
-  fn test_theme_detector_creation() {
-    let detector = ThemeDetector::new();
-    let theme = detector.detect_system_theme();
-
-    // Should return a valid theme string
-    assert!(matches!(theme.theme.as_str(), "light" | "dark" | "unknown"));
-  }
-
-  #[test]
-  fn test_get_system_theme_command() {
-    let theme = get_system_theme();
-    assert!(matches!(theme.theme.as_str(), "light" | "dark" | "unknown"));
-  }
-}
@@ -0,0 +1,668 @@
+use directories::BaseDirs;
+use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
+use std::fs;
+use std::path::PathBuf;
+use std::sync::atomic::{AtomicU64, Ordering};
+use std::sync::{Arc, RwLock};
+
+/// Individual bandwidth data point for time-series tracking
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct BandwidthDataPoint {
+  /// Unix timestamp in seconds
+  pub timestamp: u64,
+  /// Bytes sent in this interval
+  pub bytes_sent: u64,
+  /// Bytes received in this interval
+  pub bytes_received: u64,
+}
+
+/// Domain access information
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct DomainAccess {
+  /// Domain name
+  pub domain: String,
+  /// Number of requests to this domain
+  pub request_count: u64,
+  /// Total bytes sent to this domain
+  pub bytes_sent: u64,
+  /// Total bytes received from this domain
+  pub bytes_received: u64,
+  /// First access timestamp
+  pub first_access: u64,
+  /// Last access timestamp
+  pub last_access: u64,
+}
+
+/// Lightweight snapshot for real-time updates (sent via events)
+/// Contains only the data needed for the mini chart and summary display
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct TrafficSnapshot {
+  /// Profile ID (for matching)
+  pub profile_id: Option<String>,
+  /// Session start timestamp
+  pub session_start: u64,
+  /// Last update timestamp
+  pub last_update: u64,
+  /// Total bytes sent across all time
+  pub total_bytes_sent: u64,
+  /// Total bytes received across all time
+  pub total_bytes_received: u64,
+  /// Total requests made
+  pub total_requests: u64,
+  /// Current bandwidth (bytes per second) sent
+  pub current_bytes_sent: u64,
+  /// Current bandwidth (bytes per second) received
+  pub current_bytes_received: u64,
+  /// Recent bandwidth history (last 60 seconds only, for mini chart)
+  pub recent_bandwidth: Vec<BandwidthDataPoint>,
+}
+
+/// Traffic statistics for a profile/proxy session
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct TrafficStats {
+  /// Proxy ID this stats belong to (for backwards compatibility)
+  pub proxy_id: String,
+  /// Profile ID (if associated) - this is now the primary key for storage
+  pub profile_id: Option<String>,
+  /// Session start timestamp
+  pub session_start: u64,
+  /// Last update timestamp
+  pub last_update: u64,
+  /// Total bytes sent across all time
+  pub total_bytes_sent: u64,
+  /// Total bytes received across all time
+  pub total_bytes_received: u64,
+  /// Total requests made
+  pub total_requests: u64,
+  /// Bandwidth data points (time-series, 1 point per second, stored indefinitely)
+  #[serde(default)]
+  pub bandwidth_history: Vec<BandwidthDataPoint>,
+  /// Domain access statistics
+  #[serde(default)]
+  pub domains: HashMap<String, DomainAccess>,
+  /// Unique IPs accessed
+  #[serde(default)]
+  pub unique_ips: Vec<String>,
+}
+
+impl TrafficStats {
+  pub fn new(proxy_id: String, profile_id: Option<String>) -> Self {
+    let now = current_timestamp();
+    Self {
+      proxy_id,
+      profile_id,
+      session_start: now,
+      last_update: now,
+      total_bytes_sent: 0,
+      total_bytes_received: 0,
+      total_requests: 0,
+      bandwidth_history: Vec::new(),
+      domains: HashMap::new(),
+      unique_ips: Vec::new(),
+    }
+  }
+
+  /// Create a lightweight snapshot for real-time UI updates
+  pub fn to_snapshot(&self) -> TrafficSnapshot {
+    let now = current_timestamp();
+    let cutoff = now.saturating_sub(60); // Last 60 seconds for mini chart
+
+    // Get current bandwidth from last data point
+    let (current_sent, current_recv) = self
+      .bandwidth_history
+      .last()
+      .filter(|dp| dp.timestamp >= now.saturating_sub(2)) // Within last 2 seconds
+      .map(|dp| (dp.bytes_sent, dp.bytes_received))
+      .unwrap_or((0, 0));
+
+    TrafficSnapshot {
+      profile_id: self.profile_id.clone(),
+      session_start: self.session_start,
+      last_update: self.last_update,
+      total_bytes_sent: self.total_bytes_sent,
+      total_bytes_received: self.total_bytes_received,
+      total_requests: self.total_requests,
+      current_bytes_sent: current_sent,
+      current_bytes_received: current_recv,
+      recent_bandwidth: self
+        .bandwidth_history
+        .iter()
+        .filter(|dp| dp.timestamp >= cutoff)
+        .cloned()
+        .collect(),
+    }
+  }
+
+  /// Record bandwidth for current second (data is stored indefinitely)
+  pub fn record_bandwidth(&mut self, bytes_sent: u64, bytes_received: u64) {
+    let now = current_timestamp();
+    self.last_update = now;
+    self.total_bytes_sent += bytes_sent;
+    self.total_bytes_received += bytes_received;
+
+    // Find or create data point for this second
+    if let Some(last) = self.bandwidth_history.last_mut() {
+      if last.timestamp == now {
+        last.bytes_sent += bytes_sent;
+        last.bytes_received += bytes_received;
+        return;
+      }
+    }
+
+    // Add new data point (even if bytes are zero, to ensure chart has continuous data)
+    self.bandwidth_history.push(BandwidthDataPoint {
+      timestamp: now,
+      bytes_sent,
+      bytes_received,
+    });
+  }
+
+  /// Record a request to a domain
+  pub fn record_request(&mut self, domain: &str, bytes_sent: u64, bytes_received: u64) {
+    let now = current_timestamp();
+    self.total_requests += 1;
+
+    let entry = self
+      .domains
+      .entry(domain.to_string())
+      .or_insert(DomainAccess {
+        domain: domain.to_string(),
+        request_count: 0,
+        bytes_sent: 0,
+        bytes_received: 0,
+        first_access: now,
+        last_access: now,
+      });
+
+    entry.request_count += 1;
+    entry.bytes_sent += bytes_sent;
+    entry.bytes_received += bytes_received;
+    entry.last_access = now;
+  }
+
+  /// Record an IP address access
+  pub fn record_ip(&mut self, ip: &str) {
+    if !self.unique_ips.contains(&ip.to_string()) {
+      self.unique_ips.push(ip.to_string());
+    }
+  }
+
+  /// Get bandwidth data for the last N seconds
+  pub fn get_recent_bandwidth(&self, seconds: u64) -> Vec<BandwidthDataPoint> {
+    let now = current_timestamp();
+    let cutoff = now.saturating_sub(seconds);
+    self
+      .bandwidth_history
+      .iter()
+      .filter(|dp| dp.timestamp >= cutoff)
+      .cloned()
+      .collect()
+  }
+}
+
+/// Get current Unix timestamp in seconds
+fn current_timestamp() -> u64 {
+  std::time::SystemTime::now()
+    .duration_since(std::time::UNIX_EPOCH)
+    .unwrap_or_default()
+    .as_secs()
+}
+
+/// Get the traffic stats storage directory
+pub fn get_traffic_stats_dir() -> PathBuf {
+  let base_dirs = BaseDirs::new().expect("Failed to get base directories");
+  let mut path = base_dirs.cache_dir().to_path_buf();
+  path.push(if cfg!(debug_assertions) {
+    "DonutBrowserDev"
+  } else {
+    "DonutBrowser"
+  });
+  path.push("traffic_stats");
+  path
+}
+
+/// Get the storage key for traffic stats (profile_id if available, otherwise proxy_id)
+fn get_stats_storage_key(stats: &TrafficStats) -> String {
+  stats
+    .profile_id
+    .clone()
+    .unwrap_or_else(|| stats.proxy_id.clone())
+}
+
+/// Save traffic stats to disk using profile_id as the key
+pub fn save_traffic_stats(stats: &TrafficStats) -> Result<(), Box<dyn std::error::Error>> {
+  let storage_dir = get_traffic_stats_dir();
+  fs::create_dir_all(&storage_dir)?;
+
+  let key = get_stats_storage_key(stats);
+  let file_path = storage_dir.join(format!("{key}.json"));
+  let content = serde_json::to_string(stats)?;
+  fs::write(&file_path, content)?;
+
+  Ok(())
+}
+
+/// Load traffic stats from disk by profile_id or proxy_id
+pub fn load_traffic_stats(id: &str) -> Option<TrafficStats> {
+  let storage_dir = get_traffic_stats_dir();
+  let file_path = storage_dir.join(format!("{id}.json"));
+
+  if !file_path.exists() {
+    return None;
+  }
+
+  let content = fs::read_to_string(&file_path).ok()?;
+  serde_json::from_str(&content).ok()
+}
+
+/// Load traffic stats by profile_id
+pub fn load_traffic_stats_by_profile(profile_id: &str) -> Option<TrafficStats> {
+  load_traffic_stats(profile_id)
+}
+
+/// List all traffic stats files and migrate old proxy-id based files to profile-id based
+pub fn list_traffic_stats() -> Vec<TrafficStats> {
+  let storage_dir = get_traffic_stats_dir();
+
+  if !storage_dir.exists() {
+    return Vec::new();
+  }
+
+  let mut stats_map: HashMap<String, TrafficStats> = HashMap::new();
+  let mut files_to_delete: Vec<std::path::PathBuf> = Vec::new();
+
+  if let Ok(entries) = fs::read_dir(&storage_dir) {
+    for entry in entries.flatten() {
+      let path = entry.path();
+      if path.extension().is_some_and(|ext| ext == "json") {
+        if let Ok(content) = fs::read_to_string(&path) {
+          if let Ok(s) = serde_json::from_str::<TrafficStats>(&content) {
+            // Determine the key for this stats entry
+            let key = s.profile_id.clone().unwrap_or_else(|| s.proxy_id.clone());
+
+            // Check if this is an old proxy-id based file that should be migrated
+            let file_stem = path.file_stem().and_then(|s| s.to_str()).unwrap_or("");
+            let is_old_proxy_file = file_stem.starts_with("proxy_")
+              && s.profile_id.is_some()
+              && file_stem != s.profile_id.as_ref().unwrap();
+
+            if let Some(existing) = stats_map.get_mut(&key) {
+              // Merge stats from this file into existing
+              merge_traffic_stats(existing, &s);
+              if is_old_proxy_file {
+                files_to_delete.push(path.clone());
+              }
+            } else {
+              stats_map.insert(key.clone(), s);
+              if is_old_proxy_file {
+                files_to_delete.push(path.clone());
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+
+  // Save merged stats and delete old files
+  for stats in stats_map.values() {
+    if let Err(e) = save_traffic_stats(stats) {
+      log::warn!("Failed to save merged traffic stats: {}", e);
+    }
+  }
+
+  for path in files_to_delete {
+    if let Err(e) = fs::remove_file(&path) {
+      log::warn!("Failed to delete old traffic stats file {:?}: {}", path, e);
+    }
+  }
+
+  stats_map.into_values().collect()
+}
+
+/// Merge traffic stats from source into destination
+fn merge_traffic_stats(dest: &mut TrafficStats, src: &TrafficStats) {
+  // Update totals
+  dest.total_bytes_sent += src.total_bytes_sent;
+  dest.total_bytes_received += src.total_bytes_received;
+  dest.total_requests += src.total_requests;
+
+  // Update timestamps
+  dest.session_start = dest.session_start.min(src.session_start);
+  dest.last_update = dest.last_update.max(src.last_update);
+
+  // Merge bandwidth history (keep all data, sorted by timestamp)
+  let mut combined_history: Vec<BandwidthDataPoint> = dest.bandwidth_history.clone();
+  for point in &src.bandwidth_history {
+    if !combined_history
+      .iter()
+      .any(|p| p.timestamp == point.timestamp)
+    {
+      combined_history.push(point.clone());
+    }
+  }
+  combined_history.sort_by_key(|p| p.timestamp);
+  dest.bandwidth_history = combined_history;
+
+  // Merge domains
+  for (domain, access) in &src.domains {
+    let entry = dest.domains.entry(domain.clone()).or_insert(DomainAccess {
+      domain: domain.clone(),
+      request_count: 0,
+      bytes_sent: 0,
+      bytes_received: 0,
+      first_access: access.first_access,
+      last_access: access.last_access,
+    });
+    entry.request_count += access.request_count;
+    entry.bytes_sent += access.bytes_sent;
+    entry.bytes_received += access.bytes_received;
+    entry.first_access = entry.first_access.min(access.first_access);
+    entry.last_access = entry.last_access.max(access.last_access);
+  }
+
+  // Merge unique IPs
+  for ip in &src.unique_ips {
+    if !dest.unique_ips.contains(ip) {
+      dest.unique_ips.push(ip.clone());
+    }
+  }
+}
+
+/// Delete traffic stats by id (profile_id or proxy_id)
+pub fn delete_traffic_stats(id: &str) -> bool {
+  let storage_dir = get_traffic_stats_dir();
+  let file_path = storage_dir.join(format!("{id}.json"));
+
+  if file_path.exists() {
+    fs::remove_file(&file_path).is_ok()
+  } else {
+    false
+  }
+}
+
+/// Clear all traffic stats (used when clearing cache)
+pub fn clear_all_traffic_stats() -> Result<(), Box<dyn std::error::Error>> {
+  let storage_dir = get_traffic_stats_dir();
+
+  if storage_dir.exists() {
+    for entry in fs::read_dir(&storage_dir)?.flatten() {
+      let path = entry.path();
+      if path.extension().is_some_and(|ext| ext == "json") {
+        let _ = fs::remove_file(&path);
+      }
+    }
+  }
+
+  Ok(())
+}
+
+/// Live bandwidth tracker for real-time stats collection in the proxy
+/// This is designed to be used from within the proxy server
+pub struct LiveTrafficTracker {
+  pub proxy_id: String,
+  pub profile_id: Option<String>,
+  bytes_sent: AtomicU64,
+  bytes_received: AtomicU64,
+  requests: AtomicU64,
+  domain_stats: RwLock<HashMap<String, (u64, u64, u64)>>, // domain -> (count, sent, recv)
+  ips: RwLock<Vec<String>>,
+  #[allow(dead_code)]
+  session_start: u64,
+}
+
+impl LiveTrafficTracker {
+  pub fn new(proxy_id: String, profile_id: Option<String>) -> Self {
+    Self {
+      proxy_id,
+      profile_id,
+      bytes_sent: AtomicU64::new(0),
+      bytes_received: AtomicU64::new(0),
+      requests: AtomicU64::new(0),
+      domain_stats: RwLock::new(HashMap::new()),
+      ips: RwLock::new(Vec::new()),
+      session_start: current_timestamp(),
+    }
+  }
+
+  pub fn add_bytes_sent(&self, bytes: u64) {
+    self.bytes_sent.fetch_add(bytes, Ordering::Relaxed);
+  }
+
+  pub fn add_bytes_received(&self, bytes: u64) {
+    self.bytes_received.fetch_add(bytes, Ordering::Relaxed);
+  }
+
+  pub fn record_request(&self, domain: &str, bytes_sent: u64, bytes_received: u64) {
+    self.requests.fetch_add(1, Ordering::Relaxed);
+    // Also update total byte counters for HTTP requests (not tunneled)
+    self.bytes_sent.fetch_add(bytes_sent, Ordering::Relaxed);
+    self
+      .bytes_received
+      .fetch_add(bytes_received, Ordering::Relaxed);
+    if let Ok(mut stats) = self.domain_stats.write() {
+      let entry = stats.entry(domain.to_string()).or_insert((0, 0, 0));
+      entry.0 += 1;
+      entry.1 += bytes_sent;
+      entry.2 += bytes_received;
+    }
+  }
+
+  pub fn record_ip(&self, ip: &str) {
+    if let Ok(mut ips) = self.ips.write() {
+      if !ips.contains(&ip.to_string()) {
+        ips.push(ip.to_string());
+      }
+    }
+  }
+
+  /// Update domain-specific byte counts (called when CONNECT tunnel closes)
+  pub fn update_domain_bytes(&self, domain: &str, bytes_sent: u64, bytes_received: u64) {
+    if let Ok(mut stats) = self.domain_stats.write() {
+      let entry = stats.entry(domain.to_string()).or_insert((0, 0, 0));
+      entry.1 += bytes_sent;
+      entry.2 += bytes_received;
+    }
+  }
+
+  /// Get current stats snapshot
+  pub fn get_snapshot(&self) -> (u64, u64, u64) {
+    (
+      self.bytes_sent.load(Ordering::Relaxed),
+      self.bytes_received.load(Ordering::Relaxed),
+      self.requests.load(Ordering::Relaxed),
+    )
+  }
+
+  /// Flush current stats to disk and return the delta
+  pub fn flush_to_disk(&self) -> Result<(u64, u64), Box<dyn std::error::Error>> {
+    let bytes_sent = self.bytes_sent.swap(0, Ordering::Relaxed);
+    let bytes_received = self.bytes_received.swap(0, Ordering::Relaxed);
+
+    // Use profile_id as storage key if available, otherwise fall back to proxy_id
+    let storage_key = self
+      .profile_id
+      .clone()
+      .unwrap_or_else(|| self.proxy_id.clone());
+
+    // Load or create stats using the storage key
+    let mut stats = load_traffic_stats(&storage_key)
+      .unwrap_or_else(|| TrafficStats::new(self.proxy_id.clone(), self.profile_id.clone()));
+
+    // Ensure profile_id is set (in case stats were loaded from disk without it)
+    if stats.profile_id.is_none() && self.profile_id.is_some() {
+      stats.profile_id = self.profile_id.clone();
+    }
+
+    // Update the proxy_id to current session (for debugging/tracking)
+    stats.proxy_id = self.proxy_id.clone();
+
+    // Update bandwidth history
+    stats.record_bandwidth(bytes_sent, bytes_received);
+
+    // Update domain stats
+    if let Ok(mut domain_map) = self.domain_stats.write() {
+      for (domain, (count, sent, recv)) in domain_map.drain() {
+        stats.record_request(&domain, sent, recv);
+        // Adjust request count (record_request increments total_requests)
+        stats.total_requests = stats.total_requests.saturating_sub(1) + count;
+      }
+    }
+
+    // Update IPs
+    if let Ok(ips) = self.ips.read() {
+      for ip in ips.iter() {
+        stats.record_ip(ip);
+      }
+    }
+
+    // Save to disk
+    save_traffic_stats(&stats)?;
+
+    Ok((bytes_sent, bytes_received))
+  }
+}
+
+/// Global traffic tracker that can be accessed from connection handlers
+/// Using RwLock to allow reinitialization when proxy config changes
+static TRAFFIC_TRACKER: std::sync::RwLock<Option<Arc<LiveTrafficTracker>>> =
+  std::sync::RwLock::new(None);
+
+/// Initialize the global traffic tracker
+/// This can be called multiple times to update the tracker when proxy config changes
+pub fn init_traffic_tracker(proxy_id: String, profile_id: Option<String>) {
+  let tracker = Arc::new(LiveTrafficTracker::new(proxy_id, profile_id));
+  if let Ok(mut guard) = TRAFFIC_TRACKER.write() {
+    *guard = Some(tracker);
+  }
+}
+
+/// Get the global traffic tracker
+pub fn get_traffic_tracker() -> Option<Arc<LiveTrafficTracker>> {
+  TRAFFIC_TRACKER.read().ok().and_then(|guard| guard.clone())
+}
+
+/// Filtered traffic stats for client display (only contains data for requested period)
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct FilteredTrafficStats {
+  pub profile_id: Option<String>,
+  pub session_start: u64,
+  pub last_update: u64,
+  pub total_bytes_sent: u64,
+  pub total_bytes_received: u64,
+  pub total_requests: u64,
+  /// Bandwidth history filtered to requested time period
+  pub bandwidth_history: Vec<BandwidthDataPoint>,
+  /// Period stats: bytes sent/received within the requested period
+  pub period_bytes_sent: u64,
+  pub period_bytes_received: u64,
+  /// Domain access statistics (always full, as it's already aggregated)
+  pub domains: HashMap<String, DomainAccess>,
+  /// Unique IPs accessed
+  pub unique_ips: Vec<String>,
+}
+
+/// Get traffic stats for a profile, filtered to a specific time period
+/// seconds: number of seconds to include (0 = all time)
+pub fn get_traffic_stats_for_period(
+  profile_id: &str,
+  seconds: u64,
+) -> Option<FilteredTrafficStats> {
+  let stats = load_traffic_stats(profile_id)?;
+
+  let now = current_timestamp();
+  let cutoff = if seconds == 0 {
+    0 // All time
+  } else {
+    now.saturating_sub(seconds)
+  };
+
+  // Filter bandwidth history to requested period
+  let filtered_history: Vec<BandwidthDataPoint> = stats
+    .bandwidth_history
+    .iter()
+    .filter(|dp| dp.timestamp >= cutoff)
+    .cloned()
+    .collect();
+
+  // Calculate period totals
+  let period_bytes_sent: u64 = filtered_history.iter().map(|dp| dp.bytes_sent).sum();
+  let period_bytes_received: u64 = filtered_history.iter().map(|dp| dp.bytes_received).sum();
+
+  Some(FilteredTrafficStats {
+    profile_id: stats.profile_id,
+    session_start: stats.session_start,
+    last_update: stats.last_update,
+    total_bytes_sent: stats.total_bytes_sent,
+    total_bytes_received: stats.total_bytes_received,
+    total_requests: stats.total_requests,
+    bandwidth_history: filtered_history,
+    period_bytes_sent,
+    period_bytes_received,
+    domains: stats.domains,
+    unique_ips: stats.unique_ips,
+  })
+}
+
+/// Get lightweight traffic snapshot for a profile (for mini charts, only recent 60 seconds)
+pub fn get_traffic_snapshot_for_profile(profile_id: &str) -> Option<TrafficSnapshot> {
+  let stats = load_traffic_stats(profile_id)?;
+  Some(stats.to_snapshot())
+}
+
+#[cfg(test)]
+mod tests {
+  use super::*;
+
+  #[test]
+  fn test_traffic_stats_creation() {
+    let stats = TrafficStats::new(
+      "test_proxy".to_string(),
+      Some("test-profile-id".to_string()),
+    );
+    assert_eq!(stats.proxy_id, "test_proxy");
+    assert_eq!(stats.profile_id, Some("test-profile-id".to_string()));
+    assert_eq!(stats.total_bytes_sent, 0);
+    assert_eq!(stats.total_bytes_received, 0);
+  }
+
+  #[test]
+  fn test_bandwidth_recording() {
+    let mut stats = TrafficStats::new("test_proxy".to_string(), None);
+
+    stats.record_bandwidth(1000, 2000);
+    assert_eq!(stats.total_bytes_sent, 1000);
+    assert_eq!(stats.total_bytes_received, 2000);
+    assert_eq!(stats.bandwidth_history.len(), 1);
+
+    stats.record_bandwidth(500, 1000);
+    assert_eq!(stats.total_bytes_sent, 1500);
+    assert_eq!(stats.total_bytes_received, 3000);
+  }
+
+  #[test]
+  fn test_domain_recording() {
+    let mut stats = TrafficStats::new("test_proxy".to_string(), None);
+
+    stats.record_request("example.com", 100, 500);
+    stats.record_request("example.com", 200, 1000);
+    stats.record_request("google.com", 50, 200);
+
+    assert_eq!(stats.domains.len(), 2);
+    assert_eq!(stats.domains["example.com"].request_count, 2);
+    assert_eq!(stats.domains["example.com"].bytes_sent, 300);
+    assert_eq!(stats.domains["google.com"].request_count, 1);
+  }
+
+  #[test]
+  fn test_ip_recording() {
+    let mut stats = TrafficStats::new("test_proxy".to_string(), None);
+
+    stats.record_ip("192.168.1.1");
+    stats.record_ip("192.168.1.1"); // Duplicate
+    stats.record_ip("10.0.0.1");
+
+    assert_eq!(stats.unique_ips.len(), 2);
+  }
+}
@@ -10,7 +10,7 @@ use tokio::sync::Mutex;
 use tokio::time::interval;

 use crate::auto_updater::AutoUpdater;
-use crate::browser_version_service::BrowserVersionService;
+use crate::browser_version_manager::BrowserVersionManager;

 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct VersionUpdateProgress {
@@ -41,13 +41,14 @@ impl Default for BackgroundUpdateState {
  fn default() -> Self {
    Self {
      last_update_time: 0,
-      update_interval_hours: 3,
+      update_interval_hours: 12,
    }
  }
 }

+/// Extension of auto_updater.rs for background updates
 pub struct VersionUpdater {
-  version_service: &'static BrowserVersionService,
+  browser_version_manager: &'static BrowserVersionManager,
  auto_updater: &'static AutoUpdater,
  app_handle: Option<tauri::AppHandle>,
 }
@@ -55,7 +56,7 @@ pub struct VersionUpdater {
 impl VersionUpdater {
  pub fn new() -> Self {
    Self {
-      version_service: BrowserVersionService::instance(),
+      browser_version_manager: BrowserVersionManager::instance(),
      auto_updater: AutoUpdater::instance(),
      app_handle: None,
    }
@@ -128,14 +129,14 @@ impl VersionUpdater {
    let should_update = state.last_update_time == 0 || elapsed_secs >= update_interval_secs;

    if should_update {
-      println!(
+      log::debug!(
        "Background update needed: last_update={}, elapsed={}h, required={}h",
        state.last_update_time,
        elapsed_secs / 3600,
        state.update_interval_hours
      );
    } else {
-      println!(
+      log::debug!(
        "Background update not needed: last_update={}, elapsed={}h, required={}h",
        state.last_update_time,
        elapsed_secs / 3600,
@@ -151,12 +152,12 @@ impl VersionUpdater {
  ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    // Only run if an update is actually needed
    if !Self::should_run_background_update() {
-      println!("No startup version update needed");
+      log::debug!("No startup version update needed");
      return Ok(());
    }

    if let Some(ref app_handle) = self.app_handle {
-      println!("Running startup version update...");
+      log::info!("Running startup version update...");

      match self.update_all_browser_versions(app_handle).await {
        Ok(_) => {
@@ -167,13 +168,13 @@ impl VersionUpdater {
          };

          if let Err(e) = Self::save_background_update_state(&state) {
-            eprintln!("Failed to save background update state: {e}");
+            log::error!("Failed to save background update state: {e}");
          } else {
-            println!("Startup version update completed successfully");
+            log::info!("Startup version update completed successfully");
          }
        }
        Err(e) => {
-          eprintln!("Startup version update failed: {e}");
+          log::error!("Startup version update failed: {e}");
          return Err(e);
        }
      }
@@ -263,7 +264,7 @@ impl VersionUpdater {
    &self,
    app_handle: &tauri::AppHandle,
  ) -> Result<Vec<BackgroundUpdateResult>, Box<dyn std::error::Error + Send + Sync>> {
-    let supported_browsers = self.version_service.get_supported_browsers();
+    let supported_browsers = self.browser_version_manager.get_supported_browsers();
    let total_browsers = supported_browsers.len();
    let mut results = Vec::new();
    let mut total_new_versions = 0;
@@ -279,11 +280,11 @@ impl VersionUpdater {
    };

    if let Err(e) = app_handle.emit("version-update-progress", &initial_progress) {
-      eprintln!("Failed to emit initial progress: {e}");
+      log::error!("Failed to emit initial progress: {e}");
    }

    for (index, browser) in supported_browsers.iter().enumerate() {
-      println!("Updating browser versions for: {browser}");
+      log::debug!("Updating browser versions for: {browser}");

      // Emit progress update for current browser
      let progress = VersionUpdateProgress {
@@ -296,7 +297,7 @@ impl VersionUpdater {
      };

      if let Err(e) = app_handle.emit("version-update-progress", &progress) {
-        eprintln!("Failed to emit progress for {browser}: {e}");
+        log::error!("Failed to emit progress for {browser}: {e}");
      }

      match self.update_browser_versions(browser).await {
@@ -322,7 +323,7 @@ impl VersionUpdater {
          };

          if let Err(e) = app_handle.emit("version-update-progress", &progress) {
-            eprintln!("Failed to emit progress with versions for {browser}: {e}");
+            log::error!("Failed to emit progress with versions for {browser}: {e}");
          }
        }
        Err(e) => {
@@ -374,7 +375,7 @@ impl VersionUpdater {
    browser: &str,
  ) -> Result<usize, Box<dyn std::error::Error + Send + Sync>> {
    self
-      .version_service
+      .browser_version_manager
      .update_browser_versions_incrementally(browser)
      .await
  }
@@ -392,7 +393,7 @@ impl VersionUpdater {
    };

    if let Err(e) = Self::save_background_update_state(&state) {
-      eprintln!("Failed to save background update state after manual update: {e}");
+      log::error!("Failed to save background update state after manual update: {e}");
    }

    Ok(results)
@@ -455,6 +456,63 @@ pub async fn get_version_update_status() -> Result<(Option<u64>, u64), String> {
  Ok((last_update, time_until_next))
 }

+#[tauri::command]
+pub async fn clear_all_version_cache_and_refetch(
+  app_handle: tauri::AppHandle,
+) -> Result<(), String> {
+  let api_client = crate::api_client::ApiClient::instance();
+  let version_updater = VersionUpdater::new();
+
+  // Clear all cache first
+  api_client
+    .clear_all_cache()
+    .map_err(|e| format!("Failed to clear version cache: {e}"))?;
+
+  // Disable all browsers during the update process
+  let supported_browsers = version_updater
+    .browser_version_manager
+    .get_supported_browsers();
+
+  // Load current state and disable all browsers
+  let mut state = version_updater
+    .auto_updater
+    .load_auto_update_state()
+    .map_err(|e| format!("Failed to load auto update state: {e}"))?;
+  for browser in &supported_browsers {
+    state.disabled_browsers.insert(browser.clone());
+  }
+  version_updater
+    .auto_updater
+    .save_auto_update_state(&state)
+    .map_err(|e| format!("Failed to save auto update state: {e}"))?;
+
+  let updater = get_version_updater();
+  let updater_guard = updater.lock().await;
+
+  let result = updater_guard
+    .trigger_manual_update(&app_handle)
+    .await
+    .map_err(|e| format!("Failed to trigger version update: {e}"));
+
+  // Re-enable all browsers after the update completes (regardless of success/failure)
+  let mut final_state = version_updater
+    .auto_updater
+    .load_auto_update_state()
+    .unwrap_or_default();
+  for browser in &supported_browsers {
+    final_state.disabled_browsers.remove(browser);
+  }
+  if let Err(e) = version_updater
+    .auto_updater
+    .save_auto_update_state(&final_state)
+  {
+    log::warn!("Failed to re-enable browsers after cache clear: {e}");
+  }
+
+  result?;
+  Ok(())
+}
+
 #[cfg(test)]
 mod tests {
  use super::*;
@@ -487,13 +545,22 @@ mod tests {
      Err(_) => return BackgroundUpdateState::default(),
    };

-    serde_json::from_str(&content).unwrap_or_default()
+    match serde_json::from_str(&content) {
+      Ok(state) => state,
+      Err(e) => {
+        eprintln!("Failed to parse test state file {:?}: {}", state_file, e);
+        BackgroundUpdateState::default()
+      }
+    }
  }

  #[test]
  fn test_background_update_state_persistence() {
    let test_name = "persistence";

+    // Clean up any existing test file first
+    let _ = fs::remove_file(get_test_state_file(test_name));
+
    // Create a test state
    let test_state = BackgroundUpdateState {
      last_update_time: 1609459200, // 2021-01-01 00:00:00 UTC
@@ -503,14 +570,22 @@ mod tests {
    // Save the state
    save_test_state(test_name, &test_state).unwrap();

+    // Verify file was created
+    let state_file = get_test_state_file(test_name);
+    assert!(state_file.exists(), "State file should exist after saving");
+
    // Load the state back
    let loaded_state = load_test_state(test_name);

    // Verify the values match
-    assert_eq!(loaded_state.last_update_time, test_state.last_update_time);
    assert_eq!(
-      loaded_state.update_interval_hours,
-      test_state.update_interval_hours
+      loaded_state.last_update_time, test_state.last_update_time,
+      "last_update_time should match. Expected: {}, Got: {}",
+      test_state.last_update_time, loaded_state.last_update_time
+    );
+    assert_eq!(
+      loaded_state.update_interval_hours, test_state.update_interval_hours,
+      "update_interval_hours should match"
    );

    // Clean up
@@ -519,31 +594,110 @@ mod tests {

  #[test]
  fn test_should_run_background_update_logic() {
-    // Note: This test uses the shared state file, so results may vary
-    // depending on previous test runs. This is expected behavior.
+    // Create isolated test states to avoid interference
+    let current_time = VersionUpdater::get_current_timestamp();

    // Test with recent update (should not update)
    let recent_state = BackgroundUpdateState {
-      last_update_time: VersionUpdater::get_current_timestamp() - 60, // 1 minute ago
+      last_update_time: current_time - 60, // 1 minute ago
      update_interval_hours: 3,
    };
-    VersionUpdater::save_background_update_state(&recent_state).unwrap();
-    assert!(!VersionUpdater::should_run_background_update());
+
+    // Save and test recent state
+    let save_result = VersionUpdater::save_background_update_state(&recent_state);
+    assert!(save_result.is_ok(), "Should save recent state successfully");
+
+    let should_update_recent = VersionUpdater::should_run_background_update();
+    assert!(
+      !should_update_recent,
+      "Should not update when last update was recent"
+    );

    // Test with old update (should update)
    let old_state = BackgroundUpdateState {
-      last_update_time: VersionUpdater::get_current_timestamp() - (4 * 60 * 60), // 4 hours ago
+      last_update_time: current_time - (4 * 60 * 60), // 4 hours ago
      update_interval_hours: 3,
    };
-    VersionUpdater::save_background_update_state(&old_state).unwrap();
-    assert!(VersionUpdater::should_run_background_update());
+
+    // Save and test old state
+    let save_result = VersionUpdater::save_background_update_state(&old_state);
+    assert!(save_result.is_ok(), "Should save old state successfully");
+
+    let should_update_old = VersionUpdater::should_run_background_update();
+    assert!(should_update_old, "Should update when last update was old");
+
+    // Test with never updated (should update)
+    let never_updated_state = BackgroundUpdateState {
+      last_update_time: 0,
+      update_interval_hours: 3,
+    };
+
+    let save_result = VersionUpdater::save_background_update_state(&never_updated_state);
+    assert!(
+      save_result.is_ok(),
+      "Should save never updated state successfully"
+    );
+
+    let should_update_never = VersionUpdater::should_run_background_update();
+    assert!(
+      should_update_never,
+      "Should update when never updated before"
+    );
  }

  #[test]
-  fn test_cache_dir_creation() {
-    // This should not panic and should create the directory if it doesn't exist
-    let cache_dir = VersionUpdater::get_cache_dir().unwrap();
-    assert!(cache_dir.exists());
-    assert!(cache_dir.is_dir());
+  fn test_version_updater_creation() {
+    let updater = VersionUpdater::new();
+
+    // Should have valid references to services
+    assert!(
+      !std::ptr::eq(
+        updater.browser_version_manager as *const _,
+        std::ptr::null()
+      ),
+      "Version service should not be null"
+    );
+    assert!(
+      !std::ptr::eq(updater.auto_updater as *const _, std::ptr::null()),
+      "Auto updater should not be null"
+    );
+    assert!(
+      updater.app_handle.is_none(),
+      "App handle should initially be None"
+    );
+  }
+
+  #[test]
+  fn test_get_current_timestamp() {
+    let timestamp1 = VersionUpdater::get_current_timestamp();
+
+    // Should be a reasonable timestamp (after year 2020)
+    assert!(
+      timestamp1 > 1577836800,
+      "Timestamp should be after 2020-01-01"
+    ); // 2020-01-01 00:00:00 UTC
+
+    // Should be before year 2100
+    assert!(
+      timestamp1 < 4102444800,
+      "Timestamp should be before 2100-01-01"
+    ); // 2100-01-01 00:00:00 UTC
+
+    // Wait a tiny bit and check it increases
+    std::thread::sleep(std::time::Duration::from_millis(1));
+    let timestamp2 = VersionUpdater::get_current_timestamp();
+    assert!(timestamp2 >= timestamp1, "Timestamp should not decrease");
+  }
+
+  #[test]
+  fn test_get_version_updater_singleton() {
+    let updater1 = get_version_updater();
+    let updater2 = get_version_updater();
+
+    // Should return the same Arc instance
+    assert!(
+      Arc::ptr_eq(&updater1, &updater2),
+      "Should return same singleton instance"
+    );
  }
 }
@@ -1,12 +1,12 @@
 {
  "$schema": "https://schema.tauri.app/config/2",
-  "productName": "Donut Browser",
-  "version": "0.7.2",
+  "productName": "Donut",
+  "version": "0.13.1",
  "identifier": "com.donutbrowser",
  "build": {
-    "beforeDevCommand": "pnpm dev",
+    "beforeDevCommand": "pnpm copy-proxy-binary && pnpm dev",
    "devUrl": "http://localhost:3000",
-    "beforeBuildCommand": "pnpm build",
+    "beforeBuildCommand": "pnpm copy-proxy-binary && (test -d ../dist || pnpm build)",
    "frontendDist": "../dist"
  },
  "app": {
@@ -17,9 +17,9 @@
  },
  "bundle": {
    "active": true,
-    "targets": "all",
+    "targets": ["app", "dmg", "nsis", "deb", "rpm", "appimage"],
    "category": "Productivity",
-    "externalBin": ["binaries/nodecar"],
+    "externalBin": ["binaries/nodecar", "binaries/donut-proxy"],
    "icon": [
      "icons/32x32.png",
      "icons/128x128.png",
@@ -41,22 +41,23 @@
    },
    "linux": {
      "deb": {
-        "depends": ["xdg-utils"],
-        "files": {
-          "/usr/share/applications/donutbrowser.desktop": "donutbrowser.desktop"
-        }
+        "desktopTemplate": "donutbrowser.desktop",
+        "depends": ["xdg-utils"]
      },
      "rpm": {
-        "depends": ["xdg-utils"],
-        "files": {
-          "/usr/share/applications/donutbrowser.desktop": "donutbrowser.desktop"
-        }
+        "desktopTemplate": "donutbrowser.desktop",
+        "depends": ["xdg-utils"]
      },
      "appimage": {
        "files": {
          "usr/share/applications/donutbrowser.desktop": "donutbrowser.desktop"
        }
      }
+    },
+    "windows": {
+      "certificateThumbprint": null,
+      "digestAlgorithm": "sha256",
+      "timestampUrl": ""
    }
  },
  "plugins": {
@@ -0,0 +1 @@
+Hello, World!
@@ -1,177 +1,21 @@
-use std::env;
 use std::path::PathBuf;
 use std::process::Command;
-use std::time::Duration;
-use tokio::time::timeout;

 /// Utility functions for integration tests
 pub struct TestUtils;

 impl TestUtils {
-  /// Build the nodecar binary if it doesn't exist
-  pub async fn ensure_nodecar_binary() -> Result<PathBuf, Box<dyn std::error::Error + Send + Sync>>
-  {
-    let cargo_manifest_dir = env::var("CARGO_MANIFEST_DIR")?;
-    let project_root = PathBuf::from(cargo_manifest_dir)
-      .parent()
-      .unwrap()
-      .to_path_buf();
-    let nodecar_dir = project_root.join("nodecar");
-    let nodecar_binary = nodecar_dir.join("nodecar-bin");
-
-    // Check if binary already exists
-    if nodecar_binary.exists() {
-      return Ok(nodecar_binary);
-    }
-
-    println!("Building nodecar binary for integration tests...");
-
-    // Install dependencies
-    let install_status = Command::new("pnpm")
-      .args(["install", "--frozen-lockfile"])
-      .current_dir(&nodecar_dir)
-      .status()?;
-
-    if !install_status.success() {
-      return Err("Failed to install nodecar dependencies".into());
-    }
-
-    // Build the binary
-    let build_status = Command::new("pnpm")
-      .args(["run", "build"])
-      .current_dir(&nodecar_dir)
-      .status()?;
-
-    if !build_status.success() {
-      return Err("Failed to build nodecar binary".into());
-    }
-
-    if !nodecar_binary.exists() {
-      return Err("Nodecar binary was not created successfully".into());
-    }
-
-    Ok(nodecar_binary)
-  }
-
-  /// Get the appropriate build target for the current platform
+  /// Execute a command (generic, for donut-proxy tests)
  #[allow(dead_code)]
-  fn get_build_target() -> &'static str {
-    if cfg!(target_arch = "aarch64") && cfg!(target_os = "macos") {
-      "build:mac-aarch64"
-    } else if cfg!(target_arch = "x86_64") && cfg!(target_os = "macos") {
-      "build:mac-x86_64"
-    } else if cfg!(target_arch = "x86_64") && cfg!(target_os = "linux") {
-      "build:linux-x64"
-    } else if cfg!(target_arch = "aarch64") && cfg!(target_os = "linux") {
-      "build:linux-arm64"
-    } else if cfg!(target_arch = "x86_64") && cfg!(target_os = "windows") {
-      "build:win-x64"
-    } else if cfg!(target_arch = "aarch64") && cfg!(target_os = "windows") {
-      "build:win-arm64"
-    } else {
-      panic!("Unsupported target architecture for nodecar build")
-    }
-  }
-
-  /// Execute a nodecar command with timeout
-  pub async fn execute_nodecar_command(
+  pub async fn execute_command(
    binary_path: &PathBuf,
    args: &[&str],
-    timeout_secs: u64,
  ) -> Result<std::process::Output, Box<dyn std::error::Error + Send + Sync>> {
    let mut cmd = Command::new(binary_path);
    cmd.args(args);

-    let output = timeout(Duration::from_secs(timeout_secs), async {
-      tokio::process::Command::from(cmd).output().await
-    })
-    .await??;
+    let output = tokio::process::Command::from(cmd).output().await?;

    Ok(output)
  }
-
-  /// Check if a port is available
-  pub async fn is_port_available(port: u16) -> bool {
-    tokio::net::TcpListener::bind(format!("127.0.0.1:{port}"))
-      .await
-      .is_ok()
-  }
-
-  /// Wait for a port to become available or occupied
-  pub async fn wait_for_port_state(port: u16, should_be_occupied: bool, timeout_secs: u64) -> bool {
-    let start = std::time::Instant::now();
-
-    while start.elapsed().as_secs() < timeout_secs {
-      let is_available = Self::is_port_available(port).await;
-
-      if should_be_occupied && !is_available {
-        return true; // Port is occupied as expected
-      } else if !should_be_occupied && is_available {
-        return true; // Port is available as expected
-      }
-
-      tokio::time::sleep(Duration::from_millis(100)).await;
-    }
-
-    false
-  }
-
-  /// Create a temporary directory for test files
-  pub fn create_temp_dir() -> Result<tempfile::TempDir, Box<dyn std::error::Error + Send + Sync>> {
-    Ok(tempfile::tempdir()?)
-  }
-
-  /// Clean up all running nodecar processes (proxies and camoufox instances)
-  pub async fn cleanup_all_nodecar_processes(
-    nodecar_path: &PathBuf,
-  ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-    println!("Cleaning up all nodecar processes...");
-
-    // Get list of all proxies and stop them individually
-    let proxy_list_args = ["proxy", "list"];
-    if let Ok(list_output) = Self::execute_nodecar_command(nodecar_path, &proxy_list_args, 10).await
-    {
-      if list_output.status.success() {
-        let list_stdout = String::from_utf8(list_output.stdout)?;
-        if let Ok(proxies) = serde_json::from_str::<serde_json::Value>(&list_stdout) {
-          if let Some(proxy_array) = proxies.as_array() {
-            for proxy in proxy_array {
-              if let Some(proxy_id) = proxy["id"].as_str() {
-                let stop_args = ["proxy", "stop", "--id", proxy_id];
-                let _ = Self::execute_nodecar_command(nodecar_path, &stop_args, 10).await;
-                println!("Stopped proxy: {proxy_id}");
-              }
-            }
-          }
-        }
-      }
-    }
-
-    // Get list of all camoufox instances and stop them individually
-    let camoufox_list_args = ["camoufox", "list"];
-    if let Ok(list_output) =
-      Self::execute_nodecar_command(nodecar_path, &camoufox_list_args, 10).await
-    {
-      if list_output.status.success() {
-        let list_stdout = String::from_utf8(list_output.stdout)?;
-        if let Ok(instances) = serde_json::from_str::<serde_json::Value>(&list_stdout) {
-          if let Some(instance_array) = instances.as_array() {
-            for instance in instance_array {
-              if let Some(instance_id) = instance["id"].as_str() {
-                let stop_args = ["camoufox", "stop", "--id", instance_id];
-                let _ = Self::execute_nodecar_command(nodecar_path, &stop_args, 30).await;
-                println!("Stopped camoufox instance: {instance_id}");
-              }
-            }
-          }
-        }
-      }
-    }
-
-    // Give processes time to clean up
-    tokio::time::sleep(Duration::from_secs(2)).await;
-
-    println!("Nodecar process cleanup completed");
-    Ok(())
-  }
 }
@@ -0,0 +1,640 @@
+mod common;
+use common::TestUtils;
+use serde_json::Value;
+use serial_test::serial;
+use std::time::Duration;
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+use tokio::net::TcpStream;
+use tokio::time::sleep;
+
+/// Setup function to ensure donut-proxy binary exists and cleanup stale proxies
+async fn setup_test() -> Result<std::path::PathBuf, Box<dyn std::error::Error + Send + Sync>> {
+  let cargo_manifest_dir = std::env::var("CARGO_MANIFEST_DIR")?;
+  let project_root = std::path::PathBuf::from(cargo_manifest_dir)
+    .parent()
+    .unwrap()
+    .to_path_buf();
+
+  // Build donut-proxy binary if it doesn't exist
+  let proxy_binary = project_root
+    .join("src-tauri")
+    .join("target")
+    .join("debug")
+    .join("donut-proxy");
+
+  if !proxy_binary.exists() {
+    println!("Building donut-proxy binary for integration tests...");
+    let build_status = std::process::Command::new("cargo")
+      .args(["build", "--bin", "donut-proxy"])
+      .current_dir(project_root.join("src-tauri"))
+      .status()?;
+
+    if !build_status.success() {
+      return Err("Failed to build donut-proxy binary".into());
+    }
+  }
+
+  if !proxy_binary.exists() {
+    return Err("donut-proxy binary was not created successfully".into());
+  }
+
+  // Clean up any stale proxies from previous test runs
+  let _ = TestUtils::execute_command(&proxy_binary, &["proxy", "stop"]).await;
+
+  Ok(proxy_binary)
+}
+
+/// Helper to track and cleanup proxy processes
+struct ProxyTestTracker {
+  proxy_ids: Vec<String>,
+  binary_path: std::path::PathBuf,
+}
+
+impl ProxyTestTracker {
+  fn new(binary_path: std::path::PathBuf) -> Self {
+    Self {
+      proxy_ids: Vec::new(),
+      binary_path,
+    }
+  }
+
+  fn track_proxy(&mut self, proxy_id: String) {
+    self.proxy_ids.push(proxy_id);
+  }
+
+  async fn cleanup_all(&self) {
+    for proxy_id in &self.proxy_ids {
+      let _ =
+        TestUtils::execute_command(&self.binary_path, &["proxy", "stop", "--id", proxy_id]).await;
+    }
+  }
+}
+
+impl Drop for ProxyTestTracker {
+  fn drop(&mut self) {
+    let proxy_ids = self.proxy_ids.clone();
+    let binary_path = self.binary_path.clone();
+    tokio::spawn(async move {
+      for proxy_id in &proxy_ids {
+        let _ =
+          TestUtils::execute_command(&binary_path, &["proxy", "stop", "--id", proxy_id]).await;
+      }
+    });
+  }
+}
+
+/// Test starting a local proxy without upstream proxy (DIRECT)
+#[tokio::test]
+#[serial]
+async fn test_local_proxy_direct() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+  let binary_path = setup_test().await?;
+  let mut tracker = ProxyTestTracker::new(binary_path.clone());
+
+  println!("Starting local proxy without upstream (DIRECT)...");
+
+  let output = TestUtils::execute_command(&binary_path, &["proxy", "start"]).await?;
+
+  if !output.status.success() {
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    return Err(format!("Proxy start failed - stdout: {stdout}, stderr: {stderr}").into());
+  }
+
+  let stdout = String::from_utf8(output.stdout)?;
+  let config: Value = serde_json::from_str(&stdout)?;
+
+  let proxy_id = config["id"].as_str().unwrap().to_string();
+  let local_port = config["localPort"].as_u64().unwrap() as u16;
+  let local_url = config["localUrl"].as_str().unwrap();
+  let upstream_url = config["upstreamUrl"].as_str().unwrap();
+
+  tracker.track_proxy(proxy_id.clone());
+
+  println!(
+    "Proxy started: id={}, port={}, url={}, upstream={}",
+    proxy_id, local_port, local_url, upstream_url
+  );
+
+  // Verify proxy is listening
+  sleep(Duration::from_millis(500)).await;
+  match TcpStream::connect(("127.0.0.1", local_port)).await {
+    Ok(_) => {
+      println!("Proxy is listening on port {local_port}");
+    }
+    Err(e) => {
+      return Err(format!("Proxy port {local_port} is not listening: {e}").into());
+    }
+  }
+
+  // Test making an HTTP request through the proxy
+  let mut stream = TcpStream::connect(("127.0.0.1", local_port)).await?;
+  let request =
+    b"GET http://httpbin.org/ip HTTP/1.1\r\nHost: httpbin.org\r\nConnection: close\r\n\r\n";
+  stream.write_all(request).await?;
+
+  let mut response = Vec::new();
+  stream.read_to_end(&mut response).await?;
+  let response_str = String::from_utf8_lossy(&response);
+
+  if response_str.contains("200 OK") || response_str.contains("origin") {
+    println!("Proxy successfully forwarded HTTP request");
+  } else {
+    println!(
+      "Warning: Proxy response may be unexpected: {}",
+      &response_str[..response_str.len().min(200)]
+    );
+  }
+
+  // Cleanup
+  tracker.cleanup_all().await;
+
+  Ok(())
+}
+
+/// Test chaining local proxies (local proxy -> local proxy -> internet)
+#[tokio::test]
+#[serial]
+async fn test_chained_local_proxies() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+  let binary_path = setup_test().await?;
+  let mut tracker = ProxyTestTracker::new(binary_path.clone());
+
+  println!("Testing chained local proxies...");
+
+  // Start first proxy (DIRECT - connects to internet)
+  let output1 = TestUtils::execute_command(&binary_path, &["proxy", "start"]).await?;
+  if !output1.status.success() {
+    let stderr = String::from_utf8_lossy(&output1.stderr);
+    let stdout = String::from_utf8_lossy(&output1.stdout);
+    return Err(format!("Failed to start first proxy - stdout: {stdout}, stderr: {stderr}").into());
+  }
+
+  let config1: Value = serde_json::from_str(&String::from_utf8(output1.stdout)?)?;
+  let proxy1_id = config1["id"].as_str().unwrap().to_string();
+  let proxy1_port = config1["localPort"].as_u64().unwrap() as u16;
+  tracker.track_proxy(proxy1_id.clone());
+
+  println!("First proxy started on port {}", proxy1_port);
+
+  // Wait for first proxy to be ready
+  sleep(Duration::from_millis(500)).await;
+  match TcpStream::connect(("127.0.0.1", proxy1_port)).await {
+    Ok(_) => println!("First proxy is ready"),
+    Err(e) => return Err(format!("First proxy not ready: {e}").into()),
+  }
+
+  // Start second proxy chained to first proxy
+  let output2 = TestUtils::execute_command(
+    &binary_path,
+    &[
+      "proxy",
+      "start",
+      "--host",
+      "127.0.0.1",
+      "--proxy-port",
+      &proxy1_port.to_string(),
+      "--type",
+      "http",
+    ],
+  )
+  .await?;
+
+  if !output2.status.success() {
+    let stderr = String::from_utf8_lossy(&output2.stderr);
+    let stdout = String::from_utf8_lossy(&output2.stdout);
+    return Err(
+      format!("Failed to start second proxy - stdout: {stdout}, stderr: {stderr}").into(),
+    );
+  }
+
+  let config2: Value = serde_json::from_str(&String::from_utf8(output2.stdout)?)?;
+  let proxy2_id = config2["id"].as_str().unwrap().to_string();
+  let proxy2_port = config2["localPort"].as_u64().unwrap() as u16;
+  tracker.track_proxy(proxy2_id.clone());
+
+  println!(
+    "Second proxy started on port {} (chained to proxy on port {})",
+    proxy2_port, proxy1_port
+  );
+
+  // Wait for second proxy to be ready
+  sleep(Duration::from_millis(500)).await;
+  match TcpStream::connect(("127.0.0.1", proxy2_port)).await {
+    Ok(_) => println!("Second proxy is ready"),
+    Err(e) => return Err(format!("Second proxy not ready: {e}").into()),
+  }
+
+  // Test making an HTTP request through the chained proxy
+  let mut stream = TcpStream::connect(("127.0.0.1", proxy2_port)).await?;
+  let request =
+    b"GET http://httpbin.org/ip HTTP/1.1\r\nHost: httpbin.org\r\nConnection: close\r\n\r\n";
+  stream.write_all(request).await?;
+
+  let mut response = Vec::new();
+  stream.read_to_end(&mut response).await?;
+  let response_str = String::from_utf8_lossy(&response);
+
+  if response_str.contains("200 OK") || response_str.contains("origin") {
+    println!("Chained proxy successfully forwarded HTTP request");
+  } else {
+    println!(
+      "Warning: Chained proxy response may be unexpected: {}",
+      &response_str[..response_str.len().min(200)]
+    );
+  }
+
+  // Cleanup
+  tracker.cleanup_all().await;
+
+  Ok(())
+}
+
+/// Test starting a local proxy with HTTP upstream proxy
+#[tokio::test]
+#[serial]
+async fn test_local_proxy_with_http_upstream(
+) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+  let binary_path = setup_test().await?;
+  let mut tracker = ProxyTestTracker::new(binary_path.clone());
+
+  // Start a mock HTTP upstream proxy server
+  let upstream_listener = tokio::net::TcpListener::bind("127.0.0.1:0").await?;
+  let upstream_addr = upstream_listener.local_addr()?;
+  let upstream_port = upstream_addr.port();
+
+  let upstream_handle = tokio::spawn(async move {
+    use http_body_util::Full;
+    use hyper::body::Bytes;
+    use hyper::server::conn::http1;
+    use hyper::service::service_fn;
+    use hyper::{Response, StatusCode};
+    use hyper_util::rt::TokioIo;
+
+    while let Ok((stream, _)) = upstream_listener.accept().await {
+      let io = TokioIo::new(stream);
+      tokio::task::spawn(async move {
+        let service = service_fn(|_req| async {
+          Ok::<_, hyper::Error>(
+            Response::builder()
+              .status(StatusCode::OK)
+              .body(Full::new(Bytes::from("Upstream Proxy Response")))
+              .unwrap(),
+          )
+        });
+        let _ = http1::Builder::new().serve_connection(io, service).await;
+      });
+    }
+  });
+
+  sleep(Duration::from_millis(200)).await;
+
+  println!("Starting local proxy with HTTP upstream proxy...");
+
+  let output = TestUtils::execute_command(
+    &binary_path,
+    &[
+      "proxy",
+      "start",
+      "--host",
+      "127.0.0.1",
+      "--proxy-port",
+      &upstream_port.to_string(),
+      "--type",
+      "http",
+    ],
+  )
+  .await?;
+
+  if !output.status.success() {
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    upstream_handle.abort();
+    return Err(format!("Proxy start failed - stdout: {stdout}, stderr: {stderr}").into());
+  }
+
+  let stdout = String::from_utf8(output.stdout)?;
+  let config: Value = serde_json::from_str(&stdout)?;
+
+  let proxy_id = config["id"].as_str().unwrap().to_string();
+  let local_port = config["localPort"].as_u64().unwrap() as u16;
+  tracker.track_proxy(proxy_id.clone());
+
+  println!("Proxy started: id={}, port={}", proxy_id, local_port);
+
+  // Verify proxy is listening
+  sleep(Duration::from_millis(500)).await;
+  match TcpStream::connect(("127.0.0.1", local_port)).await {
+    Ok(_) => {
+      println!("Proxy is listening on port {local_port}");
+    }
+    Err(e) => {
+      upstream_handle.abort();
+      return Err(format!("Proxy port {local_port} is not listening: {e}").into());
+    }
+  }
+
+  // Cleanup
+  tracker.cleanup_all().await;
+  upstream_handle.abort();
+
+  Ok(())
+}
+
+/// Test multiple proxies running simultaneously
+#[tokio::test]
+#[serial]
+async fn test_multiple_proxies_simultaneously(
+) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+  let binary_path = setup_test().await?;
+  let mut tracker = ProxyTestTracker::new(binary_path.clone());
+
+  println!("Starting multiple proxies simultaneously...");
+
+  let mut proxy_ports = Vec::new();
+
+  // Start 3 proxies, waiting for each to be ready before starting the next
+  // This avoids race conditions on macOS where processes need time to initialize
+  for i in 0..3 {
+    let output = TestUtils::execute_command(&binary_path, &["proxy", "start"]).await?;
+    if !output.status.success() {
+      let stderr = String::from_utf8_lossy(&output.stderr);
+      let stdout = String::from_utf8_lossy(&output.stdout);
+      return Err(
+        format!(
+          "Failed to start proxy {} - stdout: {}, stderr: {}",
+          i + 1,
+          stdout,
+          stderr
+        )
+        .into(),
+      );
+    }
+
+    let config: Value = serde_json::from_str(&String::from_utf8(output.stdout)?)?;
+    let proxy_id = config["id"].as_str().unwrap().to_string();
+    let local_port = config["localPort"].as_u64().unwrap() as u16;
+    tracker.track_proxy(proxy_id);
+    proxy_ports.push(local_port);
+
+    println!("Proxy {} started on port {}", i + 1, local_port);
+
+    // Wait for this proxy to be ready before starting the next one
+    // This prevents race conditions on macOS where processes need time to initialize
+    let mut attempts = 0;
+    let max_attempts = 50; // 5 seconds max (50 * 100ms)
+    loop {
+      sleep(Duration::from_millis(100)).await;
+      match TcpStream::connect(("127.0.0.1", local_port)).await {
+        Ok(_) => {
+          println!("Proxy {} is ready on port {}", i + 1, local_port);
+          break;
+        }
+        Err(_) => {
+          attempts += 1;
+          if attempts >= max_attempts {
+            return Err(
+              format!(
+                "Proxy {} on port {} failed to become ready after {} attempts",
+                i + 1,
+                local_port,
+                max_attempts
+              )
+              .into(),
+            );
+          }
+        }
+      }
+    }
+  }
+
+  // Verify all proxies are still listening
+  for (i, port) in proxy_ports.iter().enumerate() {
+    match TcpStream::connect(("127.0.0.1", *port)).await {
+      Ok(_) => {
+        println!("Proxy {} is listening on port {}", i + 1, port);
+      }
+      Err(e) => {
+        return Err(format!("Proxy {} on port {} is not listening: {e}", i + 1, port).into());
+      }
+    }
+  }
+
+  // Cleanup
+  tracker.cleanup_all().await;
+
+  Ok(())
+}
+
+/// Test proxy listing
+#[tokio::test]
+#[serial]
+async fn test_proxy_list() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+  let binary_path = setup_test().await?;
+  let mut tracker = ProxyTestTracker::new(binary_path.clone());
+
+  // Start a proxy
+  let output = TestUtils::execute_command(&binary_path, &["proxy", "start"]).await?;
+  if !output.status.success() {
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    return Err(format!("Failed to start proxy - stdout: {stdout}, stderr: {stderr}").into());
+  }
+
+  let config: Value = serde_json::from_str(&String::from_utf8(output.stdout)?)?;
+  let proxy_id = config["id"].as_str().unwrap().to_string();
+  tracker.track_proxy(proxy_id.clone());
+
+  // List proxies
+  let list_output = TestUtils::execute_command(&binary_path, &["proxy", "list"]).await?;
+  if !list_output.status.success() {
+    return Err("Failed to list proxies".into());
+  }
+
+  let list_stdout = String::from_utf8(list_output.stdout)?;
+  let proxies: Vec<Value> = serde_json::from_str(&list_stdout)?;
+
+  // Verify our proxy is in the list
+  let found = proxies.iter().any(|p| p["id"].as_str() == Some(&proxy_id));
+  assert!(found, "Proxy should be in the list");
+
+  // Cleanup
+  tracker.cleanup_all().await;
+
+  Ok(())
+}
+
+/// Test traffic tracking through proxy
+#[tokio::test]
+#[serial]
+async fn test_traffic_tracking() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+  let binary_path = setup_test().await?;
+  let mut tracker = ProxyTestTracker::new(binary_path.clone());
+
+  println!("Testing traffic tracking through proxy...");
+
+  // Start a proxy
+  let output = TestUtils::execute_command(&binary_path, &["proxy", "start"]).await?;
+  if !output.status.success() {
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    return Err(format!("Failed to start proxy - stdout: {stdout}, stderr: {stderr}").into());
+  }
+
+  let config: Value = serde_json::from_str(&String::from_utf8(output.stdout)?)?;
+  let proxy_id = config["id"].as_str().unwrap().to_string();
+  let local_port = config["localPort"].as_u64().unwrap() as u16;
+  tracker.track_proxy(proxy_id.clone());
+
+  println!("Proxy started on port {}", local_port);
+
+  // Wait for proxy to be ready
+  sleep(Duration::from_millis(500)).await;
+
+  // Make an HTTP request through the proxy
+  let mut stream = TcpStream::connect(("127.0.0.1", local_port)).await?;
+  let request =
+    b"GET http://httpbin.org/ip HTTP/1.1\r\nHost: httpbin.org\r\nConnection: close\r\n\r\n";
+
+  // Track bytes sent
+  let bytes_sent = request.len();
+  stream.write_all(request).await?;
+
+  // Read response
+  let mut response = Vec::new();
+  stream.read_to_end(&mut response).await?;
+  let bytes_received = response.len();
+
+  println!(
+    "HTTP request completed: sent {} bytes, received {} bytes",
+    bytes_sent, bytes_received
+  );
+
+  // Wait for traffic stats to be flushed (happens every second)
+  sleep(Duration::from_secs(2)).await;
+
+  // Verify traffic was tracked by checking traffic stats file exists
+  // Note: Traffic stats are stored in the cache directory
+  let cache_dir = directories::BaseDirs::new()
+    .expect("Failed to get base directories")
+    .cache_dir()
+    .to_path_buf();
+  let traffic_stats_dir = cache_dir.join("DonutBrowserDev").join("traffic_stats");
+  let stats_file = traffic_stats_dir.join(format!("{}.json", proxy_id));
+
+  if stats_file.exists() {
+    let content = std::fs::read_to_string(&stats_file)?;
+    let stats: Value = serde_json::from_str(&content)?;
+
+    let total_sent = stats["total_bytes_sent"].as_u64().unwrap_or(0);
+    let total_received = stats["total_bytes_received"].as_u64().unwrap_or(0);
+    let total_requests = stats["total_requests"].as_u64().unwrap_or(0);
+
+    println!(
+      "Traffic stats recorded: sent {} bytes, received {} bytes, {} requests",
+      total_sent, total_received, total_requests
+    );
+
+    // Check if domains are being tracked
+    let mut domain_traffic = false;
+    if let Some(domains) = stats.get("domains") {
+      if let Some(domain_map) = domains.as_object() {
+        println!("Domains tracked: {}", domain_map.len());
+        for (domain, domain_stats) in domain_map {
+          println!("  - {}", domain);
+          // Check if any domain has traffic
+          if let Some(domain_obj) = domain_stats.as_object() {
+            let domain_sent = domain_obj
+              .get("bytes_sent")
+              .and_then(|v| v.as_u64())
+              .unwrap_or(0);
+            let domain_recv = domain_obj
+              .get("bytes_received")
+              .and_then(|v| v.as_u64())
+              .unwrap_or(0);
+            let domain_reqs = domain_obj
+              .get("request_count")
+              .and_then(|v| v.as_u64())
+              .unwrap_or(0);
+            println!(
+              "    sent: {}, received: {}, requests: {}",
+              domain_sent, domain_recv, domain_reqs
+            );
+            if domain_sent > 0 || domain_recv > 0 || domain_reqs > 0 {
+              domain_traffic = true;
+            }
+          }
+        }
+      }
+    }
+
+    // Verify that some traffic was recorded - check either total bytes or domain traffic
+    assert!(
+      total_sent > 0 || total_received > 0 || total_requests > 0 || domain_traffic,
+      "Traffic stats should record some activity (sent: {}, received: {}, requests: {})",
+      total_sent,
+      total_received,
+      total_requests
+    );
+
+    println!("Traffic tracking test passed!");
+  } else {
+    println!("Warning: Traffic stats file not found at {:?}", stats_file);
+    // This is not necessarily a failure - the file may not have been created yet
+    // The important thing is that the proxy is working
+  }
+
+  // Cleanup
+  tracker.cleanup_all().await;
+
+  // Clean up the traffic stats file
+  if stats_file.exists() {
+    let _ = std::fs::remove_file(&stats_file);
+  }
+
+  Ok(())
+}
+
+/// Test proxy stop
+#[tokio::test]
+#[serial]
+async fn test_proxy_stop() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+  let binary_path = setup_test().await?;
+  let _tracker = ProxyTestTracker::new(binary_path.clone());
+
+  // Start a proxy
+  let output = TestUtils::execute_command(&binary_path, &["proxy", "start"]).await?;
+  if !output.status.success() {
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    return Err(format!("Failed to start proxy - stdout: {stdout}, stderr: {stderr}").into());
+  }
+
+  let config: Value = serde_json::from_str(&String::from_utf8(output.stdout)?)?;
+  let proxy_id = config["id"].as_str().unwrap().to_string();
+  let local_port = config["localPort"].as_u64().unwrap() as u16;
+
+  // Verify proxy is running
+  sleep(Duration::from_millis(500)).await;
+  match TcpStream::connect(("127.0.0.1", local_port)).await {
+    Ok(_) => println!("Proxy is running"),
+    Err(_) => return Err("Proxy is not running".into()),
+  }
+
+  // Stop the proxy
+  let stop_output =
+    TestUtils::execute_command(&binary_path, &["proxy", "stop", "--id", &proxy_id]).await?;
+
+  if !stop_output.status.success() {
+    return Err("Failed to stop proxy".into());
+  }
+
+  // Wait a bit for the process to exit
+  sleep(Duration::from_millis(500)).await;
+
+  // Verify proxy is stopped (connection should fail)
+  match TcpStream::connect(("127.0.0.1", local_port)).await {
+    Ok(_) => return Err("Proxy should be stopped but is still listening".into()),
+    Err(_) => println!("Proxy successfully stopped"),
+  }
+
+  Ok(())
+}
@@ -1,820 +0,0 @@
-mod common;
-use common::TestUtils;
-use serde_json::Value;
-
-/// Setup function to ensure clean state before tests
-async fn setup_test() -> Result<std::path::PathBuf, Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = TestUtils::ensure_nodecar_binary().await?;
-
-  // Clean up any existing processes from previous test runs
-  let _ = TestUtils::cleanup_all_nodecar_processes(&nodecar_path).await;
-
-  Ok(nodecar_path)
-}
-
-/// Helper to track and cleanup specific test resources
-struct TestResourceTracker {
-  proxy_ids: Vec<String>,
-  camoufox_ids: Vec<String>,
-  nodecar_path: std::path::PathBuf,
-}
-
-impl TestResourceTracker {
-  fn new(nodecar_path: std::path::PathBuf) -> Self {
-    Self {
-      proxy_ids: Vec::new(),
-      camoufox_ids: Vec::new(),
-      nodecar_path,
-    }
-  }
-
-  fn track_proxy(&mut self, proxy_id: String) {
-    self.proxy_ids.push(proxy_id);
-  }
-
-  fn track_camoufox(&mut self, camoufox_id: String) {
-    self.camoufox_ids.push(camoufox_id);
-  }
-
-  async fn cleanup_all(&self) {
-    // Clean up tracked proxies
-    for proxy_id in &self.proxy_ids {
-      let stop_args = ["proxy", "stop", "--id", proxy_id];
-      let _ = TestUtils::execute_nodecar_command(&self.nodecar_path, &stop_args, 10).await;
-    }
-
-    // Clean up tracked camoufox instances
-    for camoufox_id in &self.camoufox_ids {
-      let stop_args = ["camoufox", "stop", "--id", camoufox_id];
-      let _ = TestUtils::execute_nodecar_command(&self.nodecar_path, &stop_args, 30).await;
-    }
-
-    // Give processes time to clean up
-    tokio::time::sleep(tokio::time::Duration::from_millis(500)).await;
-  }
-}
-
-impl Drop for TestResourceTracker {
-  fn drop(&mut self) {
-    // Ensure cleanup happens even if test panics
-    let proxy_ids = self.proxy_ids.clone();
-    let camoufox_ids = self.camoufox_ids.clone();
-    let nodecar_path = self.nodecar_path.clone();
-
-    tokio::spawn(async move {
-      for proxy_id in &proxy_ids {
-        let stop_args = ["proxy", "stop", "--id", proxy_id];
-        let _ = TestUtils::execute_nodecar_command(&nodecar_path, &stop_args, 10).await;
-      }
-
-      for camoufox_id in &camoufox_ids {
-        let stop_args = ["camoufox", "stop", "--id", camoufox_id];
-        let _ = TestUtils::execute_nodecar_command(&nodecar_path, &stop_args, 30).await;
-      }
-    });
-  }
-}
-
-/// Integration tests for nodecar proxy functionality
-#[tokio::test]
-async fn test_nodecar_proxy_lifecycle() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  // Test proxy start with a known working upstream
-  let args = [
-    "proxy",
-    "start",
-    "--host",
-    "httpbin.org",
-    "--proxy-port",
-    "80",
-    "--type",
-    "http",
-  ];
-
-  println!("Starting proxy with nodecar...");
-  let output = TestUtils::execute_nodecar_command(&nodecar_path, &args, 30).await?;
-
-  if !output.status.success() {
-    let stderr = String::from_utf8_lossy(&output.stderr);
-    let stdout = String::from_utf8_lossy(&output.stdout);
-    tracker.cleanup_all().await;
-    return Err(format!("Proxy start failed - stdout: {stdout}, stderr: {stderr}").into());
-  }
-
-  let stdout = String::from_utf8(output.stdout)?;
-  let config: Value = serde_json::from_str(&stdout)?;
-
-  // Verify proxy configuration structure
-  assert!(config["id"].is_string(), "Proxy ID should be a string");
-  assert!(
-    config["localPort"].is_number(),
-    "Local port should be a number"
-  );
-  assert!(
-    config["localUrl"].is_string(),
-    "Local URL should be a string"
-  );
-
-  let proxy_id = config["id"].as_str().unwrap().to_string();
-  let local_port = config["localPort"].as_u64().unwrap() as u16;
-  tracker.track_proxy(proxy_id.clone());
-
-  println!("Proxy started with ID: {proxy_id} on port: {local_port}");
-
-  // Wait for the proxy to start listening
-  let is_listening = TestUtils::wait_for_port_state(local_port, true, 10).await;
-  assert!(
-    is_listening,
-    "Proxy should be listening on the assigned port"
-  );
-
-  // Test stopping the proxy
-  let stop_args = ["proxy", "stop", "--id", &proxy_id];
-  let stop_output = TestUtils::execute_nodecar_command(&nodecar_path, &stop_args, 10).await?;
-
-  assert!(stop_output.status.success(), "Proxy stop should succeed");
-
-  let port_available = TestUtils::wait_for_port_state(local_port, false, 5).await;
-  assert!(
-    port_available,
-    "Port should be available after stopping proxy"
-  );
-
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test proxy with authentication
-#[tokio::test]
-async fn test_nodecar_proxy_with_auth() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  let args = [
-    "proxy",
-    "start",
-    "--host",
-    "httpbin.org",
-    "--proxy-port",
-    "80",
-    "--type",
-    "http",
-    "--username",
-    "testuser",
-    "--password",
-    "testpass",
-  ];
-
-  let output = TestUtils::execute_nodecar_command(&nodecar_path, &args, 30).await?;
-
-  if output.status.success() {
-    let stdout = String::from_utf8(output.stdout)?;
-    let config: Value = serde_json::from_str(&stdout)?;
-
-    let proxy_id = config["id"].as_str().unwrap().to_string();
-    tracker.track_proxy(proxy_id.clone());
-
-    // Verify upstream URL contains encoded credentials
-    if let Some(upstream_url) = config["upstreamUrl"].as_str() {
-      assert!(
-        upstream_url.contains("testuser"),
-        "Upstream URL should contain username"
-      );
-      // Password might be encoded, so we check for the presence of auth info
-      assert!(
-        upstream_url.contains("@"),
-        "Upstream URL should contain auth separator"
-      );
-    }
-  }
-
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test proxy list functionality
-#[tokio::test]
-async fn test_nodecar_proxy_list() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  // Start a proxy first
-  let start_args = [
-    "proxy",
-    "start",
-    "--host",
-    "httpbin.org",
-    "--proxy-port",
-    "80",
-    "--type",
-    "http",
-  ];
-
-  let start_output = TestUtils::execute_nodecar_command(&nodecar_path, &start_args, 30).await?;
-
-  if start_output.status.success() {
-    let stdout = String::from_utf8(start_output.stdout)?;
-    let config: Value = serde_json::from_str(&stdout)?;
-    let proxy_id = config["id"].as_str().unwrap().to_string();
-    tracker.track_proxy(proxy_id.clone());
-
-    // Test list command
-    let list_args = ["proxy", "list"];
-    let list_output = TestUtils::execute_nodecar_command(&nodecar_path, &list_args, 10).await?;
-
-    assert!(list_output.status.success(), "Proxy list should succeed");
-
-    let list_stdout = String::from_utf8(list_output.stdout)?;
-    let proxy_list: Value = serde_json::from_str(&list_stdout)?;
-
-    assert!(proxy_list.is_array(), "Proxy list should be an array");
-
-    let proxies = proxy_list.as_array().unwrap();
-    assert!(
-      !proxies.is_empty(),
-      "Should have at least one proxy in the list"
-    );
-
-    // Find our proxy in the list
-    let found_proxy = proxies.iter().find(|p| p["id"].as_str() == Some(&proxy_id));
-    assert!(found_proxy.is_some(), "Started proxy should be in the list");
-  }
-
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test Camoufox functionality
-#[tokio::test]
-async fn test_nodecar_camoufox_lifecycle() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  let temp_dir = TestUtils::create_temp_dir()?;
-  let profile_path = temp_dir.path().join("test_profile");
-
-  let args = [
-    "camoufox",
-    "start",
-    "--profile-path",
-    profile_path.to_str().unwrap(),
-    "--headless",
-    "--debug",
-  ];
-
-  println!("Starting Camoufox with nodecar...");
-  let output = TestUtils::execute_nodecar_command(&nodecar_path, &args, 35).await?;
-
-  if !output.status.success() {
-    let stderr = String::from_utf8_lossy(&output.stderr);
-    let stdout = String::from_utf8_lossy(&output.stdout);
-
-    // If Camoufox is not installed or times out, skip the test
-    if stderr.contains("not installed")
-      || stderr.contains("not found")
-      || stderr.contains("timeout")
-      || stdout.contains("timeout")
-    {
-      println!("Skipping Camoufox test - Camoufox not available or timed out");
-      tracker.cleanup_all().await;
-      return Ok(());
-    }
-
-    tracker.cleanup_all().await;
-    return Err(format!("Camoufox start failed - stdout: {stdout}, stderr: {stderr}").into());
-  }
-
-  let stdout = String::from_utf8(output.stdout)?;
-  let config: Value = serde_json::from_str(&stdout)?;
-
-  // Verify Camoufox configuration structure
-  assert!(config["id"].is_string(), "Camoufox ID should be a string");
-
-  let camoufox_id = config["id"].as_str().unwrap().to_string();
-  tracker.track_camoufox(camoufox_id.clone());
-  println!("Camoufox started with ID: {camoufox_id}");
-
-  // Test stopping Camoufox
-  let stop_args = ["camoufox", "stop", "--id", &camoufox_id];
-  let stop_output = TestUtils::execute_nodecar_command(&nodecar_path, &stop_args, 30).await?;
-
-  assert!(stop_output.status.success(), "Camoufox stop should succeed");
-
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test Camoufox with URL opening
-#[tokio::test]
-async fn test_nodecar_camoufox_with_url() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  let temp_dir = TestUtils::create_temp_dir()?;
-  let profile_path = temp_dir.path().join("test_profile_url");
-
-  let args = [
-    "camoufox",
-    "start",
-    "--profile-path",
-    profile_path.to_str().unwrap(),
-    "--url",
-    "https://httpbin.org/get",
-    "--headless",
-    "--debug",
-  ];
-
-  let output = TestUtils::execute_nodecar_command(&nodecar_path, &args, 15).await?;
-
-  if output.status.success() {
-    let stdout = String::from_utf8(output.stdout)?;
-    let config: Value = serde_json::from_str(&stdout)?;
-
-    let camoufox_id = config["id"].as_str().unwrap().to_string();
-    tracker.track_camoufox(camoufox_id.clone());
-
-    // Verify URL is set
-    if let Some(url) = config["url"].as_str() {
-      assert_eq!(
-        url, "https://httpbin.org/get",
-        "URL should match what was provided"
-      );
-    }
-
-    // Test stopping Camoufox explicitly
-    let stop_args = ["camoufox", "stop", "--id", &camoufox_id];
-    let stop_output = TestUtils::execute_nodecar_command(&nodecar_path, &stop_args, 30).await?;
-    assert!(stop_output.status.success(), "Camoufox stop should succeed");
-  } else {
-    println!("Skipping Camoufox URL test - likely not installed");
-    tracker.cleanup_all().await;
-    return Ok(());
-  }
-
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test Camoufox list functionality
-#[tokio::test]
-async fn test_nodecar_camoufox_list() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  // Test list command (should work even without Camoufox installed)
-  let list_args = ["camoufox", "list"];
-  let list_output = TestUtils::execute_nodecar_command(&nodecar_path, &list_args, 10).await?;
-
-  assert!(list_output.status.success(), "Camoufox list should succeed");
-
-  let list_stdout = String::from_utf8(list_output.stdout)?;
-  let camoufox_list: Value = serde_json::from_str(&list_stdout)?;
-
-  assert!(camoufox_list.is_array(), "Camoufox list should be an array");
-
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test Camoufox process tracking and management
-#[tokio::test]
-async fn test_nodecar_camoufox_process_tracking(
-) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  let temp_dir = TestUtils::create_temp_dir()?;
-  let profile_path = temp_dir.path().join("test_profile_tracking");
-
-  // Start multiple Camoufox instances
-  let mut instance_ids: Vec<String> = Vec::new();
-
-  for i in 0..2 {
-    let instance_profile_path = format!("{}_instance_{}", profile_path.to_str().unwrap(), i);
-    let args = [
-      "camoufox",
-      "start",
-      "--profile-path",
-      &instance_profile_path,
-      "--headless",
-      "--debug",
-    ];
-
-    println!("Starting Camoufox instance {i}...");
-    let output = TestUtils::execute_nodecar_command(&nodecar_path, &args, 10).await?;
-
-    if !output.status.success() {
-      let stderr = String::from_utf8_lossy(&output.stderr);
-      let stdout = String::from_utf8_lossy(&output.stdout);
-
-      // If Camoufox is not installed, skip the test
-      if stderr.contains("not installed") || stderr.contains("not found") {
-        println!("Skipping Camoufox process tracking test - Camoufox not installed");
-        tracker.cleanup_all().await;
-        return Ok(());
-      }
-
-      tracker.cleanup_all().await;
-      return Err(
-        format!("Camoufox instance {i} start failed - stdout: {stdout}, stderr: {stderr}").into(),
-      );
-    }
-
-    let stdout = String::from_utf8(output.stdout)?;
-    let config: Value = serde_json::from_str(&stdout)?;
-
-    let camoufox_id = config["id"].as_str().unwrap().to_string();
-    instance_ids.push(camoufox_id.clone());
-    tracker.track_camoufox(camoufox_id.clone());
-    println!("Camoufox instance {i} started with ID: {camoufox_id}");
-  }
-
-  // Verify all instances are tracked
-  let list_args = ["camoufox", "list"];
-  let list_output = TestUtils::execute_nodecar_command(&nodecar_path, &list_args, 10).await?;
-
-  assert!(list_output.status.success(), "Camoufox list should succeed");
-
-  let list_stdout = String::from_utf8(list_output.stdout)?;
-  println!("Camoufox list output: {list_stdout}");
-  let instances: Value = serde_json::from_str(&list_stdout)?;
-
-  let instances_array = instances.as_array().unwrap();
-  println!("Found {} instances in list", instances_array.len());
-
-  // Verify our instances are in the list
-  for instance_id in &instance_ids {
-    let instance_found = instances_array
-      .iter()
-      .any(|i| i["id"].as_str() == Some(instance_id));
-    if !instance_found {
-      println!("Instance {instance_id} not found in list. Available instances:");
-      for instance in instances_array {
-        if let Some(id) = instance["id"].as_str() {
-          println!("  - {id}");
-        }
-      }
-    }
-    assert!(
-      instance_found,
-      "Camoufox instance {instance_id} should be found in list"
-    );
-  }
-
-  // Stop all instances individually
-  for instance_id in &instance_ids {
-    println!("Stopping Camoufox instance: {instance_id}");
-    let stop_args = ["camoufox", "stop", "--id", instance_id];
-    let stop_output = TestUtils::execute_nodecar_command(&nodecar_path, &stop_args, 30).await?;
-
-    if stop_output.status.success() {
-      let stop_stdout = String::from_utf8(stop_output.stdout)?;
-      if let Ok(stop_result) = serde_json::from_str::<Value>(&stop_stdout) {
-        let success = stop_result["success"].as_bool().unwrap_or(false);
-        if !success {
-          println!("Warning: Stop command returned success=false for instance {instance_id}");
-        }
-      } else {
-        println!("Warning: Could not parse stop result for instance {instance_id}");
-      }
-    } else {
-      println!("Warning: Stop command failed for instance {instance_id}");
-    }
-  }
-
-  // Verify all instances are removed
-  let list_output_after = TestUtils::execute_nodecar_command(&nodecar_path, &list_args, 10).await?;
-
-  let instances_after: Value = serde_json::from_str(&String::from_utf8(list_output_after.stdout)?)?;
-  let instances_after_array = instances_after.as_array().unwrap();
-
-  for instance_id in &instance_ids {
-    let instance_still_exists = instances_after_array
-      .iter()
-      .any(|i| i["id"].as_str() == Some(instance_id));
-    assert!(
-      !instance_still_exists,
-      "Stopped Camoufox instance {instance_id} should not be found in list"
-    );
-  }
-
-  println!("Camoufox process tracking test completed successfully");
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test Camoufox with various configuration options
-#[tokio::test]
-async fn test_nodecar_camoufox_configuration_options(
-) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  let temp_dir = TestUtils::create_temp_dir()?;
-  let profile_path = temp_dir.path().join("test_profile_config");
-
-  let args = [
-    "camoufox",
-    "start",
-    "--profile-path",
-    profile_path.to_str().unwrap(),
-    "--headless",
-    "--debug",
-    "--os",
-    "linux",
-    "--block-images",
-    "--humanize",
-    "--locale",
-    "en-US,en-GB",
-    "--timezone",
-    "America/New_York",
-    "--disable-cache",
-  ];
-
-  println!("Starting Camoufox with configuration options...");
-  let output = TestUtils::execute_nodecar_command(&nodecar_path, &args, 45).await?;
-
-  if !output.status.success() {
-    let stderr = String::from_utf8_lossy(&output.stderr);
-    let stdout = String::from_utf8_lossy(&output.stdout);
-
-    // If Camoufox is not installed, skip the test
-    if stderr.contains("not installed") || stderr.contains("not found") {
-      println!("Skipping Camoufox configuration test - Camoufox not installed");
-      tracker.cleanup_all().await;
-      return Ok(());
-    }
-
-    tracker.cleanup_all().await;
-    return Err(
-      format!("Camoufox with config start failed - stdout: {stdout}, stderr: {stderr}").into(),
-    );
-  }
-
-  let stdout = String::from_utf8(output.stdout)?;
-  let config: Value = serde_json::from_str(&stdout)?;
-
-  let camoufox_id = config["id"].as_str().unwrap().to_string();
-  tracker.track_camoufox(camoufox_id.clone());
-  println!("Camoufox with configuration started with ID: {camoufox_id}");
-
-  // Verify configuration was applied by checking the profile path
-  if let Some(returned_profile_path) = config["profilePath"].as_str() {
-    assert!(
-      returned_profile_path.contains("test_profile_config"),
-      "Profile path should match what was provided"
-    );
-  }
-
-  // Test stopping Camoufox explicitly
-  let stop_args = ["camoufox", "stop", "--id", &camoufox_id];
-  let stop_output = TestUtils::execute_nodecar_command(&nodecar_path, &stop_args, 30).await?;
-
-  assert!(stop_output.status.success(), "Camoufox stop should succeed");
-
-  println!("Camoufox configuration test completed successfully");
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test nodecar command validation
-#[tokio::test]
-async fn test_nodecar_command_validation() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  // Test invalid command
-  let invalid_args = ["invalid", "command"];
-  let output = TestUtils::execute_nodecar_command(&nodecar_path, &invalid_args, 10).await?;
-
-  assert!(!output.status.success(), "Invalid command should fail");
-
-  // Test proxy without required arguments
-  let incomplete_args = ["proxy", "start"];
-  let output = TestUtils::execute_nodecar_command(&nodecar_path, &incomplete_args, 10).await?;
-
-  assert!(
-    !output.status.success(),
-    "Incomplete proxy command should fail"
-  );
-
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test concurrent proxy operations
-#[tokio::test]
-async fn test_nodecar_concurrent_proxies() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  // Start multiple proxies concurrently
-  let mut handles = vec![];
-
-  for i in 0..3 {
-    let nodecar_path_clone = nodecar_path.clone();
-    let handle = tokio::spawn(async move {
-      let args = [
-        "proxy",
-        "start",
-        "--host",
-        "httpbin.org",
-        "--proxy-port",
-        "80",
-        "--type",
-        "http",
-      ];
-
-      TestUtils::execute_nodecar_command(&nodecar_path_clone, &args, 30).await
-    });
-    handles.push((i, handle));
-  }
-
-  // Wait for all proxies to start
-  for (i, handle) in handles {
-    match handle.await.map_err(|e| format!("Join error: {e}"))? {
-      Ok(output) if output.status.success() => {
-        let stdout = String::from_utf8(output.stdout)?;
-        let config: Value = serde_json::from_str(&stdout)?;
-        let proxy_id = config["id"].as_str().unwrap().to_string();
-        tracker.track_proxy(proxy_id.clone());
-        println!("Proxy {i} started successfully");
-      }
-      Ok(output) => {
-        let stderr = String::from_utf8_lossy(&output.stderr);
-        println!("Proxy {i} failed to start: {stderr}");
-      }
-      Err(e) => {
-        println!("Proxy {i} error: {e}");
-      }
-    }
-  }
-
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test proxy with different upstream types
-#[tokio::test]
-async fn test_nodecar_proxy_types() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  let test_cases = vec![
-    ("http", "httpbin.org", "80"),
-    ("https", "httpbin.org", "443"),
-  ];
-
-  for (proxy_type, host, port) in test_cases {
-    println!("Testing {proxy_type} proxy to {host}:{port}");
-
-    let args = [
-      "proxy",
-      "start",
-      "--host",
-      host,
-      "--proxy-port",
-      port,
-      "--type",
-      proxy_type,
-    ];
-
-    let output = TestUtils::execute_nodecar_command(&nodecar_path, &args, 30).await?;
-
-    if output.status.success() {
-      let stdout = String::from_utf8(output.stdout)?;
-      let config: Value = serde_json::from_str(&stdout)?;
-      let proxy_id = config["id"].as_str().unwrap().to_string();
-      tracker.track_proxy(proxy_id.clone());
-
-      println!("{proxy_type} proxy test passed");
-    } else {
-      let stderr = String::from_utf8_lossy(&output.stderr);
-      println!("{proxy_type} proxy test failed: {stderr}");
-    }
-  }
-
-  tracker.cleanup_all().await;
-  Ok(())
-}
-
-/// Test SOCKS5 proxy chaining - create two proxies where the second uses the first as upstream
-#[tokio::test]
-async fn test_nodecar_socks5_proxy_chaining() -> Result<(), Box<dyn std::error::Error + Send + Sync>>
-{
-  let nodecar_path = setup_test().await?;
-  let mut tracker = TestResourceTracker::new(nodecar_path.clone());
-
-  // Step 1: Start a SOCKS5 proxy with a known working upstream (httpbin.org)
-  let socks5_args = [
-    "proxy",
-    "start",
-    "--host",
-    "httpbin.org",
-    "--proxy-port",
-    "80",
-    "--type",
-    "http", // Use HTTP upstream for the first proxy
-  ];
-
-  println!("Starting first proxy with HTTP upstream...");
-  let socks5_output = TestUtils::execute_nodecar_command(&nodecar_path, &socks5_args, 30).await?;
-
-  if !socks5_output.status.success() {
-    let stderr = String::from_utf8_lossy(&socks5_output.stderr);
-    let stdout = String::from_utf8_lossy(&socks5_output.stdout);
-    tracker.cleanup_all().await;
-    return Err(format!("First proxy start failed - stdout: {stdout}, stderr: {stderr}").into());
-  }
-
-  let socks5_stdout = String::from_utf8(socks5_output.stdout)?;
-  let socks5_config: Value = serde_json::from_str(&socks5_stdout)?;
-
-  let socks5_proxy_id = socks5_config["id"].as_str().unwrap().to_string();
-  let socks5_local_port = socks5_config["localPort"].as_u64().unwrap() as u16;
-  tracker.track_proxy(socks5_proxy_id.clone());
-
-  println!("First proxy started with ID: {socks5_proxy_id} on port: {socks5_local_port}");
-
-  // Step 2: Start a second proxy that uses the first proxy as upstream
-  let http_proxy_args = [
-    "proxy",
-    "start",
-    "--upstream",
-    &format!("http://127.0.0.1:{socks5_local_port}"),
-  ];
-
-  println!("Starting second proxy with first proxy as upstream...");
-  let http_output = TestUtils::execute_nodecar_command(&nodecar_path, &http_proxy_args, 30).await?;
-
-  if !http_output.status.success() {
-    let stderr = String::from_utf8_lossy(&http_output.stderr);
-    let stdout = String::from_utf8_lossy(&http_output.stdout);
-    tracker.cleanup_all().await;
-    return Err(
-      format!("Second proxy with chained upstream failed - stdout: {stdout}, stderr: {stderr}")
-        .into(),
-    );
-  }
-
-  let http_stdout = String::from_utf8(http_output.stdout)?;
-  let http_config: Value = serde_json::from_str(&http_stdout)?;
-
-  let http_proxy_id = http_config["id"].as_str().unwrap().to_string();
-  let http_local_port = http_config["localPort"].as_u64().unwrap() as u16;
-  tracker.track_proxy(http_proxy_id.clone());
-
-  println!(
-    "Second proxy started with ID: {http_proxy_id} on port: {http_local_port} (chained through first proxy)"
-  );
-
-  // Verify both proxies are listening by waiting for them to be occupied
-  let socks5_listening = TestUtils::wait_for_port_state(socks5_local_port, true, 5).await;
-  let http_listening = TestUtils::wait_for_port_state(http_local_port, true, 5).await;
-
-  assert!(
-    socks5_listening,
-    "First proxy should be listening on port {socks5_local_port}"
-  );
-  assert!(
-    http_listening,
-    "Second proxy should be listening on port {http_local_port}"
-  );
-
-  // Clean up both proxies
-  let stop_http_args = ["proxy", "stop", "--id", &http_proxy_id];
-  let stop_socks5_args = ["proxy", "stop", "--id", &socks5_proxy_id];
-
-  let http_stop_result =
-    TestUtils::execute_nodecar_command(&nodecar_path, &stop_http_args, 10).await;
-  let socks5_stop_result =
-    TestUtils::execute_nodecar_command(&nodecar_path, &stop_socks5_args, 10).await;
-
-  // Verify cleanup
-  assert!(
-    http_stop_result.is_ok() && http_stop_result.unwrap().status.success(),
-    "Second proxy stop should succeed"
-  );
-  assert!(
-    socks5_stop_result.is_ok() && socks5_stop_result.unwrap().status.success(),
-    "First proxy stop should succeed"
-  );
-
-  let http_port_available = TestUtils::wait_for_port_state(http_local_port, false, 5).await;
-  let socks5_port_available = TestUtils::wait_for_port_state(socks5_local_port, false, 5).await;
-
-  assert!(
-    http_port_available,
-    "Second proxy port should be available after stopping"
-  );
-  assert!(
-    socks5_port_available,
-    "First proxy port should be available after stopping"
-  );
-
-  println!("Proxy chaining test completed successfully");
-  tracker.cleanup_all().await;
-  Ok(())
-}
@@ -1,10 +1,13 @@
 "use client";
 import { Geist, Geist_Mono } from "next/font/google";
 import "@/styles/globals.css";
+import "flag-icons/css/flag-icons.min.css";
+import { useEffect } from "react";
 import { CustomThemeProvider } from "@/components/theme-provider";
 import { Toaster } from "@/components/ui/sonner";
 import { TooltipProvider } from "@/components/ui/tooltip";
 import { WindowDragArea } from "@/components/window-drag-area";
+import { setupLogging } from "@/lib/logger";

 const geistSans = Geist({
  variable: "--font-geist-sans",
@@ -21,15 +24,19 @@ export default function RootLayout({
 }: Readonly<{
  children: React.ReactNode;
 }>) {
+  useEffect(() => {
+    void setupLogging();
+  }, []);
+
  return (
    <html lang="en" suppressHydrationWarning>
      <body
-        className={`${geistSans.variable} ${geistMono.variable} antialiased overflow-hidden`}
+        className={`${geistSans.variable} ${geistMono.variable} antialiased overflow-hidden bg-background`}
      >
        <CustomThemeProvider>
+          <WindowDragArea />
          <TooltipProvider>{children}</TooltipProvider>
          <Toaster />
-          <WindowDragArea />
        </CustomThemeProvider>
      </body>
    </html>
@@ -1,10 +1,11 @@
 "use client";

-import { FaDownload, FaTimes } from "react-icons/fa";
+import { FaDownload, FaExternalLinkAlt, FaTimes } from "react-icons/fa";
 import { LuCheckCheck, LuCog, LuRefreshCw } from "react-icons/lu";
 import { Badge } from "@/components/ui/badge";
 import { Button } from "@/components/ui/button";
 import type { AppUpdateInfo, AppUpdateProgress } from "@/types";
+import { RippleButton } from "./ui/ripple";

 interface AppUpdateToastProps {
  updateInfo: AppUpdateInfo;
@@ -16,26 +17,20 @@ interface AppUpdateToastProps {

 function getStageIcon(stage?: string, isUpdating?: boolean) {
  if (!isUpdating) {
-    return <FaDownload className="flex-shrink-0 w-5 h-5 text-blue-500" />;
+    return <FaDownload className="flex-shrink-0 w-5 h-5" />;
  }

  switch (stage) {
    case "downloading":
-      return <FaDownload className="flex-shrink-0 w-5 h-5 text-blue-500" />;
+      return <FaDownload className="flex-shrink-0 w-5 h-5" />;
    case "extracting":
-      return (
-        <LuRefreshCw className="flex-shrink-0 w-5 h-5 text-blue-500 animate-spin" />
-      );
+      return <LuRefreshCw className="flex-shrink-0 w-5 h-5 animate-spin" />;
    case "installing":
-      return (
-        <LuCog className="flex-shrink-0 w-5 h-5 text-blue-500 animate-spin" />
-      );
+      return <LuCog className="flex-shrink-0 w-5 h-5 animate-spin" />;
    case "completed":
-      return <LuCheckCheck className="flex-shrink-0 w-5 h-5 text-green-500" />;
+      return <LuCheckCheck className="flex-shrink-0 w-5 h-5" />;
    default:
-      return (
-        <LuRefreshCw className="flex-shrink-0 w-5 h-5 text-blue-500 animate-spin" />
-      );
+      return <LuRefreshCw className="flex-shrink-0 w-5 h-5 animate-spin" />;
  }
 }

@@ -65,6 +60,16 @@ export function AppUpdateToast({
    await onUpdate(updateInfo);
  };

+  const handleViewRelease = () => {
+    if (updateInfo.release_page_url) {
+      // Trigger the same URL handling logic as if the URL came from the system
+      const event = new CustomEvent("url-open-request", {
+        detail: updateInfo.release_page_url,
+      });
+      window.dispatchEvent(event);
+    }
+  };
+
  const showDownloadProgress =
    isUpdating &&
    updateProgress?.stage === "downloading" &&
@@ -78,7 +83,7 @@ export function AppUpdateToast({
      updateProgress.stage === "completed");

  return (
-    <div className="flex items-start p-4 w-full max-w-md bg-white rounded-lg border border-gray-200 shadow-lg dark:bg-gray-800 dark:border-gray-700">
+    <div className="flex items-start p-4 w-full max-w-md rounded-lg border shadow-lg bg-card border-border text-card-foreground">
      <div className="mr-3 mt-0.5">
        {getStageIcon(updateProgress?.stage, isUpdating)}
      </div>
@@ -106,6 +111,11 @@ export function AppUpdateToast({
                <>
                  Update from {updateInfo.current_version} to{" "}
                  <span className="font-medium">{updateInfo.new_version}</span>
+                  {updateInfo.manual_update_required && (
+                    <span className="block mt-1 text-muted-foreground/80">
+                      Manual download required on Linux
+                    </span>
+                  )}
                </>
              )}
            </div>
@@ -133,9 +143,9 @@ export function AppUpdateToast({
                {updateProgress.eta && ` • ${updateProgress.eta} remaining`}
              </p>
            </div>
-            <div className="w-full bg-gray-200 dark:bg-gray-700 rounded-full h-1.5">
+            <div className="w-full bg-muted rounded-full h-1.5">
              <div
-                className="bg-blue-500 h-1.5 rounded-full transition-all duration-300"
+                className="bg-primary h-1.5 rounded-full transition-all duration-300"
                style={{ width: `${updateProgress.percentage}%` }}
              />
            </div>
@@ -144,58 +154,49 @@ export function AppUpdateToast({

        {/* Other stage progress (with visual indicators) */}
        {showOtherStageProgress && (
-          <div className="mt-2 space-y-2">
-            <p className="text-xs text-muted-foreground">
-              {updateProgress.message}
-            </p>
-
+          <div className="mt-2 space-y-1">
            {/* Progress indicator for non-downloading stages */}
-            <div className="w-full bg-gray-200 dark:bg-gray-700 rounded-full h-1.5">
+            <div className="w-full bg-muted rounded-full h-1.5">
              <div
                className={`h-1.5 rounded-full transition-all duration-500 ${
                  updateProgress.stage === "completed"
                    ? "bg-green-500 w-full"
-                    : "bg-blue-500 w-full animate-pulse"
+                    : "bg-primary w-full animate-pulse"
                }`}
              />
            </div>
-
-            {updateProgress.stage === "extracting" && (
-              <p className="text-xs text-muted-foreground">
-                Preparing update files...
-              </p>
-            )}
-            {updateProgress.stage === "installing" && (
-              <p className="text-xs text-muted-foreground">
-                Installing new version...
-              </p>
-            )}
-            {updateProgress.stage === "completed" && (
-              <p className="text-xs text-green-600 dark:text-green-400">
-                Update completed! Restarting application...
-              </p>
-            )}
          </div>
        )}

        {!isUpdating && (
          <div className="flex gap-2 items-center mt-3">
-            <Button
-              onClick={() => void handleUpdateClick()}
-              size="sm"
-              className="flex gap-2 items-center text-xs"
-            >
-              <FaDownload className="w-3 h-3" />
-              Update Now
-            </Button>
-            <Button
+            {updateInfo.manual_update_required ? (
+              <RippleButton
+                onClick={handleViewRelease}
+                size="sm"
+                className="flex gap-2 items-center text-xs"
+              >
+                <FaExternalLinkAlt className="w-3 h-3" />
+                View Release
+              </RippleButton>
+            ) : (
+              <RippleButton
+                onClick={() => void handleUpdateClick()}
+                size="sm"
+                className="flex gap-2 items-center text-xs"
+              >
+                <FaDownload className="w-3 h-3" />
+                Update Now
+              </RippleButton>
+            )}
+            <RippleButton
              variant="outline"
              onClick={onDismiss}
              size="sm"
              className="text-xs"
            >
              Later
-            </Button>
+            </RippleButton>
          </div>
        )}
      </div>
@@ -0,0 +1,118 @@
+"use client";
+
+import * as React from "react";
+import { Area, AreaChart, ResponsiveContainer } from "recharts";
+import { cn } from "@/lib/utils";
+import type { BandwidthDataPoint } from "@/types";
+
+interface BandwidthMiniChartProps {
+  data: BandwidthDataPoint[];
+  currentBandwidth?: number;
+  onClick?: () => void;
+  className?: string;
+}
+
+export function BandwidthMiniChart({
+  data,
+  currentBandwidth: externalBandwidth,
+  onClick,
+  className,
+}: BandwidthMiniChartProps) {
+  // Transform data for the chart - combine sent and received for total bandwidth
+  const chartData = React.useMemo(() => {
+    // Fill in missing seconds with zeros for smooth chart
+    if (data.length === 0) {
+      // Create 60 seconds of zero data for the past minute
+      const now = Math.floor(Date.now() / 1000);
+      return Array.from({ length: 60 }, (_, i) => ({
+        time: now - (59 - i),
+        bandwidth: 0,
+      }));
+    }
+
+    const now = Math.floor(Date.now() / 1000);
+    const result: { time: number; bandwidth: number }[] = [];
+
+    // Get the last 60 seconds
+    for (let i = 59; i >= 0; i--) {
+      const targetTime = now - i;
+      const point = data.find((d) => d.timestamp === targetTime);
+      result.push({
+        time: targetTime,
+        bandwidth: point ? point.bytes_sent + point.bytes_received : 0,
+      });
+    }
+
+    return result;
+  }, [data]);
+
+  // Find max value for scaling
+  const _maxBandwidth = React.useMemo(() => {
+    const max = Math.max(...chartData.map((d) => d.bandwidth), 1);
+    return max;
+  }, [chartData]);
+
+  // Use external bandwidth if provided, otherwise calculate from last data point
+  const currentBandwidth =
+    externalBandwidth ?? chartData[chartData.length - 1]?.bandwidth ?? 0;
+
+  // Format bytes to human readable
+  const formatBytes = (bytes: number): string => {
+    if (bytes === 0) return "0 B/s";
+    if (bytes < 1024) return `${bytes} B/s`;
+    if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB/s`;
+    return `${(bytes / (1024 * 1024)).toFixed(1)} MB/s`;
+  };
+
+  return (
+    <button
+      type="button"
+      onClick={onClick}
+      className={cn(
+        "relative flex items-center gap-1.5 px-2 rounded cursor-pointer hover:bg-accent/50 transition-colors min-w-[120px] border-none bg-transparent",
+        className,
+      )}
+    >
+      <div className="flex-1 h-3">
+        <ResponsiveContainer width="100%" height="100%">
+          <AreaChart
+            data={chartData}
+            margin={{ top: 0, right: 0, bottom: 0, left: 0 }}
+          >
+            <defs>
+              <linearGradient
+                id="bandwidthGradient"
+                x1="0"
+                y1="0"
+                x2="0"
+                y2="1"
+              >
+                <stop
+                  offset="0%"
+                  stopColor="var(--chart-1)"
+                  stopOpacity={0.6}
+                />
+                <stop
+                  offset="100%"
+                  stopColor="var(--chart-1)"
+                  stopOpacity={0.1}
+                />
+              </linearGradient>
+            </defs>
+            <Area
+              type="monotone"
+              dataKey="bandwidth"
+              stroke="var(--chart-1)"
+              strokeWidth={1}
+              fill="url(#bandwidthGradient)"
+              isAnimationActive={false}
+            />
+          </AreaChart>
+        </ResponsiveContainer>
+      </div>
+      <span className="text-xs text-muted-foreground whitespace-nowrap min-w-[60px] text-right">
+        {formatBytes(currentBandwidth)}
+      </span>
+    </button>
+  );
+}
@@ -2,7 +2,6 @@

 import { useEffect, useState } from "react";
 import { SharedCamoufoxConfigForm } from "@/components/shared-camoufox-config-form";
-import { Button } from "@/components/ui/button";
 import {
  Dialog,
  DialogContent,
@@ -11,14 +10,25 @@ import {
  DialogTitle,
 } from "@/components/ui/dialog";
 import { ScrollArea } from "@/components/ui/scroll-area";
-import { getCurrentOS } from "@/lib/browser-utils";
-import type { BrowserProfile, CamoufoxConfig } from "@/types";
+import type { BrowserProfile, CamoufoxConfig, CamoufoxOS } from "@/types";
+
+const getCurrentOS = (): CamoufoxOS => {
+  if (typeof navigator === "undefined") return "linux";
+  const platform = navigator.platform.toLowerCase();
+  if (platform.includes("win")) return "windows";
+  if (platform.includes("mac")) return "macos";
+  return "linux";
+};
+
+import { LoadingButton } from "./loading-button";
+import { RippleButton } from "./ui/ripple";

 interface CamoufoxConfigDialogProps {
  isOpen: boolean;
  onClose: () => void;
  profile: BrowserProfile | null;
  onSave: (profile: BrowserProfile, config: CamoufoxConfig) => Promise<void>;
+  isRunning?: boolean;
 }

 export function CamoufoxConfigDialog({
@@ -26,11 +36,12 @@ export function CamoufoxConfigDialog({
  onClose,
  profile,
  onSave,
+  isRunning = false,
 }: CamoufoxConfigDialogProps) {
-  const [config, setConfig] = useState<CamoufoxConfig>({
-    enable_cache: true,
-    os: [getCurrentOS()],
-  });
+  const [config, setConfig] = useState<CamoufoxConfig>(() => ({
+    geoip: true,
+    os: getCurrentOS(),
+  }));
  const [isSaving, setIsSaving] = useState(false);

  // Initialize config when profile changes
@@ -38,8 +49,8 @@ export function CamoufoxConfigDialog({
    if (profile && profile.browser === "camoufox") {
      setConfig(
        profile.camoufox_config || {
-          enable_cache: true,
-          os: [getCurrentOS()],
+          geoip: true,
+          os: getCurrentOS(),
        },
      );
    }
@@ -52,12 +63,31 @@ export function CamoufoxConfigDialog({
  const handleSave = async () => {
    if (!profile) return;

+    // Validate fingerprint JSON if it exists
+    if (config.fingerprint) {
+      try {
+        JSON.parse(config.fingerprint);
+      } catch (_error) {
+        const { toast } = await import("sonner");
+        toast.error("Invalid fingerprint configuration", {
+          description:
+            "The fingerprint configuration contains invalid JSON. Please check your advanced settings.",
+        });
+        return;
+      }
+    }
+
    setIsSaving(true);
    try {
      await onSave(profile, config);
      onClose();
    } catch (error) {
      console.error("Failed to save camoufox config:", error);
+      const { toast } = await import("sonner");
+      toast.error("Failed to save configuration", {
+        description:
+          error instanceof Error ? error.message : "Unknown error occurred",
+      });
    } finally {
      setIsSaving(false);
    }
@@ -68,8 +98,8 @@ export function CamoufoxConfigDialog({
    if (profile && profile.browser === "camoufox") {
      setConfig(
        profile.camoufox_config || {
-          enable_cache: true,
-          os: [getCurrentOS()],
+          geoip: true,
+          os: getCurrentOS(),
        },
      );
    }
@@ -80,48 +110,42 @@ export function CamoufoxConfigDialog({
    return null;
  }

-  // Get the selected OS for warning
-  const selectedOS = config.os?.[0];
-  const currentOS = getCurrentOS();
-  const showOSWarning =
-    selectedOS && selectedOS !== currentOS && currentOS !== "unknown";
+  // No OS warning needed anymore since we removed OS selection

  return (
    <Dialog open={isOpen} onOpenChange={handleClose}>
      <DialogContent className="max-w-3xl max-h-[90vh] flex flex-col">
-        <DialogHeader className="flex-shrink-0">
+        <DialogHeader className="shrink-0">
          <DialogTitle>
-            Configure Camoufox Settings - {profile.name}
+            {isRunning ? "View" : "Configure"} Fingerprint Settings -{" "}
+            {profile.name}
          </DialogTitle>
        </DialogHeader>

-        <ScrollArea className="flex-1 pr-6 h-[320px]">
+        <ScrollArea className="flex-1 h-[300px]">
          <div className="py-4">
-            {/* OS Warning */}
-            {showOSWarning && (
-              <div className="mb-6 p-3 bg-amber-50 rounded-md border border-amber-200">
-                <p className="text-sm text-amber-800">
-                  ⚠️ Warning: Spoofing OS features is detectable by advanced
-                  anti-bot systems. Some platform-specific APIs and behaviors
-                  cannot be fully replicated.
-                </p>
-              </div>
-            )}
-
            <SharedCamoufoxConfigForm
              config={config}
              onConfigChange={updateConfig}
+              forceAdvanced={true}
+              readOnly={isRunning}
            />
          </div>
        </ScrollArea>

-        <DialogFooter className="flex-shrink-0 pt-4 border-t">
-          <Button variant="outline" onClick={handleClose}>
-            Cancel
-          </Button>
-          <Button onClick={handleSave} disabled={isSaving}>
-            {isSaving ? "Saving..." : "Save Configuration"}
-          </Button>
+        <DialogFooter className="shrink-0 pt-4 border-t">
+          <RippleButton variant="outline" onClick={handleClose}>
+            {isRunning ? "Close" : "Cancel"}
+          </RippleButton>
+          {!isRunning && (
+            <LoadingButton
+              isLoading={isSaving}
+              onClick={handleSave}
+              disabled={isSaving}
+            >
+              Save
+            </LoadingButton>
+          )}
        </DialogFooter>
      </DialogContent>
    </Dialog>
@@ -1,307 +0,0 @@
-"use client";
-
-import { invoke } from "@tauri-apps/api/core";
-import { useCallback, useEffect, useState } from "react";
-import { LuTriangleAlert } from "react-icons/lu";
-import { LoadingButton } from "@/components/loading-button";
-import { ReleaseTypeSelector } from "@/components/release-type-selector";
-import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
-import { Button } from "@/components/ui/button";
-import { Checkbox } from "@/components/ui/checkbox";
-import {
-  Dialog,
-  DialogContent,
-  DialogFooter,
-  DialogHeader,
-  DialogTitle,
-} from "@/components/ui/dialog";
-import { Label } from "@/components/ui/label";
-import { useBrowserDownload } from "@/hooks/use-browser-download";
-import { getBrowserDisplayName } from "@/lib/browser-utils";
-import type { BrowserProfile, BrowserReleaseTypes } from "@/types";
-
-interface ChangeVersionDialogProps {
-  isOpen: boolean;
-  onClose: () => void;
-  profile: BrowserProfile | null;
-  onVersionChanged: () => void;
-}
-
-export function ChangeVersionDialog({
-  isOpen,
-  onClose,
-  profile,
-  onVersionChanged,
-}: ChangeVersionDialogProps) {
-  const [selectedReleaseType, setSelectedReleaseType] = useState<
-    "stable" | "nightly" | null
-  >(null);
-  const [releaseTypes, setReleaseTypes] = useState<BrowserReleaseTypes>({});
-  const [isLoadingReleaseTypes, setIsLoadingReleaseTypes] = useState(false);
-  const [isUpdating, setIsUpdating] = useState(false);
-  const [showDowngradeWarning, setShowDowngradeWarning] = useState(false);
-  const [acknowledgeDowngrade, setAcknowledgeDowngrade] = useState(false);
-
-  const {
-    downloadedVersions,
-    isDownloading,
-    loadDownloadedVersions,
-    downloadBrowser,
-    isVersionDownloaded,
-  } = useBrowserDownload();
-
-  const loadReleaseTypes = useCallback(async (browser: string) => {
-    setIsLoadingReleaseTypes(true);
-    try {
-      const releaseTypes = await invoke<BrowserReleaseTypes>(
-        "get_browser_release_types",
-        { browserStr: browser },
-      );
-      setReleaseTypes(releaseTypes);
-    } catch (error) {
-      console.error("Failed to load release types:", error);
-    } finally {
-      setIsLoadingReleaseTypes(false);
-    }
-  }, []);
-
-  useEffect(() => {
-    if (
-      profile &&
-      selectedReleaseType &&
-      selectedReleaseType !== profile.release_type
-    ) {
-      // For simplicity, we'll show downgrade warning when switching from stable to nightly
-      // since nightly versions might be considered "downgrades" in terms of stability
-      const isDowngrade =
-        profile.release_type === "stable" && selectedReleaseType === "nightly";
-      setShowDowngradeWarning(isDowngrade);
-
-      if (!isDowngrade) {
-        setAcknowledgeDowngrade(false);
-      }
-    }
-  }, [selectedReleaseType, profile]);
-
-  const handleDownload = useCallback(async () => {
-    if (!profile || !selectedReleaseType) return;
-
-    const version =
-      selectedReleaseType === "stable"
-        ? releaseTypes.stable
-        : releaseTypes.nightly;
-    if (!version) return;
-
-    await downloadBrowser(profile.browser, version);
-  }, [profile, selectedReleaseType, downloadBrowser, releaseTypes]);
-
-  const handleVersionChange = useCallback(async () => {
-    if (!profile || !selectedReleaseType) return;
-
-    const version =
-      selectedReleaseType === "stable"
-        ? releaseTypes.stable
-        : releaseTypes.nightly;
-    if (!version) return;
-
-    setIsUpdating(true);
-    try {
-      await invoke("update_profile_version", {
-        profileName: profile.name,
-        version,
-      });
-      onVersionChanged();
-      onClose();
-    } catch (error) {
-      console.error("Failed to update profile version:", error);
-    } finally {
-      setIsUpdating(false);
-    }
-  }, [profile, selectedReleaseType, releaseTypes, onVersionChanged, onClose]);
-
-  const selectedVersion =
-    selectedReleaseType === "stable"
-      ? releaseTypes.stable
-      : releaseTypes.nightly;
-
-  const canUpdate =
-    profile &&
-    selectedReleaseType &&
-    selectedReleaseType !== profile.release_type &&
-    selectedVersion &&
-    isVersionDownloaded(selectedVersion) &&
-    (!showDowngradeWarning || acknowledgeDowngrade);
-
-  useEffect(() => {
-    if (isOpen && profile) {
-      // Set current release type based on profile
-      setSelectedReleaseType(profile.release_type as "stable" | "nightly");
-      setAcknowledgeDowngrade(false);
-      void loadReleaseTypes(profile.browser);
-      void loadDownloadedVersions(profile.browser);
-    }
-  }, [isOpen, profile, loadDownloadedVersions, loadReleaseTypes]);
-
-  if (!profile) return null;
-
-  return (
-    <Dialog open={isOpen} onOpenChange={onClose}>
-      <DialogContent className="max-w-md">
-        <DialogHeader>
-          <DialogTitle>Change Release Type</DialogTitle>
-        </DialogHeader>
-
-        <div className="grid gap-4 py-4">
-          <div className="space-y-2">
-            <Label className="text-sm font-medium">Profile:</Label>
-            <div className="p-2 text-sm rounded bg-muted">{profile.name}</div>
-          </div>
-
-          <div className="space-y-2">
-            <Label className="text-sm font-medium">Current Release:</Label>
-            <div className="p-2 text-sm capitalize rounded bg-muted">
-              {profile.release_type} ({profile.version})
-            </div>
-          </div>
-
-          {!releaseTypes.stable && !releaseTypes.nightly ? (
-            <Alert>
-              <AlertDescription>
-                No releases are available for{" "}
-                {getBrowserDisplayName(profile.browser)}.
-              </AlertDescription>
-            </Alert>
-          ) : !releaseTypes.stable || !releaseTypes.nightly ? (
-            <div className="space-y-4">
-              <Alert>
-                <AlertDescription>
-                  Only {profile.release_type} releases are available for{" "}
-                  {getBrowserDisplayName(profile.browser)}.
-                </AlertDescription>
-              </Alert>
-              <div className="grid gap-2">
-                <Label>New Release Type</Label>
-                {isLoadingReleaseTypes ? (
-                  <div className="text-sm text-muted-foreground">
-                    Loading release types...
-                  </div>
-                ) : (
-                  <div className="space-y-4">
-                    {selectedReleaseType &&
-                      selectedReleaseType !== profile.release_type &&
-                      selectedVersion &&
-                      !isVersionDownloaded(selectedVersion) && (
-                        <Alert>
-                          <AlertDescription>
-                            You must download{" "}
-                            {getBrowserDisplayName(profile.browser)}{" "}
-                            {selectedVersion} before switching to this release
-                            type. Use the download button above to get the
-                            latest version.
-                          </AlertDescription>
-                        </Alert>
-                      )}
-
-                    <ReleaseTypeSelector
-                      selectedReleaseType={selectedReleaseType}
-                      onReleaseTypeSelect={setSelectedReleaseType}
-                      availableReleaseTypes={releaseTypes}
-                      browser={profile.browser}
-                      isDownloading={isDownloading}
-                      onDownload={() => {
-                        void handleDownload();
-                      }}
-                      placeholder="Select release type..."
-                      downloadedVersions={downloadedVersions}
-                    />
-                  </div>
-                )}
-              </div>
-            </div>
-          ) : (
-            <div className="grid gap-2">
-              <Label>New Release Type</Label>
-              {isLoadingReleaseTypes ? (
-                <div className="text-sm text-muted-foreground">
-                  Loading release types...
-                </div>
-              ) : (
-                <div className="space-y-4">
-                  {selectedReleaseType &&
-                    selectedReleaseType !== profile.release_type &&
-                    selectedVersion &&
-                    !isVersionDownloaded(selectedVersion) && (
-                      <Alert>
-                        <AlertDescription>
-                          You must download{" "}
-                          {getBrowserDisplayName(profile.browser)}{" "}
-                          {selectedVersion} before switching to this release
-                          type. Use the download button above to get the latest
-                          version.
-                        </AlertDescription>
-                      </Alert>
-                    )}
-
-                  <ReleaseTypeSelector
-                    selectedReleaseType={selectedReleaseType}
-                    onReleaseTypeSelect={setSelectedReleaseType}
-                    availableReleaseTypes={releaseTypes}
-                    browser={profile.browser}
-                    isDownloading={isDownloading}
-                    onDownload={() => {
-                      void handleDownload();
-                    }}
-                    placeholder="Select release type..."
-                    downloadedVersions={downloadedVersions}
-                  />
-                </div>
-              )}
-            </div>
-          )}
-
-          {/* Downgrade Warning */}
-          {showDowngradeWarning && (
-            <Alert className="border-orange-700">
-              <LuTriangleAlert className="w-4 h-4 text-orange-700" />
-              <AlertTitle className="text-orange-700">
-                Stability Warning
-              </AlertTitle>
-              <AlertDescription className="text-orange-700">
-                You are about to switch from stable to nightly releases. Nightly
-                versions may be less stable and could contain bugs or incomplete
-                features.
-                <div className="flex items-center mt-3 space-x-2">
-                  <Checkbox
-                    id="acknowledge-downgrade"
-                    checked={acknowledgeDowngrade}
-                    onCheckedChange={(checked) => {
-                      setAcknowledgeDowngrade(checked as boolean);
-                    }}
-                  />
-                  <Label htmlFor="acknowledge-downgrade" className="text-sm">
-                    I understand the risks and want to proceed
-                  </Label>
-                </div>
-              </AlertDescription>
-            </Alert>
-          )}
-        </div>
-
-        <DialogFooter>
-          <Button variant="outline" onClick={onClose}>
-            Cancel
-          </Button>
-          <LoadingButton
-            isLoading={isUpdating}
-            onClick={() => {
-              void handleVersionChange();
-            }}
-            disabled={!canUpdate}
-          >
-            {isUpdating ? "Updating..." : "Update Release Type"}
-          </LoadingButton>
-        </DialogFooter>
-      </DialogContent>
-    </Dialog>
-  );
-}
@@ -4,7 +4,6 @@ import { invoke } from "@tauri-apps/api/core";
 import { useCallback, useState } from "react";
 import { toast } from "sonner";
 import { LoadingButton } from "@/components/loading-button";
-import { Button } from "@/components/ui/button";
 import {
  Dialog,
  DialogContent,
@@ -16,6 +15,7 @@ import {
 import { Input } from "@/components/ui/input";
 import { Label } from "@/components/ui/label";
 import type { ProfileGroup } from "@/types";
+import { RippleButton } from "./ui/ripple";

 interface CreateGroupDialogProps {
  isOpen: boolean;
@@ -98,15 +98,19 @@ export function CreateGroupDialog({
        </div>

        <DialogFooter>
-          <Button variant="outline" onClick={handleClose} disabled={isCreating}>
+          <RippleButton
+            variant="outline"
+            onClick={handleClose}
+            disabled={isCreating}
+          >
            Cancel
-          </Button>
+          </RippleButton>
          <LoadingButton
            isLoading={isCreating}
            onClick={() => void handleCreate()}
            disabled={!groupName.trim()}
          >
-            Create Group
+            Create
          </LoadingButton>
        </DialogFooter>
      </DialogContent>
@@ -47,20 +47,23 @@
 * });
 * ```
 */
+/** biome-ignore-all lint/suspicious/noExplicitAny: TODO */

 import {
  LuCheckCheck,
  LuDownload,
  LuRefreshCw,
-  LuRocket,
  LuTriangleAlert,
 } from "react-icons/lu";
+import type { ExternalToast } from "sonner";
+import { RippleButton } from "./ui/ripple";

 interface BaseToastProps {
  id?: string;
  title: string;
  description?: string;
  duration?: number;
+  action?: ExternalToast["action"];
 }

 interface LoadingToastProps extends BaseToastProps {
@@ -111,16 +114,6 @@ interface TwilightUpdateToastProps extends BaseToastProps {
  hasUpdate?: boolean;
 }

-interface AppUpdateToastProps extends BaseToastProps {
-  type: "app-update";
-  stage?: "downloading" | "extracting" | "installing" | "completed";
-  progress?: {
-    percentage: number;
-    speed?: string;
-    eta?: string;
-  };
-}
-
 type ToastProps =
  | LoadingToastProps
  | SuccessToastProps
@@ -128,92 +121,57 @@ type ToastProps =
  | DownloadToastProps
  | VersionUpdateToastProps
  | FetchingToastProps
-  | TwilightUpdateToastProps
-  | AppUpdateToastProps;
+  | TwilightUpdateToastProps;

 function getToastIcon(type: ToastProps["type"], stage?: string) {
  switch (type) {
    case "success":
-      return <LuCheckCheck className="flex-shrink-0 w-4 h-4 text-green-500" />;
+      return <LuCheckCheck className="flex-shrink-0 w-4 h-4 text-foreground" />;
    case "error":
-      return <LuTriangleAlert className="flex-shrink-0 w-4 h-4 text-red-500" />;
+      return (
+        <LuTriangleAlert className="flex-shrink-0 w-4 h-4 text-foreground" />
+      );
    case "download":
      if (stage === "completed") {
        return (
-          <LuCheckCheck className="flex-shrink-0 w-4 h-4 text-green-500" />
+          <LuCheckCheck className="flex-shrink-0 w-4 h-4 text-foreground" />
        );
      }
-      return <LuDownload className="flex-shrink-0 w-4 h-4 text-blue-500" />;
-    case "app-update":
-      if (stage === "completed") {
-        return (
-          <LuCheckCheck className="flex-shrink-0 w-4 h-4 text-green-500" />
-        );
-      } else if (stage === "downloading") {
-        return <LuDownload className="flex-shrink-0 w-4 h-4 text-blue-500" />;
-      } else if (stage === "installing") {
-        return (
-          <LuRefreshCw className="flex-shrink-0 w-4 h-4 text-blue-500 animate-spin" />
-        );
-      }
-      return (
-        <LuRefreshCw className="flex-shrink-0 w-4 h-4 text-blue-500 animate-spin" />
-      );
+      return <LuDownload className="flex-shrink-0 w-4 h-4 text-foreground" />;
+
    case "version-update":
      return (
-        <LuRefreshCw className="flex-shrink-0 w-4 h-4 text-blue-500 animate-spin" />
+        <LuRefreshCw className="flex-shrink-0 w-4 h-4 animate-spin text-foreground" />
      );
    case "fetching":
      return (
-        <LuRefreshCw className="flex-shrink-0 w-4 h-4 text-blue-500 animate-spin" />
+        <LuRefreshCw className="flex-shrink-0 w-4 h-4 animate-spin text-foreground" />
      );
    case "twilight-update":
      return (
-        <LuRefreshCw className="flex-shrink-0 w-4 h-4 text-purple-500 animate-spin" />
+        <LuRefreshCw className="flex-shrink-0 w-4 h-4 animate-spin text-foreground" />
      );
    case "loading":
      return (
-        <div className="flex-shrink-0 w-4 h-4 rounded-full border-2 border-blue-500 animate-spin border-t-transparent" />
+        <div className="flex-shrink-0 w-4 h-4 rounded-full border-2 animate-spin border-foreground border-t-transparent" />
      );
    default:
      return (
-        <div className="flex-shrink-0 w-4 h-4 rounded-full border-2 border-blue-500 animate-spin border-t-transparent" />
+        <div className="flex-shrink-0 w-4 h-4 rounded-full border-2 animate-spin border-foreground border-t-transparent" />
      );
  }
 }

 export function UnifiedToast(props: ToastProps) {
-  const { title, description, type } = props;
+  const { title, description, type, action } = props;
  const stage = "stage" in props ? props.stage : undefined;
  const progress = "progress" in props ? props.progress : undefined;

-  // Check if this is an auto-update toast
-  const isAutoUpdate = title.includes("update started");
-
  return (
-    <div
-      className={`flex items-start p-3 w-96 rounded-lg border shadow-lg ${
-        isAutoUpdate
-          ? "bg-emerald-50 border-emerald-200 dark:bg-emerald-950 dark:border-emerald-800"
-          : "bg-white border-gray-200 dark:bg-gray-800 dark:border-gray-700"
-      }`}
-      data-toast-type={isAutoUpdate ? "auto-update" : "default"}
-    >
-      <div className="mr-3 mt-0.5">
-        {isAutoUpdate ? (
-          <LuRocket className="flex-shrink-0 w-4 h-4 text-emerald-500" />
-        ) : (
-          getToastIcon(type, stage)
-        )}
-      </div>
+    <div className="flex items-start p-3 w-96 rounded-lg border shadow-lg bg-card border-border text-card-foreground">
+      <div className="mr-3 mt-0.5">{getToastIcon(type, stage)}</div>
      <div className="flex-1 min-w-0">
-        <p
-          className={`text-sm font-medium leading-tight ${
-            isAutoUpdate
-              ? "text-emerald-900 dark:text-emerald-100"
-              : "text-gray-900 dark:text-white"
-          }`}
-        >
+        <p className="text-sm font-semibold leading-tight text-foreground">
          {title}
        </p>

@@ -224,82 +182,41 @@ export function UnifiedToast(props: ToastProps) {
          stage === "downloading" && (
            <div className="mt-2 space-y-1">
              <div className="flex justify-between items-center">
-                <p className="flex-1 min-w-0 text-xs text-gray-600 dark:text-gray-300">
+                <p className="flex-1 min-w-0 text-xs text-muted-foreground">
                  {progress.percentage.toFixed(1)}%
                  {progress.speed && ` • ${progress.speed} MB/s`}
                  {progress.eta && ` • ${progress.eta} remaining`}
                </p>
              </div>
-              <div className="w-full bg-gray-200 dark:bg-gray-700 rounded-full h-1.5">
+              <div className="w-full bg-muted rounded-full h-1.5">
                <div
-                  className="bg-blue-500 h-1.5 rounded-full transition-all duration-300"
+                  className="bg-foreground h-1.5 rounded-full transition-all duration-300"
                  style={{ width: `${progress.percentage}%` }}
                />
              </div>
            </div>
          )}

-        {/* App update progress */}
-        {type === "app-update" && (
-          <div className="mt-2 space-y-1">
-            {/* Download progress with percentage */}
-            {progress &&
-              "percentage" in progress &&
-              stage === "downloading" && (
-                <>
-                  <div className="flex justify-between items-center">
-                    <p className="flex-1 min-w-0 text-xs text-gray-600 dark:text-gray-300">
-                      {progress.percentage.toFixed(1)}%
-                      {progress.speed && ` • ${progress.speed} MB/s`}
-                      {progress.eta && ` • ${progress.eta} remaining`}
-                    </p>
-                  </div>
-                  <div className="w-full bg-gray-200 dark:bg-gray-700 rounded-full h-1.5">
-                    <div
-                      className="bg-blue-500 h-1.5 rounded-full transition-all duration-300"
-                      style={{ width: `${progress.percentage}%` }}
-                    />
-                  </div>
-                </>
-              )}
-
-            {/* Progress indicator for other stages */}
-            {(stage === "extracting" ||
-              stage === "installing" ||
-              stage === "completed") && (
-              <div className="w-full bg-gray-200 dark:bg-gray-700 rounded-full h-1.5">
-                <div
-                  className={`h-1.5 rounded-full transition-all duration-500 ${
-                    stage === "completed"
-                      ? "bg-green-500 w-full"
-                      : "bg-blue-500 w-full animate-pulse"
-                  }`}
-                />
-              </div>
-            )}
-          </div>
-        )}
-
        {/* Version update progress */}
        {type === "version-update" &&
          progress &&
          "current_browser" in progress && (
            <div className="mt-2 space-y-1">
-              <p className="text-xs text-gray-600 dark:text-gray-300">
+              <p className="text-xs text-muted-foreground">
                {progress.current_browser && (
                  <>Looking for updates for {progress.current_browser}</>
                )}
              </p>
              <div className="flex items-center space-x-2">
-                <div className="flex-1 bg-gray-200 dark:bg-gray-700 rounded-full h-1.5 min-w-0">
+                <div className="flex-1 bg-muted rounded-full h-1.5 min-w-0">
                  <div
-                    className="bg-blue-500 h-1.5 rounded-full transition-all duration-300"
+                    className="bg-foreground h-1.5 rounded-full transition-all duration-300"
                    style={{
                      width: `${(progress.current / progress.total) * 100}%`,
                    }}
                  />
                </div>
-                <span className="w-8 text-xs text-right text-gray-500 whitespace-nowrap dark:text-gray-400 shrink-0">
+                <span className="w-8 text-xs text-right whitespace-nowrap text-muted-foreground shrink-0">
                  {progress.current}/{progress.total}
                </span>
              </div>
@@ -309,13 +226,13 @@ export function UnifiedToast(props: ToastProps) {
        {/* Twilight update progress */}
        {type === "twilight-update" && (
          <div className="mt-2">
-            <p className="text-xs text-gray-600 dark:text-gray-300">
+            <p className="text-xs text-muted-foreground">
              {"hasUpdate" in props && props.hasUpdate
                ? "New twilight build available for download"
                : "Checking for twilight updates..."}
            </p>
            {props.browserName && (
-              <p className="mt-1 text-xs text-purple-600 dark:text-purple-400">
+              <p className="mt-1 text-xs text-muted-foreground">
                {props.browserName} • Rolling Release
              </p>
            )}
@@ -324,13 +241,7 @@ export function UnifiedToast(props: ToastProps) {

        {/* Description */}
        {description && (
-          <p
-            className={`mt-1 text-xs leading-tight ${
-              isAutoUpdate
-                ? "text-emerald-700 dark:text-emerald-300"
-                : "text-gray-600 dark:text-gray-300"
-            }`}
-          >
+          <p className="mt-1 text-xs leading-tight text-muted-foreground">
            {description}
          </p>
        )}
@@ -339,43 +250,35 @@ export function UnifiedToast(props: ToastProps) {
        {type === "download" && !description && (
          <>
            {stage === "extracting" && (
-              <p className="mt-1 text-xs text-gray-600 dark:text-gray-300">
+              <p className="mt-1 text-xs text-muted-foreground">
                Extracting browser files...
              </p>
            )}
            {stage === "verifying" && (
-              <p className="mt-1 text-xs text-gray-600 dark:text-gray-300">
+              <p className="mt-1 text-xs text-muted-foreground">
                Verifying browser files...
              </p>
            )}
            {stage === "downloading (twilight rolling release)" && (
-              <p className="mt-1 text-xs text-purple-600 dark:text-purple-400">
+              <p className="mt-1 text-xs text-muted-foreground">
                Downloading rolling release build...
              </p>
            )}
          </>
        )}
-
-        {/* Stage-specific descriptions for app updates */}
-        {type === "app-update" && !description && (
-          <>
-            {stage === "extracting" && (
-              <p className="mt-1 text-xs text-gray-600 dark:text-gray-300">
-                Preparing update files...
-              </p>
-            )}
-            {stage === "installing" && (
-              <p className="mt-1 text-xs text-gray-600 dark:text-gray-300">
-                Installing new version...
-              </p>
-            )}
-            {stage === "completed" && (
-              <p className="mt-1 text-xs text-green-600 dark:text-green-400">
-                Update completed! Restarting application...
-              </p>
-            )}
-          </>
-        )}
+        {action &&
+          "onClick" in (action as any) &&
+          "label" in (action as any) && (
+            <div className="mt-2 w-full">
+              <RippleButton
+                size="sm"
+                className="ml-auto"
+                onClick={(action as any).onClick}
+              >
+                {(action as any).label}
+              </RippleButton>
+            </div>
+          )}
      </div>
    </div>
  );
@@ -0,0 +1,176 @@
+"use client";
+
+import type { Table } from "@tanstack/react-table";
+import { AnimatePresence, motion } from "motion/react";
+import * as React from "react";
+import * as ReactDOM from "react-dom";
+import { LuX } from "react-icons/lu";
+import { Button } from "@/components/ui/button";
+import {
+  Tooltip,
+  TooltipContent,
+  TooltipTrigger,
+} from "@/components/ui/tooltip";
+import { cn } from "@/lib/utils";
+
+interface DataTableActionBarProps<TData>
+  extends React.ComponentProps<typeof motion.div> {
+  table: Table<TData>;
+  visible?: boolean;
+  portalContainer?: Element | DocumentFragment | null;
+}
+
+function DataTableActionBar<TData>({
+  table,
+  visible: visibleProp,
+  portalContainer: portalContainerProp,
+  children,
+  className,
+  ...props
+}: DataTableActionBarProps<TData>) {
+  const [mounted, setMounted] = React.useState(false);
+  React.useLayoutEffect(() => {
+    setMounted(true);
+  }, []);
+
+  React.useEffect(() => {
+    function onKeyDown(event: KeyboardEvent) {
+      if (event.key === "Escape") {
+        table.toggleAllRowsSelected(false);
+      }
+    }
+    window.addEventListener("keydown", onKeyDown);
+    return () => window.removeEventListener("keydown", onKeyDown);
+  }, [table]);
+
+  const portalContainer =
+    portalContainerProp ?? (mounted ? globalThis.document?.body : null);
+
+  if (!portalContainer) return null;
+
+  const visible =
+    visibleProp ?? table.getFilteredSelectedRowModel().rows.length > 0;
+
+  return ReactDOM.createPortal(
+    <AnimatePresence>
+      {visible && (
+        <motion.div
+          role="toolbar"
+          aria-orientation="horizontal"
+          initial={{ opacity: 0, y: 20 }}
+          animate={{ opacity: 1, y: 0 }}
+          exit={{ opacity: 0, y: 20 }}
+          transition={{ duration: 0.2, ease: "easeInOut" }}
+          className={cn(
+            "fixed inset-x-0 bottom-6 z-50 mx-auto flex w-fit flex-wrap items-center justify-center gap-2 rounded-md border bg-background p-2 text-foreground shadow-sm",
+            className,
+          )}
+          {...props}
+        >
+          {children}
+        </motion.div>
+      )}
+    </AnimatePresence>,
+    portalContainer,
+  );
+}
+
+interface DataTableActionBarActionProps
+  extends React.ComponentProps<typeof Button> {
+  tooltip?: string;
+  isPending?: boolean;
+}
+
+function DataTableActionBarAction({
+  size = "sm",
+  tooltip,
+  isPending,
+  disabled,
+  className,
+  children,
+  ...props
+}: DataTableActionBarActionProps) {
+  const trigger = (
+    <Button
+      variant="secondary"
+      size={size}
+      className={cn(
+        "gap-1.5 border border-secondary bg-secondary/50 hover:bg-secondary/70 [&>svg]:size-3.5",
+        size === "icon" ? "size-7" : "h-7",
+        className,
+      )}
+      disabled={disabled || isPending}
+      {...props}
+    >
+      {isPending ? (
+        <div className="w-3.5 h-3.5 rounded-full border border-current animate-spin border-t-transparent" />
+      ) : (
+        children
+      )}
+    </Button>
+  );
+
+  if (!tooltip) return trigger;
+
+  return (
+    <Tooltip>
+      <TooltipTrigger asChild>{trigger}</TooltipTrigger>
+      <TooltipContent
+        sideOffset={6}
+        className="border bg-accent font-semibold text-foreground dark:bg-zinc-900 [&>span]:hidden"
+      >
+        <p>{tooltip}</p>
+      </TooltipContent>
+    </Tooltip>
+  );
+}
+
+interface DataTableActionBarSelectionProps<TData> {
+  table: Table<TData>;
+}
+
+function DataTableActionBarSelection<TData>({
+  table,
+}: DataTableActionBarSelectionProps<TData>) {
+  const onClearSelection = React.useCallback(() => {
+    table.toggleAllRowsSelected(false);
+  }, [table]);
+
+  return (
+    <div className="flex h-7 items-center rounded-md border pr-1 pl-2.5">
+      <span className="whitespace-nowrap text-xs">
+        {table.getFilteredSelectedRowModel().rows.length} selected
+      </span>
+      <div className="mr-1 ml-2 h-4 w-px bg-border" />
+      <Tooltip>
+        <TooltipTrigger asChild>
+          <Button
+            variant="ghost"
+            size="icon"
+            className="size-5"
+            onClick={onClearSelection}
+          >
+            <LuX className="size-3.5" />
+          </Button>
+        </TooltipTrigger>
+        <TooltipContent
+          sideOffset={10}
+          className="flex items-center gap-2 border bg-accent px-2 py-1 font-semibold text-foreground dark:bg-zinc-900 [&>span]:hidden"
+        >
+          <p>Clear selection</p>
+          <kbd className="select-none rounded border bg-background px-1.5 py-px font-mono font-normal text-[0.7rem] text-foreground shadow-xs">
+            <abbr title="Escape" className="no-underline">
+              Esc
+            </abbr>
+          </kbd>
+        </TooltipContent>
+      </Tooltip>
+    </div>
+  );
+}
+
+export {
+  DataTableActionBar,
+  DataTableActionBarAction,
+  DataTableActionBarSelection,
+};
@@ -1,6 +1,5 @@
 "use client";

-import { Button } from "@/components/ui/button";
 import {
  Dialog,
  DialogContent,
@@ -9,6 +8,8 @@ import {
  DialogHeader,
  DialogTitle,
 } from "@/components/ui/dialog";
+import { LoadingButton } from "./loading-button";
+import { RippleButton } from "./ui/ripple";

 interface DeleteConfirmationDialogProps {
  isOpen: boolean;
@@ -18,7 +19,8 @@ interface DeleteConfirmationDialogProps {
  description: string;
  confirmButtonText?: string;
  isLoading?: boolean;
-  profileNames?: string[];
+  profileIds?: string[];
+  profiles?: { id: string; name: string }[];
 }

 export function DeleteConfirmationDialog({
@@ -29,7 +31,8 @@ export function DeleteConfirmationDialog({
  description,
  confirmButtonText = "Delete",
  isLoading = false,
-  profileNames,
+  profileIds,
+  profiles = [],
 }: DeleteConfirmationDialogProps) {
  const handleConfirm = async () => {
    await onConfirm();
@@ -41,34 +44,42 @@ export function DeleteConfirmationDialog({
        <DialogHeader>
          <DialogTitle>{title}</DialogTitle>
          <DialogDescription>{description}</DialogDescription>
-          {profileNames && profileNames.length > 0 && (
+          {profileIds && profileIds.length > 0 && (
            <div className="mt-4">
              <p className="text-sm font-medium mb-2">
                Profiles to be deleted:
              </p>
              <div className="bg-muted rounded-md p-3 max-h-32 overflow-y-auto">
                <ul className="space-y-1">
-                  {profileNames.map((name) => (
-                    <li key={name} className="text-sm text-muted-foreground">
-                      • {name}
-                    </li>
-                  ))}
+                  {profileIds.map((id) => {
+                    const profile = profiles.find((p) => p.id === id);
+                    const displayName = profile ? profile.name : id;
+                    return (
+                      <li key={id} className="text-sm text-muted-foreground">
+                        • {displayName}
+                      </li>
+                    );
+                  })}
                </ul>
              </div>
            </div>
          )}
        </DialogHeader>
        <DialogFooter>
-          <Button variant="outline" onClick={onClose} disabled={isLoading}>
-            Cancel
-          </Button>
-          <Button
-            variant="destructive"
-            onClick={() => void handleConfirm()}
+          <RippleButton
+            variant="outline"
+            onClick={onClose}
            disabled={isLoading}
          >
-            {isLoading ? "Deleting..." : confirmButtonText}
-          </Button>
+            Cancel
+          </RippleButton>
+          <LoadingButton
+            variant="destructive"
+            onClick={() => void handleConfirm()}
+            isLoading={isLoading}
+          >
+            {confirmButtonText}
+          </LoadingButton>
        </DialogFooter>
      </DialogContent>
    </Dialog>
@@ -4,7 +4,6 @@ import { invoke } from "@tauri-apps/api/core";
 import { useCallback, useEffect, useState } from "react";
 import { toast } from "sonner";
 import { LoadingButton } from "@/components/loading-button";
-import { Button } from "@/components/ui/button";
 import {
  Dialog,
  DialogContent,
@@ -17,6 +16,7 @@ import { Label } from "@/components/ui/label";
 import { RadioGroup, RadioGroupItem } from "@/components/ui/radio-group";
 import { ScrollArea } from "@/components/ui/scroll-area";
 import type { BrowserProfile, ProfileGroup } from "@/types";
+import { RippleButton } from "./ui/ripple";

 interface DeleteGroupDialogProps {
  isOpen: boolean;
@@ -74,13 +74,13 @@ export function DeleteGroupDialog({
    try {
      if (deleteAction === "delete" && associatedProfiles.length > 0) {
        // Delete all associated profiles first
-        const profileNames = associatedProfiles.map((p) => p.name);
-        await invoke("delete_selected_profiles", { profileNames });
+        const profileIds = associatedProfiles.map((p) => p.id);
+        await invoke("delete_selected_profiles", { profileIds });
      } else if (deleteAction === "move" && associatedProfiles.length > 0) {
        // Move profiles to default group (null group_id)
-        const profileNames = associatedProfiles.map((p) => p.name);
+        const profileIds = associatedProfiles.map((p) => p.id);
        await invoke("assign_profiles_to_group", {
-          profileNames,
+          profileIds,
          groupId: null,
        });
      }
@@ -188,9 +188,13 @@ export function DeleteGroupDialog({
        </div>

        <DialogFooter>
-          <Button variant="outline" onClick={handleClose} disabled={isDeleting}>
+          <RippleButton
+            variant="outline"
+            onClick={handleClose}
+            disabled={isDeleting}
+          >
            Cancel
-          </Button>
+          </RippleButton>
          <LoadingButton
            variant="destructive"
            isLoading={isDeleting}
--- a/Show More
+++ b/Show More