up 7.19.1

Update Directory.Packages.props
Fix (#8868 )
2026-03-22 08:20:03 +05:00 · 2026-03-02 09:31:57 +08:00 · 2026-03-02 09:31:34 +08:00 · 2026-03-01 19:44:44 +08:00 · 2026-03-01 18:38:16 +08:00 · 2026-03-01 17:41:59 +08:00
302 changed files with 24712 additions and 10797 deletions
--- a/.github/ISSUE_TEMPLATE/01_bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/01_bug_report.yml
@@ -3,6 +3,18 @@ description: 在提出问题前请先自行排除服务器端问题和升级到
 title: "[Bug]: "
 labels: ["bug"]
 body:
+  - type: markdown
+    attributes:
+      value: |
+        ### 报告 Bug 前请务必确认以下事项：
+        > ** **
+        > **✓ 已自行排除服务器端问题。**
+        > **✓ 已升级到最新客户端版本。**
+        > **✓ 已通过搜索确认没有人提出过相同问题。**
+        > **✓ 已确认自己的电脑系统环境是受支持的。**
+
+        ---
+
  - type: input
    id: "os-version"
    attributes:
@@ -10,6 +22,7 @@ body:
      description: "操作系统和版本"
    validations:
      required: true
+
  - type: input
    id: "expectation"
    attributes:
@@ -17,6 +30,7 @@ body:
      description: "描述你认为应该发生什么"
    validations:
      required: true
+
  - type: textarea
    id: "describe-the-bug"
    attributes:
@@ -24,22 +38,34 @@ body:
      description: "描述实际发生了什么"
    validations:
      required: true
+
  - type: textarea
    id: "reproduction-method"
    attributes:
      label: "复现方法"
      description: "在BUG出现前执行了哪些操作"
-      placeholder: 标序号
+      placeholder: "标序号"
    validations:
      required: true
+
  - type: textarea
-    id: "log"
+    id: "gui-log"
    attributes:
-      label: "日志信息"
+      label: "软件日志"
      description: "位置在软件当前目录下的guiLogs"
-      placeholder: 在日志开始和结束位置粘贴冒号后的内容：```
+      placeholder: "在日志开始和结束位置粘贴冒号后的内容到这："
    validations:
      required: true
+
+  - type: textarea
+    id: "core-log"
+    attributes:
+      label: "内核日志"
+      description: "位置在软件主界面的信息框内"
+      placeholder: "在信息框内鼠标右键复制全部信息粘贴在这："
+    validations:
+      required: true
+
  - type: textarea
    id: "more"
    attributes:
@@ -47,6 +73,7 @@ body:
      description: "可选"
    validations:
      required: false
+
  - type: checkboxes
    id: "latest-version"
    attributes:
@@ -55,6 +82,7 @@ body:
      options:
        - label: 是
          required: true
+
  - type: checkboxes
    id: "issues"
    attributes:
@@ -63,3 +91,12 @@ body:
      options:
        - label: 是
          required: true
+
+  - type: checkboxes
+    id: "system-version"
+    attributes:
+      label: "我确认系统版本是受支持的"
+      description: "否则请切换后尝试"
+      options:
+        - label: 是
+          required: true
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,9 @@
+blank_issues_enabled: false
+
+contact_links:
+  - name: Discussions / 讨论区
+    url: https://github.com/2dust/v2rayN/discussions
+    about: 使用问题或需要帮助请前往 Discussions。
+  - name: Wiki / 使用说明
+    url: https://github.com/2dust/v2rayN/wiki
+    about: 查看常见问题和使用文档。
--- a/.github/workflows/build-linux.yml
+++ b/.github/workflows/build-linux.yml
@@ -9,6 +9,12 @@ on:
  push:
    branches:
      - master
+    tags:
+      - 'v*'
+      - 'V*'
+
+permissions:
+  contents: write

 env:
  OutputArch: "linux-64"
@@ -21,31 +27,30 @@ jobs:
    strategy:
      matrix:
        configuration: [Release]
-
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04

    steps:
    - name: Checkout
-      uses: actions/checkout@v4.2.2
+      uses: actions/checkout@v6.0.2
      with:
        submodules: 'recursive'
        fetch-depth: '0'

-    - name: Setup
-      uses: actions/setup-dotnet@v4.3.1
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v5.0.1
      with:
        dotnet-version: '8.0.x'

    - name: Build
      run: |
-        cd v2rayN 
-        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r linux-x64   --self-contained=true -o $OutputPath64
-        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r linux-arm64 --self-contained=true -o $OutputPathArm64
-        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r linux-x64   --self-contained=true -p:PublishTrimmed=true -o $OutputPath64
-        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r linux-arm64 --self-contained=true -p:PublishTrimmed=true -o $OutputPathArm64
+        cd v2rayN
+        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r linux-x64   -p:SelfContained=true -o "$OutputPath64"
+        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r linux-arm64 -p:SelfContained=true -o "$OutputPathArm64"
+        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r linux-x64   -p:SelfContained=true -p:PublishTrimmed=true -o "$OutputPath64"
+        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r linux-arm64 -p:SelfContained=true -p:PublishTrimmed=true -o "$OutputPathArm64"

    - name: Upload build artifacts
-      uses: actions/upload-artifact@v4.6.2
+      uses: actions/upload-artifact@v7.0.0
      with:
        name: v2rayN-linux
        path: |
@@ -56,8 +61,8 @@ jobs:
      if: github.event.inputs.release_tag != ''
      run: |
        chmod 755 package-debian.sh
-        ./package-debian.sh $OutputArch $OutputPath64 ${{ github.event.inputs.release_tag }}
-        ./package-debian.sh $OutputArchArm $OutputPathArm64 ${{ github.event.inputs.release_tag }}
+        ./package-debian.sh "$OutputArch" "$OutputPath64" "${{ github.event.inputs.release_tag }}"
+        ./package-debian.sh "$OutputArchArm" "$OutputPathArm64" "${{ github.event.inputs.release_tag }}"

    - name: Upload deb to release
      uses: svenstaro/upload-release-action@v2
@@ -68,28 +73,13 @@ jobs:
        file_glob: true
        prerelease: true

-    - name: Package AppImage
-      if: github.event.inputs.release_tag != ''
-      run: |
-        chmod a+x package-appimage.sh
-        ./package-appimage.sh
-
-    - name: Upload AppImage to release
-      uses: svenstaro/upload-release-action@v2
-      if: github.event.inputs.release_tag != ''
-      with:
-        file: ${{ github.workspace }}/v2rayN*.AppImage
-        tag: ${{ github.event.inputs.release_tag }}
-        file_glob: true
-        prerelease: true
-
    # release zip archive
    - name: Package release zip archive
      if: github.event.inputs.release_tag != ''
      run: |
        chmod 755 package-release-zip.sh
-        ./package-release-zip.sh $OutputArch $OutputPath64
-        ./package-release-zip.sh $OutputArchArm $OutputPathArm64
+        ./package-release-zip.sh "$OutputArch" "$OutputPath64"
+        ./package-release-zip.sh "$OutputArchArm" "$OutputPathArm64"
    
    - name: Upload zip archive to release
      uses: svenstaro/upload-release-action@v2
@@ -98,4 +88,117 @@ jobs:
        file: ${{ github.workspace }}/v2rayN*.zip
        tag: ${{ github.event.inputs.release_tag }}
        file_glob: true
-        prerelease: true
+        prerelease: true
+
+  rpm:
+    needs: build
+    if: |
+      (github.event_name == 'workflow_dispatch' && github.event.inputs.release_tag != '') ||
+      (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/'))
+    runs-on: ubuntu-24.04
+    container:
+      image: registry.access.redhat.com/ubi10/ubi
+    env:
+      RELEASE_TAG: ${{ github.event.inputs.release_tag != '' && github.event.inputs.release_tag || github.ref_name }}
+
+    steps:
+    - name: Prepare tools (Red Hat)
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        . /etc/os-release
+        EL_MAJOR="${VERSION_ID%%.*}"
+        echo "EL_MAJOR=${EL_MAJOR}"
+
+        dnf -y makecache || true
+        command -v curl >/dev/null || dnf -y install curl ca-certificates
+
+        ARCH="$(uname -m)"
+        case "$ARCH" in x86_64|aarch64) ;; *) echo "Unsupported arch: $ARCH"; exit 1 ;; esac
+
+        install_epel_from_dir() {
+          local base="$1" rpm
+          echo "Try: $base"
+
+          rpm="$(
+            {
+              curl -fsSL "$base/Packages/"   2>/dev/null
+              curl -fsSL "$base/Packages/e/" 2>/dev/null | sed 's|href="|href="e/|'
+            } |
+            sed -n 's/.*href="\([^"]*epel-release-[^"]*\.noarch\.rpm\)".*/\1/p' |
+            sort -V | tail -n1
+          )" || true
+
+          if [[ -n "$rpm" ]]; then
+            dnf -y install "$base/Packages/$rpm"
+            return 0
+          fi
+          return 1
+        }
+
+        FEDORA="https://dl.fedoraproject.org/pub/epel/epel-release-latest-${EL_MAJOR}.noarch.rpm"
+        echo "Try Fedora: $FEDORA"
+
+        if curl -fsSLI "$FEDORA" >/dev/null; then
+          dnf -y install "$FEDORA"
+        else
+          ROCKY="https://dl.rockylinux.org/pub/rocky/${EL_MAJOR}/extras/${ARCH}/os"
+          if install_epel_from_dir "$ROCKY"; then
+            :
+          else
+            ALMA="https://repo.almalinux.org/almalinux/${EL_MAJOR}/extras/${ARCH}/os"
+            if install_epel_from_dir "$ALMA"; then
+              :
+            else
+              echo "EPEL bootstrap failed (Fedora/Rocky/Alma)"
+              exit 1
+            fi
+          fi
+        fi
+
+        dnf -y install sudo git rpm-build rpmdevtools dnf-plugins-core \
+                       rsync findutils tar gzip unzip which
+
+        dnf repolist | grep -i epel || true
+
+    - name: Checkout repo (for scripts)
+      uses: actions/checkout@v6.0.2
+      with:
+        submodules: 'recursive'
+        fetch-depth: '0'
+
+    - name: Restore build artifacts
+      uses: actions/download-artifact@v8
+      with:
+        name: v2rayN-linux
+        path: ${{ github.workspace }}/v2rayN/Release
+
+    - name: Ensure script permissions
+      run: chmod 755 package-rhel.sh
+
+    - name: Package RPM (RHEL-family)
+      run: ./package-rhel.sh "${RELEASE_TAG}" --arch all
+
+    - name: Collect RPMs into workspace
+      run: |
+        mkdir -p "$GITHUB_WORKSPACE/dist/rpm"
+        rsync -av "$HOME/rpmbuild/RPMS/" "$GITHUB_WORKSPACE/dist/rpm/" || true
+        find "$GITHUB_WORKSPACE/dist/rpm" -name "v2rayN-*-1*.x86_64.rpm"  -exec mv {} "$GITHUB_WORKSPACE/dist/rpm/v2rayN-linux-rhel-64.rpm" \;  || true
+        find "$GITHUB_WORKSPACE/dist/rpm" -name "v2rayN-*-1*.aarch64.rpm" -exec mv {} "$GITHUB_WORKSPACE/dist/rpm/v2rayN-linux-rhel-arm64.rpm" \; || true
+        echo "==== Dist tree ===="
+        ls -R "$GITHUB_WORKSPACE/dist/rpm" || true
+
+    - name: Upload RPM artifacts
+      uses: actions/upload-artifact@v7.0.0
+      with:
+        name: v2rayN-rpm
+        path: dist/rpm/**/*.rpm
+
+    - name: Upload RPMs to release
+      uses: svenstaro/upload-release-action@v2
+      with:
+        file: dist/rpm/**/*.rpm
+        tag: ${{ env.RELEASE_TAG }}
+        file_glob: true
+        prerelease: true
--- a/.github/workflows/build-osx.yml
+++ b/.github/workflows/build-osx.yml
@@ -26,26 +26,26 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v4.2.2
+      uses: actions/checkout@v6.0.2
      with:
        submodules: 'recursive'
        fetch-depth: '0'

    - name: Setup
-      uses: actions/setup-dotnet@v4.3.1
+      uses: actions/setup-dotnet@v5.0.1
      with:
        dotnet-version: '8.0.x'

    - name: Build
      run: |
        cd v2rayN 
-        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r osx-x64   --self-contained=true -o $OutputPath64
-        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r osx-arm64 --self-contained=true -o $OutputPathArm64
-        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r osx-x64   --self-contained=true -p:PublishTrimmed=true -o $OutputPath64
-        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r osx-arm64 --self-contained=true -p:PublishTrimmed=true -o $OutputPathArm64
+        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r osx-x64   -p:SelfContained=true -o $OutputPath64
+        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r osx-arm64 -p:SelfContained=true -o $OutputPathArm64
+        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r osx-x64   -p:SelfContained=true -p:PublishTrimmed=true -o $OutputPath64
+        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r osx-arm64 -p:SelfContained=true -p:PublishTrimmed=true -o $OutputPathArm64

    - name: Upload build artifacts
-      uses: actions/upload-artifact@v4.6.2
+      uses: actions/upload-artifact@v7.0.0
      with:
        name: v2rayN-macos
        path: |
--- a/.github/workflows/build-windows-desktop.yml
+++ b/.github/workflows/build-windows-desktop.yml
@@ -26,26 +26,26 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v4.2.2
+      uses: actions/checkout@v6.0.2
      with:
        submodules: 'recursive'
        fetch-depth: '0'

    - name: Setup
-      uses: actions/setup-dotnet@v4.3.1
+      uses: actions/setup-dotnet@v5.0.1
      with:
        dotnet-version: '8.0.x'

    - name: Build
      run: |
        cd v2rayN 
-        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r win-x64   --self-contained=true -p:EnableWindowsTargeting=true -o $OutputPath64
-        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r win-arm64 --self-contained=true -p:EnableWindowsTargeting=true -o $OutputPathArm64
-        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r win-x64   --self-contained=true -p:EnableWindowsTargeting=true -p:PublishTrimmed=true -o $OutputPath64
-        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r win-arm64 --self-contained=true -p:EnableWindowsTargeting=true -p:PublishTrimmed=true -o $OutputPathArm64
+        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r win-x64   -p:SelfContained=true -p:EnableWindowsTargeting=true -o $OutputPath64
+        dotnet publish ./v2rayN.Desktop/v2rayN.Desktop.csproj -c Release -r win-arm64 -p:SelfContained=true -p:EnableWindowsTargeting=true -o $OutputPathArm64
+        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r win-x64   -p:SelfContained=true -p:EnableWindowsTargeting=true -p:PublishTrimmed=true -o $OutputPath64
+        dotnet publish ./AmazTool/AmazTool.csproj             -c Release -r win-arm64 -p:SelfContained=true -p:EnableWindowsTargeting=true -p:PublishTrimmed=true -o $OutputPathArm64

    - name: Upload build artifacts
-      uses: actions/upload-artifact@v4.6.2
+      uses: actions/upload-artifact@v7.0.0
      with:
        name: v2rayN-windows-desktop
        path: |
--- a/.github/workflows/build-windows.yml
+++ b/.github/workflows/build-windows.yml
@@ -15,7 +15,6 @@ env:
  OutputArchArm: "windows-arm64"
  OutputPath64:  "${{ github.workspace }}/v2rayN/Release/windows-64"
  OutputPathArm64:  "${{ github.workspace }}/v2rayN/Release/windows-arm64"
-  OutputPath64Sc:  "${{ github.workspace }}/v2rayN/Release/windows-64-SelfContained"

 jobs:
  build:
@@ -27,26 +26,23 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v4.2.2
+      uses: actions/checkout@v6.0.2

    - name: Setup
-      uses: actions/setup-dotnet@v4.3.1
+      uses: actions/setup-dotnet@v5.0.1
      with:
        dotnet-version: '8.0.x'

    - name: Build
      run: |
        cd v2rayN 
-        dotnet publish ./v2rayN/v2rayN.csproj     -c Release -r win-x64   --self-contained=false -p:EnableWindowsTargeting=true -o $OutputPath64
-        dotnet publish ./v2rayN/v2rayN.csproj     -c Release -r win-arm64 --self-contained=false -p:EnableWindowsTargeting=true -o $OutputPathArm64
-        dotnet publish ./v2rayN/v2rayN.csproj     -c Release -r win-x64   --self-contained=true  -p:EnableWindowsTargeting=true -o $OutputPath64Sc
-        dotnet publish ./AmazTool/AmazTool.csproj -c Release -r win-x64   --self-contained=false -p:EnableWindowsTargeting=true -o $OutputPath64
-        dotnet publish ./AmazTool/AmazTool.csproj -c Release -r win-arm64 --self-contained=false -p:EnableWindowsTargeting=true -o $OutputPathArm64
-        dotnet publish ./AmazTool/AmazTool.csproj -c Release -r win-x64   --self-contained=true  -p:EnableWindowsTargeting=true -p:PublishTrimmed=true -o $OutputPath64Sc
-
+        dotnet publish ./v2rayN/v2rayN.csproj     -c Release -r win-x64   -p:SelfContained=true -p:EnableWindowsTargeting=true -o $OutputPath64
+        dotnet publish ./v2rayN/v2rayN.csproj     -c Release -r win-arm64 -p:SelfContained=true -p:EnableWindowsTargeting=true -o $OutputPathArm64
+        dotnet publish ./AmazTool/AmazTool.csproj -c Release -r win-x64   -p:SelfContained=true -p:EnableWindowsTargeting=true -p:PublishTrimmed=true -o $OutputPath64
+        dotnet publish ./AmazTool/AmazTool.csproj -c Release -r win-arm64 -p:SelfContained=true -p:EnableWindowsTargeting=true -p:PublishTrimmed=true -o $OutputPathArm64
  
    - name: Upload build artifacts
-      uses: actions/upload-artifact@v4.6.2
+      uses: actions/upload-artifact@v7.0.0
      with:
        name: v2rayN-windows
        path: |
@@ -59,7 +55,6 @@ jobs:
        chmod 755 package-release-zip.sh
        ./package-release-zip.sh $OutputArch $OutputPath64
        ./package-release-zip.sh $OutputArchArm $OutputPathArm64
-        ./package-release-zip.sh "windows-64-SelfContained" $OutputPath64Sc
    
    - name: Upload zip archive to release
      uses: svenstaro/upload-release-action@v2
@@ -68,4 +63,4 @@ jobs:
        file: ${{ github.workspace }}/v2rayN*.zip
        tag: ${{ github.event.inputs.release_tag }}
        file_glob: true
-        prerelease: true
+        prerelease: true
--- a/.gitignore
+++ b/.gitignore
@@ -397,4 +397,5 @@ FodyWeavers.xsd
 *.msp

 # JetBrains Rider
-*.sln.iml
+.idea/
+*.sln.iml
--- a/package-appimage.sh
+++ b/package-appimage.sh
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-sudo apt update -y
-sudo apt install -y libfuse2
-wget -O pkg2appimage https://github.com/AppImageCommunity/pkg2appimage/releases/download/continuous/pkg2appimage-1eceb30-x86_64.AppImage
-chmod a+x pkg2appimage
-export AppImageOutputArch=$OutputArch
-export OutputPath=$OutputPath64
-./pkg2appimage ./pkg2appimage.yml
-mv out/*.AppImage v2rayN-${AppImageOutputArch}.AppImage
-export AppImageOutputArch=$OutputArchArm
-export OutputPath=$OutputPathArm64
-./pkg2appimage ./pkg2appimage.yml
-mv out/*.AppImage v2rayN-${AppImageOutputArch}.AppImage
--- a/package-debian.sh
+++ b/package-debian.sh
@@ -16,7 +16,7 @@ cp -rf $OutputPath "${PackagePath}/opt/v2rayN"
 echo "When this file exists, app will not store configs under this folder" > "${PackagePath}/opt/v2rayN/NotStoreConfigHere.txt"

 if [ $Arch = "linux-64" ]; then
-    Arch2="amd64" 
+    Arch2="amd64"
 else
    Arch2="arm64"
 fi
@@ -28,12 +28,12 @@ Package: v2rayN
 Version: $Version
 Architecture: $Arch2
 Maintainer: https://github.com/2dust/v2rayN
+Depends: libc6 (>= 2.34), fontconfig (>= 2.13.1), desktop-file-utils (>= 0.26), xdg-utils (>= 1.1.3), coreutils (>= 8.32), bash (>= 5.1), libfreetype6 (>= 2.11)
 Description: A GUI client for Windows and Linux, support Xray core and sing-box-core and others
 EOF

-cat >"${PackagePath}/DEBIAN/postinst" <<-EOF
-if [ ! -s /usr/share/applications/v2rayN.desktop ]; then
-    cat >/usr/share/applications/v2rayN.desktop<<-END
+mkdir -p "${PackagePath}/usr/share/applications"
+cat >"${PackagePath}/usr/share/applications/v2rayN.desktop" <<-EOF
 [Desktop Entry]
 Name=v2rayN
 Comment=A GUI client for Windows and Linux, support Xray core and sing-box-core and others
@@ -42,17 +42,29 @@ Icon=/opt/v2rayN/v2rayN.png
 Terminal=false
 Type=Application
 Categories=Network;Application;
-END
-fi
+EOF

-update-desktop-database
+cat >"${PackagePath}/DEBIAN/postinst" <<-'EOF'
+set -e
+update-desktop-database || true
+exit 0
 EOF

 sudo chmod 0755 "${PackagePath}/DEBIAN/postinst"
 sudo chmod 0755 "${PackagePath}/opt/v2rayN/v2rayN"
 sudo chmod 0755 "${PackagePath}/opt/v2rayN/AmazTool"

-# desktop && PATH
+# Patch
+# set owner to root:root
+sudo chown -R root:root "${PackagePath}"
+# set all directories to 755 (readable & traversable by all users)
+sudo find "${PackagePath}/opt/v2rayN" -type d -exec chmod 755 {} +
+# set all regular files to 644 (readable by all users)
+sudo find "${PackagePath}/opt/v2rayN" -type f -exec chmod 644 {} +
+# ensure main binaries are 755 (executable by all users)
+sudo chmod 755 "${PackagePath}/opt/v2rayN/v2rayN" 2>/dev/null || true
+sudo chmod 755 "${PackagePath}/opt/v2rayN/AmazTool" 2>/dev/null || true

+# build deb package
 sudo dpkg-deb -Zxz --build $PackagePath
-sudo mv "${PackagePath}.deb" "v2rayN-${Arch}.deb"
+sudo mv "${PackagePath}.deb" "v2rayN-${Arch}.deb"
--- a/package-osx.sh
+++ b/package-osx.sh
@@ -43,6 +43,8 @@ cat >"$PackagePath/v2rayN.app/Contents/Info.plist" <<-EOF
  <true/>
  <key>NSHighResolutionCapable</key>
  <true/>
+  <key>LSMinimumSystemVersion</key>
+  <string>12.7</string>
 </dict>
 </plist>
 EOF
@@ -55,4 +57,4 @@ create-dmg \
    --hide-extension "v2rayN.app" \
    --app-drop-link 500 185 \
    "v2rayN-${Arch}.dmg" \
-    "$PackagePath/v2rayN.app"
+    "$PackagePath/v2rayN.app"
--- a/package-rhel.sh
+++ b/package-rhel.sh
@@ -0,0 +1,583 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Require Red Hat base branch
+. /etc/os-release
+
+case "${ID:-}" in
+  rhel|rocky|almalinux|fedora|centos)
+    echo "Detected supported system: ${NAME:-$ID} ${VERSION_ID:-}"
+    ;;
+  *)
+    echo "Unsupported system: ${NAME:-unknown} (${ID:-unknown})."
+    echo "This script only supports: RHEL / Rocky / AlmaLinux / Fedora / CentOS."
+    exit 1
+    ;;
+esac
+
+# Kernel version
+MIN_KERNEL="6.11"
+CURRENT_KERNEL="$(uname -r)"
+
+lowest="$(printf '%s\n%s\n' "$MIN_KERNEL" "$CURRENT_KERNEL" | sort -V | head -n1)"
+
+if [[ "$lowest" != "$MIN_KERNEL" ]]; then
+    echo "Kernel $CURRENT_KERNEL is below $MIN_KERNEL"
+    exit 1
+fi
+
+echo "[OK] Kernel $CURRENT_KERNEL verified."
+
+# Config & Parse arguments
+VERSION_ARG="${1:-}"     # Pass version number like 7.13.8, or leave empty
+WITH_CORE="both"         # Default: bundle both xray+sing-box
+FORCE_NETCORE=0          # --netcore => skip archive bundle, use separate downloads
+ARCH_OVERRIDE=""         # --arch x64|arm64|all (optional compile target)
+BUILD_FROM=""            # --buildfrom 1|2|3 to select channel non-interactively
+
+# If the first argument starts with --, do not treat it as a version number
+if [[ "${VERSION_ARG:-}" == --* ]]; then
+  VERSION_ARG=""
+fi
+# Take the first non --* argument as version, discard it
+if [[ -n "${VERSION_ARG:-}" ]]; then shift || true; fi
+
+# Parse remaining optional arguments
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --with-core)     WITH_CORE="${2:-both}"; shift 2;;
+    --xray-ver)      XRAY_VER="${2:-}"; shift 2;;
+    --singbox-ver)   SING_VER="${2:-}"; shift 2;;
+    --netcore)       FORCE_NETCORE=1; shift;;
+    --arch)          ARCH_OVERRIDE="${2:-}"; shift 2;;
+    --buildfrom)     BUILD_FROM="${2:-}"; shift 2;;
+    *)
+      if [[ -z "${VERSION_ARG:-}" ]]; then VERSION_ARG="$1"; fi
+      shift;;
+  esac
+done
+
+# Conflict: version number AND --buildfrom cannot be used together
+if [[ -n "${VERSION_ARG:-}" && -n "${BUILD_FROM:-}" ]]; then
+  echo "You cannot specify both an explicit version and --buildfrom at the same time."
+  echo "        Provide either a version (e.g. 7.14.0) OR --buildfrom 1|2|3."
+  exit 1
+fi
+
+# Check and install dependencies
+host_arch="$(uname -m)"
+[[ "$host_arch" == "aarch64" || "$host_arch" == "x86_64" ]] || { echo "Only supports aarch64 / x86_64"; exit 1; }
+
+install_ok=0
+
+if command -v dnf >/dev/null 2>&1; then
+  sudo dnf -y install rpm-build rpmdevtools curl unzip tar jq rsync dotnet-sdk-8.0 \
+    && install_ok=1
+fi
+
+if [[ "$install_ok" -ne 1 ]]; then
+  echo "Could not auto-install dependencies for '$ID'. Make sure these are available:"
+  echo "dotnet-sdk 8.x, curl, unzip, tar, rsync, rpm, rpmdevtools, rpm-build (on Red Hat branch)"
+fi
+
+# Root directory
+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR"
+
+# Git submodules (best effort)
+if [[ -f .gitmodules ]]; then
+  git submodule sync --recursive || true
+  git submodule update --init --recursive || true
+fi
+
+# Locate project
+PROJECT="v2rayN.Desktop/v2rayN.Desktop.csproj"
+if [[ ! -f "$PROJECT" ]]; then
+  PROJECT="$(find . -maxdepth 3 -name 'v2rayN.Desktop.csproj' | head -n1 || true)"
+fi
+[[ -f "$PROJECT" ]] || { echo "v2rayN.Desktop.csproj not found"; exit 1; }
+
+choose_channel() {
+  # If --buildfrom provided, map it directly and skip interaction.
+  if [[ -n "${BUILD_FROM:-}" ]]; then
+    case "$BUILD_FROM" in
+      1) echo "latest"; return 0;;
+      2) echo "prerelease"; return 0;;
+      3) echo "keep"; return 0;;
+      *) echo "[ERROR] Invalid --buildfrom value: ${BUILD_FROM}. Use 1|2|3." >&2; exit 1;;
+    esac
+  fi
+
+  # Print menu to stderr and read from /dev/tty so stdout only carries the token.
+  local ch="latest" sel=""
+
+  if [[ -t 0 ]]; then
+    echo "[?] Choose v2rayN release channel:" >&2
+    echo "    1) Latest (stable)  [default]" >&2
+    echo "    2) Pre-release (preview)" >&2
+    echo "    3) Keep current (do nothing)" >&2
+    printf "Enter 1, 2 or 3 [default 1]: " >&2
+
+    if read -r sel </dev/tty; then
+      case "${sel:-}" in
+        2) ch="prerelease" ;;
+        3) ch="keep" ;;
+      esac
+    fi
+  fi
+
+  echo "$ch"
+}
+
+get_latest_tag_latest() {
+  curl -fsSL "https://api.github.com/repos/2dust/v2rayN/releases/latest" \
+    | jq -re '.tag_name' \
+    | sed 's/^v//'
+}
+
+get_latest_tag_prerelease() {
+  curl -fsSL "https://api.github.com/repos/2dust/v2rayN/releases?per_page=20" \
+    | jq -re 'first(.[] | select(.prerelease == true) | .tag_name)' \
+    | sed 's/^v//'
+}
+
+git_try_checkout() {
+  # Try a series of refs and checkout when found.
+  local want="$1" ref=""
+  if git rev-parse --git-dir >/dev/null 2>&1; then
+    git fetch --tags --force --prune --depth=1 || true
+    if git rev-parse "refs/tags/${want}" >/dev/null 2>&1; then
+      ref="${want}"
+    fi
+    if [[ -n "$ref" ]]; then
+      echo "[OK] Found ref '${ref}', checking out..."
+      git checkout -f "${ref}"
+      if [[ -f .gitmodules ]]; then
+        git submodule sync --recursive || true
+        git submodule update --init --recursive || true
+      fi
+      return 0
+    fi
+  fi
+  return 1
+}
+
+apply_channel_or_keep() {
+  local ch="$1" tag
+
+  if [[ "$ch" == "keep" ]]; then
+    echo "[*] Keep current repository state (no checkout)."
+    VERSION="$(git describe --tags --abbrev=0 2>/dev/null || echo '0.0.0+git')"
+    VERSION="${VERSION#v}"
+    return 0
+  fi
+
+  echo "[*] Resolving ${ch} tag from GitHub releases..."
+  if [[ "$ch" == "prerelease" ]]; then
+    tag="$(get_latest_tag_prerelease || true)"
+  else
+    tag="$(get_latest_tag_latest || true)"
+  fi
+
+  [[ -n "$tag" ]] || { echo "Failed to resolve latest tag for channel '${ch}'."; exit 1; }
+  echo "[*] Latest tag for '${ch}': ${tag}"
+  git_try_checkout "$tag" || { echo "Failed to checkout '${tag}'."; exit 1; }
+  VERSION="${tag#v}"
+}
+
+if git rev-parse --git-dir >/dev/null 2>&1; then
+  if [[ -n "${VERSION_ARG:-}" ]]; then
+    clean_ver="${VERSION_ARG#v}"
+    if git_try_checkout "$clean_ver"; then
+      VERSION="$clean_ver"
+    else
+      echo "[WARN] Tag '${VERSION_ARG}' not found."
+      ch="$(choose_channel)"
+      apply_channel_or_keep "$ch"
+    fi
+  else
+    ch="$(choose_channel)"
+    apply_channel_or_keep "$ch"
+  fi
+else
+  echo "Current directory is not a git repo; proceeding on current tree."
+  VERSION="${VERSION_ARG:-0.0.0}"
+fi
+
+VERSION="${VERSION#v}"
+echo "[*] GUI version resolved as: ${VERSION}"
+
+# Helpers for core
+download_xray() {
+  # Download Xray core
+  local outdir="$1" ver="${XRAY_VER:-}" url tmp zipname="xray.zip"
+  mkdir -p "$outdir"
+  if [[ -z "$ver" ]]; then
+    ver="$(curl -fsSL https://api.github.com/repos/XTLS/Xray-core/releases/latest \
+        | grep -Eo '"tag_name":\s*"v[^"]+"' | sed -E 's/.*"v([^"]+)".*/\1/' | head -n1)" || true
+  fi
+  [[ -n "$ver" ]] || { echo "[xray] Failed to get version"; return 1; }
+  if [[ "$RID_DIR" == "linux-arm64" ]]; then
+    url="https://github.com/XTLS/Xray-core/releases/download/v${ver}/Xray-linux-arm64-v8a.zip"
+  else
+    url="https://github.com/XTLS/Xray-core/releases/download/v${ver}/Xray-linux-64.zip"
+  fi
+  echo "[+] Download xray: $url"
+  tmp="$(mktemp -d)"; trap '[[ -n "${tmp:-}" ]] && rm -rf "$tmp"' RETURN
+  curl -fL "$url" -o "$tmp/$zipname"
+  unzip -q "$tmp/$zipname" -d "$tmp"
+  install -Dm755 "$tmp/xray" "$outdir/xray"
+}
+
+download_singbox() {
+  # Download sing-box
+  local outdir="$1" ver="${SING_VER:-}" url tmp tarname="singbox.tar.gz" bin
+  mkdir -p "$outdir"
+  if [[ -z "$ver" ]]; then
+    ver="$(curl -fsSL https://api.github.com/repos/SagerNet/sing-box/releases/latest \
+        | grep -Eo '"tag_name":\s*"v[^"]+"' | sed -E 's/.*"v([^"]+)".*/\1/' | head -n1)" || true
+  fi
+  [[ -n "$ver" ]] || { echo "[sing-box] Failed to get version"; return 1; }
+  if [[ "$RID_DIR" == "linux-arm64" ]]; then
+    url="https://github.com/SagerNet/sing-box/releases/download/v${ver}/sing-box-${ver}-linux-arm64.tar.gz"
+  else
+    url="https://github.com/SagerNet/sing-box/releases/download/v${ver}/sing-box-${ver}-linux-amd64.tar.gz"
+  fi
+  echo "[+] Download sing-box: $url"
+  tmp="$(mktemp -d)"; trap '[[ -n "${tmp:-}" ]] && rm -rf "$tmp"' RETURN
+  curl -fL "$url" -o "$tmp/$tarname"
+  tar -C "$tmp" -xzf "$tmp/$tarname"
+  bin="$(find "$tmp" -type f -name 'sing-box' | head -n1 || true)"
+  [[ -n "$bin" ]] || { echo "[!] sing-box unpack failed"; return 1; }
+  install -Dm755 "$bin" "$outdir/sing-box"
+}
+
+# Move geo files to outroot/bin
+unify_geo_layout() {
+  local outroot="$1"
+  mkdir -p "$outroot/bin"
+  local names=( \
+    "geosite.dat" \
+    "geoip.dat" \
+    "geoip-only-cn-private.dat" \
+    "Country.mmdb" \
+    "geoip.metadb" \
+  )
+  for n in "${names[@]}"; do
+    if [[ -f "$outroot/bin/xray/$n" ]]; then
+      mv -f "$outroot/bin/xray/$n" "$outroot/bin/$n"
+    fi
+  done
+}
+
+# Download geo/rule assets
+download_geo_assets() {
+  local outroot="$1"
+  local bin_dir="$outroot/bin"
+  local srss_dir="$bin_dir/srss"
+  mkdir -p "$bin_dir" "$srss_dir"
+
+  echo "[+] Download Xray Geo to ${bin_dir}"
+  curl -fsSL -o "$bin_dir/geosite.dat" \
+    "https://github.com/Loyalsoldier/V2ray-rules-dat/releases/latest/download/geosite.dat"
+  curl -fsSL -o "$bin_dir/geoip.dat" \
+    "https://github.com/Loyalsoldier/V2ray-rules-dat/releases/latest/download/geoip.dat"
+  curl -fsSL -o "$bin_dir/geoip-only-cn-private.dat" \
+    "https://raw.githubusercontent.com/Loyalsoldier/geoip/release/geoip-only-cn-private.dat"
+  curl -fsSL -o "$bin_dir/Country.mmdb" \
+    "https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb"
+
+  echo "[+] Download sing-box rule DB & rule-sets"
+  curl -fsSL -o "$bin_dir/geoip.metadb" \
+    "https://github.com/MetaCubeX/meta-rules-dat/releases/latest/download/geoip.metadb" || true
+
+  for f in \
+    geoip-private.srs geoip-cn.srs geoip-facebook.srs geoip-fastly.srs \
+    geoip-google.srs geoip-netflix.srs geoip-telegram.srs geoip-twitter.srs; do
+    curl -fsSL -o "$srss_dir/$f" \
+      "https://raw.githubusercontent.com/2dust/sing-box-rules/rule-set-geoip/$f" || true
+  done
+  for f in \
+    geosite-cn.srs geosite-gfw.srs geosite-google.srs geosite-greatfire.srs \
+    geosite-geolocation-cn.srs geosite-category-ads-all.srs geosite-private.srs; do
+    curl -fsSL -o "$srss_dir/$f" \
+      "https://raw.githubusercontent.com/2dust/sing-box-rules/rule-set-geosite/$f" || true
+  done
+
+  # Unify to bin
+  unify_geo_layout "$outroot"
+}
+
+# Prefer the prebuilt v2rayN core bundle; then unify geo layout
+download_v2rayn_bundle() {
+  local outroot="$1"
+  local url=""
+  if [[ "$RID_DIR" == "linux-arm64" ]]; then
+    url="https://raw.githubusercontent.com/2dust/v2rayN-core-bin/refs/heads/master/v2rayN-linux-arm64.zip"
+  else
+    url="https://raw.githubusercontent.com/2dust/v2rayN-core-bin/refs/heads/master/v2rayN-linux-64.zip"
+  fi
+  echo "[+] Try v2rayN bundle archive: $url"
+  local tmp zipname
+  tmp="$(mktemp -d)"; zipname="$tmp/v2rayn.zip"
+  curl -fL "$url" -o "$zipname" || { echo "[!] Bundle download failed"; return 1; }
+  unzip -q "$zipname" -d "$tmp" || { echo "[!] Bundle unzip failed"; return 1; }
+
+  if [[ -d "$tmp/bin" ]]; then
+    mkdir -p "$outroot/bin"
+    rsync -a "$tmp/bin/" "$outroot/bin/"
+  else
+    rsync -a "$tmp/" "$outroot/"
+  fi
+
+  rm -f "$outroot/v2rayn.zip" 2>/dev/null || true
+  find "$outroot" -type d -name "mihomo" -prune -exec rm -rf {} + 2>/dev/null || true
+
+  local nested_dir
+  nested_dir="$(find "$outroot" -maxdepth 1 -type d -name 'v2rayN-linux-*' | head -n1 || true)"
+  if [[ -n "$nested_dir" && -d "$nested_dir/bin" ]]; then
+    mkdir -p "$outroot/bin"
+    rsync -a "$nested_dir/bin/" "$outroot/bin/"
+    rm -rf "$nested_dir"
+  fi
+
+  # Unify to bin/
+  unify_geo_layout "$outroot"
+
+  echo "[+] Bundle extracted to $outroot"
+}
+
+# ===== Build results collection for --arch all ========================================
+BUILT_RPMS=()     # Will collect absolute paths of built RPMs
+BUILT_ALL=0       # Flag to know if we should print the final summary
+
+# ===== Build (single-arch) function ====================================================
+build_for_arch() {
+  # $1: target short arch: x64 | arm64
+  local short="$1"
+  local rid rpm_target archdir
+  case "$short" in
+    x64)   rid="linux-x64";   rpm_target="x86_64"; archdir="x86_64" ;;
+    arm64) rid="linux-arm64"; rpm_target="aarch64"; archdir="aarch64" ;;
+    *) echo "Unknown arch '$short' (use x64|arm64)"; return 1;;
+  esac
+
+  echo "[*] Building for target: $short  (RID=$rid, RPM --target $rpm_target)"
+
+  # .NET publish (self-contained) for this RID
+  dotnet clean "$PROJECT" -c Release
+  rm -rf "$(dirname "$PROJECT")/bin/Release/net8.0" || true
+
+  dotnet restore "$PROJECT"
+  dotnet publish "$PROJECT" \
+    -c Release -r "$rid" \
+    -p:PublishSingleFile=false \
+    -p:SelfContained=true
+
+  # Per-arch variables (scoped)
+  local RID_DIR="$rid"
+  local PUBDIR
+  PUBDIR="$(dirname "$PROJECT")/bin/Release/net8.0/${RID_DIR}/publish"
+  [[ -d "$PUBDIR" ]]
+
+  # Make RID_DIR visible to download helpers (they read this var)
+  export RID_DIR
+
+  # Per-arch working area
+  local PKGROOT="v2rayN-publish"
+  local WORKDIR
+  WORKDIR="$(mktemp -d)"
+  trap '[[ -n "${WORKDIR:-}" ]] && rm -rf "$WORKDIR"' RETURN
+
+  # rpmbuild topdir selection
+  local TOPDIR SPECDIR SOURCEDIR
+  rpmdev-setuptree
+  TOPDIR="${HOME}/rpmbuild"
+  SPECDIR="${TOPDIR}/SPECS"
+  SOURCEDIR="${TOPDIR}/SOURCES"
+
+  # Stage publish content
+  mkdir -p "$WORKDIR/$PKGROOT"
+  cp -a "$PUBDIR/." "$WORKDIR/$PKGROOT/"
+
+  # Optional icon
+  local ICON_CANDIDATE
+  ICON_CANDIDATE="$(dirname "$PROJECT")/../v2rayN.Desktop/v2rayN.png"
+  [[ -f "$ICON_CANDIDATE" ]] && cp "$ICON_CANDIDATE" "$WORKDIR/$PKGROOT/v2rayn.png" || true
+
+  # Prepare bin structure
+  mkdir -p "$WORKDIR/$PKGROOT/bin/xray" "$WORKDIR/$PKGROOT/bin/sing_box"
+
+  # Bundle / cores per-arch
+  fetch_separate_cores_and_rules() {
+    local outroot="$1"
+
+    if [[ "$WITH_CORE" == "xray" || "$WITH_CORE" == "both" ]]; then
+      download_xray "$outroot/bin/xray" || echo "[!] xray download failed (skipped)"
+    fi
+    if [[ "$WITH_CORE" == "sing-box" || "$WITH_CORE" == "both" ]]; then
+      download_singbox "$outroot/bin/sing_box" || echo "[!] sing-box download failed (skipped)"
+    fi
+    download_geo_assets "$outroot" || echo "[!] Geo rules download failed (skipped)"
+  }
+
+  if [[ "$FORCE_NETCORE" -eq 0 ]]; then
+    if download_v2rayn_bundle "$WORKDIR/$PKGROOT"; then
+      echo "[*] Using v2rayN bundle archive."
+    else
+      echo "[*] Bundle failed, fallback to separate core + rules."
+      fetch_separate_cores_and_rules "$WORKDIR/$PKGROOT"
+    fi
+  else
+    echo "[*] --netcore specified: use separate core + rules."
+    fetch_separate_cores_and_rules "$WORKDIR/$PKGROOT"
+  fi
+
+  # Tarball
+  mkdir -p "$SOURCEDIR"
+  tar -C "$WORKDIR" -czf "$SOURCEDIR/$PKGROOT.tar.gz" "$PKGROOT"
+
+  # SPEC
+  local SPECFILE="$SPECDIR/v2rayN.spec"
+  mkdir -p "$SPECDIR"
+  cat > "$SPECFILE" <<'SPEC'
+%global debug_package %{nil}
+%undefine _debuginfo_subpackages
+%undefine _debugsource_packages
+# Ignore outdated LTTng dependencies incorrectly reported by the .NET runtime (to avoid installation failures)
+%global __requires_exclude ^liblttng-ust\.so\..*$
+
+Name:           v2rayN
+Version:        __VERSION__
+Release:        1%{?dist}
+Summary:        v2rayN (Avalonia) GUI client for Linux (x86_64/aarch64)
+License:        GPL-3.0-only
+URL:            https://github.com/2dust/v2rayN
+BugURL:         https://github.com/2dust/v2rayN/issues
+ExclusiveArch:  aarch64 x86_64
+Source0:        __PKGROOT__.tar.gz
+
+# Runtime dependencies (Avalonia / X11 / Fonts / GL)
+Requires:       cairo, pango, openssl, mesa-libEGL, mesa-libGL
+Requires:       glibc >= 2.34
+Requires:       fontconfig >= 2.13.1
+Requires:       desktop-file-utils >= 0.26
+Requires:       xdg-utils >= 1.1.3
+Requires:       coreutils >= 8.32
+Requires:       bash >= 5.1
+Requires:       freetype >= 2.10
+
+%description
+v2rayN Linux for Red Hat Enterprise Linux
+Support vless / vmess / Trojan / http / socks / Anytls / Hysteria2 / Shadowsocks / tuic / WireGuard
+Support Red Hat Enterprise Linux / Fedora Linux / Rocky Linux / AlmaLinux / CentOS
+For more information, Please visit our website
+https://github.com/2dust/v2rayN
+
+%prep
+%setup -q -n __PKGROOT__
+
+%build
+# no build
+
+%install
+install -dm0755 %{buildroot}/opt/v2rayN
+cp -a * %{buildroot}/opt/v2rayN/
+
+# Launcher (prefer native ELF first, then DLL fallback)
+install -dm0755 %{buildroot}%{_bindir}
+cat > %{buildroot}%{_bindir}/v2rayn << 'EOF'
+#!/usr/bin/bash
+set -euo pipefail
+DIR="/opt/v2rayN"
+
+# Prefer native apphost
+if [[ -x "$DIR/v2rayN" ]]; then exec "$DIR/v2rayN" "$@"; fi
+
+# DLL fallback
+for dll in v2rayN.Desktop.dll v2rayN.dll; do
+  if [[ -f "$DIR/$dll" ]]; then exec /usr/bin/dotnet "$DIR/$dll" "$@"; fi
+done
+
+echo "v2rayN launcher: no executable found in $DIR" >&2
+ls -l "$DIR" >&2 || true
+exit 1
+EOF
+chmod 0755 %{buildroot}%{_bindir}/v2rayn
+
+# Desktop file
+install -dm0755 %{buildroot}%{_datadir}/applications
+cat > %{buildroot}%{_datadir}/applications/v2rayn.desktop << 'EOF'
+[Desktop Entry]
+Type=Application
+Name=v2rayN
+Comment=v2rayN for Red Hat Enterprise Linux
+Exec=v2rayn
+Icon=v2rayn
+Terminal=false
+Categories=Network;
+EOF
+
+# Icon
+if [ -f "%{_builddir}/__PKGROOT__/v2rayn.png" ]; then
+  install -dm0755 %{buildroot}%{_datadir}/icons/hicolor/256x256/apps
+  install -m0644 %{_builddir}/__PKGROOT__/v2rayn.png %{buildroot}%{_datadir}/icons/hicolor/256x256/apps/v2rayn.png
+fi
+
+%post
+/usr/bin/update-desktop-database %{_datadir}/applications >/dev/null 2>&1 || true
+/usr/bin/gtk-update-icon-cache -f %{_datadir}/icons/hicolor >/dev/null 2>&1 || true
+
+%postun
+/usr/bin/update-desktop-database %{_datadir}/applications >/dev/null 2>&1 || true
+/usr/bin/gtk-update-icon-cache -f %{_datadir}/icons/hicolor >/dev/null 2>&1 || true
+
+%files
+%{_bindir}/v2rayn
+/opt/v2rayN
+%{_datadir}/applications/v2rayn.desktop
+%{_datadir}/icons/hicolor/256x256/apps/v2rayn.png
+SPEC
+
+  # Replace placeholders
+  sed -i "s/__VERSION__/${VERSION}/g" "$SPECFILE"
+  sed -i "s/__PKGROOT__/${PKGROOT}/g" "$SPECFILE"
+
+  # Build RPM for this arch
+  rpmbuild -ba "$SPECFILE" --target "$rpm_target"
+
+  echo "Build done for $short. RPM at:"
+  local f
+  for f in "${TOPDIR}/RPMS/${archdir}/v2rayN-${VERSION}-1"*.rpm; do
+    [[ -e "$f" ]] || continue
+    echo "  $f"
+    BUILT_RPMS+=("$f")
+  done
+}
+
+# ===== Arch selection and build orchestration =========================================
+case "${ARCH_OVERRIDE:-}" in
+  all)           targets=(x64 arm64); BUILT_ALL=1 ;;
+  x64|amd64)     targets=(x64) ;;
+  arm64|aarch64) targets=(arm64) ;;
+  "")            targets=($([[ "$host_arch" == "aarch64" ]] && echo arm64 || echo x64)) ;;
+  *)             echo "Unknown --arch '${ARCH_OVERRIDE}'. Use x64|arm64|all."; exit 1 ;;
+esac
+
+for arch in "${targets[@]}"; do
+  build_for_arch "$arch"
+done
+
+# Print Both arches information
+if [[ "$BUILT_ALL" -eq 1 ]]; then
+  echo ""
+  echo "================ Build Summary (both architectures) ================"
+  if [[ "${#BUILT_RPMS[@]}" -gt 0 ]]; then
+    for rp in "${BUILT_RPMS[@]}"; do
+      echo "$rp"
+    done
+  else
+    echo "No RPMs detected in summary (check build logs above)."
+  fi
+  echo "===================================================================="
+fi
--- a/pkg2appimage.yml
+++ b/pkg2appimage.yml
@@ -1,37 +0,0 @@
-app: v2rayN
-binpatch: true
-
-ingredients:
-  script:
-    - export FileName="v2rayN-${AppImageOutputArch}.zip"
-    - wget -nv -O $FileName "https://github.com/2dust/v2rayN-core-bin/raw/refs/heads/master/${FileName}"
-    - 7z x $FileName -aoa
-    - cp -rf v2rayN-${AppImageOutputArch}/* $OutputPath
-
-script:
-  - mkdir -p usr/bin usr/lib
-  - cp -rf $OutputPath usr/lib/v2rayN
-  - echo "When this file exists, app will not store configs under this folder" > usr/lib/v2rayN/NotStoreConfigHere.txt
-  - ln -sf usr/lib/v2rayN/v2rayN usr/bin/v2rayN
-  - chmod a+x usr/lib/v2rayN/v2rayN
-  - find usr -type f -exec sh -c 'file "{}" | grep -qi "executable" && chmod +x "{}"' \;
-  - install -Dm644 usr/lib/v2rayN/v2rayN.png v2rayN.png
-  - install -Dm644 usr/lib/v2rayN/v2rayN.png usr/share/pixmaps/v2rayN.png
-  - cat > v2rayN.desktop <<EOF
-  - [Desktop Entry]
-  - Name=v2rayN
-  - Comment=A GUI client for Windows and Linux, support Xray core and sing-box-core and others
-  - Exec=v2rayN
-  - Icon=v2rayN
-  - Terminal=false
-  - Type=Application
-  - Categories=Network;
-  - EOF
-  - install -Dm644 v2rayN.desktop usr/share/applications/v2rayN.desktop
-  - cat > AppRun <<\EOF
-  - #!/bin/sh
-  - HERE="$(dirname "$(readlink -f "${0}")")"
-  - cd ${HERE}/usr/lib/v2rayN
-  - exec ${HERE}/usr/lib/v2rayN/v2rayN $@
-  - EOF
-  - chmod a+x AppRun
--- a/v2rayN/AmazTool/UpgradeApp.cs
+++ b/v2rayN/AmazTool/UpgradeApp.cs
@@ -79,15 +79,7 @@ internal class UpgradeApp
                        continue;
                    }

-                    try
-                    {
-                        entry.ExtractToFile(entryOutputPath, true);
-                    }
-                    catch
-                    {
-                        Thread.Sleep(1000);
-                        entry.ExtractToFile(entryOutputPath, true);
-                    }
+                    TryExtractToFile(entry, entryOutputPath);

                    Console.WriteLine(entryOutputPath);
                }
@@ -113,4 +105,24 @@ internal class UpgradeApp

        Utils.StartV2RayN();
    }
+
+    private static bool TryExtractToFile(ZipArchiveEntry entry, string outputPath)
+    {
+        var retryCount = 5;
+        var delayMs = 1000;
+
+        for (var i = 1; i <= retryCount; i++)
+        {
+            try
+            {
+                entry.ExtractToFile(outputPath, true);
+                return true;
+            }
+            catch
+            {
+                Thread.Sleep(delayMs * i);
+            }
+        }
+        return false;
+    }
 }
--- a/v2rayN/Directory.Build.props
+++ b/v2rayN/Directory.Build.props
@@ -1,14 +1,14 @@
 <Project>

    <PropertyGroup>
-        <Version>7.13.0</Version>
+        <Version>7.19.1</Version>
    </PropertyGroup>

    <PropertyGroup>
        <TargetFramework>net8.0</TargetFramework>
        <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
        <CheckForOverflowUnderflow>true</CheckForOverflowUnderflow>
-        <NoWarn>CA1031;CS1591;NU1507;CA1416;IDE0058</NoWarn>
+        <NoWarn>CA1031;CS1591;NU1507;CA1416;IDE0058;IDE0053;IDE0200</NoWarn>
        <Nullable>annotations</Nullable>
        <ImplicitUsings>enable</ImplicitUsings>
        <Authors>2dust</Authors>
--- a/v2rayN/Directory.Packages.props
+++ b/v2rayN/Directory.Packages.props
@@ -5,26 +5,28 @@
    <CentralPackageVersionOverrideEnabled>false</CentralPackageVersionOverrideEnabled>
  </PropertyGroup>
  <ItemGroup>
-    <PackageVersion Include="Avalonia.Controls.DataGrid" Version="11.3.2" />
-    <PackageVersion Include="Avalonia.Desktop" Version="11.3.2" />
-    <PackageVersion Include="Avalonia.Diagnostics" Version="11.3.2" />
-    <PackageVersion Include="Avalonia.ReactiveUI" Version="11.3.2" />
-    <PackageVersion Include="CliWrap" Version="3.9.0" />
-    <PackageVersion Include="Downloader" Version="3.3.4" />
-    <PackageVersion Include="H.NotifyIcon.Wpf" Version="2.3.0" />
-    <PackageVersion Include="MaterialDesignThemes" Version="5.2.1" />
-    <PackageVersion Include="MessageBox.Avalonia" Version="3.2.0" />
-    <PackageVersion Include="QRCoder" Version="1.6.0" />
-    <PackageVersion Include="ReactiveUI" Version="20.4.1" />
+    <PackageVersion Include="Avalonia.AvaloniaEdit" Version="11.4.1" />
+    <PackageVersion Include="Avalonia.Controls.DataGrid" Version="11.3.12" />
+    <PackageVersion Include="Avalonia.Desktop" Version="11.3.12" />
+    <PackageVersion Include="Avalonia.Diagnostics" Version="11.3.12" />
+    <PackageVersion Include="ReactiveUI.Avalonia" Version="11.3.8" />
+    <PackageVersion Include="CliWrap" Version="3.10.0" />
+    <PackageVersion Include="Downloader" Version="4.1.1" />
+    <PackageVersion Include="H.NotifyIcon.Wpf" Version="2.4.1" />
+    <PackageVersion Include="MaterialDesignThemes" Version="5.3.0" />
+    <PackageVersion Include="MessageBox.Avalonia" Version="3.3.1.1" />
+    <PackageVersion Include="QRCoder" Version="1.7.0" />
+    <PackageVersion Include="ReactiveUI" Version="22.3.1" />
    <PackageVersion Include="ReactiveUI.Fody" Version="19.5.41" />
-    <PackageVersion Include="ReactiveUI.WPF" Version="20.4.1" />
-    <PackageVersion Include="Semi.Avalonia" Version="11.2.1.9" />
-    <PackageVersion Include="Semi.Avalonia.DataGrid" Version="11.2.1.9" />
-    <PackageVersion Include="Splat.NLog" Version="15.4.1" />
+    <PackageVersion Include="ReactiveUI.WPF" Version="22.3.1" />
+    <PackageVersion Include="Semi.Avalonia" Version="11.3.7.3" />
+    <PackageVersion Include="Semi.Avalonia.AvaloniaEdit" Version="11.2.0.1" />
+    <PackageVersion Include="Semi.Avalonia.DataGrid" Version="11.3.7.3" />
+    <PackageVersion Include="NLog" Version="6.1.1" />
    <PackageVersion Include="sqlite-net-pcl" Version="1.9.172" />
    <PackageVersion Include="TaskScheduler" Version="2.12.2" />
    <PackageVersion Include="WebDav.Client" Version="2.9.0" />
    <PackageVersion Include="YamlDotNet" Version="16.3.0" />
    <PackageVersion Include="ZXing.Net.Bindings.SkiaSharp" Version="0.16.14" />
  </ItemGroup>
-</Project>
+</Project>
--- a/v2rayN/GlobalHotKeys
+++ b/v2rayN/GlobalHotKeys
--- a/v2rayN/ServiceLib/Base/MyReactiveObject.cs
+++ b/v2rayN/ServiceLib/Base/MyReactiveObject.cs
@@ -1,5 +1,3 @@
-using ReactiveUI;
-
 namespace ServiceLib.Base;

 public class MyReactiveObject : ReactiveObject
--- a/v2rayN/ServiceLib/Common/EmbedUtils.cs
+++ b/v2rayN/ServiceLib/Common/EmbedUtils.cs
@@ -1,6 +1,3 @@
-using System.Collections.Concurrent;
-using System.Reflection;
-
 namespace ServiceLib.Common;

 public static class EmbedUtils
--- a/v2rayN/ServiceLib/Common/Extension.cs
+++ b/v2rayN/ServiceLib/Common/Extension.cs
@@ -2,21 +2,21 @@ using System.Diagnostics.CodeAnalysis;

 namespace ServiceLib.Common;

-public static class StringEx
+public static class Extension
 {
    public static bool IsNullOrEmpty([NotNullWhen(false)] this string? value)
    {
-        return string.IsNullOrEmpty(value) || string.IsNullOrWhiteSpace(value);
-    }
-
-    public static bool IsNullOrWhiteSpace([NotNullWhen(false)] this string? value)
-    {
-        return string.IsNullOrWhiteSpace(value);
+        return string.IsNullOrWhiteSpace(value) || string.IsNullOrEmpty(value);
    }

    public static bool IsNotEmpty([NotNullWhen(false)] this string? value)
    {
-        return !string.IsNullOrEmpty(value);
+        return !string.IsNullOrWhiteSpace(value);
+    }
+
+    public static string? NullIfEmpty(this string? value)
+    {
+        return string.IsNullOrWhiteSpace(value) ? null : value;
    }

    public static bool BeginWithAny(this string s, IEnumerable<char> chars)
@@ -79,4 +79,43 @@ public static class StringEx
    {
        return int.TryParse(value, out var result) ? result : defaultValue;
    }
+
+    public static List<string> AppendEmpty(this IEnumerable<string> source)
+    {
+        return source.Concat(new[] { string.Empty }).ToList();
+    }
+
+    public static bool IsGroupType(this EConfigType configType)
+    {
+        return configType is EConfigType.PolicyGroup or EConfigType.ProxyChain;
+    }
+
+    public static bool IsComplexType(this EConfigType configType)
+    {
+        return configType is EConfigType.Custom or EConfigType.PolicyGroup or EConfigType.ProxyChain;
+    }
+
+    /// <summary>
+    /// Safely adds elements from a collection to the list. Does nothing if the source is null.
+    /// </summary>
+    public static void AddRangeSafe<T>(this ICollection<T> destination, IEnumerable<T>? source)
+    {
+        ArgumentNullException.ThrowIfNull(destination);
+
+        if (source is null)
+        {
+            return;
+        }
+
+        if (destination is List<T> list)
+        {
+            list.AddRange(source);
+            return;
+        }
+
+        foreach (var item in source)
+        {
+            destination.Add(item);
+        }
+    }
 }
--- a/v2rayN/ServiceLib/Common/FileManager.cs
+++ b/v2rayN/ServiceLib/Common/FileManager.cs
@@ -1,10 +1,9 @@
 using System.Formats.Tar;
 using System.IO.Compression;
-using System.Text;

 namespace ServiceLib.Common;

-public static class FileManager
+public static class FileUtils
 {
    private static readonly string _tag = "FileManager";

@@ -223,4 +222,28 @@ public static class FileManager
            // ignored
        }
    }
+
+    /// <summary>
+    /// Creates a Linux shell file with the specified contents.
+    /// </summary>
+    /// <param name="fileName"></param>
+    /// <param name="contents"></param>
+    /// <param name="overwrite"></param>
+    /// <returns></returns>
+    public static async Task<string> CreateLinuxShellFile(string fileName, string contents, bool overwrite)
+    {
+        var shFilePath = Utils.GetBinConfigPath(fileName);
+
+        // Check if the file already exists and if we should overwrite it
+        if (!overwrite && File.Exists(shFilePath))
+        {
+            return shFilePath;
+        }
+
+        File.Delete(shFilePath);
+        await File.WriteAllTextAsync(shFilePath, contents);
+        await Utils.SetLinuxChmod(shFilePath);
+
+        return shFilePath;
+    }
 }
--- a/v2rayN/ServiceLib/Common/HttpClientHelper.cs
+++ b/v2rayN/ServiceLib/Common/HttpClientHelper.cs
@@ -1,205 +0,0 @@
-using System.Net.Http.Headers;
-using System.Net.Mime;
-using System.Text;
-
-namespace ServiceLib.Common;
-
-/// <summary>
-/// </summary>
-public class HttpClientHelper
-{
-    private static readonly Lazy<HttpClientHelper> _instance = new(() =>
-    {
-        SocketsHttpHandler handler = new() { UseCookies = false };
-        HttpClientHelper helper = new(new HttpClient(handler));
-        return helper;
-    });
-
-    public static HttpClientHelper Instance => _instance.Value;
-    private readonly HttpClient httpClient;
-
-    private HttpClientHelper(HttpClient httpClient)
-    {
-        this.httpClient = httpClient;
-    }
-
-    public async Task<string?> TryGetAsync(string url)
-    {
-        if (url.IsNullOrEmpty())
-        {
-            return null;
-        }
-
-        try
-        {
-            var response = await httpClient.GetAsync(url);
-            return await response.Content.ReadAsStringAsync();
-        }
-        catch
-        {
-            return null;
-        }
-    }
-
-    public async Task<string?> GetAsync(string url)
-    {
-        if (url.IsNullOrEmpty())
-        {
-            return null;
-        }
-        return await httpClient.GetStringAsync(url);
-    }
-
-    public async Task<string?> GetAsync(HttpClient client, string url, CancellationToken token = default)
-    {
-        if (url.IsNullOrEmpty())
-        {
-            return null;
-        }
-        return await client.GetStringAsync(url, token);
-    }
-
-    public async Task PutAsync(string url, Dictionary<string, string> headers)
-    {
-        var jsonContent = JsonUtils.Serialize(headers);
-        var content = new StringContent(jsonContent, Encoding.UTF8, MediaTypeNames.Application.Json);
-
-        await httpClient.PutAsync(url, content);
-    }
-
-    public async Task PatchAsync(string url, Dictionary<string, string> headers)
-    {
-        var myContent = JsonUtils.Serialize(headers);
-        var buffer = Encoding.UTF8.GetBytes(myContent);
-        var byteContent = new ByteArrayContent(buffer);
-        byteContent.Headers.ContentType = new MediaTypeHeaderValue("application/json");
-
-        await httpClient.PatchAsync(url, byteContent);
-    }
-
-    public async Task DeleteAsync(string url)
-    {
-        await httpClient.DeleteAsync(url);
-    }
-
-    public static async Task DownloadFileAsync(HttpClient client, string url, string fileName, IProgress<double>? progress, CancellationToken token = default)
-    {
-        ArgumentNullException.ThrowIfNull(url);
-        ArgumentNullException.ThrowIfNull(fileName);
-        if (File.Exists(fileName))
-        {
-            File.Delete(fileName);
-        }
-
-        using var response = await client.GetAsync(url, HttpCompletionOption.ResponseHeadersRead, token);
-
-        if (!response.IsSuccessStatusCode)
-        {
-            throw new Exception(response.StatusCode.ToString());
-        }
-
-        var total = response.Content.Headers.ContentLength ?? -1L;
-        var canReportProgress = total != -1 && progress != null;
-
-        await using var stream = await response.Content.ReadAsStreamAsync(token);
-        await using var file = File.Create(fileName);
-        var totalRead = 0L;
-        var buffer = new byte[1024 * 1024];
-        var progressPercentage = 0;
-
-        while (true)
-        {
-            token.ThrowIfCancellationRequested();
-
-            var read = await stream.ReadAsync(buffer, token);
-            totalRead += read;
-
-            if (read == 0)
-            {
-                break;
-            }
-            await file.WriteAsync(buffer.AsMemory(0, read), token);
-
-            if (canReportProgress)
-            {
-                var percent = (int)(100.0 * totalRead / total);
-                //if (progressPercentage != percent && percent % 10 == 0)
-                {
-                    progressPercentage = percent;
-                    progress?.Report(percent);
-                }
-            }
-        }
-        if (canReportProgress)
-        {
-            progress?.Report(101);
-        }
-    }
-
-    public async Task DownloadDataAsync4Speed(HttpClient client, string url, IProgress<string> progress, CancellationToken token = default)
-    {
-        if (url.IsNullOrEmpty())
-        {
-            throw new ArgumentNullException(nameof(url));
-        }
-
-        var response = await client.GetAsync(url, HttpCompletionOption.ResponseHeadersRead, token);
-
-        if (!response.IsSuccessStatusCode)
-        {
-            throw new Exception(response.StatusCode.ToString());
-        }
-
-        //var total = response.Content.Headers.ContentLength.HasValue ? response.Content.Headers.ContentLength.Value : -1L;
-        //var canReportProgress = total != -1 && progress != null;
-
-        await using var stream = await response.Content.ReadAsStreamAsync(token);
-        var totalRead = 0L;
-        var buffer = new byte[1024 * 64];
-        var isMoreToRead = true;
-        var progressSpeed = string.Empty;
-        var totalDatetime = DateTime.Now;
-        var totalSecond = 0;
-
-        do
-        {
-            if (token.IsCancellationRequested)
-            {
-                if (totalRead > 0)
-                {
-                    return;
-                }
-                else
-                {
-                    token.ThrowIfCancellationRequested();
-                }
-            }
-
-            var read = await stream.ReadAsync(buffer, token);
-
-            if (read == 0)
-            {
-                isMoreToRead = false;
-            }
-            else
-            {
-                var data = new byte[read];
-                buffer.ToList().CopyTo(0, data, 0, read);
-
-                totalRead += read;
-
-                var ts = DateTime.Now - totalDatetime;
-                if (progress != null && ts.Seconds > totalSecond)
-                {
-                    totalSecond = ts.Seconds;
-                    var speed = (totalRead * 1d / ts.TotalMilliseconds / 1000).ToString("#0.0");
-                    if (progressSpeed != speed)
-                    {
-                        progressSpeed = speed;
-                        progress.Report(speed);
-                    }
-                }
-            }
-        } while (isMoreToRead);
-    }
-}
--- a/v2rayN/ServiceLib/Common/Job.cs
+++ b/v2rayN/ServiceLib/Common/Job.cs
@@ -1,180 +0,0 @@
-using System.Diagnostics;
-using System.Runtime.InteropServices;
-
-namespace ServiceLib.Common;
-    /*
-     * See:
-     * http://stackoverflow.com/questions/6266820/working-example-of-createjobobject-setinformationjobobject-pinvoke-in-net
-     */
-
-    public sealed class Job : IDisposable
-    {
-        private IntPtr handle = IntPtr.Zero;
-
-        public Job()
-        {
-            handle = CreateJobObject(IntPtr.Zero, null);
-            var extendedInfoPtr = IntPtr.Zero;
-            var info = new JOBOBJECT_BASIC_LIMIT_INFORMATION
-            {
-                LimitFlags = 0x2000
-            };
-
-            var extendedInfo = new JOBOBJECT_EXTENDED_LIMIT_INFORMATION
-            {
-                BasicLimitInformation = info
-            };
-
-            try
-            {
-                var length = Marshal.SizeOf(typeof(JOBOBJECT_EXTENDED_LIMIT_INFORMATION));
-                extendedInfoPtr = Marshal.AllocHGlobal(length);
-                Marshal.StructureToPtr(extendedInfo, extendedInfoPtr, false);
-
-                if (!SetInformationJobObject(handle, JobObjectInfoType.ExtendedLimitInformation, extendedInfoPtr,
-                        (uint)length))
-                {
-                    throw new Exception(string.Format("Unable to set information.  Error: {0}",
-                        Marshal.GetLastWin32Error()));
-                }
-            }
-            finally
-            {
-                if (extendedInfoPtr != IntPtr.Zero)
-                {
-                    Marshal.FreeHGlobal(extendedInfoPtr);
-                }
-            }
-        }
-
-        public bool AddProcess(IntPtr processHandle)
-        {
-            var succ = AssignProcessToJobObject(handle, processHandle);
-
-            if (!succ)
-            {
-                Logging.SaveLog("Failed to call AssignProcessToJobObject! GetLastError=" + Marshal.GetLastWin32Error());
-            }
-
-            return succ;
-        }
-
-        public bool AddProcess(int processId)
-        {
-            return AddProcess(Process.GetProcessById(processId).Handle);
-        }
-
-        #region IDisposable
-
-        private bool disposed;
-
-        public void Dispose()
-        {
-            Dispose(true);
-            GC.SuppressFinalize(this);
-        }
-
-        private void Dispose(bool disposing)
-        {
-            if (disposed)
-            {
-                return;
-            }
-            disposed = true;
-
-            if (disposing)
-            {
-                // no managed objects to free
-            }
-
-            if (handle != IntPtr.Zero)
-            {
-                CloseHandle(handle);
-                handle = IntPtr.Zero;
-            }
-        }
-
-        ~Job()
-        {
-            Dispose(false);
-        }
-
-        #endregion IDisposable
-
-        #region Interop
-
-        [DllImport("kernel32.dll", CharSet = CharSet.Unicode)]
-        private static extern IntPtr CreateJobObject(IntPtr a, string? lpName);
-
-        [DllImport("kernel32.dll", SetLastError = true)]
-        private static extern bool SetInformationJobObject(IntPtr hJob, JobObjectInfoType infoType, IntPtr lpJobObjectInfo, uint cbJobObjectInfoLength);
-
-        [DllImport("kernel32.dll", SetLastError = true)]
-        private static extern bool AssignProcessToJobObject(IntPtr job, IntPtr process);
-
-        [DllImport("kernel32.dll", SetLastError = true)]
-        [return: MarshalAs(UnmanagedType.Bool)]
-        private static extern bool CloseHandle(IntPtr hObject);
-
-        #endregion Interop
-    }
-
-    #region Helper classes
-
-    [StructLayout(LayoutKind.Sequential)]
-    internal struct IO_COUNTERS
-    {
-        public ulong ReadOperationCount;
-        public ulong WriteOperationCount;
-        public ulong OtherOperationCount;
-        public ulong ReadTransferCount;
-        public ulong WriteTransferCount;
-        public ulong OtherTransferCount;
-    }
-
-    [StructLayout(LayoutKind.Sequential)]
-    internal struct JOBOBJECT_BASIC_LIMIT_INFORMATION
-    {
-        public long PerProcessUserTimeLimit;
-        public long PerJobUserTimeLimit;
-        public uint LimitFlags;
-        public UIntPtr MinimumWorkingSetSize;
-        public UIntPtr MaximumWorkingSetSize;
-        public uint ActiveProcessLimit;
-        public UIntPtr Affinity;
-        public uint PriorityClass;
-        public uint SchedulingClass;
-    }
-
-    [StructLayout(LayoutKind.Sequential)]
-    public struct SECURITY_ATTRIBUTES
-    {
-        public uint nLength;
-        public IntPtr lpSecurityDescriptor;
-        public int bInheritHandle;
-    }
-
-    [StructLayout(LayoutKind.Sequential)]
-    internal struct JOBOBJECT_EXTENDED_LIMIT_INFORMATION
-    {
-        public JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation;
-        public IO_COUNTERS IoInfo;
-        public UIntPtr ProcessMemoryLimit;
-        public UIntPtr JobMemoryLimit;
-        public UIntPtr PeakProcessMemoryUsed;
-        public UIntPtr PeakJobMemoryUsed;
-    }
-
-    public enum JobObjectInfoType
-    {
-        AssociateCompletionPortInformation = 7,
-        BasicLimitInformation = 2,
-        BasicUIRestrictions = 4,
-        EndOfJobTimeInformation = 6,
-        ExtendedLimitInformation = 9,
-        SecurityLimitInformation = 5,
-        GroupInformation = 11
-    }
-
-    #endregion Helper classes
-
--- a/v2rayN/ServiceLib/Common/JsonUtils.cs
+++ b/v2rayN/ServiceLib/Common/JsonUtils.cs
@@ -1,23 +1,47 @@
-using System.Text.Encodings.Web;
-using System.Text.Json;
-using System.Text.Json.Nodes;
-using System.Text.Json.Serialization;
-
 namespace ServiceLib.Common;

 public class JsonUtils
 {
    private static readonly string _tag = "JsonUtils";

+    private static readonly JsonSerializerOptions _defaultDeserializeOptions = new()
+    {
+        PropertyNameCaseInsensitive = true,
+        ReadCommentHandling = JsonCommentHandling.Skip
+    };
+
+    private static readonly JsonSerializerOptions _defaultSerializeOptions = new()
+    {
+        WriteIndented = true,
+        DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
+        Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
+    };
+
+    private static readonly JsonSerializerOptions _nullValueSerializeOptions = new()
+    {
+        WriteIndented = true,
+        DefaultIgnoreCondition = JsonIgnoreCondition.Never,
+        Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
+    };
+
+    private static readonly JsonDocumentOptions _defaultDocumentOptions = new()
+    {
+        CommentHandling = JsonCommentHandling.Skip
+    };
+
    /// <summary>
    /// DeepCopy
    /// </summary>
    /// <typeparam name="T"></typeparam>
    /// <param name="obj"></param>
    /// <returns></returns>
-    public static T DeepCopy<T>(T obj)
+    public static T? DeepCopy<T>(T? obj)
    {
-        return Deserialize<T>(Serialize(obj, false))!;
+        if (obj is null)
+        {
+            return default;
+        }
+        return Deserialize<T>(Serialize(obj, false));
    }

    /// <summary>
@@ -34,11 +58,7 @@ public class JsonUtils
            {
                return default;
            }
-            var options = new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            };
-            return JsonSerializer.Deserialize<T>(strJson, options);
+            return JsonSerializer.Deserialize<T>(strJson, _defaultDeserializeOptions);
        }
        catch
        {
@@ -51,7 +71,7 @@ public class JsonUtils
    /// </summary>
    /// <param name="strJson"></param>
    /// <returns></returns>
-    public static JsonNode? ParseJson(string strJson)
+    public static JsonNode? ParseJson(string? strJson)
    {
        try
        {
@@ -59,7 +79,7 @@ public class JsonUtils
            {
                return null;
            }
-            return JsonNode.Parse(strJson);
+            return JsonNode.Parse(strJson, nodeOptions: null, _defaultDocumentOptions);
        }
        catch
        {
@@ -84,12 +104,7 @@ public class JsonUtils
            {
                return result;
            }
-            var options = new JsonSerializerOptions
-            {
-                WriteIndented = indented,
-                DefaultIgnoreCondition = nullValue ? JsonIgnoreCondition.Never : JsonIgnoreCondition.WhenWritingNull,
-                Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
-            };
+            var options = nullValue ? _nullValueSerializeOptions : _defaultSerializeOptions;
            result = JsonSerializer.Serialize(obj, options);
        }
        catch (Exception ex)
@@ -105,7 +120,7 @@ public class JsonUtils
    /// <param name="obj"></param>
    /// <param name="options"></param>
    /// <returns></returns>
-    public static string Serialize(object? obj, JsonSerializerOptions options)
+    public static string Serialize(object? obj, JsonSerializerOptions? options)
    {
        var result = string.Empty;
        try
@@ -114,7 +129,7 @@ public class JsonUtils
            {
                return result;
            }
-            result = JsonSerializer.Serialize(obj, options);
+            result = JsonSerializer.Serialize(obj, options ?? _defaultSerializeOptions);
        }
        catch (Exception ex)
        {
@@ -128,5 +143,8 @@ public class JsonUtils
    /// </summary>
    /// <param name="obj"></param>
    /// <returns></returns>
-    public static JsonNode? SerializeToNode(object? obj) => JsonSerializer.SerializeToNode(obj);
+    public static JsonNode? SerializeToNode(object? obj, JsonSerializerOptions? options = null)
+    {
+        return JsonSerializer.SerializeToNode(obj, options);
+    }
 }
--- a/v2rayN/ServiceLib/Common/ProcUtils.cs
+++ b/v2rayN/ServiceLib/Common/ProcUtils.cs
@@ -1,5 +1,3 @@
-using System.Diagnostics;
-
 namespace ServiceLib.Common;

 public static class ProcUtils
@@ -67,116 +65,4 @@ public static class ProcUtils
            Logging.SaveLog(_tag, ex);
        }
    }
-
-    public static async Task ProcessKill(int pid)
-    {
-        try
-        {
-            await ProcessKill(Process.GetProcessById(pid), false);
-        }
-        catch (Exception ex)
-        {
-            Logging.SaveLog(_tag, ex);
-        }
-    }
-
-    public static async Task ProcessKill(Process? proc, bool review)
-    {
-        if (proc is null)
-        {
-            return;
-        }
-
-        GetProcessKeyInfo(proc, review, out var procId, out var fileName, out var processName);
-
-        try
-        {
-            if (Utils.IsNonWindows())
-            {
-                proc?.Kill(true);
-            }
-        }
-        catch (Exception ex)
-        {
-            Logging.SaveLog(_tag, ex);
-        }
-
-        try
-        {
-            proc?.Kill();
-        }
-        catch (Exception ex)
-        {
-            Logging.SaveLog(_tag, ex);
-        }
-
-        try
-        {
-            proc?.Close();
-        }
-        catch (Exception ex)
-        {
-            Logging.SaveLog(_tag, ex);
-        }
-
-        try
-        {
-            proc?.Dispose();
-        }
-        catch (Exception ex)
-        {
-            Logging.SaveLog(_tag, ex);
-        }
-
-        await Task.Delay(300);
-        await ProcessKillByKeyInfo(review, procId, fileName, processName);
-    }
-
-    private static void GetProcessKeyInfo(Process? proc, bool review, out int? procId, out string? fileName, out string? processName)
-    {
-        procId = null;
-        fileName = null;
-        processName = null;
-        if (!review)
-        {
-            return;
-        }
-        try
-        {
-            procId = proc?.Id;
-            fileName = proc?.MainModule?.FileName;
-            processName = proc?.ProcessName;
-        }
-        catch (Exception ex)
-        {
-            Logging.SaveLog(_tag, ex);
-        }
-    }
-
-    private static async Task ProcessKillByKeyInfo(bool review, int? procId, string? fileName, string? processName)
-    {
-        if (review && procId != null && fileName != null)
-        {
-            try
-            {
-                var lstProc = Process.GetProcessesByName(processName);
-                foreach (var proc2 in lstProc)
-                {
-                    if (proc2.Id == procId)
-                    {
-                        Logging.SaveLog($"{_tag}, KillProcess not completing the job, procId");
-                        await ProcessKill(proc2, false);
-                    }
-                    if (proc2.MainModule != null && proc2.MainModule?.FileName == fileName)
-                    {
-                        Logging.SaveLog($"{_tag}, KillProcess not completing the job, fileName");
-                    }
-                }
-            }
-            catch (Exception ex)
-            {
-                Logging.SaveLog(_tag, ex);
-            }
-        }
-    }
 }
--- a/v2rayN/ServiceLib/Common/QRCodeHelper.cs
+++ b/v2rayN/ServiceLib/Common/QRCodeHelper.cs
@@ -1,17 +1,53 @@
 using QRCoder;
+using QRCoder.Exceptions;
 using SkiaSharp;
 using ZXing.SkiaSharp;

 namespace ServiceLib.Common;

-public class QRCodeHelper
+public class QRCodeUtils
 {
    public static byte[]? GenQRCode(string? url)
    {
+        if (url.IsNullOrEmpty())
+        {
+            return null;
+        }
        using QRCodeGenerator qrGenerator = new();
-        using var qrCodeData = qrGenerator.CreateQrCode(url ?? string.Empty, QRCodeGenerator.ECCLevel.Q);
-        using PngByteQRCode qrCode = new(qrCodeData);
-        return qrCode.GetGraphic(20);
+        DataTooLongException? lastDtle = null;
+
+        var levels = new[]
+        {
+            QRCodeGenerator.ECCLevel.H,
+            QRCodeGenerator.ECCLevel.Q,
+            QRCodeGenerator.ECCLevel.M,
+            QRCodeGenerator.ECCLevel.L
+        };
+        foreach (var level in levels)
+        {
+            try
+            {
+                using var qrCodeData = qrGenerator.CreateQrCode(url, level);
+                using PngByteQRCode qrCode = new(qrCodeData);
+                return qrCode.GetGraphic(20);
+            }
+            catch (DataTooLongException ex)
+            {
+                lastDtle = ex;
+                continue;
+            }
+            catch
+            {
+                throw;
+            }
+        }
+
+        if (lastDtle != null)
+        {
+            throw lastDtle;
+        }
+
+        return null;
    }

    public static string? ParseBarcode(string? fileName)
--- a/v2rayN/ServiceLib/Common/Utils.cs
+++ b/v2rayN/ServiceLib/Common/Utils.cs
@@ -1,13 +1,5 @@
 using System.Collections.Specialized;
-using System.Diagnostics;
-using System.Net;
-using System.Net.NetworkInformation;
-using System.Net.Sockets;
-using System.Reflection;
-using System.Runtime.InteropServices;
-using System.Security.Cryptography;
 using System.Security.Principal;
-using System.Text;
 using CliWrap;
 using CliWrap.Buffered;

@@ -17,7 +9,7 @@ public class Utils
 {
    private static readonly string _tag = "Utils";

-    #region 转换函数
+    #region Conversion Functions

    /// <summary>
    /// Convert to comma-separated string
@@ -85,13 +77,19 @@ public class Utils
    /// Base64 Encode
    /// </summary>
    /// <param name="plainText"></param>
+    /// <param name="removePadding"></param>
    /// <returns></returns>
-    public static string Base64Encode(string plainText)
+    public static string Base64Encode(string plainText, bool removePadding = false)
    {
        try
        {
            var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
-            return Convert.ToBase64String(plainTextBytes);
+            var base64 = Convert.ToBase64String(plainTextBytes);
+            if (removePadding)
+            {
+                base64 = base64.TrimEnd('=');
+            }
+            return base64;
        }
        catch (Exception ex)
        {
@@ -112,7 +110,7 @@ public class Utils
        {
            if (plainText.IsNullOrEmpty())
            {
-                return "";
+                return string.Empty;
            }

            plainText = plainText.Trim()
@@ -308,7 +306,10 @@ public class Utils
    public static bool IsBase64String(string? plainText)
    {
        if (plainText.IsNullOrEmpty())
+        {
            return false;
+        }
+
        var buffer = new Span<byte>(new byte[plainText.Length]);
        return Convert.TryFromBase64String(plainText, buffer, out var _);
    }
@@ -323,9 +324,157 @@ public class Utils
        return text.Replace("，", ",").Replace(Environment.NewLine, ",");
    }

-    #endregion 转换函数
+    public static List<string> GetEnumNames<TEnum>() where TEnum : Enum
+    {
+        return Enum.GetValues(typeof(TEnum))
+            .Cast<TEnum>()
+            .Select(e => e.ToString())
+            .ToList();
+    }

-    #region 数据检查
+    public static Dictionary<string, List<string>> ParseHostsToDictionary(string? hostsContent)
+    {
+        if (hostsContent.IsNullOrEmpty())
+        {
+            return new();
+        }
+        var userHostsMap = hostsContent
+            .Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries)
+            .Select(line => line.Trim())
+            // skip full-line comments
+            .Where(line => !string.IsNullOrWhiteSpace(line) && !line.StartsWith('#'))
+            // ensure line still contains valid parts
+            .Where(line => !string.IsNullOrWhiteSpace(line) && line.Contains(' '))
+            .Select(line => line.Split(new[] { ' ', '\t' }, StringSplitOptions.RemoveEmptyEntries))
+            .Where(parts => parts.Length >= 2)
+            .GroupBy(parts => parts[0])
+            .ToDictionary(
+                group => group.Key,
+                group => group.SelectMany(parts => parts.Skip(1)).ToList()
+            );
+
+        return userHostsMap;
+    }
+
+    /// <summary>
+    /// Parse a possibly non-standard URL into scheme, domain, port, and path.
+    /// If parsing fails, the entire input is returned as domain, and others are empty or zero.
+    /// </summary>
+    /// <param name="url">Input URL or string</param>
+    /// <returns>(domain, scheme, port, path)</returns>
+    public static (string domain, string scheme, int port, string path) ParseUrl(string url)
+    {
+        if (string.IsNullOrWhiteSpace(url))
+        {
+            return ("", "", 0, "");
+        }
+
+        // 1. First, try to parse using the standard Uri class.
+        if (Uri.TryCreate(url, UriKind.Absolute, out var uri) && !string.IsNullOrEmpty(uri.Host))
+        {
+            var scheme = uri.Scheme;
+            var domain = uri.Host;
+            var port = uri.IsDefaultPort ? 0 : uri.Port;
+            var path = uri.PathAndQuery;
+            return (domain, scheme, port, path);
+        }
+
+        // 2. Try to handle more general cases with a regular expression, including non-standard schemes.
+        // This regex captures the scheme (optional), authority (host+port), and path (optional).
+        var match = Regex.Match(url, @"^(?:([a-zA-Z][a-zA-Z0-9+.-]*):/{2,})?([^/?#]+)([^?#]*)?.*$");
+
+        if (match.Success)
+        {
+            var scheme = match.Groups[1].Value;
+            var authority = match.Groups[2].Value;
+            var path = match.Groups[3].Value;
+
+            // Remove userinfo from the authority part.
+            var atIndex = authority.LastIndexOf('@');
+            if (atIndex > 0)
+            {
+                authority = authority.Substring(atIndex + 1);
+            }
+
+            var (domain, port) = ParseAuthority(authority);
+
+            // If the parsed domain is empty, it means the authority part is malformed, so trigger the fallback.
+            if (!string.IsNullOrEmpty(domain))
+            {
+                return (domain, scheme, port, path);
+            }
+        }
+
+        // 3. If all of the above fails, execute the final fallback strategy.
+        return (url, "", 0, "");
+    }
+
+    /// <summary>
+    /// Helper function to parse domain and port from the authority part, with correct handling for IPv6.
+    /// </summary>
+    private static (string domain, int port) ParseAuthority(string authority)
+    {
+        if (string.IsNullOrEmpty(authority))
+        {
+            return ("", 0);
+        }
+
+        var port = 0;
+        var domain = authority;
+
+        // Handle IPv6 addresses, e.g., "[2001:db8::1]:443"
+        if (authority.StartsWith('[') && authority.Contains(']'))
+        {
+            var closingBracketIndex = authority.LastIndexOf(']');
+            if (closingBracketIndex < authority.Length - 1 && authority[closingBracketIndex + 1] == ':')
+            {
+                // Port exists
+                var portStr = authority.Substring(closingBracketIndex + 2);
+                if (int.TryParse(portStr, out var portNum))
+                {
+                    port = portNum;
+                }
+                domain = authority.Substring(0, closingBracketIndex + 1);
+            }
+            else
+            {
+                // No port
+                domain = authority;
+            }
+        }
+        else // Handle IPv4 or domain names
+        {
+            var lastColonIndex = authority.LastIndexOf(':');
+            // Ensure there are digits after the colon and that this colon is not part of an IPv6 address.
+            if (lastColonIndex > 0 && lastColonIndex < authority.Length - 1 && authority.Substring(lastColonIndex + 1).All(char.IsDigit))
+            {
+                var portStr = authority.Substring(lastColonIndex + 1);
+                if (int.TryParse(portStr, out var portNum))
+                {
+                    port = portNum;
+                    domain = authority.Substring(0, lastColonIndex);
+                }
+            }
+        }
+
+        return (domain, port);
+    }
+
+    public static string? DomainStrategy4Sbox(string? strategy)
+    {
+        return strategy switch
+        {
+            not null when strategy.StartsWith("UseIPv4") => "prefer_ipv4",
+            not null when strategy.StartsWith("UseIPv6") => "prefer_ipv6",
+            not null when strategy.StartsWith("ForceIPv4") => "ipv4_only",
+            not null when strategy.StartsWith("ForceIPv6") => "ipv6_only",
+            _ => null
+        };
+    }
+
+    #endregion Conversion Functions
+
+    #region Data Checks

    /// <summary>
    /// Determine if the input is a number
@@ -348,6 +497,13 @@ public class Utils
            return false;
        }

+        var ext = Path.GetExtension(domain);
+        if (ext.IsNotEmpty()
+            && ext[1..].ToLowerInvariant() is "json" or "txt" or "xml" or "cfg" or "ini" or "log" or "yaml" or "yml" or "toml")
+        {
+            return false;
+        }
+
        return Uri.CheckHostName(domain) == UriHostNameType.Dns;
    }

@@ -366,6 +522,31 @@ public class Utils
        return false;
    }

+    public static bool IsIpAddress(string? ip)
+    {
+        if (ip.IsNullOrEmpty())
+        {
+            return false;
+        }
+
+        ip = ip.Trim();
+
+        // First, validate using built-in parser
+        if (!IPAddress.TryParse(ip, out var address))
+        {
+            return false;
+        }
+
+        // For IPv4: ensure it has exactly 3 dots (meaning 4 parts)
+        if (address.AddressFamily == AddressFamily.InterNetwork)
+        {
+            return ip.Count(c => c == '.') == 3;
+        }
+
+        // For IPv6: TryParse is already strict enough
+        return address.AddressFamily == AddressFamily.InterNetworkV6;
+    }
+
    public static Uri? TryUri(string url)
    {
        try
@@ -382,32 +563,80 @@ public class Utils
    {
        if (IPAddress.TryParse(ip, out var address))
        {
+            // Loopback address check (127.0.0.1 for IPv4, ::1 for IPv6)
+            if (IPAddress.IsLoopback(address))
+            {
+                return true;
+            }
+
            var ipBytes = address.GetAddressBytes();
-            if (ipBytes[0] == 10)
-                return true;
-            if (ipBytes[0] == 172 && ipBytes[1] >= 16 && ipBytes[1] <= 31)
-                return true;
-            if (ipBytes[0] == 192 && ipBytes[1] == 168)
-                return true;
+            if (address.AddressFamily == AddressFamily.InterNetwork)
+            {
+                // IPv4 private address check
+                if (ipBytes[0] == 10)
+                {
+                    return true;
+                }
+
+                if (ipBytes[0] == 172 && ipBytes[1] >= 16 && ipBytes[1] <= 31)
+                {
+                    return true;
+                }
+
+                if (ipBytes[0] == 192 && ipBytes[1] == 168)
+                {
+                    return true;
+                }
+            }
+            else if (address.AddressFamily == AddressFamily.InterNetworkV6)
+            {
+                // IPv6 private address check
+                // Link-local address fe80::/10
+                if (ipBytes[0] == 0xfe && (ipBytes[1] & 0xc0) == 0x80)
+                {
+                    return true;
+                }
+
+                // Unique local address fc00::/7 (typically fd00::/8)
+                if ((ipBytes[0] & 0xfe) == 0xfc)
+                {
+                    return true;
+                }
+
+                // Private portion in IPv4-mapped addresses ::ffff:0:0/96
+                if (address.IsIPv4MappedToIPv6)
+                {
+                    var ipv4Bytes = ipBytes.Skip(12).ToArray();
+                    if (ipv4Bytes[0] == 10)
+                    {
+                        return true;
+                    }
+
+                    if (ipv4Bytes[0] == 172 && ipv4Bytes[1] >= 16 && ipv4Bytes[1] <= 31)
+                    {
+                        return true;
+                    }
+
+                    if (ipv4Bytes[0] == 192 && ipv4Bytes[1] == 168)
+                    {
+                        return true;
+                    }
+                }
+            }
        }

        return false;
    }

-    #endregion 数据检查
+    #endregion Data Checks

-    #region 测速
+    #region Speed Test

    private static bool PortInUse(int port)
    {
        try
        {
-            List<IPEndPoint> lstIpEndPoints = new();
-            List<TcpConnectionInformation> lstTcpConns = new();
-
-            lstIpEndPoints.AddRange(IPGlobalProperties.GetIPGlobalProperties().GetActiveTcpListeners());
-            lstIpEndPoints.AddRange(IPGlobalProperties.GetIPGlobalProperties().GetActiveUdpListeners());
-            lstTcpConns.AddRange(IPGlobalProperties.GetIPGlobalProperties().GetActiveTcpConnections());
+            var (lstIpEndPoints, lstTcpConns) = GetActiveNetworkInfo();

            if (lstIpEndPoints?.FindIndex(it => it.Port == port) >= 0)
            {
@@ -427,11 +656,11 @@ public class Utils
        return false;
    }

-    public static int GetFreePort(int defaultPort = 9090)
+    public static int GetFreePort(int defaultPort = 0)
    {
        try
        {
-            if (!Utils.PortInUse(defaultPort))
+            if (!(defaultPort == 0 || Utils.PortInUse(defaultPort)))
            {
                return defaultPort;
            }
@@ -449,9 +678,30 @@ public class Utils
        return 59090;
    }

-    #endregion 测速
+    public static (List<IPEndPoint> endpoints, List<TcpConnectionInformation> connections) GetActiveNetworkInfo()
+    {
+        var endpoints = new List<IPEndPoint>();
+        var connections = new List<TcpConnectionInformation>();

-    #region 杂项
+        try
+        {
+            var ipGlobalProperties = IPGlobalProperties.GetIPGlobalProperties();
+
+            endpoints.AddRange(ipGlobalProperties.GetActiveTcpListeners());
+            endpoints.AddRange(ipGlobalProperties.GetActiveUdpListeners());
+            connections.AddRange(ipGlobalProperties.GetActiveTcpConnections());
+        }
+        catch (Exception ex)
+        {
+            Logging.SaveLog(_tag, ex);
+        }
+
+        return (endpoints, connections);
+    }
+
+    #endregion Speed Test
+
+    #region Miscellaneous

    public static bool UpgradeAppExists(out string upgradeFileName)
    {
@@ -527,27 +777,65 @@ public class Utils
        return Guid.TryParse(strSrc, out _);
    }

-    public static Dictionary<string, string> GetSystemHosts()
+    private static Dictionary<string, string> GetSystemHosts(string hostFile)
    {
        var systemHosts = new Dictionary<string, string>();
-        var hostFile = @"C:\Windows\System32\drivers\etc\hosts";
        try
        {
-            if (File.Exists(hostFile))
+            if (!File.Exists(hostFile))
            {
-                var hosts = File.ReadAllText(hostFile).Replace("\r", "");
-                var hostsList = hosts.Split(new[] { '\n' }, StringSplitOptions.RemoveEmptyEntries);
-
-                foreach (var host in hostsList)
-                {
-                    if (host.StartsWith("#"))
-                        continue;
-                    var hostItem = host.Split(new[] { ' ', '\t' }, StringSplitOptions.RemoveEmptyEntries);
-                    if (hostItem.Length != 2)
-                        continue;
-                    systemHosts.Add(hostItem.Last(), hostItem.First());
-                }
+                return systemHosts;
            }
+            var hosts = File.ReadAllText(hostFile).Replace("\r", "");
+            var hostsList = hosts.Split(new[] { '\n' }, StringSplitOptions.RemoveEmptyEntries);
+
+            foreach (var host in hostsList)
+            {
+                // Trim whitespace
+                var line = host.Trim();
+
+                // Skip comments and empty lines
+                if (line.IsNullOrEmpty() || line.StartsWith("#"))
+                {
+                    continue;
+                }
+
+                // Strip inline comments
+                var commentIndex = line.IndexOf('#');
+                if (commentIndex >= 0)
+                {
+                    line = line.Substring(0, commentIndex).Trim();
+                }
+                if (line.IsNullOrEmpty())
+                {
+                    continue;
+                }
+
+                var hostItem = line.Split(new[] { ' ', '\t' }, StringSplitOptions.RemoveEmptyEntries);
+                if (hostItem.Length < 2)
+                {
+                    continue;
+                }
+
+                var ipAddress = hostItem[0];
+                var domain = hostItem[1];
+
+                // Validate IP address
+                if (!IsIpAddress(ipAddress))
+                {
+                    continue;
+                }
+
+                // Validate domain name
+                if (domain.IsNullOrEmpty() || domain.Length > 255)
+                {
+                    continue;
+                }
+
+                systemHosts[domain] = ipAddress;
+            }
+
+            return systemHosts;
        }
        catch (Exception ex)
        {
@@ -557,6 +845,19 @@ public class Utils
        return systemHosts;
    }

+    public static Dictionary<string, string> GetSystemHosts()
+    {
+        var hosts = GetSystemHosts(@"C:\Windows\System32\drivers\etc\hosts");
+        var hostsIcs = GetSystemHosts(@"C:\Windows\System32\drivers\etc\hosts.ics");
+
+        foreach (var (key, value) in hostsIcs)
+        {
+            hosts[key] = value;
+        }
+
+        return hosts;
+    }
+
    public static async Task<string?> GetCliWrapOutput(string filePath, string? arg)
    {
        return await GetCliWrapOutput(filePath, arg != null ? new List<string>() { arg } : null);
@@ -595,7 +896,7 @@ public class Utils
        return null;
    }

-    #endregion 杂项
+    #endregion Miscellaneous

    #region TempPath

@@ -796,17 +1097,29 @@ public class Utils

    #region Platform

-    public static bool IsWindows() => RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
+    public static bool IsWindows() => OperatingSystem.IsWindows();

-    public static bool IsLinux() => RuntimeInformation.IsOSPlatform(OSPlatform.Linux);
+    public static bool IsLinux() => OperatingSystem.IsLinux();

-    public static bool IsOSX() => RuntimeInformation.IsOSPlatform(OSPlatform.OSX);
+    public static bool IsMacOS() => OperatingSystem.IsMacOS();

-    public static bool IsNonWindows() => !RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
+    public static bool IsNonWindows() => !OperatingSystem.IsWindows();

    public static string GetExeName(string name)
    {
-        return IsWindows() ? $"{name}.exe" : name;
+        if (name.IsNullOrEmpty() || IsNonWindows())
+        {
+            return name;
+        }
+
+        if (name.EndsWith(".exe", StringComparison.OrdinalIgnoreCase))
+        {
+            return name;
+        }
+        else
+        {
+            return $"{name}.exe";
+        }
    }

    public static bool IsAdministrator()
@@ -818,6 +1131,45 @@ public class Utils
        return false;
    }

+    public static bool IsPackagedInstall()
+    {
+        try
+        {
+            if (IsWindows() || IsMacOS())
+            {
+                return false;
+            }
+
+            var exePath = GetExePath();
+            var baseDir = string.IsNullOrEmpty(exePath) ? StartupPath() : Path.GetDirectoryName(exePath) ?? "";
+            var p = baseDir.Replace('\\', '/');
+
+            if (string.IsNullOrEmpty(p))
+            {
+                return false;
+            }
+
+            if (p.StartsWith("/opt/v2rayN", StringComparison.OrdinalIgnoreCase))
+            {
+                return true;
+            }
+
+            if (p.StartsWith("/usr/lib/v2rayN", StringComparison.OrdinalIgnoreCase))
+            {
+                return true;
+            }
+
+            if (p.StartsWith("/usr/share/v2rayN", StringComparison.OrdinalIgnoreCase))
+            {
+                return true;
+            }
+        }
+        catch
+        {
+        }
+        return false;
+    }
+
    private static async Task<string?> GetLinuxUserId()
    {
        var arg = new List<string>() { "-c", "id -u" };
@@ -833,7 +1185,7 @@ public class Utils
        if (SetUnixFileMode(fileName))
        {
            Logging.SaveLog($"Successfully set the file execution permission, {fileName}");
-            return "";
+            return string.Empty;
        }

        if (fileName.Contains(' '))
--- a/v2rayN/ServiceLib/Common/WindowsUtils.cs
+++ b/v2rayN/ServiceLib/Common/WindowsUtils.cs
@@ -1,5 +1,3 @@
-using System.Security.Cryptography;
-using System.Text;
 using Microsoft.Win32;

 namespace ServiceLib.Common;
--- a/v2rayN/ServiceLib/Enums/EConfigType.cs
+++ b/v2rayN/ServiceLib/Enums/EConfigType.cs
@@ -11,5 +11,8 @@ public enum EConfigType
    Hysteria2 = 7,
    TUIC = 8,
    WireGuard = 9,
-    HTTP = 10
+    HTTP = 10,
+    Anytls = 11,
+    PolicyGroup = 101,
+    ProxyChain = 102,
 }
--- a/v2rayN/ServiceLib/Enums/ECoreType.cs
+++ b/v2rayN/ServiceLib/Enums/ECoreType.cs
@@ -15,5 +15,6 @@ public enum ECoreType
    brook = 27,
    overtls = 28,
    shadowquic = 29,
+    mieru = 30,
    v2rayN = 99
 }
--- a/v2rayN/ServiceLib/Enums/EMsgCommand.cs
+++ b/v2rayN/ServiceLib/Enums/EMsgCommand.cs
@@ -1,10 +0,0 @@
-namespace ServiceLib.Enums;
-
-public enum EMsgCommand
-{
-    ClearMsg,
-    SendMsgView,
-    SendSnackMsg,
-    RefreshProfiles,
-    AppExit
-}
--- a/v2rayN/ServiceLib/Enums/EMultipleLoad.cs
+++ b/v2rayN/ServiceLib/Enums/EMultipleLoad.cs
@@ -2,8 +2,9 @@ namespace ServiceLib.Enums;

 public enum EMultipleLoad
 {
+    LeastPing,
+    Fallback,
    Random,
    RoundRobin,
-    LeastPing,
    LeastLoad
 }
--- a/v2rayN/ServiceLib/Enums/ERuleType.cs
+++ b/v2rayN/ServiceLib/Enums/ERuleType.cs
@@ -0,0 +1,8 @@
+namespace ServiceLib.Enums;
+
+public enum ERuleType
+{
+    ALL = 0,
+    Routing = 1,
+    DNS = 2,
+}
--- a/v2rayN/ServiceLib/Enums/ESpeedActionType.cs
+++ b/v2rayN/ServiceLib/Enums/ESpeedActionType.cs
@@ -5,5 +5,6 @@ public enum ESpeedActionType
    Tcping,
    Realping,
    Speedtest,
-    Mixedtest
+    Mixedtest,
+    FastRealping
 }
--- a/v2rayN/ServiceLib/Enums/EViewAction.cs
+++ b/v2rayN/ServiceLib/Enums/EViewAction.cs
@@ -6,17 +6,14 @@ public enum EViewAction
    ShowYesNo,
    SaveFileDialog,
    AddBatchRoutingRulesYesNo,
-    AdjustMainLvColWidth,
    SetClipboardData,
    AddServerViaClipboard,
    ImportRulesFromClipboard,
    ProfilesFocus,
    ShareSub,
    ShareServer,
-    ShowHideWindow,
    ScanScreenTask,
    ScanImageTask,
-    Shutdown,
    BrowseServer,
    ImportRulesFromFile,
    InitSettingFont,
@@ -26,21 +23,14 @@ public enum EViewAction
    RoutingRuleDetailsWindow,
    AddServerWindow,
    AddServer2Window,
+    AddGroupServerWindow,
    DNSSettingWindow,
    RoutingSettingWindow,
    OptionSettingWindow,
+    FullConfigTemplateWindow,
    GlobalHotkeySettingWindow,
    SubSettingWindow,
-    DispatcherSpeedTest,
-    DispatcherRefreshConnections,
-    DispatcherRefreshProxyGroups,
-    DispatcherProxiesDelayTest,
-    DispatcherStatistics,
-    DispatcherServerAvailability,
-    DispatcherReload,
    DispatcherRefreshServersBiz,
    DispatcherRefreshIcon,
-    DispatcherCheckUpdate,
-    DispatcherCheckUpdateFinished,
    DispatcherShowMsg,
 }
--- a/v2rayN/ServiceLib/Events/AppEvents.cs
+++ b/v2rayN/ServiceLib/Events/AppEvents.cs
@@ -0,0 +1,30 @@
+namespace ServiceLib.Events;
+
+public static class AppEvents
+{
+    public static readonly EventChannel<Unit> ReloadRequested = new();
+    public static readonly EventChannel<bool?> ShowHideWindowRequested = new();
+    public static readonly EventChannel<Unit> AddServerViaScanRequested = new();
+    public static readonly EventChannel<Unit> AddServerViaClipboardRequested = new();
+    public static readonly EventChannel<bool> SubscriptionsUpdateRequested = new();
+
+    public static readonly EventChannel<Unit> ProfilesRefreshRequested = new();
+    public static readonly EventChannel<Unit> SubscriptionsRefreshRequested = new();
+    public static readonly EventChannel<Unit> ProxiesReloadRequested = new();
+    public static readonly EventChannel<ServerSpeedItem> DispatcherStatisticsRequested = new();
+
+    public static readonly EventChannel<string> SendSnackMsgRequested = new();
+    public static readonly EventChannel<string> SendMsgViewRequested = new();
+
+    public static readonly EventChannel<Unit> AppExitRequested = new();
+    public static readonly EventChannel<bool> ShutdownRequested = new();
+
+    public static readonly EventChannel<Unit> AdjustMainLvColWidthRequested = new();
+
+    public static readonly EventChannel<string> SetDefaultServerRequested = new();
+
+    public static readonly EventChannel<Unit> RoutingsMenuRefreshRequested = new();
+    public static readonly EventChannel<Unit> TestServerRequested = new();
+    public static readonly EventChannel<Unit> InboundDisplayRequested = new();
+    public static readonly EventChannel<ESysProxyType> SysProxyChangeRequested = new();
+}
--- a/v2rayN/ServiceLib/Events/EventChannel.cs
+++ b/v2rayN/ServiceLib/Events/EventChannel.cs
@@ -0,0 +1,27 @@
+using System.Reactive.Subjects;
+
+namespace ServiceLib.Events;
+
+public sealed class EventChannel<T>
+{
+    private readonly ISubject<T> _subject = Subject.Synchronize(new Subject<T>());
+
+    public IObservable<T> AsObservable()
+    {
+        return _subject.AsObservable();
+    }
+
+    public void Publish(T value)
+    {
+        _subject.OnNext(value);
+    }
+
+    public void Publish()
+    {
+        if (typeof(T) != typeof(Unit))
+        {
+            throw new InvalidOperationException("Publish() without value is only valid for EventChannel<Unit>.");
+        }
+        _subject.OnNext((T)(object)Unit.Default);
+    }
+}
--- a/v2rayN/ServiceLib/Global.cs
+++ b/v2rayN/ServiceLib/Global.cs
@@ -15,7 +15,6 @@ public class Global
    public const string CoreConfigFileName = "config.json";
    public const string CorePreConfigFileName = "configPre.json";
    public const string CoreSpeedtestConfigFileName = "configTest{0}.json";
-    public const string CoreMultipleLoadConfigFileName = "configMultipleLoad.json";
    public const string ClashMixinConfigFileName = "Mixin.yaml";

    public const string NamespaceSample = "ServiceLib.Sample.";
@@ -38,6 +37,9 @@ public class Global
    public const string PacFileName = NamespaceSample + "pac";
    public const string ProxySetOSXShellFileName = NamespaceSample + "proxy_set_osx_sh";
    public const string ProxySetLinuxShellFileName = NamespaceSample + "proxy_set_linux_sh";
+    public const string KillAsSudoOSXShellFileName = NamespaceSample + "kill_as_sudo_osx_sh";
+    public const string KillAsSudoLinuxShellFileName = NamespaceSample + "kill_as_sudo_linux_sh";
+    public const string SingboxFakeIPFilterFileName = NamespaceSample + "singbox_fakeip_filter";

    public const string DefaultSecurity = "auto";
    public const string DefaultNetwork = "tcp";
@@ -46,6 +48,9 @@ public class Global
    public const string ProxyTag = "proxy";
    public const string DirectTag = "direct";
    public const string BlockTag = "block";
+    public const string DnsTag = "dns-module";
+    public const string DirectDnsTag = "direct-dns";
+    public const string BalancerTagSuffix = "-round";
    public const string StreamSecurity = "tls";
    public const string StreamSecurityReality = "reality";
    public const string Loopback = "127.0.0.1";
@@ -54,6 +59,9 @@ public class Global
    public const string HttpsProtocol = "https://";
    public const string SocksProtocol = "socks://";
    public const string Socks5Protocol = "socks5://";
+    public const string AsIs = "AsIs";
+    public const string IPIfNonMatch = "IPIfNonMatch";
+    public const string IPOnDemand = "IPOnDemand";

    public const string UserEMail = "t@t.tt";
    public const string AutoRunRegPath = @"Software\Microsoft\Windows\CurrentVersion\Run";
@@ -65,6 +73,7 @@ public class Global
    public const string GrpcMultiMode = "multi";
    public const int MaxPort = 65536;
    public const int MinFontSize = 8;
+    public const int MinFontSizeCount = 13;
    public const string RebootAs = "rebootas";
    public const string AvaAssets = "avares://v2rayN/Assets/";
    public const string LocalAppData = "V2RAYN_LOCAL_APPLICATION_DATA_V2";
@@ -74,453 +83,535 @@ public class Global
    public const int SpeedTestPageSize = 1000;
    public const string LinuxBash = "/bin/bash";

+    public const string SingboxDirectDNSTag = "direct_dns";
+    public const string SingboxRemoteDNSTag = "remote_dns";
+    public const string SingboxLocalDNSTag = "local_local";
+    public const string SingboxHostsDNSTag = "hosts_dns";
+    public const string SingboxFakeDNSTag = "fake_dns";
+
+    public const int Hysteria2DefaultHopInt = 10;
+
+    public const string PolicyGroupExcludeKeywords = @"剩余|过期|到期|重置|[Rr]emaining|[Ee]xpir|[Rr]eset";
+
+    public const string PolicyGroupDefaultAllFilter = $"^(?!.*(?:{PolicyGroupExcludeKeywords})).*$";
+
+    public static readonly List<string> PolicyGroupDefaultFilterList = 
+    [
+        // All nodes (exclude traffic/expiry info)
+        PolicyGroupDefaultAllFilter,
+        // Low multiplier nodes, e.g. ×0.1, 0.5x, 0.1倍
+        @"^.*(?:[×xX✕*]\s*0\.[0-9]+|0\.[0-9]+\s*[×xX✕*倍]).*$",
+        // Dedicated line nodes, e.g. IPLC, IEPL
+        $@"^(?!.*(?:{PolicyGroupExcludeKeywords})).*(?:专线|IPLC|IEPL|中转).*$",
+        // Japan nodes
+        $@"^(?!.*(?:{PolicyGroupExcludeKeywords})).*(?:日本|\\b[Jj][Pp]\\b|🇯🇵|[Jj]apan).*$",
+    ];
+
    public static readonly List<string> IEProxyProtocols =
    [
        "{ip}:{http_port}",
-            "socks={ip}:{socks_port}",
-            "http={ip}:{http_port};https={ip}:{http_port};ftp={ip}:{http_port};socks={ip}:{socks_port}",
-            "http=http://{ip}:{http_port};https=http://{ip}:{http_port}",
-            ""
+        "socks={ip}:{socks_port}",
+        "http={ip}:{http_port};https={ip}:{http_port};ftp={ip}:{http_port};socks={ip}:{socks_port}",
+        "http=http://{ip}:{http_port};https=http://{ip}:{http_port}",
+        ""
    ];

    public static readonly List<string> SubConvertUrls =
    [
        @"https://sub.xeton.dev/sub?url={0}",
-            @"https://api.dler.io/sub?url={0}",
-            @"http://127.0.0.1:25500/sub?url={0}",
-            ""
+        @"https://api.dler.io/sub?url={0}",
+        @"http://127.0.0.1:25500/sub?url={0}",
+        ""
    ];

    public static readonly List<string> SubConvertConfig =
-        [@"https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online.ini"];
+    [
+        @"https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online.ini"
+    ];

    public static readonly List<string> SubConvertTargets =
    [
        "",
-            "mixed",
-            "v2ray",
-            "clash",
-            "ss"
+        "mixed",
+        "v2ray",
+        "clash",
+        "ss"
    ];

    public static readonly List<string> SpeedTestUrls =
    [
        @"https://cachefly.cachefly.net/50mb.test",
-            @"https://speed.cloudflare.com/__down?bytes=10000000",
-            @"https://speed.cloudflare.com/__down?bytes=50000000",
-            @"https://speed.cloudflare.com/__down?bytes=100000000",
-        ];
+        @"https://speed.cloudflare.com/__down?bytes=10000000",
+        @"https://speed.cloudflare.com/__down?bytes=50000000",
+        @"https://speed.cloudflare.com/__down?bytes=100000000",
+    ];

    public static readonly List<string> SpeedPingTestUrls =
    [
        @"https://www.google.com/generate_204",
-            @"https://www.gstatic.com/generate_204",
-            @"https://www.apple.com/library/test/success.html",
-            @"http://www.msftconnecttest.com/connecttest.txt"
+        @"https://www.gstatic.com/generate_204",
+        @"https://www.apple.com/library/test/success.html",
+        @"http://www.msftconnecttest.com/connecttest.txt"
    ];

    public static readonly List<string> GeoFilesSources =
    [
        "",
-            @"https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/{0}.dat",
-            @"https://github.com/Chocolate4U/Iran-v2ray-rules/releases/latest/download/{0}.dat"
+        @"https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/{0}.dat",
+        @"https://github.com/Chocolate4U/Iran-v2ray-rules/releases/latest/download/{0}.dat"
    ];

    public static readonly List<string> SingboxRulesetSources =
    [
        "",
-            @"https://cdn.jsdelivr.net/gh/runetfreedom/russia-v2ray-rules-dat@release/sing-box/rule-set-{0}/{1}.srs",
-            @"https://cdn.jsdelivr.net/gh/chocolate4u/Iran-sing-box-rules@rule-set/{1}.srs"
+        @"https://raw.githubusercontent.com/runetfreedom/russia-v2ray-rules-dat/release/sing-box/rule-set-{0}/{1}.srs",
+        @"https://raw.githubusercontent.com/chocolate4u/Iran-sing-box-rules/rule-set/{1}.srs"
    ];

    public static readonly List<string> RoutingRulesSources =
    [
        "",
-            @"https://cdn.jsdelivr.net/gh/runetfreedom/russia-v2ray-custom-routing-list@main/v2rayN/template.json",
-            @"https://cdn.jsdelivr.net/gh/Chocolate4U/Iran-v2ray-rules@main/v2rayN/template.json"
+        @"https://raw.githubusercontent.com/runetfreedom/russia-v2ray-custom-routing-list/main/v2rayN/template.json",
+        @"https://raw.githubusercontent.com/Chocolate4U/Iran-v2ray-rules/main/v2rayN/template.json"
    ];

    public static readonly List<string> DNSTemplateSources =
    [
        "",
-            @"https://cdn.jsdelivr.net/gh/runetfreedom/russia-v2ray-custom-routing-list@main/v2rayN/",
-            @"https://cdn.jsdelivr.net/gh/Chocolate4U/Iran-v2ray-rules@main/v2rayN/"
+        @"https://raw.githubusercontent.com/runetfreedom/russia-v2ray-custom-routing-list/main/v2rayN/",
+        @"https://raw.githubusercontent.com/Chocolate4U/Iran-v2ray-rules/main/v2rayN/"
    ];

    public static readonly Dictionary<string, string> UserAgentTexts = new()
-        {
-            {"chrome","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36" },
-            {"firefox","Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0" },
-            {"safari","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15" },
-            {"edge","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70" },
-            {"none",""}
-        };
+    {
+        {"chrome","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36" },
+        {"firefox","Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0" },
+        {"safari","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15" },
+        {"edge","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70" },
+        {"none",""}
+    };

    public const string Hysteria2ProtocolShare = "hy2://";

    public static readonly Dictionary<EConfigType, string> ProtocolShares = new()
-        {
-            { EConfigType.VMess, "vmess://" },
-            { EConfigType.Shadowsocks, "ss://" },
-            { EConfigType.SOCKS, "socks://" },
-            { EConfigType.VLESS, "vless://" },
-            { EConfigType.Trojan, "trojan://" },
-            { EConfigType.Hysteria2, "hysteria2://" },
-            { EConfigType.TUIC, "tuic://" },
-            { EConfigType.WireGuard, "wireguard://" }
-        };
+    {
+        { EConfigType.VMess, "vmess://" },
+        { EConfigType.Shadowsocks, "ss://" },
+        { EConfigType.SOCKS, "socks://" },
+        { EConfigType.VLESS, "vless://" },
+        { EConfigType.Trojan, "trojan://" },
+        { EConfigType.Hysteria2, "hysteria2://" },
+        { EConfigType.TUIC, "tuic://" },
+        { EConfigType.WireGuard, "wireguard://" },
+        { EConfigType.Anytls, "anytls://" }
+    };

    public static readonly Dictionary<EConfigType, string> ProtocolTypes = new()
-        {
-            { EConfigType.VMess, "vmess" },
-            { EConfigType.Shadowsocks, "shadowsocks" },
-            { EConfigType.SOCKS, "socks" },
-            { EConfigType.HTTP, "http" },
-            { EConfigType.VLESS, "vless" },
-            { EConfigType.Trojan, "trojan" },
-            { EConfigType.Hysteria2, "hysteria2" },
-            { EConfigType.TUIC, "tuic" },
-            { EConfigType.WireGuard, "wireguard" }
-        };
+    {
+        { EConfigType.VMess, "vmess" },
+        { EConfigType.Shadowsocks, "shadowsocks" },
+        { EConfigType.SOCKS, "socks" },
+        { EConfigType.HTTP, "http" },
+        { EConfigType.VLESS, "vless" },
+        { EConfigType.Trojan, "trojan" },
+        { EConfigType.Hysteria2, "hysteria2" },
+        { EConfigType.TUIC, "tuic" },
+        { EConfigType.WireGuard, "wireguard" },
+        { EConfigType.Anytls, "anytls" }
+    };

    public static readonly List<string> VmessSecurities =
    [
        "aes-128-gcm",
-            "chacha20-poly1305",
-            "auto",
-            "none",
-            "zero"
+        "chacha20-poly1305",
+        "auto",
+        "none",
+        "zero"
    ];

    public static readonly List<string> SsSecurities =
    [
        "aes-256-gcm",
-            "aes-128-gcm",
-            "chacha20-poly1305",
-            "chacha20-ietf-poly1305",
-            "none",
-            "plain"
+        "aes-128-gcm",
+        "chacha20-poly1305",
+        "chacha20-ietf-poly1305",
+        "none",
+        "plain"
    ];

    public static readonly List<string> SsSecuritiesInXray =
    [
        "aes-256-gcm",
-            "aes-128-gcm",
-            "chacha20-poly1305",
-            "chacha20-ietf-poly1305",
-            "xchacha20-poly1305",
-            "xchacha20-ietf-poly1305",
-            "none",
-            "plain",
-            "2022-blake3-aes-128-gcm",
-            "2022-blake3-aes-256-gcm",
-            "2022-blake3-chacha20-poly1305"
+        "aes-128-gcm",
+        "chacha20-poly1305",
+        "chacha20-ietf-poly1305",
+        "xchacha20-poly1305",
+        "xchacha20-ietf-poly1305",
+        "none",
+        "plain",
+        "2022-blake3-aes-128-gcm",
+        "2022-blake3-aes-256-gcm",
+        "2022-blake3-chacha20-poly1305"
    ];

    public static readonly List<string> SsSecuritiesInSingbox =
    [
        "aes-256-gcm",
-            "aes-192-gcm",
-            "aes-128-gcm",
-            "chacha20-ietf-poly1305",
-            "xchacha20-ietf-poly1305",
-            "none",
-            "2022-blake3-aes-128-gcm",
-            "2022-blake3-aes-256-gcm",
-            "2022-blake3-chacha20-poly1305",
-            "aes-128-ctr",
-            "aes-192-ctr",
-            "aes-256-ctr",
-            "aes-128-cfb",
-            "aes-192-cfb",
-            "aes-256-cfb",
-            "rc4-md5",
-            "chacha20-ietf",
-            "xchacha20"
+        "aes-192-gcm",
+        "aes-128-gcm",
+        "chacha20-ietf-poly1305",
+        "xchacha20-ietf-poly1305",
+        "none",
+        "2022-blake3-aes-128-gcm",
+        "2022-blake3-aes-256-gcm",
+        "2022-blake3-chacha20-poly1305",
+        "aes-128-ctr",
+        "aes-192-ctr",
+        "aes-256-ctr",
+        "aes-128-cfb",
+        "aes-192-cfb",
+        "aes-256-cfb",
+        "rc4-md5",
+        "chacha20-ietf",
+        "xchacha20"
    ];

    public static readonly List<string> Flows =
    [
        "",
-            "xtls-rprx-vision",
-            "xtls-rprx-vision-udp443"
+        "xtls-rprx-vision",
+        "xtls-rprx-vision-udp443"
    ];

    public static readonly List<string> Networks =
    [
        "tcp",
-            "kcp",
-            "ws",
-            "httpupgrade",
-            "xhttp",
-            "h2",
-            "quic",
-            "grpc"
+        "kcp",
+        "ws",
+        "httpupgrade",
+        "xhttp",
+        "h2",
+        "quic",
+        "grpc"
    ];

    public static readonly List<string> KcpHeaderTypes =
    [
        "srtp",
-            "utp",
-            "wechat-video",
-            "dtls",
-            "wireguard",
-            "dns"
+        "utp",
+        "wechat-video",
+        "dtls",
+        "wireguard",
+        "dns"
    ];

+    public static readonly Dictionary<string, string> KcpHeaderMaskMap = new()
+    {
+        { "srtp", "header-srtp" },
+        { "utp", "header-utp" },
+        { "wechat-video", "header-wechat" },
+        { "dtls", "header-dtls" },
+        { "wireguard", "header-wireguard" },
+        { "dns", "header-dns" }
+    };
+
    public static readonly List<string> CoreTypes =
    [
        "Xray",
-            "sing_box"
+        "sing_box"
    ];

+    public static readonly HashSet<EConfigType> XraySupportConfigType =
+    [
+        EConfigType.VMess,
+        EConfigType.VLESS,
+        EConfigType.Shadowsocks,
+        EConfigType.Trojan,
+        EConfigType.Hysteria2,
+        EConfigType.WireGuard,
+        EConfigType.SOCKS,
+        EConfigType.HTTP,
+    ];
+
+    public static readonly HashSet<EConfigType> SingboxSupportConfigType =
+    [
+        EConfigType.VMess,
+        EConfigType.VLESS,
+        EConfigType.Shadowsocks,
+        EConfigType.Trojan,
+        EConfigType.Hysteria2,
+        EConfigType.TUIC,
+        EConfigType.Anytls,
+        EConfigType.WireGuard,
+        EConfigType.SOCKS,
+        EConfigType.HTTP,
+    ];
+
+    public static readonly HashSet<EConfigType> SingboxOnlyConfigType = SingboxSupportConfigType.Except(XraySupportConfigType).ToHashSet();
+
    public static readonly List<string> DomainStrategies =
    [
-        "AsIs",
-            "IPIfNonMatch",
-            "IPOnDemand"
+        AsIs,
+        IPIfNonMatch,
+        IPOnDemand
    ];

-    public static readonly List<string> DomainStrategies4Singbox =
+    public static readonly List<string> DomainStrategies4Sbox =
    [
+        "",
+        "prefer_ipv4",
+        "prefer_ipv6",
        "ipv4_only",
-            "ipv6_only",
-            "prefer_ipv4",
-            "prefer_ipv6",
-            ""
-    ];
-
-    public static readonly List<string> DomainMatchers =
-    [
-        "linear",
-            "mph",
-            ""
+        "ipv6_only"
    ];

    public static readonly List<string> Fingerprints =
    [
        "chrome",
-            "firefox",
-            "safari",
-            "ios",
-            "android",
-            "edge",
-            "360",
-            "qq",
-            "random",
-            "randomized",
-            ""
+        "firefox",
+        "safari",
+        "ios",
+        "android",
+        "edge",
+        "360",
+        "qq",
+        "random",
+        "randomized",
+        ""
    ];

    public static readonly List<string> UserAgent =
    [
        "chrome",
-            "firefox",
-            "safari",
-            "edge",
-            "none"
+        "firefox",
+        "safari",
+        "edge",
+        "none"
    ];

    public static readonly List<string> XhttpMode =
    [
        "auto",
-            "packet-up",
-            "stream-up",
-            "stream-one"
+        "packet-up",
+        "stream-up",
+        "stream-one"
    ];

    public static readonly List<string> AllowInsecure =
    [
        "true",
-            "false",
-            ""
+        "false",
+        ""
    ];

-    public static readonly List<string> DomainStrategy4Freedoms =
+    public static readonly List<string> DomainStrategy =
    [
        "AsIs",
-            "UseIP",
-            "UseIPv4",
-            "UseIPv6",
-            ""
+        "UseIP",
+        "UseIPv4v6",
+        "UseIPv6v4",
+        "UseIPv4",
+        "UseIPv6",
+        ""
    ];

-    public static readonly List<string> SingboxDomainStrategy4Out =
+    public static readonly List<string> DomainDirectDNSAddress =
    [
-        "ipv4_only",
-            "prefer_ipv4",
-            "prefer_ipv6",
-            "ipv6_only",
-            ""
+        "https://dns.alidns.com/dns-query",
+        "https://doh.pub/dns-query",
+        "https://dns.alidns.com/dns-query,https://doh.pub/dns-query",
+        "223.5.5.5",
+        "119.29.29.29",
+        "localhost"
    ];

-    public static readonly List<string> DomainDNSAddress =
+    public static readonly List<string> DomainRemoteDNSAddress =
+    [
+        "https://cloudflare-dns.com/dns-query",
+        "https://dns.google/dns-query",
+        "https://cloudflare-dns.com/dns-query,https://dns.google/dns-query,8.8.8.8",
+        "https://dns.cloudflare.com/dns-query",
+        "https://doh.dns.sb/dns-query",
+        "https://doh.opendns.com/dns-query",
+        "https://common.dot.dns.yandex.net",
+        "8.8.8.8",
+        "1.1.1.1",
+        "185.222.222.222",
+        "208.67.222.222",
+        "77.88.8.8"
+    ];
+
+    public static readonly List<string> DomainPureIPDNSAddress =
    [
        "223.5.5.5",
-            "223.6.6.6",
-            "localhost"
-    ];
-
-    public static readonly List<string> SingboxDomainDNSAddress =
-    [
-        "223.5.5.5",
-            "223.6.6.6",
-            "dhcp://auto"
+        "119.29.29.29",
+        "localhost"
    ];

    public static readonly List<string> Languages =
    [
        "zh-Hans",
-            "zh-Hant",
-            "en",
-            "fa-Ir",
-            "ru",
-            "hu"
+        "zh-Hant",
+        "en",
+        "fa-Ir",
+        "fr",
+        "ru",
+        "hu"
    ];

    public static readonly List<string> Alpns =
    [
        "h3",
-            "h2",
-            "http/1.1",
-            "h3,h2",
-            "h2,http/1.1",
-            "h3,h2,http/1.1",
-            ""
+        "h2",
+        "http/1.1",
+        "h3,h2",
+        "h2,http/1.1",
+        "h3,h2,http/1.1",
+        ""
    ];

    public static readonly List<string> LogLevels =
    [
        "debug",
-            "info",
-            "warning",
-            "error",
-            "none"
+        "info",
+        "warning",
+        "error",
+        "none"
    ];

+    public static readonly Dictionary<string, string> LogLevelColors = new()
+    {
+        { "debug",   "#6C757D" },
+        { "info",    "#2ECC71" },
+        { "warning", "#FFA500" },
+        { "error",   "#E74C3C" },
+    };
+
    public static readonly List<string> InboundTags =
    [
        "socks",
-            "socks2",
-            "socks3"
+        "socks2",
+        "socks3"
    ];

    public static readonly List<string> RuleProtocols =
    [
        "http",
-            "tls",
-            "bittorrent"
+        "tls",
+        "bittorrent"
    ];

    public static readonly List<string> RuleNetworks =
    [
        "",
-            "tcp",
-            "udp",
-            "tcp,udp"
+        "tcp",
+        "udp",
+        "tcp,udp"
    ];

    public static readonly List<string> destOverrideProtocols =
    [
        "http",
-            "tls",
-            "quic",
-            "fakedns",
-            "fakedns+others"
+        "tls",
+        "quic",
+        "fakedns",
+        "fakedns+others"
    ];

    public static readonly List<int> TunMtus =
    [
        1280,
-            1408,
-            1500,
-            9000
+        1408,
+        1500,
+        4064,
+        9000,
+        65535
    ];

    public static readonly List<string> TunStacks =
    [
        "gvisor",
-            "system",
-            "mixed"
+        "system",
+        "mixed"
    ];

    public static readonly List<string> PresetMsgFilters =
    [
        "proxy",
-            "direct",
-            "block",
-            ""
+        "direct",
+        "block",
+        ""
    ];

    public static readonly List<string> SingboxMuxs =
    [
        "h2mux",
-            "smux",
-            "yamux",
-            ""
+        "smux",
+        "yamux",
+        ""
    ];

    public static readonly List<string> TuicCongestionControls =
    [
        "cubic",
-            "new_reno",
-            "bbr"
+        "new_reno",
+        "bbr"
    ];

    public static readonly List<string> allowSelectType =
    [
        "selector",
-            "urltest",
-            "loadbalance",
-            "fallback"
+        "urltest",
+        "loadbalance",
+        "fallback"
    ];

    public static readonly List<string> notAllowTestType =
    [
        "selector",
-            "urltest",
-            "direct",
-            "reject",
-            "compatible",
-            "pass",
-            "loadbalance",
-            "fallback"
+        "urltest",
+        "direct",
+        "reject",
+        "compatible",
+        "pass",
+        "loadbalance",
+        "fallback"
    ];

    public static readonly List<string> proxyVehicleType =
    [
        "file",
-            "http"
+        "http"
    ];

    public static readonly Dictionary<ECoreType, string> CoreUrls = new()
-        {
-            { ECoreType.v2fly, "v2fly/v2ray-core" },
-            { ECoreType.v2fly_v5, "v2fly/v2ray-core" },
-            { ECoreType.Xray, "XTLS/Xray-core" },
-            { ECoreType.sing_box, "SagerNet/sing-box" },
-            { ECoreType.mihomo, "MetaCubeX/mihomo" },
-            { ECoreType.hysteria, "apernet/hysteria" },
-            { ECoreType.hysteria2, "apernet/hysteria" },
-            { ECoreType.naiveproxy, "klzgrad/naiveproxy" },
-            { ECoreType.tuic, "EAimTY/tuic" },
-            { ECoreType.juicity, "juicity/juicity" },
-            { ECoreType.brook, "txthinking/brook" },
-            { ECoreType.overtls, "ShadowsocksR-Live/overtls" },
-            { ECoreType.shadowquic, "spongebob888/shadowquic" },
-            { ECoreType.v2rayN, "2dust/v2rayN" },
-        };
+    {
+        { ECoreType.v2fly, "v2fly/v2ray-core" },
+        { ECoreType.v2fly_v5, "v2fly/v2ray-core" },
+        { ECoreType.Xray, "XTLS/Xray-core" },
+        { ECoreType.sing_box, "SagerNet/sing-box" },
+        { ECoreType.mihomo, "MetaCubeX/mihomo" },
+        { ECoreType.hysteria, "apernet/hysteria" },
+        { ECoreType.hysteria2, "apernet/hysteria" },
+        { ECoreType.naiveproxy, "klzgrad/naiveproxy" },
+        { ECoreType.tuic, "EAimTY/tuic" },
+        { ECoreType.juicity, "juicity/juicity" },
+        { ECoreType.brook, "txthinking/brook" },
+        { ECoreType.overtls, "ShadowsocksR-Live/overtls" },
+        { ECoreType.shadowquic, "spongebob888/shadowquic" },
+        { ECoreType.mieru, "enfein/mieru" },
+        { ECoreType.v2rayN, "2dust/v2rayN" },
+    };

    public static readonly List<string> OtherGeoUrls =
    [
        @"https://raw.githubusercontent.com/Loyalsoldier/geoip/release/geoip-only-cn-private.dat",
-            @"https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb",
-            @"https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.metadb"
+        @"https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb",
+        @"https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.metadb"
    ];

    public static readonly List<string> IPAPIUrls =
    [
-        @"https://speed.cloudflare.com/meta",
        @"https://api.ip.sb/geoip",
        @"https://api-ipv4.ip.sb/geoip",
        @"https://api-ipv6.ip.sb/geoip",
@@ -528,5 +619,46 @@ public class Global
        @""
    ];

+    public static readonly List<string> OutboundTags =
+    [
+        ProxyTag,
+        DirectTag,
+        BlockTag
+    ];
+
+    public static readonly Dictionary<string, List<string>> PredefinedHosts = new()
+    {
+        { "dns.google", ["8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844"] },
+        { "dns.alidns.com", ["223.5.5.5", "223.6.6.6", "2400:3200::1", "2400:3200:baba::1"] },
+        { "one.one.one.one", ["1.1.1.1", "1.0.0.1", "2606:4700:4700::1111", "2606:4700:4700::1001"] },
+        { "1dot1dot1dot1.cloudflare-dns.com", ["1.1.1.1", "1.0.0.1", "2606:4700:4700::1111", "2606:4700:4700::1001"] },
+        { "cloudflare-dns.com", ["104.16.249.249", "104.16.248.249", "2606:4700::6810:f8f9", "2606:4700::6810:f9f9"] },
+        { "dns.cloudflare.com", ["104.16.132.229", "104.16.133.229", "2606:4700::6810:84e5", "2606:4700::6810:85e5"] },
+        { "dot.pub", ["1.12.12.12", "120.53.53.53"] },
+        { "doh.pub", ["1.12.12.12", "120.53.53.53"] },
+        { "dns.quad9.net", ["9.9.9.9", "149.112.112.112", "2620:fe::fe", "2620:fe::9"] },
+        { "dns.yandex.net", ["77.88.8.8", "77.88.8.1", "2a02:6b8::feed:0ff", "2a02:6b8:0:1::feed:0ff"] },
+        { "dns.sb", ["185.222.222.222", "2a09::"] },
+        { "dns.umbrella.com", ["208.67.220.220", "208.67.222.222", "2620:119:35::35", "2620:119:53::53"] },
+        { "dns.sse.cisco.com", ["208.67.220.220", "208.67.222.222", "2620:119:35::35", "2620:119:53::53"] },
+        { "engage.cloudflareclient.com", ["162.159.192.1"] }
+    };
+
+    public static readonly List<string> ExpectedIPs =
+    [
+        "geoip:cn",
+        "geoip:ir",
+        "geoip:ru",
+        ""
+    ];
+
+    public static readonly List<string> EchForceQuerys =
+    [
+        "none",
+        "half",
+        "full",
+        ""
+    ];
+
    #endregion const
 }
--- a/v2rayN/ServiceLib/GlobalUsings.cs
+++ b/v2rayN/ServiceLib/GlobalUsings.cs
@@ -1,11 +1,37 @@
-global using ServiceLib.Base;
+global using System.Collections.Concurrent;
+global using System.Diagnostics;
+global using System.Net;
+global using System.Net.NetworkInformation;
+global using System.Net.Sockets;
+global using System.Reactive;
+global using System.Reactive.Disposables;
+global using System.Reactive.Linq;
+global using System.Reflection;
+global using System.Runtime.InteropServices;
+global using System.Security.Cryptography;
+global using System.Text;
+global using System.Text.Encodings.Web;
+global using System.Text.Json;
+global using System.Text.Json.Nodes;
+global using System.Text.Json.Serialization;
+global using System.Text.RegularExpressions;
+global using DynamicData;
+global using DynamicData.Binding;
+global using ReactiveUI;
+global using ReactiveUI.Fody.Helpers;
+global using ServiceLib.Base;
 global using ServiceLib.Common;
 global using ServiceLib.Enums;
+global using ServiceLib.Events;
 global using ServiceLib.Handler;
+global using ServiceLib.Handler.Builder;
 global using ServiceLib.Handler.Fmt;
-global using ServiceLib.Services;
-global using ServiceLib.Services.Statistics;
-global using ServiceLib.Services.CoreConfig;
+global using ServiceLib.Handler.SysProxy;
+global using ServiceLib.Helper;
+global using ServiceLib.Manager;
 global using ServiceLib.Models;
 global using ServiceLib.Resx;
-global using ServiceLib.Handler.SysProxy;
+global using ServiceLib.Services;
+global using ServiceLib.Services.CoreConfig;
+global using ServiceLib.Services.Statistics;
+global using SQLite;
--- a/v2rayN/ServiceLib/Handler/AppHandler.cs
+++ b/v2rayN/ServiceLib/Handler/AppHandler.cs
@@ -1,239 +0,0 @@
-namespace ServiceLib.Handler;
-
-public sealed class AppHandler
-{
-    #region Property
-
-    private static readonly Lazy<AppHandler> _instance = new(() => new());
-    private Config _config;
-    private int? _statePort;
-    private int? _statePort2;
-    private Job? _processJob;
-    public static AppHandler Instance => _instance.Value;
-    public Config Config => _config;
-
-    public int StatePort
-    {
-        get
-        {
-            _statePort ??= Utils.GetFreePort(GetLocalPort(EInboundProtocol.api));
-            return _statePort.Value;
-        }
-    }
-
-    public int StatePort2
-    {
-        get
-        {
-            _statePort2 ??= Utils.GetFreePort(GetLocalPort(EInboundProtocol.api2));
-            return _statePort2.Value + (_config.TunModeItem.EnableTun ? 1 : 0);
-        }
-    }
-
-    public string LinuxSudoPwd { get; set; }
-
-    #endregion Property
-
-    #region Init
-
-    public bool InitApp()
-    {
-        if (Utils.HasWritePermission() == false)
-        {
-            Environment.SetEnvironmentVariable(Global.LocalAppData, "1", EnvironmentVariableTarget.Process);
-        }
-
-        Logging.Setup();
-        var config = ConfigHandler.LoadConfig();
-        if (config == null)
-        {
-            return false;
-        }
-        _config = config;
-        Thread.CurrentThread.CurrentUICulture = new(_config.UiItem.CurrentLanguage);
-
-        //Under Win10
-        if (Utils.IsWindows() && Environment.OSVersion.Version.Major < 10)
-        {
-            Environment.SetEnvironmentVariable("DOTNET_EnableWriteXorExecute", "0", EnvironmentVariableTarget.User);
-        }
-
-        SQLiteHelper.Instance.CreateTable<SubItem>();
-        SQLiteHelper.Instance.CreateTable<ProfileItem>();
-        SQLiteHelper.Instance.CreateTable<ServerStatItem>();
-        SQLiteHelper.Instance.CreateTable<RoutingItem>();
-        SQLiteHelper.Instance.CreateTable<ProfileExItem>();
-        SQLiteHelper.Instance.CreateTable<DNSItem>();
-        return true;
-    }
-
-    public bool InitComponents()
-    {
-        Logging.SaveLog($"v2rayN start up | {Utils.GetRuntimeInfo()}");
-        Logging.LoggingEnabled(_config.GuiItem.EnableLog);
-
-        //First determine the port value
-        _ = StatePort;
-        _ = StatePort2;
-
-        return true;
-    }
-
-    public bool Reset()
-    {
-        _statePort = null;
-        _statePort2 = null;
-        return true;
-    }
-
-    #endregion Init
-
-    #region Config
-
-    public int GetLocalPort(EInboundProtocol protocol)
-    {
-        var localPort = _config.Inbound.FirstOrDefault(t => t.Protocol == nameof(EInboundProtocol.socks))?.LocalPort ?? 10808;
-        return localPort + (int)protocol;
-    }
-
-    public void AddProcess(IntPtr processHandle)
-    {
-        if (Utils.IsWindows())
-        {
-            _processJob ??= new();
-            try
-            {
-                _processJob?.AddProcess(processHandle);
-            }
-            catch
-            {
-            }
-        }
-    }
-
-    #endregion Config
-
-    #region SqliteHelper
-
-    public async Task<List<SubItem>?> SubItems()
-    {
-        return await SQLiteHelper.Instance.TableAsync<SubItem>().OrderBy(t => t.Sort).ToListAsync();
-    }
-
-    public async Task<SubItem?> GetSubItem(string? subid)
-    {
-        return await SQLiteHelper.Instance.TableAsync<SubItem>().FirstOrDefaultAsync(t => t.Id == subid);
-    }
-
-    public async Task<List<ProfileItem>?> ProfileItems(string subid)
-    {
-        if (subid.IsNullOrEmpty())
-        {
-            return await SQLiteHelper.Instance.TableAsync<ProfileItem>().ToListAsync();
-        }
-        else
-        {
-            return await SQLiteHelper.Instance.TableAsync<ProfileItem>().Where(t => t.Subid == subid).ToListAsync();
-        }
-    }
-
-    public async Task<List<string>?> ProfileItemIndexes(string subid)
-    {
-        return (await ProfileItems(subid))?.Select(t => t.IndexId)?.ToList();
-    }
-
-    public async Task<List<ProfileItemModel>?> ProfileItems(string subid, string filter)
-    {
-        var sql = @$"select a.*
-                           ,b.remarks subRemarks
-                        from ProfileItem a
-                        left join SubItem b on a.subid = b.id
-                        where 1=1 ";
-        if (subid.IsNotEmpty())
-        {
-            sql += $" and a.subid = '{subid}'";
-        }
-        if (filter.IsNotEmpty())
-        {
-            if (filter.Contains('\''))
-            {
-                filter = filter.Replace("'", "");
-            }
-            sql += string.Format(" and (a.remarks like '%{0}%' or a.address like '%{0}%') ", filter);
-        }
-
-        return await SQLiteHelper.Instance.QueryAsync<ProfileItemModel>(sql);
-    }
-
-    public async Task<ProfileItem?> GetProfileItem(string indexId)
-    {
-        if (indexId.IsNullOrEmpty())
-        {
-            return null;
-        }
-        return await SQLiteHelper.Instance.TableAsync<ProfileItem>().FirstOrDefaultAsync(it => it.IndexId == indexId);
-    }
-
-    public async Task<ProfileItem?> GetProfileItemViaRemarks(string? remarks)
-    {
-        if (remarks.IsNullOrEmpty())
-        {
-            return null;
-        }
-        return await SQLiteHelper.Instance.TableAsync<ProfileItem>().FirstOrDefaultAsync(it => it.Remarks == remarks);
-    }
-
-    public async Task<List<RoutingItem>?> RoutingItems()
-    {
-        return await SQLiteHelper.Instance.TableAsync<RoutingItem>().OrderBy(t => t.Sort).ToListAsync();
-    }
-
-    public async Task<RoutingItem?> GetRoutingItem(string id)
-    {
-        return await SQLiteHelper.Instance.TableAsync<RoutingItem>().FirstOrDefaultAsync(it => it.Id == id);
-    }
-
-    public async Task<List<DNSItem>?> DNSItems()
-    {
-        return await SQLiteHelper.Instance.TableAsync<DNSItem>().ToListAsync();
-    }
-
-    public async Task<DNSItem?> GetDNSItem(ECoreType eCoreType)
-    {
-        return await SQLiteHelper.Instance.TableAsync<DNSItem>().FirstOrDefaultAsync(it => it.CoreType == eCoreType);
-    }
-
-    #endregion SqliteHelper
-
-    #region Core Type
-
-    public List<string> GetShadowsocksSecurities(ProfileItem profileItem)
-    {
-        var coreType = GetCoreType(profileItem, EConfigType.Shadowsocks);
-        switch (coreType)
-        {
-            case ECoreType.v2fly:
-                return Global.SsSecurities;
-
-            case ECoreType.Xray:
-                return Global.SsSecuritiesInXray;
-
-            case ECoreType.sing_box:
-                return Global.SsSecuritiesInSingbox;
-        }
-        return Global.SsSecuritiesInSingbox;
-    }
-
-    public ECoreType GetCoreType(ProfileItem profileItem, EConfigType eConfigType)
-    {
-        if (profileItem?.CoreType != null)
-        {
-            return (ECoreType)profileItem.CoreType;
-        }
-
-        var item = _config.CoreTypeItem?.FirstOrDefault(it => it.ConfigType == eConfigType);
-        return item?.CoreType ?? ECoreType.Xray;
-    }
-
-    #endregion Core Type
-}
--- a/v2rayN/ServiceLib/Handler/AutoStartupHandler.cs
+++ b/v2rayN/ServiceLib/Handler/AutoStartupHandler.cs
@@ -1,5 +1,4 @@
 using System.Security.Principal;
-using System.Text.RegularExpressions;

 namespace ServiceLib.Handler;

@@ -27,7 +26,7 @@ public static class AutoStartupHandler
                await SetTaskLinux();
            }
        }
-        else if (Utils.IsOSX())
+        else if (Utils.IsMacOS())
        {
            await ClearTaskOSX();

--- a/v2rayN/ServiceLib/Handler/Builder/CoreConfigContextBuilder.cs
+++ b/v2rayN/ServiceLib/Handler/Builder/CoreConfigContextBuilder.cs
@@ -0,0 +1,437 @@
+namespace ServiceLib.Handler.Builder;
+
+public record CoreConfigContextBuilderResult(CoreConfigContext Context, NodeValidatorResult ValidatorResult)
+{
+    public bool Success => ValidatorResult.Success;
+}
+
+/// <summary>
+/// Holds the results of a full context build, including the main context and an optional
+/// pre-socks context (e.g. for TUN protection or pre-socks chaining).
+/// </summary>
+public record CoreConfigContextBuilderAllResult(
+    CoreConfigContextBuilderResult MainResult,
+    CoreConfigContextBuilderResult? PreSocksResult)
+{
+    /// <summary>True only when both the main result and (if present) the pre-socks result succeeded.</summary>
+    public bool Success => MainResult.Success && (PreSocksResult?.Success ?? true);
+
+    /// <summary>
+    /// Merges all errors and warnings from the main result and the optional pre-socks result
+    /// into a single <see cref="NodeValidatorResult"/> for unified notification.
+    /// </summary>
+    public NodeValidatorResult CombinedValidatorResult => new(
+        [.. MainResult.ValidatorResult.Errors, .. PreSocksResult?.ValidatorResult.Errors ?? []],
+        [.. MainResult.ValidatorResult.Warnings, .. PreSocksResult?.ValidatorResult.Warnings ?? []]);
+
+    /// <summary>
+    /// The main context with TunProtectSsPort/ProxyRelaySsPort and ProtectDomainList merged in
+    /// from the pre-socks result (if any). Pass this to the core runner.
+    /// </summary>
+    public CoreConfigContext ResolvedMainContext => PreSocksResult is not null
+        ? MainResult.Context with
+        {
+            TunProtectSsPort = PreSocksResult.Context.TunProtectSsPort,
+            ProxyRelaySsPort = PreSocksResult.Context.ProxyRelaySsPort,
+            ProtectDomainList = [.. MainResult.Context.ProtectDomainList ?? [], .. PreSocksResult.Context.ProtectDomainList ?? []],
+        }
+        : MainResult.Context;
+}
+
+public class CoreConfigContextBuilder
+{
+    /// <summary>
+    /// Builds a <see cref="CoreConfigContext"/> for the given node, resolves its proxy map,
+    /// and processes outbound nodes referenced by routing rules.
+    /// </summary>
+    public static async Task<CoreConfigContextBuilderResult> Build(Config config, ProfileItem node)
+    {
+        var runCoreType = AppManager.Instance.GetCoreType(node, node.ConfigType);
+        var coreType = runCoreType == ECoreType.sing_box ? ECoreType.sing_box : ECoreType.Xray;
+        var context = new CoreConfigContext()
+        {
+            Node = node,
+            RunCoreType = runCoreType,
+            AllProxiesMap = [],
+            AppConfig = config,
+            FullConfigTemplate = await AppManager.Instance.GetFullConfigTemplateItem(coreType),
+            IsTunEnabled = config.TunModeItem.EnableTun,
+            SimpleDnsItem = config.SimpleDNSItem,
+            ProtectDomainList = [],
+            TunProtectSsPort = 0,
+            ProxyRelaySsPort = 0,
+            RawDnsItem = await AppManager.Instance.GetDNSItem(coreType),
+            RoutingItem = await ConfigHandler.GetDefaultRouting(config),
+        };
+        var validatorResult = NodeValidatorResult.Empty();
+        var (actNode, nodeValidatorResult) = await ResolveNodeAsync(context, node);
+        if (!nodeValidatorResult.Success)
+        {
+            return new CoreConfigContextBuilderResult(context, nodeValidatorResult);
+        }
+        context = context with { Node = actNode };
+        validatorResult.Warnings.AddRange(nodeValidatorResult.Warnings);
+        if (!(context.RoutingItem?.RuleSet.IsNullOrEmpty() ?? true))
+        {
+            var rules = JsonUtils.Deserialize<List<RulesItem>>(context.RoutingItem?.RuleSet) ?? [];
+            foreach (var ruleItem in rules.Where(ruleItem => ruleItem.Enabled && !Global.OutboundTags.Contains(ruleItem.OutboundTag)))
+            {
+                if (ruleItem.OutboundTag.IsNullOrEmpty())
+                {
+                    validatorResult.Warnings.Add(string.Format(ResUI.MsgRoutingRuleEmptyOutboundTag, ruleItem.Remarks));
+                    ruleItem.OutboundTag = Global.ProxyTag;
+                    continue;
+                }
+                var ruleOutboundNode = await AppManager.Instance.GetProfileItemViaRemarks(ruleItem.OutboundTag);
+                if (ruleOutboundNode == null)
+                {
+                    validatorResult.Warnings.Add(string.Format(ResUI.MsgRoutingRuleOutboundNodeNotFound, ruleItem.Remarks, ruleItem.OutboundTag));
+                    ruleItem.OutboundTag = Global.ProxyTag;
+                    continue;
+                }
+
+                var (actRuleNode, ruleNodeValidatorResult) = await ResolveNodeAsync(context, ruleOutboundNode, false);
+                validatorResult.Warnings.AddRange(ruleNodeValidatorResult.Warnings.Select(w =>
+                    string.Format(ResUI.MsgRoutingRuleOutboundNodeWarning, ruleItem.Remarks, ruleItem.OutboundTag, w)));
+                if (!ruleNodeValidatorResult.Success)
+                {
+                    validatorResult.Warnings.AddRange(ruleNodeValidatorResult.Errors.Select(e =>
+                        string.Format(ResUI.MsgRoutingRuleOutboundNodeError, ruleItem.Remarks, ruleItem.OutboundTag, e)));
+                    ruleItem.OutboundTag = Global.ProxyTag;
+                    continue;
+                }
+
+                context.AllProxiesMap[$"remark:{ruleItem.OutboundTag}"] = actRuleNode;
+            }
+        }
+
+        return new CoreConfigContextBuilderResult(context, validatorResult);
+    }
+
+    /// <summary>
+    /// Builds the main <see cref="CoreConfigContext"/> for <paramref name="node"/> and, when
+    /// the main build succeeds, also builds the optional pre-socks context required for TUN
+    /// protection or pre-socks proxy chaining.
+    /// </summary>
+    public static async Task<CoreConfigContextBuilderAllResult> BuildAll(Config config, ProfileItem node)
+    {
+        var mainResult = await Build(config, node);
+        if (!mainResult.Success)
+        {
+            return new CoreConfigContextBuilderAllResult(mainResult, null);
+        }
+
+        var preResult = await BuildPreSocksIfNeeded(mainResult.Context);
+        return new CoreConfigContextBuilderAllResult(mainResult, preResult);
+    }
+
+    /// <summary>
+    /// Determines whether a pre-socks context is required for <paramref name="nodeContext"/>
+    /// and, if so, builds and returns it. Returns <c>null</c> when no pre-socks core is needed.
+    /// </summary>
+    private static async Task<CoreConfigContextBuilderResult?> BuildPreSocksIfNeeded(CoreConfigContext nodeContext)
+    {
+        var config = nodeContext.AppConfig;
+        var node = nodeContext.Node;
+        var coreType = AppManager.Instance.GetCoreType(node, node.ConfigType);
+
+        var preSocksItem = ConfigHandler.GetPreSocksItem(config, node, coreType);
+        if (preSocksItem != null)
+        {
+            var preSocksResult = await Build(nodeContext.AppConfig, preSocksItem);
+            return preSocksResult with
+            {
+                Context = preSocksResult.Context with
+                {
+                    ProtectDomainList = [.. nodeContext.ProtectDomainList ?? [], .. preSocksResult.Context.ProtectDomainList ?? []],
+                }
+            };
+        }
+
+        if (!nodeContext.IsTunEnabled
+            || coreType != ECoreType.Xray
+            || node.ConfigType == EConfigType.Custom)
+        {
+            return null;
+        }
+
+        var tunProtectSsPort = Utils.GetFreePort();
+        var proxyRelaySsPort = Utils.GetFreePort();
+        var preItem = new ProfileItem()
+        {
+            CoreType = ECoreType.sing_box,
+            ConfigType = EConfigType.Shadowsocks,
+            Address = Global.Loopback,
+            Port = proxyRelaySsPort,
+            Password = Global.None,
+        };
+        preItem.SetProtocolExtra(preItem.GetProtocolExtra() with
+        {
+            SsMethod = Global.None,
+        });
+        var preResult2 = await Build(nodeContext.AppConfig, preItem);
+        return preResult2 with
+        {
+            Context = preResult2.Context with
+            {
+                ProtectDomainList = [.. nodeContext.ProtectDomainList ?? [], .. preResult2.Context.ProtectDomainList ?? []],
+                TunProtectSsPort = tunProtectSsPort,
+                ProxyRelaySsPort = proxyRelaySsPort,
+            }
+        };
+    }
+
+    /// <summary>
+    /// Resolves a node into the context, optionally wrapping it in a subscription-level proxy chain.
+    /// Returns the effective (possibly replaced) node and the validation result.
+    /// </summary>
+    public static async Task<(ProfileItem, NodeValidatorResult)> ResolveNodeAsync(CoreConfigContext context,
+        ProfileItem node,
+        bool includeSubChain = true)
+    {
+        if (node.IndexId.IsNullOrEmpty())
+        {
+            return (node, NodeValidatorResult.Empty());
+        }
+
+        if (includeSubChain)
+        {
+            var (virtualChainNode, chainValidatorResult) = await BuildSubscriptionChainNodeAsync(node);
+            if (virtualChainNode != null)
+            {
+                context.AllProxiesMap[virtualChainNode.IndexId] = virtualChainNode;
+                var (resolvedNode, resolvedResult) = await ResolveNodeAsync(context, virtualChainNode, false);
+                resolvedResult.Warnings.InsertRange(0, chainValidatorResult.Warnings);
+                return (resolvedNode, resolvedResult);
+            }
+            // Chain not built but warnings may still exist (e.g. missing profiles)
+            if (chainValidatorResult.Warnings.Count > 0)
+            {
+                var fillResult = await RegisterNodeAsync(context, node);
+                fillResult.Warnings.InsertRange(0, chainValidatorResult.Warnings);
+                return (node, fillResult);
+            }
+        }
+
+        var registerResult = await RegisterNodeAsync(context, node);
+        return (node, registerResult);
+    }
+
+    /// <summary>
+    /// If the node's subscription defines prev/next profiles, creates a virtual
+    /// <see cref="EConfigType.ProxyChain"/> node that wraps them together.
+    /// Returns <c>null</c> as the chain item when no chain is needed.
+    /// Any warnings (e.g. missing prev/next profile) are returned in the validator result.
+    /// </summary>
+    private static async Task<(ProfileItem? ChainNode, NodeValidatorResult ValidatorResult)> BuildSubscriptionChainNodeAsync(ProfileItem node)
+    {
+        var result = NodeValidatorResult.Empty();
+
+        if (node.Subid.IsNullOrEmpty())
+        {
+            return (null, result);
+        }
+
+        var subItem = await AppManager.Instance.GetSubItem(node.Subid);
+        if (subItem == null)
+        {
+            return (null, result);
+        }
+
+        ProfileItem? prevNode = null;
+        ProfileItem? nextNode = null;
+
+        if (!subItem.PrevProfile.IsNullOrEmpty())
+        {
+            prevNode = await AppManager.Instance.GetProfileItemViaRemarks(subItem.PrevProfile);
+            if (prevNode == null)
+            {
+                result.Warnings.Add(string.Format(ResUI.MsgSubscriptionPrevProfileNotFound, subItem.PrevProfile));
+            }
+        }
+        if (!subItem.NextProfile.IsNullOrEmpty())
+        {
+            nextNode = await AppManager.Instance.GetProfileItemViaRemarks(subItem.NextProfile);
+            if (nextNode == null)
+            {
+                result.Warnings.Add(string.Format(ResUI.MsgSubscriptionNextProfileNotFound, subItem.NextProfile));
+            }
+        }
+
+        if (prevNode is null && nextNode is null)
+        {
+            return (null, result);
+        }
+
+        // Build new proxy chain node
+        var chainNode = new ProfileItem()
+        {
+            IndexId = $"inner-{Utils.GetGuid(false)}",
+            ConfigType = EConfigType.ProxyChain,
+            CoreType = node.CoreType ?? ECoreType.Xray,
+        };
+        List<string?> childItems = [prevNode?.IndexId, node.IndexId, nextNode?.IndexId];
+        var chainExtraItem = chainNode.GetProtocolExtra() with
+        {
+            GroupType = chainNode.ConfigType.ToString(),
+            ChildItems = string.Join(",", childItems.Where(x => !x.IsNullOrEmpty())),
+        };
+        chainNode.SetProtocolExtra(chainExtraItem);
+        return (chainNode, result);
+    }
+
+    /// <summary>
+    /// Dispatches registration to either <see cref="RegisterGroupNodeAsync"/> or
+    /// <see cref="RegisterSingleNodeAsync"/> based on the node's config type.
+    /// </summary>
+    private static async Task<NodeValidatorResult> RegisterNodeAsync(CoreConfigContext context, ProfileItem node)
+    {
+        if (node.ConfigType.IsGroupType())
+        {
+            return await RegisterGroupNodeAsync(context, node);
+        }
+        else
+        {
+            return RegisterSingleNodeAsync(context, node);
+        }
+    }
+
+    /// <summary>
+    /// Validates a single (non-group) node and, on success, adds it to the proxy map
+    /// and records any domain addresses that should bypass the proxy.
+    /// </summary>
+    private static NodeValidatorResult RegisterSingleNodeAsync(CoreConfigContext context, ProfileItem node)
+    {
+        if (node.ConfigType.IsGroupType())
+        {
+            return NodeValidatorResult.Empty();
+        }
+
+        var nodeValidatorResult = NodeValidator.Validate(node, context.RunCoreType);
+        if (!nodeValidatorResult.Success)
+        {
+            return nodeValidatorResult;
+        }
+
+        context.AllProxiesMap[node.IndexId] = node;
+
+        var address = node.Address;
+        if (Utils.IsDomain(address))
+        {
+            context.ProtectDomainList.Add(address);
+        }
+
+        if (!node.EchConfigList.IsNullOrEmpty())
+        {
+            var echQuerySni = node.Sni;
+            if (node.StreamSecurity == Global.StreamSecurity
+                && node.EchConfigList?.Contains("://") == true)
+            {
+                var idx = node.EchConfigList.IndexOf('+');
+                echQuerySni = idx > 0 ? node.EchConfigList[..idx] : node.Sni;
+            }
+
+            if (Utils.IsDomain(echQuerySni))
+            {
+                context.ProtectDomainList.Add(echQuerySni);
+            }
+        }
+
+        return nodeValidatorResult;
+    }
+
+    /// <summary>
+    /// Entry point for registering a group node. Initialises the visited/ancestor sets
+    /// and delegates to <see cref="TraverseGroupNodeAsync"/>.
+    /// </summary>
+    private static async Task<NodeValidatorResult> RegisterGroupNodeAsync(CoreConfigContext context,
+        ProfileItem node)
+    {
+        if (!node.ConfigType.IsGroupType())
+        {
+            return NodeValidatorResult.Empty();
+        }
+
+        HashSet<string> ancestors = [node.IndexId];
+        HashSet<string> globalVisited = [node.IndexId];
+        return await TraverseGroupNodeAsync(context, node, globalVisited, ancestors);
+    }
+
+    /// <summary>
+    /// Recursively walks the children of a group node, registering valid leaf nodes
+    /// and nested groups. Detects cycles via <paramref name="ancestorsGroup"/> and
+    /// deduplicates shared nodes via <paramref name="globalVisitedGroup"/>.
+    /// </summary>
+    private static async Task<NodeValidatorResult> TraverseGroupNodeAsync(
+        CoreConfigContext context,
+        ProfileItem node,
+        HashSet<string> globalVisitedGroup,
+        HashSet<string> ancestorsGroup)
+    {
+        var (groupChildList, _) = await GroupProfileManager.GetChildProfileItems(node);
+        List<string> childIndexIdList = [];
+        var childNodeValidatorResult = NodeValidatorResult.Empty();
+        foreach (var childNode in groupChildList)
+        {
+            if (ancestorsGroup.Contains(childNode.IndexId))
+            {
+                childNodeValidatorResult.Errors.Add(
+                    string.Format(ResUI.MsgGroupCycleDependency, node.Remarks, childNode.Remarks));
+                continue;
+            }
+
+            if (globalVisitedGroup.Contains(childNode.IndexId))
+            {
+                childIndexIdList.Add(childNode.IndexId);
+                continue;
+            }
+
+            if (!childNode.ConfigType.IsGroupType())
+            {
+                var childNodeResult = RegisterSingleNodeAsync(context, childNode);
+                childNodeValidatorResult.Warnings.AddRange(childNodeResult.Warnings.Select(w =>
+                    string.Format(ResUI.MsgGroupChildNodeWarning, node.Remarks, childNode.Remarks, w)));
+                childNodeValidatorResult.Errors.AddRange(childNodeResult.Errors.Select(e =>
+                    string.Format(ResUI.MsgGroupChildNodeError, node.Remarks, childNode.Remarks, e)));
+                if (!childNodeResult.Success)
+                {
+                    continue;
+                }
+
+                globalVisitedGroup.Add(childNode.IndexId);
+                childIndexIdList.Add(childNode.IndexId);
+                continue;
+            }
+
+            var newAncestorsGroup = new HashSet<string>(ancestorsGroup) { childNode.IndexId };
+            var childGroupResult =
+                await TraverseGroupNodeAsync(context, childNode, globalVisitedGroup, newAncestorsGroup);
+            childNodeValidatorResult.Warnings.AddRange(childGroupResult.Warnings.Select(w =>
+                string.Format(ResUI.MsgGroupChildGroupNodeWarning, node.Remarks, childNode.Remarks, w)));
+            childNodeValidatorResult.Errors.AddRange(childGroupResult.Errors.Select(e =>
+                string.Format(ResUI.MsgGroupChildGroupNodeError, node.Remarks, childNode.Remarks, e)));
+            if (!childGroupResult.Success)
+            {
+                continue;
+            }
+
+            globalVisitedGroup.Add(childNode.IndexId);
+            childIndexIdList.Add(childNode.IndexId);
+        }
+
+        if (childIndexIdList.Count == 0)
+        {
+            childNodeValidatorResult.Errors.Add(string.Format(ResUI.MsgGroupNoValidChildNode, node.Remarks));
+            return childNodeValidatorResult;
+        }
+        else
+        {
+            childNodeValidatorResult.Warnings.AddRange(childNodeValidatorResult.Errors);
+            childNodeValidatorResult.Errors.Clear();
+        }
+
+        node.SetProtocolExtra(node.GetProtocolExtra() with { ChildItems = Utils.List2String(childIndexIdList), });
+        context.AllProxiesMap[node.IndexId] = node;
+        return childNodeValidatorResult;
+    }
+}
--- a/v2rayN/ServiceLib/Handler/Builder/NodeValidator.cs
+++ b/v2rayN/ServiceLib/Handler/Builder/NodeValidator.cs
@@ -0,0 +1,175 @@
+namespace ServiceLib.Handler.Builder;
+
+public record NodeValidatorResult(List<string> Errors, List<string> Warnings)
+{
+    public bool Success => Errors.Count == 0;
+
+    public static NodeValidatorResult Empty()
+    {
+        return new NodeValidatorResult([], []);
+    }
+}
+
+public class NodeValidator
+{
+    // Static validator rules
+    private static readonly HashSet<string> SingboxUnsupportedTransports =
+        [nameof(ETransport.kcp), nameof(ETransport.xhttp)];
+
+    private static readonly HashSet<EConfigType> SingboxTransportSupportedProtocols =
+        [EConfigType.VMess, EConfigType.VLESS, EConfigType.Trojan, EConfigType.Shadowsocks];
+
+    private static readonly HashSet<string> SingboxShadowsocksAllowedTransports =
+        [nameof(ETransport.tcp), nameof(ETransport.ws), nameof(ETransport.quic)];
+
+    public static NodeValidatorResult Validate(ProfileItem item, ECoreType coreType)
+    {
+        var v = new ValidationContext();
+        ValidateNodeAndCoreSupport(item, coreType, v);
+        return v.ToResult();
+    }
+
+    private class ValidationContext
+    {
+        public List<string> Errors { get; } = [];
+        public List<string> Warnings { get; } = [];
+
+        public void Error(string message)
+        {
+            Errors.Add(message);
+        }
+
+        public void Warning(string message)
+        {
+            Warnings.Add(message);
+        }
+
+        public void Assert(bool condition, string errorMsg)
+        {
+            if (!condition)
+            {
+                Error(errorMsg);
+            }
+        }
+
+        public NodeValidatorResult ToResult()
+        {
+            return new NodeValidatorResult(Errors, Warnings);
+        }
+    }
+
+    private static void ValidateNodeAndCoreSupport(ProfileItem item, ECoreType coreType, ValidationContext v)
+    {
+        if (item.ConfigType is EConfigType.Custom)
+        {
+            return;
+        }
+
+        if (item.ConfigType.IsGroupType())
+        {
+            // Group logic is handled in ValidateGroupNode
+            return;
+        }
+
+        // Basic Property Validation
+        v.Assert(!item.Address.IsNullOrEmpty(), string.Format(ResUI.MsgInvalidProperty, "Address"));
+        v.Assert(item.Port is > 0 and <= 65535, string.Format(ResUI.MsgInvalidProperty, "Port"));
+
+        // Network & Core Logic
+        var net = item.GetNetwork();
+        if (coreType == ECoreType.sing_box)
+        {
+            var transportError = ValidateSingboxTransport(item.ConfigType, net);
+            if (transportError != null)
+                v.Error(transportError);
+
+            if (!Global.SingboxSupportConfigType.Contains(item.ConfigType))
+            {
+                v.Error(string.Format(ResUI.MsgCoreNotSupportProtocol, nameof(ECoreType.sing_box), item.ConfigType));
+            }
+        }
+        else if (coreType is ECoreType.Xray)
+        {
+            if (!Global.XraySupportConfigType.Contains(item.ConfigType))
+            {
+                v.Error(string.Format(ResUI.MsgCoreNotSupportProtocol, nameof(ECoreType.Xray), item.ConfigType));
+            }
+        }
+
+        // Protocol Specifics
+        var protocolExtra = item.GetProtocolExtra();
+        switch (item.ConfigType)
+        {
+            case EConfigType.VMess:
+                v.Assert(!item.Password.IsNullOrEmpty() && Utils.IsGuidByParse(item.Password),
+                    string.Format(ResUI.MsgInvalidProperty, "Password"));
+                break;
+
+            case EConfigType.VLESS:
+                v.Assert(
+                    !item.Password.IsNullOrEmpty()
+                    && (Utils.IsGuidByParse(item.Password) || item.Password.Length <= 30),
+                    string.Format(ResUI.MsgInvalidProperty, "Password")
+                );
+                v.Assert(Global.Flows.Contains(protocolExtra.Flow ?? string.Empty),
+                    string.Format(ResUI.MsgInvalidProperty, "Flow"));
+                break;
+
+            case EConfigType.Shadowsocks:
+                v.Assert(!item.Password.IsNullOrEmpty(), string.Format(ResUI.MsgInvalidProperty, "Password"));
+                v.Assert(
+                    !string.IsNullOrEmpty(protocolExtra.SsMethod) &&
+                    Global.SsSecuritiesInSingbox.Contains(protocolExtra.SsMethod),
+                    string.Format(ResUI.MsgInvalidProperty, "SsMethod"));
+                break;
+        }
+
+        // TLS & Security
+        if (item.StreamSecurity == Global.StreamSecurity)
+        {
+            if (!item.Cert.IsNullOrEmpty() && CertPemManager.ParsePemChain(item.Cert).Count == 0 &&
+                !item.CertSha.IsNullOrEmpty())
+            {
+                v.Error(string.Format(ResUI.MsgInvalidProperty, "TLS Certificate"));
+            }
+        }
+
+        if (item.StreamSecurity == Global.StreamSecurityReality)
+        {
+            v.Assert(!item.PublicKey.IsNullOrEmpty(), string.Format(ResUI.MsgInvalidProperty, "PublicKey"));
+        }
+
+        if (item.Network == nameof(ETransport.xhttp) && !item.Extra.IsNullOrEmpty())
+        {
+            if (JsonUtils.ParseJson(item.Extra) is null)
+            {
+                v.Error(string.Format(ResUI.MsgInvalidProperty, "XHTTP Extra"));
+            }
+        }
+    }
+
+    private static string? ValidateSingboxTransport(EConfigType configType, string net)
+    {
+        // sing-box does not support xhttp / kcp transports
+        if (SingboxUnsupportedTransports.Contains(net))
+        {
+            return string.Format(ResUI.MsgCoreNotSupportNetwork, nameof(ECoreType.sing_box), net);
+        }
+
+        // sing-box does not support non-tcp transports for protocols other than vmess/trojan/vless/shadowsocks
+        if (!SingboxTransportSupportedProtocols.Contains(configType) && net != nameof(ETransport.tcp))
+        {
+            return string.Format(ResUI.MsgCoreNotSupportProtocolTransport,
+                nameof(ECoreType.sing_box), configType.ToString(), net);
+        }
+
+        // sing-box shadowsocks only supports tcp/ws/quic transports
+        if (configType == EConfigType.Shadowsocks && !SingboxShadowsocksAllowedTransports.Contains(net))
+        {
+            return string.Format(ResUI.MsgCoreNotSupportProtocolTransport,
+                nameof(ECoreType.sing_box), configType.ToString(), net);
+        }
+
+        return null;
+    }
+}
--- a/v2rayN/ServiceLib/Handler/ConfigHandler.cs
+++ b/v2rayN/ServiceLib/Handler/ConfigHandler.cs
--- a/v2rayN/ServiceLib/Handler/ConnectionHandler.cs
+++ b/v2rayN/ServiceLib/Handler/ConnectionHandler.cs
@@ -1,27 +1,26 @@
 namespace ServiceLib.Handler;

-public class ConnectionHandler
+public static class ConnectionHandler
 {
-    private static readonly Lazy<ConnectionHandler> _instance = new(() => new());
-    public static ConnectionHandler Instance => _instance.Value;
+    private static readonly string _tag = "ConnectionHandler";

-    public async Task<string> RunAvailabilityCheck()
+    public static async Task<string> RunAvailabilityCheck()
    {
-        var downloadHandle = new DownloadService();
-        var time = await downloadHandle.RunAvailabilityCheck(null);
-        var ip = time > 0 ? await GetIPInfo(downloadHandle) ?? Global.None : Global.None;
+        var time = await GetRealPingTimeInfo();
+        var ip = time > 0 ? await GetIPInfo() ?? Global.None : Global.None;

        return string.Format(ResUI.TestMeOutput, time, ip);
    }

-    private async Task<string?> GetIPInfo(DownloadService downloadHandle)
+    private static async Task<string?> GetIPInfo()
    {
-        var url = AppHandler.Instance.Config.SpeedTestItem.IPAPIUrl;
+        var url = AppManager.Instance.Config.SpeedTestItem.IPAPIUrl;
        if (url.IsNullOrEmpty())
        {
            return null;
        }

+        var downloadHandle = new DownloadService();
        var result = await downloadHandle.TryDownloadString(url, true, "");
        if (result == null)
        {
@@ -39,4 +38,61 @@ public class ConnectionHandler

        return $"({country ?? "unknown"}) {ip}";
    }
+
+    private static async Task<int> GetRealPingTimeInfo()
+    {
+        var responseTime = -1;
+        try
+        {
+            var port = AppManager.Instance.GetLocalPort(EInboundProtocol.socks);
+            var webProxy = new WebProxy($"socks5://{Global.Loopback}:{port}");
+            var url = AppManager.Instance.Config.SpeedTestItem.SpeedPingTestUrl;
+
+            for (var i = 0; i < 2; i++)
+            {
+                responseTime = await GetRealPingTime(url, webProxy, 10);
+                if (responseTime > 0)
+                {
+                    break;
+                }
+                await Task.Delay(500);
+            }
+        }
+        catch (Exception ex)
+        {
+            Logging.SaveLog(_tag, ex);
+            return -1;
+        }
+        return responseTime;
+    }
+
+    public static async Task<int> GetRealPingTime(string url, IWebProxy? webProxy, int downloadTimeout)
+    {
+        var responseTime = -1;
+        try
+        {
+            using var cts = new CancellationTokenSource();
+            cts.CancelAfter(TimeSpan.FromSeconds(downloadTimeout));
+            using var client = new HttpClient(new SocketsHttpHandler()
+            {
+                Proxy = webProxy,
+                UseProxy = webProxy != null
+            });
+
+            List<int> oneTime = new();
+            for (var i = 0; i < 2; i++)
+            {
+                var timer = Stopwatch.StartNew();
+                await client.GetAsync(url, cts.Token).ConfigureAwait(false);
+                timer.Stop();
+                oneTime.Add((int)timer.Elapsed.TotalMilliseconds);
+                await Task.Delay(100);
+            }
+            responseTime = oneTime.Where(x => x > 0).OrderBy(x => x).FirstOrDefault();
+        }
+        catch
+        {
+        }
+        return responseTime;
+    }
 }
--- a/v2rayN/ServiceLib/Handler/CoreAdminHandler.cs
+++ b/v2rayN/ServiceLib/Handler/CoreAdminHandler.cs
@@ -1,126 +0,0 @@
-using System.Diagnostics;
-using System.Text;
-using CliWrap;
-
-namespace ServiceLib.Handler;
-
-public class CoreAdminHandler
-{
-    private static readonly Lazy<CoreAdminHandler> _instance = new(() => new());
-    public static CoreAdminHandler Instance => _instance.Value;
-    private Config _config;
-    private Action<bool, string>? _updateFunc;
-    private int _linuxSudoPid = -1;
-
-    public async Task Init(Config config, Action<bool, string> updateFunc)
-    {
-        if (_config != null)
-        {
-            return;
-        }
-        _config = config;
-        _updateFunc = updateFunc;
-    }
-
-    private void UpdateFunc(bool notify, string msg)
-    {
-        _updateFunc?.Invoke(notify, msg);
-    }
-
-    public async Task<Process?> RunProcessAsLinuxSudo(string fileName, CoreInfo coreInfo, string configPath)
-    {
-        var cmdLine = $"{fileName.AppendQuotes()} {string.Format(coreInfo.Arguments, Utils.GetBinConfigPath(configPath).AppendQuotes())}";
-        var shFilePath = await CreateLinuxShellFile(cmdLine, "run_as_sudo.sh");
-
-        Process proc = new()
-        {
-            StartInfo = new()
-            {
-                FileName = shFilePath,
-                Arguments = "",
-                WorkingDirectory = Utils.GetBinConfigPath(),
-                UseShellExecute = false,
-                RedirectStandardInput = true,
-                RedirectStandardOutput = true,
-                RedirectStandardError = true,
-                CreateNoWindow = true,
-                StandardInputEncoding = Encoding.UTF8,
-                StandardOutputEncoding = Encoding.UTF8,
-                StandardErrorEncoding = Encoding.UTF8,
-            }
-        };
-
-        proc.OutputDataReceived += (sender, e) =>
-        {
-            if (e.Data.IsNotEmpty())
-            {
-                UpdateFunc(false, e.Data + Environment.NewLine);
-            }
-        };
-        proc.ErrorDataReceived += (sender, e) =>
-        {
-            if (e.Data.IsNotEmpty())
-            {
-                UpdateFunc(false, e.Data + Environment.NewLine);
-            }
-        };
-
-        proc.Start();
-        proc.BeginOutputReadLine();
-        proc.BeginErrorReadLine();
-
-        await Task.Delay(10);
-        await proc.StandardInput.WriteLineAsync();
-        await Task.Delay(10);
-        await proc.StandardInput.WriteLineAsync(AppHandler.Instance.LinuxSudoPwd);
-
-        await Task.Delay(100);
-        if (proc is null or { HasExited: true })
-        {
-            throw new Exception(ResUI.FailedToRunCore);
-        }
-
-        _linuxSudoPid = proc.Id;
-
-        return proc;
-    }
-
-    public async Task KillProcessAsLinuxSudo()
-    {
-        if (_linuxSudoPid < 0)
-        {
-            return;
-        }
-
-        var cmdLine = $"pkill -P {_linuxSudoPid} ; kill {_linuxSudoPid}";
-        var shFilePath = await CreateLinuxShellFile(cmdLine, "kill_as_sudo.sh");
-
-        await Cli.Wrap(shFilePath)
-           .WithStandardInputPipe(PipeSource.FromString(AppHandler.Instance.LinuxSudoPwd))
-           .ExecuteAsync();
-
-        _linuxSudoPid = -1;
-    }
-
-    private async Task<string> CreateLinuxShellFile(string cmdLine, string fileName)
-    {
-        var shFilePath = Utils.GetBinConfigPath(fileName);
-        File.Delete(shFilePath);
-
-        var sb = new StringBuilder();
-        sb.AppendLine("#!/bin/sh");
-        if (Utils.IsAdministrator())
-        {
-            sb.AppendLine($"{cmdLine}");
-        }
-        else
-        {
-            sb.AppendLine($"sudo -S {cmdLine}");
-        }
-
-        await File.WriteAllTextAsync(shFilePath, sb.ToString());
-        await Utils.SetLinuxChmod(shFilePath);
-
-        return shFilePath;
-    }
-}
--- a/v2rayN/ServiceLib/Handler/CoreConfigHandler.cs
+++ b/v2rayN/ServiceLib/Handler/CoreConfigHandler.cs
@@ -3,31 +3,31 @@ namespace ServiceLib.Handler;
 /// <summary>
 /// Core configuration file processing class
 /// </summary>
-public class CoreConfigHandler
+public static class CoreConfigHandler
 {
    private static readonly string _tag = "CoreConfigHandler";

-    public static async Task<RetResult> GenerateClientConfig(ProfileItem node, string? fileName)
+    public static async Task<RetResult> GenerateClientConfig(CoreConfigContext context, string? fileName)
    {
-        var config = AppHandler.Instance.Config;
+        var config = AppManager.Instance.Config;
        var result = new RetResult();
+        var node = context.Node;

        if (node.ConfigType == EConfigType.Custom)
        {
            result = node.CoreType switch
            {
                ECoreType.mihomo => await new CoreConfigClashService(config).GenerateClientCustomConfig(node, fileName),
-                ECoreType.sing_box => await new CoreConfigSingboxService(config).GenerateClientCustomConfig(node, fileName),
                _ => await GenerateClientCustomConfig(node, fileName)
            };
        }
-        else if (AppHandler.Instance.GetCoreType(node, node.ConfigType) == ECoreType.sing_box)
+        else if (AppManager.Instance.GetCoreType(node, node.ConfigType) == ECoreType.sing_box)
        {
-            result = await new CoreConfigSingboxService(config).GenerateClientConfigContent(node);
+            result = new CoreConfigSingboxService(context).GenerateClientConfigContent();
        }
        else
        {
-            result = await new CoreConfigV2rayService(config).GenerateClientConfigContent(node);
+            result = new CoreConfigV2rayService(context).GenerateClientConfigContent();
        }
        if (result.Success != true)
        {
@@ -58,7 +58,7 @@ public class CoreConfigHandler
                File.Delete(fileName);
            }

-            string addressFileName = node.Address;
+            var addressFileName = node.Address;
            if (!File.Exists(addressFileName))
            {
                addressFileName = Utils.GetConfigPath(addressFileName);
@@ -93,13 +93,29 @@ public class CoreConfigHandler
    public static async Task<RetResult> GenerateClientSpeedtestConfig(Config config, string fileName, List<ServerTestItem> selecteds, ECoreType coreType)
    {
        var result = new RetResult();
+        var dummyNode = new ProfileItem
+        {
+            CoreType = coreType
+        };
+        var builderResult = await CoreConfigContextBuilder.Build(config, dummyNode);
+        var context = builderResult.Context;
+        foreach (var testItem in selecteds)
+        {
+            var node = testItem.Profile;
+            var (actNode, _) = await CoreConfigContextBuilder.ResolveNodeAsync(context, node, true);
+            if (node.IndexId == actNode.IndexId)
+            {
+                continue;
+            }
+            context.ServerTestItemMap[node.IndexId] = actNode.IndexId;
+        }
        if (coreType == ECoreType.sing_box)
        {
-            result = await new CoreConfigSingboxService(config).GenerateClientSpeedtestConfig(selecteds);
+            result = new CoreConfigSingboxService(context).GenerateClientSpeedtestConfig(selecteds);
        }
        else if (coreType == ECoreType.Xray)
        {
-            result = await new CoreConfigV2rayService(config).GenerateClientSpeedtestConfig(selecteds);
+            result = new CoreConfigV2rayService(context).GenerateClientSpeedtestConfig(selecteds);
        }
        if (result.Success != true)
        {
@@ -109,20 +125,21 @@ public class CoreConfigHandler
        return result;
    }

-    public static async Task<RetResult> GenerateClientSpeedtestConfig(Config config, ProfileItem node, ServerTestItem testItem, string fileName)
+    public static async Task<RetResult> GenerateClientSpeedtestConfig(Config config, CoreConfigContext context, ServerTestItem testItem, string fileName)
    {
        var result = new RetResult();
-        var initPort = AppHandler.Instance.GetLocalPort(EInboundProtocol.speedtest);
+        var node = context.Node;
+        var initPort = AppManager.Instance.GetLocalPort(EInboundProtocol.speedtest);
        var port = Utils.GetFreePort(initPort + testItem.QueueNum);
        testItem.Port = port;

-        if (AppHandler.Instance.GetCoreType(node, node.ConfigType) == ECoreType.sing_box)
+        if (AppManager.Instance.GetCoreType(node, node.ConfigType) == ECoreType.sing_box)
        {
-            result = await new CoreConfigSingboxService(config).GenerateClientSpeedtestConfig(node, port);
+            result = new CoreConfigSingboxService(context).GenerateClientSpeedtestConfig(port);
        }
        else
        {
-            result = await new CoreConfigV2rayService(config).GenerateClientSpeedtestConfig(node, port);
+            result = new CoreConfigV2rayService(context).GenerateClientSpeedtestConfig(port);
        }
        if (result.Success != true)
        {
@@ -132,24 +149,4 @@ public class CoreConfigHandler
        await File.WriteAllTextAsync(fileName, result.Data.ToString());
        return result;
    }
-
-    public static async Task<RetResult> GenerateClientMultipleLoadConfig(Config config, string fileName, List<ProfileItem> selecteds, ECoreType coreType, EMultipleLoad multipleLoad)
-    {
-        var result = new RetResult();
-        if (coreType == ECoreType.sing_box)
-        {
-            result = await new CoreConfigSingboxService(config).GenerateClientMultipleLoadConfig(selecteds);
-        }
-        else
-        {
-            result = await new CoreConfigV2rayService(config).GenerateClientMultipleLoadConfig(selecteds, multipleLoad);
-        }
-
-        if (result.Success != true)
-        {
-            return result;
-        }
-        await File.WriteAllTextAsync(fileName, result.Data.ToString());
-        return result;
-    }
 }
--- a/v2rayN/ServiceLib/Handler/CoreHandler.cs
+++ b/v2rayN/ServiceLib/Handler/CoreHandler.cs
@@ -1,316 +0,0 @@
-using System.Diagnostics;
-using System.Text;
-
-namespace ServiceLib.Handler;
-
-/// <summary>
-/// Core process processing class
-/// </summary>
-public class CoreHandler
-{
-    private static readonly Lazy<CoreHandler> _instance = new(() => new());
-    public static CoreHandler Instance => _instance.Value;
-    private Config _config;
-    private Process? _process;
-    private Process? _processPre;
-    private bool _linuxSudo = false;
-    private Action<bool, string>? _updateFunc;
-    private const string _tag = "CoreHandler";
-
-    public async Task Init(Config config, Action<bool, string> updateFunc)
-    {
-        _config = config;
-        _updateFunc = updateFunc;
-
-        Environment.SetEnvironmentVariable(Global.V2RayLocalAsset, Utils.GetBinPath(""), EnvironmentVariableTarget.Process);
-        Environment.SetEnvironmentVariable(Global.XrayLocalAsset, Utils.GetBinPath(""), EnvironmentVariableTarget.Process);
-        Environment.SetEnvironmentVariable(Global.XrayLocalCert, Utils.GetBinPath(""), EnvironmentVariableTarget.Process);
-
-        //Copy the bin folder to the storage location (for init)
-        if (Environment.GetEnvironmentVariable(Global.LocalAppData) == "1")
-        {
-            var fromPath = Utils.GetBaseDirectory("bin");
-            var toPath = Utils.GetBinPath("");
-            if (fromPath != toPath)
-            {
-                FileManager.CopyDirectory(fromPath, toPath, true, false);
-            }
-        }
-
-        if (Utils.IsNonWindows())
-        {
-            var coreInfo = CoreInfoHandler.Instance.GetCoreInfo();
-            foreach (var it in coreInfo)
-            {
-                if (it.CoreType == ECoreType.v2rayN)
-                {
-                    if (Utils.UpgradeAppExists(out var upgradeFileName))
-                    {
-                        await Utils.SetLinuxChmod(upgradeFileName);
-                    }
-                    continue;
-                }
-
-                foreach (var name in it.CoreExes)
-                {
-                    var exe = Utils.GetBinPath(Utils.GetExeName(name), it.CoreType.ToString());
-                    if (File.Exists(exe))
-                    {
-                        await Utils.SetLinuxChmod(exe);
-                    }
-                }
-            }
-        }
-    }
-
-    public async Task LoadCore(ProfileItem? node)
-    {
-        if (node == null)
-        {
-            UpdateFunc(false, ResUI.CheckServerSettings);
-            return;
-        }
-
-        var fileName = Utils.GetBinConfigPath(Global.CoreConfigFileName);
-        var result = await CoreConfigHandler.GenerateClientConfig(node, fileName);
-        if (result.Success != true)
-        {
-            UpdateFunc(true, result.Msg);
-            return;
-        }
-
-        UpdateFunc(false, $"{node.GetSummary()}");
-        UpdateFunc(false, $"{Utils.GetRuntimeInfo()}");
-        UpdateFunc(false, string.Format(ResUI.StartService, DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss")));
-        await CoreStop();
-        await Task.Delay(100);
-
-        if (Utils.IsWindows() && _config.TunModeItem.EnableTun)
-        {
-            await Task.Delay(100);
-            await WindowsUtils.RemoveTunDevice();
-        }
-
-        await CoreStart(node);
-        await CoreStartPreService(node);
-        if (_process != null)
-        {
-            UpdateFunc(true, $"{node.GetSummary()}");
-        }
-    }
-
-    public async Task<int> LoadCoreConfigSpeedtest(List<ServerTestItem> selecteds)
-    {
-        var coreType = selecteds.Exists(t => t.ConfigType is EConfigType.Hysteria2 or EConfigType.TUIC) ? ECoreType.sing_box : ECoreType.Xray;
-        var fileName = string.Format(Global.CoreSpeedtestConfigFileName, Utils.GetGuid(false));
-        var configPath = Utils.GetBinConfigPath(fileName);
-        var result = await CoreConfigHandler.GenerateClientSpeedtestConfig(_config, configPath, selecteds, coreType);
-        UpdateFunc(false, result.Msg);
-        if (result.Success != true)
-        {
-            return -1;
-        }
-
-        UpdateFunc(false, string.Format(ResUI.StartService, DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss")));
-        UpdateFunc(false, configPath);
-
-        var coreInfo = CoreInfoHandler.Instance.GetCoreInfo(coreType);
-        var proc = await RunProcess(coreInfo, fileName, true, false);
-        if (proc is null)
-        {
-            return -1;
-        }
-
-        return proc.Id;
-    }
-
-    public async Task<int> LoadCoreConfigSpeedtest(ServerTestItem testItem)
-    {
-        var node = await AppHandler.Instance.GetProfileItem(testItem.IndexId);
-        if (node is null)
-        {
-            return -1;
-        }
-
-        var fileName = string.Format(Global.CoreSpeedtestConfigFileName, Utils.GetGuid(false));
-        var configPath = Utils.GetBinConfigPath(fileName);
-        var result = await CoreConfigHandler.GenerateClientSpeedtestConfig(_config, node, testItem, configPath);
-        if (result.Success != true)
-        {
-            return -1;
-        }
-
-        var coreType = AppHandler.Instance.GetCoreType(node, node.ConfigType);
-        var coreInfo = CoreInfoHandler.Instance.GetCoreInfo(coreType);
-        var proc = await RunProcess(coreInfo, fileName, true, false);
-        if (proc is null)
-        {
-            return -1;
-        }
-
-        return proc.Id;
-    }
-
-    public async Task CoreStop()
-    {
-        try
-        {
-            if (_linuxSudo)
-            {
-                await CoreAdminHandler.Instance.KillProcessAsLinuxSudo();
-                _linuxSudo = false;
-            }
-
-            if (_process != null)
-            {
-                await ProcUtils.ProcessKill(_process, Utils.IsWindows());
-                _process = null;
-            }
-
-            if (_processPre != null)
-            {
-                await ProcUtils.ProcessKill(_processPre, Utils.IsWindows());
-                _processPre = null;
-            }
-        }
-        catch (Exception ex)
-        {
-            Logging.SaveLog(_tag, ex);
-        }
-    }
-
-    #region Private
-
-    private async Task CoreStart(ProfileItem node)
-    {
-        var coreType = _config.RunningCoreType = AppHandler.Instance.GetCoreType(node, node.ConfigType);
-        var coreInfo = CoreInfoHandler.Instance.GetCoreInfo(coreType);
-
-        var displayLog = node.ConfigType != EConfigType.Custom || node.DisplayLog;
-        var proc = await RunProcess(coreInfo, Global.CoreConfigFileName, displayLog, true);
-        if (proc is null)
-        {
-            return;
-        }
-        _process = proc;
-    }
-
-    private async Task CoreStartPreService(ProfileItem node)
-    {
-        if (_process != null && !_process.HasExited)
-        {
-            var coreType = AppHandler.Instance.GetCoreType(node, node.ConfigType);
-            var itemSocks = await ConfigHandler.GetPreSocksItem(_config, node, coreType);
-            if (itemSocks != null)
-            {
-                var preCoreType = itemSocks.CoreType ?? ECoreType.sing_box;
-                var fileName = Utils.GetBinConfigPath(Global.CorePreConfigFileName);
-                var result = await CoreConfigHandler.GenerateClientConfig(itemSocks, fileName);
-                if (result.Success)
-                {
-                    var coreInfo = CoreInfoHandler.Instance.GetCoreInfo(preCoreType);
-                    var proc = await RunProcess(coreInfo, Global.CorePreConfigFileName, true, true);
-                    if (proc is null)
-                    {
-                        return;
-                    }
-                    _processPre = proc;
-                }
-            }
-        }
-    }
-
-    private void UpdateFunc(bool notify, string msg)
-    {
-        _updateFunc?.Invoke(notify, msg);
-    }
-
-    #endregion Private
-
-    #region Process
-
-    private async Task<Process?> RunProcess(CoreInfo? coreInfo, string configPath, bool displayLog, bool mayNeedSudo)
-    {
-        var fileName = CoreInfoHandler.Instance.GetCoreExecFile(coreInfo, out var msg);
-        if (fileName.IsNullOrEmpty())
-        {
-            UpdateFunc(false, msg);
-            return null;
-        }
-
-        try
-        {
-            if (mayNeedSudo
-                && _config.TunModeItem.EnableTun
-                && coreInfo.CoreType == ECoreType.sing_box
-                && Utils.IsNonWindows())
-            {
-                _linuxSudo = true;
-                await CoreAdminHandler.Instance.Init(_config, _updateFunc);
-                return await CoreAdminHandler.Instance.RunProcessAsLinuxSudo(fileName, coreInfo, configPath);
-            }
-
-            return await RunProcessNormal(fileName, coreInfo, configPath, displayLog);
-        }
-        catch (Exception ex)
-        {
-            Logging.SaveLog(_tag, ex);
-            UpdateFunc(mayNeedSudo, ex.Message);
-            return null;
-        }
-    }
-
-    private async Task<Process?> RunProcessNormal(string fileName, CoreInfo? coreInfo, string configPath, bool displayLog)
-    {
-        Process proc = new()
-        {
-            StartInfo = new()
-            {
-                FileName = fileName,
-                Arguments = string.Format(coreInfo.Arguments, coreInfo.AbsolutePath ? Utils.GetBinConfigPath(configPath).AppendQuotes() : configPath),
-                WorkingDirectory = Utils.GetBinConfigPath(),
-                UseShellExecute = false,
-                RedirectStandardOutput = displayLog,
-                RedirectStandardError = displayLog,
-                CreateNoWindow = true,
-                StandardOutputEncoding = displayLog ? Encoding.UTF8 : null,
-                StandardErrorEncoding = displayLog ? Encoding.UTF8 : null,
-            }
-        };
-
-        if (displayLog)
-        {
-            proc.OutputDataReceived += (sender, e) =>
-            {
-                if (e.Data.IsNotEmpty())
-                {
-                    UpdateFunc(false, e.Data + Environment.NewLine);
-                }
-            };
-            proc.ErrorDataReceived += (sender, e) =>
-            {
-                if (e.Data.IsNotEmpty())
-                {
-                    UpdateFunc(false, e.Data + Environment.NewLine);
-                }
-            };
-        }
-        proc.Start();
-
-        if (displayLog)
-        {
-            proc.BeginOutputReadLine();
-            proc.BeginErrorReadLine();
-        }
-
-        await Task.Delay(100);
-        AppHandler.Instance.AddProcess(proc.Handle);
-        if (proc is null or { HasExited: true })
-        {
-            throw new Exception(ResUI.FailedToRunCore);
-        }
-        return proc;
-    }
-
-    #endregion Process
-}
--- a/v2rayN/ServiceLib/Handler/Fmt/AnytlsFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/AnytlsFmt.cs
@@ -0,0 +1,48 @@
+namespace ServiceLib.Handler.Fmt;
+
+public class AnytlsFmt : BaseFmt
+{
+    public static ProfileItem? Resolve(string str, out string msg)
+    {
+        msg = ResUI.ConfigurationFormatIncorrect;
+
+        var parsedUrl = Utils.TryUri(str);
+        if (parsedUrl == null)
+        {
+            return null;
+        }
+
+        ProfileItem item = new()
+        {
+            ConfigType = EConfigType.Anytls,
+            Remarks = parsedUrl.GetComponents(UriComponents.Fragment, UriFormat.Unescaped),
+            Address = parsedUrl.IdnHost,
+            Port = parsedUrl.Port,
+        };
+        var rawUserInfo = Utils.UrlDecode(parsedUrl.UserInfo);
+        item.Password = rawUserInfo;
+
+        var query = Utils.ParseQueryString(parsedUrl.Query);
+        ResolveUriQuery(query, ref item);
+
+        return item;
+    }
+
+    public static string? ToUri(ProfileItem? item)
+    {
+        if (item == null)
+        {
+            return null;
+        }
+        var remark = string.Empty;
+        if (item.Remarks.IsNotEmpty())
+        {
+            remark = "#" + Utils.UrlEncode(item.Remarks);
+        }
+        var pw = item.Password;
+        var dicQuery = new Dictionary<string, string>();
+        ToUriQuery(item, Global.None, ref dicQuery);
+
+        return ToUri(EConfigType.Anytls, item.Address, item.Port, pw, dicQuery, remark);
+    }
+}
--- a/v2rayN/ServiceLib/Handler/Fmt/BaseFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/BaseFmt.cs
@@ -4,6 +4,8 @@ namespace ServiceLib.Handler.Fmt;

 public class BaseFmt
 {
+    private static readonly string[] _allowInsecureArray = new[] { "insecure", "allowInsecure", "allow_insecure" };
+
    protected static string GetIpv6(string address)
    {
        if (Utils.IsIpv6(address))
@@ -17,13 +19,8 @@ public class BaseFmt
        }
    }

-    protected static int GetStdTransport(ProfileItem item, string? securityDef, ref Dictionary<string, string> dicQuery)
+    protected static int ToUriQuery(ProfileItem item, string? securityDef, ref Dictionary<string, string> dicQuery)
    {
-        if (item.Flow.IsNotEmpty())
-        {
-            dicQuery.Add("flow", item.Flow);
-        }
-
        if (item.StreamSecurity.IsNotEmpty())
        {
            dicQuery.Add("security", item.StreamSecurity);
@@ -37,11 +34,7 @@ public class BaseFmt
        }
        if (item.Sni.IsNotEmpty())
        {
-            dicQuery.Add("sni", item.Sni);
-        }
-        if (item.Alpn.IsNotEmpty())
-        {
-            dicQuery.Add("alpn", Utils.UrlEncode(item.Alpn));
+            dicQuery.Add("sni", Utils.UrlEncode(item.Sni));
        }
        if (item.Fingerprint.IsNotEmpty())
        {
@@ -59,9 +52,39 @@ public class BaseFmt
        {
            dicQuery.Add("spx", Utils.UrlEncode(item.SpiderX));
        }
-        if (item.AllowInsecure.Equals("true"))
+        if (item.Mldsa65Verify.IsNotEmpty())
        {
-            dicQuery.Add("allowInsecure", "1");
+            dicQuery.Add("pqv", Utils.UrlEncode(item.Mldsa65Verify));
+        }
+
+        if (item.StreamSecurity.Equals(Global.StreamSecurity))
+        {
+            if (item.Alpn.IsNotEmpty())
+            {
+                dicQuery.Add("alpn", Utils.UrlEncode(item.Alpn));
+            }
+            ToUriQueryAllowInsecure(item, ref dicQuery);
+        }
+        if (item.EchConfigList.IsNotEmpty())
+        {
+            dicQuery.Add("ech", Utils.UrlEncode(item.EchConfigList));
+        }
+        if (item.CertSha.IsNotEmpty())
+        {
+            dicQuery.Add("pcs", Utils.UrlEncode(item.CertSha));
+        }
+        if (item.Finalmask.IsNotEmpty())
+        {
+            var node = JsonUtils.ParseJson(item.Finalmask);
+            var finalmask = node != null
+                ? JsonUtils.Serialize(node, new JsonSerializerOptions
+                {
+                    WriteIndented = false,
+                    DefaultIgnoreCondition = JsonIgnoreCondition.Never,
+                    Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
+                })
+                : item.Finalmask;
+            dicQuery.Add("fm", Utils.UrlEncode(finalmask));
        }

        dicQuery.Add("type", item.Network.IsNotEmpty() ? item.Network : nameof(ETransport.tcp));
@@ -111,7 +134,16 @@ public class BaseFmt
                }
                if (item.Extra.IsNotEmpty())
                {
-                    dicQuery.Add("extra", Utils.UrlEncode(item.Extra));
+                    var node = JsonUtils.ParseJson(item.Extra);
+                    var extra = node != null
+                        ? JsonUtils.Serialize(node, new JsonSerializerOptions
+                        {
+                            WriteIndented = false,
+                            DefaultIgnoreCondition = JsonIgnoreCondition.Never,
+                            Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
+                        })
+                        : item.Extra;
+                    dicQuery.Add("extra", Utils.UrlEncode(extra));
                }
                break;

@@ -149,62 +181,140 @@ public class BaseFmt
        return 0;
    }

-    protected static int ResolveStdTransport(NameValueCollection query, ref ProfileItem item)
+    protected static int ToUriQueryLite(ProfileItem item, ref Dictionary<string, string> dicQuery)
    {
-        item.Flow = query["flow"] ?? "";
-        item.StreamSecurity = query["security"] ?? "";
-        item.Sni = query["sni"] ?? "";
-        item.Alpn = Utils.UrlDecode(query["alpn"] ?? "");
-        item.Fingerprint = Utils.UrlDecode(query["fp"] ?? "");
-        item.PublicKey = Utils.UrlDecode(query["pbk"] ?? "");
-        item.ShortId = Utils.UrlDecode(query["sid"] ?? "");
-        item.SpiderX = Utils.UrlDecode(query["spx"] ?? "");
-        item.AllowInsecure = (query["allowInsecure"] ?? "") == "1" ? "true" : "";
+        if (item.Sni.IsNotEmpty())
+        {
+            dicQuery.Add("sni", Utils.UrlEncode(item.Sni));
+        }
+        if (item.Alpn.IsNotEmpty())
+        {
+            dicQuery.Add("alpn", Utils.UrlEncode(item.Alpn));
+        }

-        item.Network = query["type"] ?? nameof(ETransport.tcp);
+        ToUriQueryAllowInsecure(item, ref dicQuery);
+
+        return 0;
+    }
+
+    private static int ToUriQueryAllowInsecure(ProfileItem item, ref Dictionary<string, string> dicQuery)
+    {
+        if (item.AllowInsecure.Equals(Global.AllowInsecure.First()))
+        {
+            // Add two for compatibility
+            dicQuery.Add("insecure", "1");
+            dicQuery.Add("allowInsecure", "1");
+        }
+        else
+        {
+            dicQuery.Add("insecure", "0");
+            dicQuery.Add("allowInsecure", "0");
+        }
+
+        return 0;
+    }
+
+    protected static int ResolveUriQuery(NameValueCollection query, ref ProfileItem item)
+    {
+        item.StreamSecurity = GetQueryValue(query, "security");
+        item.Sni = GetQueryValue(query, "sni");
+        item.Alpn = GetQueryDecoded(query, "alpn");
+        item.Fingerprint = GetQueryDecoded(query, "fp");
+        item.PublicKey = GetQueryDecoded(query, "pbk");
+        item.ShortId = GetQueryDecoded(query, "sid");
+        item.SpiderX = GetQueryDecoded(query, "spx");
+        item.Mldsa65Verify = GetQueryDecoded(query, "pqv");
+        item.EchConfigList = GetQueryDecoded(query, "ech");
+        item.CertSha = GetQueryDecoded(query, "pcs");
+
+        var finalmaskDecoded = GetQueryDecoded(query, "fm");
+        if (finalmaskDecoded.IsNotEmpty())
+        {
+            var node = JsonUtils.ParseJson(finalmaskDecoded);
+            item.Finalmask = node != null
+                ? JsonUtils.Serialize(node, new JsonSerializerOptions
+                {
+                    WriteIndented = true,
+                    DefaultIgnoreCondition = JsonIgnoreCondition.Never,
+                    Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
+                })
+                : finalmaskDecoded;
+        }
+        else
+        {
+            item.Finalmask = string.Empty;
+        }
+
+        if (_allowInsecureArray.Any(k => GetQueryDecoded(query, k) == "1"))
+        {
+            item.AllowInsecure = Global.AllowInsecure.First();
+        }
+        else if (_allowInsecureArray.Any(k => GetQueryDecoded(query, k) == "0"))
+        {
+            item.AllowInsecure = Global.AllowInsecure.Skip(1).First();
+        }
+        else
+        {
+            item.AllowInsecure = string.Empty;
+        }
+
+        item.Network = GetQueryValue(query, "type", nameof(ETransport.tcp));
        switch (item.Network)
        {
            case nameof(ETransport.tcp):
-                item.HeaderType = query["headerType"] ?? Global.None;
-                item.RequestHost = Utils.UrlDecode(query["host"] ?? "");
-
+                item.HeaderType = GetQueryValue(query, "headerType", Global.None);
+                item.RequestHost = GetQueryDecoded(query, "host");
                break;

            case nameof(ETransport.kcp):
-                item.HeaderType = query["headerType"] ?? Global.None;
-                item.Path = Utils.UrlDecode(query["seed"] ?? "");
+                item.HeaderType = GetQueryValue(query, "headerType", Global.None);
+                item.Path = GetQueryDecoded(query, "seed");
                break;

            case nameof(ETransport.ws):
            case nameof(ETransport.httpupgrade):
-                item.RequestHost = Utils.UrlDecode(query["host"] ?? "");
-                item.Path = Utils.UrlDecode(query["path"] ?? "/");
+                item.RequestHost = GetQueryDecoded(query, "host");
+                item.Path = GetQueryDecoded(query, "path", "/");
                break;

            case nameof(ETransport.xhttp):
-                item.RequestHost = Utils.UrlDecode(query["host"] ?? "");
-                item.Path = Utils.UrlDecode(query["path"] ?? "/");
-                item.HeaderType = Utils.UrlDecode(query["mode"] ?? "");
-                item.Extra = Utils.UrlDecode(query["extra"] ?? "");
+                item.RequestHost = GetQueryDecoded(query, "host");
+                item.Path = GetQueryDecoded(query, "path", "/");
+                item.HeaderType = GetQueryDecoded(query, "mode");
+                var extraDecoded = GetQueryDecoded(query, "extra");
+                if (extraDecoded.IsNotEmpty())
+                {
+                    var node = JsonUtils.ParseJson(extraDecoded);
+                    if (node != null)
+                    {
+                        extraDecoded = JsonUtils.Serialize(node, new JsonSerializerOptions
+                        {
+                            WriteIndented = true,
+                            DefaultIgnoreCondition = JsonIgnoreCondition.Never,
+                            Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
+                        });
+                    }
+                }
+                item.Extra = extraDecoded;
                break;

            case nameof(ETransport.http):
            case nameof(ETransport.h2):
                item.Network = nameof(ETransport.h2);
-                item.RequestHost = Utils.UrlDecode(query["host"] ?? "");
-                item.Path = Utils.UrlDecode(query["path"] ?? "/");
+                item.RequestHost = GetQueryDecoded(query, "host");
+                item.Path = GetQueryDecoded(query, "path", "/");
                break;

            case nameof(ETransport.quic):
-                item.HeaderType = query["headerType"] ?? Global.None;
-                item.RequestHost = query["quicSecurity"] ?? Global.None;
-                item.Path = Utils.UrlDecode(query["key"] ?? "");
+                item.HeaderType = GetQueryValue(query, "headerType", Global.None);
+                item.RequestHost = GetQueryValue(query, "quicSecurity", Global.None);
+                item.Path = GetQueryDecoded(query, "key");
                break;

            case nameof(ETransport.grpc):
-                item.RequestHost = Utils.UrlDecode(query["authority"] ?? "");
-                item.Path = Utils.UrlDecode(query["serviceName"] ?? "");
-                item.HeaderType = Utils.UrlDecode(query["mode"] ?? Global.GrpcGunMode);
+                item.RequestHost = GetQueryDecoded(query, "authority");
+                item.Path = GetQueryDecoded(query, "serviceName");
+                item.HeaderType = GetQueryDecoded(query, "mode", Global.GrpcGunMode);
                break;

            default:
@@ -215,14 +325,7 @@ public class BaseFmt

    protected static bool Contains(string str, params string[] s)
    {
-        foreach (var item in s)
-        {
-            if (str.Contains(item, StringComparison.OrdinalIgnoreCase))
-            {
-                return true;
-            }
-        }
-        return false;
+        return s.All(item => str.Contains(item, StringComparison.OrdinalIgnoreCase));
    }

    protected static string WriteAllText(string strData, string ext = "json")
@@ -241,4 +344,14 @@ public class BaseFmt
        var url = $"{Utils.UrlEncode(userInfo)}@{GetIpv6(address)}:{port}";
        return $"{Global.ProtocolShares[eConfigType]}{url}{query}{remark}";
    }
+
+    protected static string GetQueryValue(NameValueCollection query, string key, string defaultValue = "")
+    {
+        return query[key] ?? defaultValue;
+    }
+
+    protected static string GetQueryDecoded(NameValueCollection query, string key, string defaultValue = "")
+    {
+        return Utils.UrlDecode(GetQueryValue(query, key, defaultValue));
+    }
 }
--- a/v2rayN/ServiceLib/Handler/Fmt/ClashFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/ClashFmt.cs
@@ -4,7 +4,7 @@ public class ClashFmt : BaseFmt
 {
    public static ProfileItem? ResolveFull(string strData, string? subRemarks)
    {
-        if (Contains(strData, "port", "socks-port", "proxies"))
+        if (Contains(strData, "rules", "-port", "proxies"))
        {
            var fileName = WriteAllText(strData, "yaml");

--- a/v2rayN/ServiceLib/Handler/Fmt/FmtHandler.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/FmtHandler.cs
@@ -18,6 +18,7 @@ public class FmtHandler
                EConfigType.Hysteria2 => Hysteria2Fmt.ToUri(item),
                EConfigType.TUIC => TuicFmt.ToUri(item),
                EConfigType.WireGuard => WireguardFmt.ToUri(item),
+                EConfigType.Anytls => AnytlsFmt.ToUri(item),
                _ => null,
            };

@@ -26,7 +27,7 @@ public class FmtHandler
        catch (Exception ex)
        {
            Logging.SaveLog(_tag, ex);
-            return "";
+            return string.Empty;
        }
    }

@@ -36,7 +37,7 @@ public class FmtHandler

        try
        {
-            string str = config.TrimEx();
+            var str = config.TrimEx();
            if (str.IsNullOrEmpty())
            {
                msg = ResUI.FailedReadConfiguration;
@@ -75,6 +76,10 @@ public class FmtHandler
            {
                return WireguardFmt.Resolve(str, out msg);
            }
+            else if (str.StartsWith(Global.ProtocolShares[EConfigType.Anytls]))
+            {
+                return AnytlsFmt.Resolve(str, out msg);
+            }
            else
            {
                msg = ResUI.NonvmessOrssProtocol;
--- a/v2rayN/ServiceLib/Handler/Fmt/HtmlPageFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/HtmlPageFmt.cs
@@ -0,0 +1,9 @@
+namespace ServiceLib.Handler.Fmt;
+
+public class HtmlPageFmt : BaseFmt
+{
+    public static bool IsHtmlPage(string strData)
+    {
+        return Contains(strData, "<html", "<!doctype html", "<head");
+    }
+}
--- a/v2rayN/ServiceLib/Handler/Fmt/Hysteria2Fmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/Hysteria2Fmt.cs
@@ -12,19 +12,26 @@ public class Hysteria2Fmt : BaseFmt

        var url = Utils.TryUri(str);
        if (url == null)
+        {
            return null;
+        }

        item.Address = url.IdnHost;
        item.Port = url.Port;
        item.Remarks = url.GetComponents(UriComponents.Fragment, UriFormat.Unescaped);
-        item.Id = Utils.UrlDecode(url.UserInfo);
+        item.Password = Utils.UrlDecode(url.UserInfo);

        var query = Utils.ParseQueryString(url.Query);
-        ResolveStdTransport(query, ref item);
-        item.Path = Utils.UrlDecode(query["obfs-password"] ?? "");
-        item.AllowInsecure = (query["insecure"] ?? "") == "1" ? "true" : "false";
-
-        item.Ports = Utils.UrlDecode(query["mport"] ?? "").Replace('-', ':');
+        ResolveUriQuery(query, ref item);
+        if (item.CertSha.IsNullOrEmpty())
+        {
+            item.CertSha = GetQueryDecoded(query, "pinSHA256");
+        }
+        item.SetProtocolExtra(item.GetProtocolExtra() with
+        {
+            Ports = GetQueryDecoded(query, "mport"),
+            SalamanderPass = GetQueryDecoded(query, "obfs-password"),
+        });

        return item;
    }
@@ -32,53 +39,42 @@ public class Hysteria2Fmt : BaseFmt
    public static string? ToUri(ProfileItem? item)
    {
        if (item == null)
+        {
            return null;
-        string url = string.Empty;
+        }

-        string remark = string.Empty;
+        var url = string.Empty;
+
+        var remark = string.Empty;
        if (item.Remarks.IsNotEmpty())
        {
            remark = "#" + Utils.UrlEncode(item.Remarks);
        }
        var dicQuery = new Dictionary<string, string>();
-        if (item.Sni.IsNotEmpty())
-        {
-            dicQuery.Add("sni", item.Sni);
-        }
-        if (item.Alpn.IsNotEmpty())
-        {
-            dicQuery.Add("alpn", Utils.UrlEncode(item.Alpn));
-        }
-        if (item.Path.IsNotEmpty())
+        ToUriQueryLite(item, ref dicQuery);
+        var protocolExtraItem = item.GetProtocolExtra();
+
+        if (!protocolExtraItem.SalamanderPass.IsNullOrEmpty())
        {
            dicQuery.Add("obfs", "salamander");
-            dicQuery.Add("obfs-password", Utils.UrlEncode(item.Path));
+            dicQuery.Add("obfs-password", Utils.UrlEncode(protocolExtraItem.SalamanderPass));
        }
-        dicQuery.Add("insecure", item.AllowInsecure.ToLower() == "true" ? "1" : "0");
-        if (item.Ports.IsNotEmpty())
+        if (!protocolExtraItem.Ports.IsNullOrEmpty())
        {
-            dicQuery.Add("mport", Utils.UrlEncode(item.Ports.Replace(':', '-')));
+            dicQuery.Add("mport", Utils.UrlEncode(protocolExtraItem.Ports.Replace(':', '-')));
        }
-
-        return ToUri(EConfigType.Hysteria2, item.Address, item.Port, item.Id, dicQuery, remark);
-    }
-
-    public static ProfileItem? ResolveFull(string strData, string? subRemarks)
-    {
-        if (Contains(strData, "server", "up", "down", "listen", "<html>", "<body>"))
+        if (!item.CertSha.IsNullOrEmpty())
        {
-            var fileName = WriteAllText(strData);
-
-            var profileItem = new ProfileItem
+            var sha = item.CertSha;
+            var idx = sha.IndexOf(',');
+            if (idx > 0)
            {
-                CoreType = ECoreType.hysteria,
-                Address = fileName,
-                Remarks = subRemarks ?? "hysteria_custom"
-            };
-            return profileItem;
+                sha = sha[..idx];
+            }
+            dicQuery.Add("pinSHA256", Utils.UrlEncode(sha));
        }

-        return null;
+        return ToUri(EConfigType.Hysteria2, item.Address, item.Port, item.Password, dicQuery, remark);
    }

    public static ProfileItem? ResolveFull2(string strData, string? subRemarks)
--- a/v2rayN/ServiceLib/Handler/Fmt/NaiveproxyFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/NaiveproxyFmt.cs
@@ -1,22 +0,0 @@
-namespace ServiceLib.Handler.Fmt;
-
-public class NaiveproxyFmt : BaseFmt
-{
-    public static ProfileItem? ResolveFull(string strData, string? subRemarks)
-    {
-        if (Contains(strData, "listen", "proxy", "<html>", "<body>"))
-        {
-            var fileName = WriteAllText(strData);
-
-            var profileItem = new ProfileItem
-            {
-                CoreType = ECoreType.naiveproxy,
-                Address = fileName,
-                Remarks = subRemarks ?? "naiveproxy_custom"
-            };
-            return profileItem;
-        }
-
-        return null;
-    }
-}
--- a/v2rayN/ServiceLib/Handler/Fmt/ShadowsocksFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/ShadowsocksFmt.cs
@@ -1,5 +1,3 @@
-using System.Text.RegularExpressions;
-
 namespace ServiceLib.Handler.Fmt;

 public class ShadowsocksFmt : BaseFmt
@@ -14,7 +12,8 @@ public class ShadowsocksFmt : BaseFmt
        {
            return null;
        }
-        if (item.Address.Length == 0 || item.Port == 0 || item.Security.Length == 0 || item.Id.Length == 0)
+
+        if (item.Address.Length == 0 || item.Port == 0 || item.GetProtocolExtra().SsMethod.IsNullOrEmpty() || item.Password.Length == 0)
        {
            return null;
        }
@@ -42,8 +41,69 @@ public class ShadowsocksFmt : BaseFmt
        //    item.port);
        //url = Utile.Base64Encode(url);
        //new Sip002
-        var pw = Utils.Base64Encode($"{item.Security}:{item.Id}");
-        return ToUri(EConfigType.Shadowsocks, item.Address, item.Port, pw, null, remark);
+        var pw = Utils.Base64Encode($"{item.GetProtocolExtra().SsMethod}:{item.Password}", true);
+
+        // plugin
+        var plugin = string.Empty;
+        var pluginArgs = string.Empty;
+
+        if (item.Network == nameof(ETransport.tcp) && item.HeaderType == Global.TcpHeaderHttp)
+        {
+            plugin = "obfs-local";
+            pluginArgs = $"obfs=http;obfs-host={item.RequestHost};";
+        }
+        else
+        {
+            if (item.Network == nameof(ETransport.ws))
+            {
+                pluginArgs += "mode=websocket;";
+                pluginArgs += $"host={item.RequestHost};";
+                // https://github.com/shadowsocks/v2ray-plugin/blob/e9af1cdd2549d528deb20a4ab8d61c5fbe51f306/args.go#L172
+                // Equal signs and commas [and backslashes] must be escaped with a backslash.
+                var path = item.Path.Replace("\\", "\\\\").Replace("=", "\\=").Replace(",", "\\,");
+                pluginArgs += $"path={path};";
+            }
+            else if (item.Network == nameof(ETransport.quic))
+            {
+                pluginArgs += "mode=quic;";
+            }
+            if (item.StreamSecurity == Global.StreamSecurity)
+            {
+                pluginArgs += "tls;";
+                var certs = CertPemManager.ParsePemChain(item.Cert);
+                if (certs.Count > 0)
+                {
+                    var cert = certs.First();
+                    const string beginMarker = "-----BEGIN CERTIFICATE-----\n";
+                    const string endMarker = "\n-----END CERTIFICATE-----";
+
+                    var base64Content = cert.Replace(beginMarker, "").Replace(endMarker, "").Trim();
+
+                    base64Content = base64Content.Replace("=", "\\=");
+
+                    pluginArgs += $"certRaw={base64Content};";
+                }
+            }
+            if (pluginArgs.Length > 0)
+            {
+                plugin = "v2ray-plugin";
+                pluginArgs += "mux=0;";
+            }
+        }
+
+        var dicQuery = new Dictionary<string, string>();
+        if (plugin.IsNotEmpty())
+        {
+            var pluginStr = plugin + ";" + pluginArgs;
+            // pluginStr remove last ';' and url encode
+            if (pluginStr.EndsWith(';'))
+            {
+                pluginStr = pluginStr[..^1];
+            }
+            dicQuery["plugin"] = Utils.UrlEncode(pluginStr);
+        }
+
+        return ToUri(EConfigType.Shadowsocks, item.Address, item.Port, pw, dicQuery, remark);
    }

    private static readonly Regex UrlFinder = new(@"ss://(?<base64>[A-Za-z0-9+-/=_]+)(?:#(?<tag>\S+))?", RegexOptions.IgnoreCase | RegexOptions.Compiled);
@@ -77,8 +137,8 @@ public class ShadowsocksFmt : BaseFmt
        {
            return null;
        }
-        item.Security = details.Groups["method"].Value;
-        item.Id = details.Groups["password"].Value;
+        item.SetProtocolExtra(item.GetProtocolExtra() with { SsMethod = details.Groups["method"].Value });
+        item.Password = details.Groups["password"].Value;
        item.Address = details.Groups["hostname"].Value;
        item.Port = details.Groups["port"].Value.ToInt();
        return item;
@@ -107,8 +167,8 @@ public class ShadowsocksFmt : BaseFmt
            {
                return null;
            }
-            item.Security = userInfoParts.First();
-            item.Id = Utils.UrlDecode(userInfoParts.Last());
+            item.SetProtocolExtra(item.GetProtocolExtra() with { SsMethod = userInfoParts.First() });
+            item.Password = Utils.UrlDecode(userInfoParts.Last());
        }
        else
        {
@@ -119,28 +179,103 @@ public class ShadowsocksFmt : BaseFmt
            {
                return null;
            }
-            item.Security = userInfoParts.First();
-            item.Id = userInfoParts.Last();
+            item.SetProtocolExtra(item.GetProtocolExtra() with { SsMethod = userInfoParts.First() });
+            item.Password = userInfoParts.Last();
        }

        var queryParameters = Utils.ParseQueryString(parsedUrl.Query);
        if (queryParameters["plugin"] != null)
        {
-            //obfs-host exists
-            var obfsHost = queryParameters["plugin"]?.Split(';').FirstOrDefault(t => t.Contains("obfs-host"));
-            if (queryParameters["plugin"].Contains("obfs=http") && obfsHost.IsNotEmpty())
-            {
-                obfsHost = obfsHost?.Replace("obfs-host=", "");
-                item.Network = Global.DefaultNetwork;
-                item.HeaderType = Global.TcpHeaderHttp;
-                item.RequestHost = obfsHost ?? "";
-            }
-            else
+            var pluginStr = queryParameters["plugin"];
+            var pluginParts = pluginStr.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
+
+            if (pluginParts.Length == 0)
            {
                return null;
            }
-        }

+            var pluginName = pluginParts[0];
+
+            // A typo in https://github.com/shadowsocks/shadowsocks-org/blob/6b1c064db4129de99c516294960e731934841c94/docs/doc/sip002.md?plain=1#L15
+            // "simple-obfs" should be "obfs-local"
+            if (pluginName == "simple-obfs")
+            {
+                pluginName = "obfs-local";
+            }
+
+            // Parse obfs-local plugin
+            if (pluginName == "obfs-local")
+            {
+                var obfsMode = pluginParts.FirstOrDefault(t => t.StartsWith("obfs="));
+                var obfsHost = pluginParts.FirstOrDefault(t => t.StartsWith("obfs-host="));
+
+                if ((!obfsMode.IsNullOrEmpty()) && obfsMode.Contains("obfs=http") && obfsHost.IsNotEmpty())
+                {
+                    obfsHost = obfsHost.Replace("obfs-host=", "");
+                    item.Network = Global.DefaultNetwork;
+                    item.HeaderType = Global.TcpHeaderHttp;
+                    item.RequestHost = obfsHost;
+                }
+            }
+            // Parse v2ray-plugin
+            else if (pluginName == "v2ray-plugin")
+            {
+                var mode = pluginParts.FirstOrDefault(t => t.StartsWith("mode="), "websocket");
+                var host = pluginParts.FirstOrDefault(t => t.StartsWith("host="));
+                var path = pluginParts.FirstOrDefault(t => t.StartsWith("path="));
+                var hasTls = pluginParts.Any(t => t == "tls");
+                var certRaw = pluginParts.FirstOrDefault(t => t.StartsWith("certRaw="));
+                var mux = pluginParts.FirstOrDefault(t => t.StartsWith("mux="));
+
+                var modeValue = mode.Replace("mode=", "");
+                if (modeValue == "websocket")
+                {
+                    item.Network = nameof(ETransport.ws);
+                    if (!host.IsNullOrEmpty())
+                    {
+                        item.RequestHost = host.Replace("host=", "");
+                        item.Sni = item.RequestHost;
+                    }
+                    if (!path.IsNullOrEmpty())
+                    {
+                        var pathValue = path.Replace("path=", "");
+                        pathValue = pathValue.Replace("\\=", "=").Replace("\\,", ",").Replace("\\\\", "\\");
+                        item.Path = pathValue;
+                    }
+                }
+                else if (modeValue == "quic")
+                {
+                    item.Network = nameof(ETransport.quic);
+                }
+
+                if (hasTls)
+                {
+                    item.StreamSecurity = Global.StreamSecurity;
+
+                    if (!certRaw.IsNullOrEmpty())
+                    {
+                        var certBase64 = certRaw.Replace("certRaw=", "");
+
+                        certBase64 = certBase64.Replace("\\=", "=");
+
+                        const string beginMarker = "-----BEGIN CERTIFICATE-----\n";
+                        const string endMarker = "\n-----END CERTIFICATE-----";
+                        var certPem = beginMarker + certBase64 + endMarker;
+                        item.Cert = certPem;
+                    }
+                }
+
+                if (!mux.IsNullOrEmpty())
+                {
+                    var muxValue = mux.Replace("mux=", "");
+                    var muxCount = muxValue.ToInt();
+                    if (muxCount > 0)
+                    {
+                        return null;
+                    }
+                }
+            }
+        }
        return item;
    }

@@ -165,11 +300,11 @@ public class ShadowsocksFmt : BaseFmt
                var ssItem = new ProfileItem()
                {
                    Remarks = it.remarks,
-                    Security = it.method,
-                    Id = it.password,
+                    Password = it.password,
                    Address = it.server,
                    Port = it.server_port.ToInt()
                };
+                ssItem.SetProtocolExtra(new ProtocolExtraItem() { SsMethod = it.method });
                lst.Add(ssItem);
            }
            return lst;
--- a/v2rayN/ServiceLib/Handler/Fmt/SocksFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/SocksFmt.cs
@@ -33,7 +33,7 @@ public class SocksFmt : BaseFmt
            remark = "#" + Utils.UrlEncode(item.Remarks);
        }
        //new
-        var pw = Utils.Base64Encode($"{item.Security}:{item.Id}");
+        var pw = Utils.Base64Encode($"{item.Username}:{item.Password}", true);
        return ToUri(EConfigType.SOCKS, item.Address, item.Port, pw, null, remark);
    }

@@ -45,18 +45,18 @@ public class SocksFmt : BaseFmt
        };
        result = result[Global.ProtocolShares[EConfigType.SOCKS].Length..];
        //remark
-        var indexRemark = result.IndexOf("#");
+        var indexRemark = result.IndexOf('#');
        if (indexRemark > 0)
        {
            try
            {
-                item.Remarks = Utils.UrlDecode(result.Substring(indexRemark + 1, result.Length - indexRemark - 1));
+                item.Remarks = Utils.UrlDecode(result.Substring(indexRemark + 1));
            }
            catch { }
            result = result[..indexRemark];
        }
        //part decode
-        var indexS = result.IndexOf("@");
+        var indexS = result.IndexOf('@');
        if (indexS > 0)
        {
        }
@@ -78,9 +78,8 @@ public class SocksFmt : BaseFmt
        }
        item.Address = arr1[1][..indexPort];
        item.Port = arr1[1][(indexPort + 1)..].ToInt();
-        item.Security = arr21.First();
-        item.Id = arr21[1];
-
+        item.Username = arr21.First();
+        item.Password = arr21[1];
        return item;
    }

@@ -98,15 +97,14 @@ public class SocksFmt : BaseFmt
            Address = parsedUrl.IdnHost,
            Port = parsedUrl.Port,
        };
-
        // parse base64 UserInfo
        var rawUserInfo = Utils.UrlDecode(parsedUrl.UserInfo);
        var userInfo = Utils.Base64Decode(rawUserInfo);
        var userInfoParts = userInfo.Split([':'], 2);
        if (userInfoParts.Length == 2)
        {
-            item.Security = userInfoParts.First();
-            item.Id = userInfoParts[1];
+            item.Username = userInfoParts.First();
+            item.Password = userInfoParts[1];
        }

        return item;
--- a/v2rayN/ServiceLib/Handler/Fmt/TrojanFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/TrojanFmt.cs
@@ -20,10 +20,11 @@ public class TrojanFmt : BaseFmt
        item.Address = url.IdnHost;
        item.Port = url.Port;
        item.Remarks = url.GetComponents(UriComponents.Fragment, UriFormat.Unescaped);
-        item.Id = Utils.UrlDecode(url.UserInfo);
+        item.Password = Utils.UrlDecode(url.UserInfo);

        var query = Utils.ParseQueryString(url.Query);
-        _ = ResolveStdTransport(query, ref item);
+        item.SetProtocolExtra(item.GetProtocolExtra() with { Flow = GetQueryValue(query, "flow") });
+        ResolveUriQuery(query, ref item);

        return item;
    }
@@ -40,8 +41,12 @@ public class TrojanFmt : BaseFmt
            remark = "#" + Utils.UrlEncode(item.Remarks);
        }
        var dicQuery = new Dictionary<string, string>();
-        _ = GetStdTransport(item, null, ref dicQuery);
+        if (!item.GetProtocolExtra().Flow.IsNullOrEmpty())
+        {
+            dicQuery.Add("flow", item.GetProtocolExtra().Flow);
+        }
+        ToUriQuery(item, null, ref dicQuery);

-        return ToUri(EConfigType.Trojan, item.Address, item.Port, item.Id, dicQuery, remark);
+        return ToUri(EConfigType.Trojan, item.Address, item.Port, item.Password, dicQuery, remark);
    }
 }
--- a/v2rayN/ServiceLib/Handler/Fmt/TuicFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/TuicFmt.cs
@@ -24,13 +24,13 @@ public class TuicFmt : BaseFmt
        var userInfoParts = rawUserInfo.Split(new[] { ':' }, 2);
        if (userInfoParts.Length == 2)
        {
-            item.Id = userInfoParts.First();
-            item.Security = userInfoParts.Last();
+            item.Username = userInfoParts.First();
+            item.Password = userInfoParts.Last();
        }

        var query = Utils.ParseQueryString(url.Query);
-        ResolveStdTransport(query, ref item);
-        item.HeaderType = query["congestion_control"] ?? "";
+        ResolveUriQuery(query, ref item);
+        item.HeaderType = GetQueryValue(query, "congestion_control");

        return item;
    }
@@ -47,17 +47,12 @@ public class TuicFmt : BaseFmt
        {
            remark = "#" + Utils.UrlEncode(item.Remarks);
        }
+
        var dicQuery = new Dictionary<string, string>();
-        if (item.Sni.IsNotEmpty())
-        {
-            dicQuery.Add("sni", item.Sni);
-        }
-        if (item.Alpn.IsNotEmpty())
-        {
-            dicQuery.Add("alpn", Utils.UrlEncode(item.Alpn));
-        }
+        ToUriQueryLite(item, ref dicQuery);
+
        dicQuery.Add("congestion_control", item.HeaderType);

-        return ToUri(EConfigType.TUIC, item.Address, item.Port, $"{item.Id}:{item.Security}", dicQuery, remark);
+        return ToUri(EConfigType.TUIC, item.Address, item.Port, $"{item.Username ?? ""}:{item.Password}", dicQuery, remark);
    }
 }
--- a/v2rayN/ServiceLib/Handler/Fmt/VLESSFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/VLESSFmt.cs
@@ -9,7 +9,6 @@ public class VLESSFmt : BaseFmt
        ProfileItem item = new()
        {
            ConfigType = EConfigType.VLESS,
-            Security = Global.None
        };

        var url = Utils.TryUri(str);
@@ -21,12 +20,16 @@ public class VLESSFmt : BaseFmt
        item.Address = url.IdnHost;
        item.Port = url.Port;
        item.Remarks = url.GetComponents(UriComponents.Fragment, UriFormat.Unescaped);
-        item.Id = Utils.UrlDecode(url.UserInfo);
+        item.Password = Utils.UrlDecode(url.UserInfo);

        var query = Utils.ParseQueryString(url.Query);
-        item.Security = query["encryption"] ?? Global.None;
-        item.StreamSecurity = query["security"] ?? "";
-        _ = ResolveStdTransport(query, ref item);
+        item.SetProtocolExtra(item.GetProtocolExtra() with
+        {
+            VlessEncryption = GetQueryValue(query, "encryption", Global.None),
+            Flow = GetQueryValue(query, "flow")
+        });
+        item.StreamSecurity = GetQueryValue(query, "security");
+        ResolveUriQuery(query, ref item);

        return item;
    }
@@ -44,16 +47,14 @@ public class VLESSFmt : BaseFmt
            remark = "#" + Utils.UrlEncode(item.Remarks);
        }
        var dicQuery = new Dictionary<string, string>();
-        if (item.Security.IsNotEmpty())
+        dicQuery.Add("encryption",
+            !item.GetProtocolExtra().VlessEncryption.IsNullOrEmpty() ? item.GetProtocolExtra().VlessEncryption : Global.None);
+        if (!item.GetProtocolExtra().Flow.IsNullOrEmpty())
        {
-            dicQuery.Add("encryption", item.Security);
+            dicQuery.Add("flow", item.GetProtocolExtra().Flow);
        }
-        else
-        {
-            dicQuery.Add("encryption", Global.None);
-        }
-        _ = GetStdTransport(item, Global.None, ref dicQuery);
+        ToUriQuery(item, Global.None, ref dicQuery);

-        return ToUri(EConfigType.VLESS, item.Address, item.Port, item.Id, dicQuery, remark);
+        return ToUri(EConfigType.VLESS, item.Address, item.Port, item.Password, dicQuery, remark);
    }
 }
--- a/v2rayN/ServiceLib/Handler/Fmt/VmessFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/VmessFmt.cs
@@ -23,15 +23,16 @@ public class VmessFmt : BaseFmt
        {
            return null;
        }
+
        var vmessQRCode = new VmessQRCode
        {
-            v = item.ConfigVersion,
+            v = 2,
            ps = item.Remarks.TrimEx(),
            add = item.Address,
            port = item.Port,
-            id = item.Id,
-            aid = item.AlterId,
-            scy = item.Security,
+            id = item.Password,
+            aid = int.TryParse(item.GetProtocolExtra()?.AlterId, out var result) ? result : 0,
+            scy = item.GetProtocolExtra().VmessSecurity ?? "",
            net = item.Network,
            type = item.HeaderType,
            host = item.RequestHost,
@@ -39,7 +40,8 @@ public class VmessFmt : BaseFmt
            tls = item.StreamSecurity,
            sni = item.Sni,
            alpn = item.Alpn,
-            fp = item.Fingerprint
+            fp = item.Fingerprint,
+            insecure = item.AllowInsecure.Equals(Global.AllowInsecure.First()) ? "1" : "0"
        };

        var url = JsonUtils.Serialize(vmessQRCode);
@@ -70,15 +72,16 @@ public class VmessFmt : BaseFmt
        item.Network = Global.DefaultNetwork;
        item.HeaderType = Global.None;

-        item.ConfigVersion = vmessQRCode.v;
+        //item.ConfigVersion = vmessQRCode.v;
        item.Remarks = Utils.ToString(vmessQRCode.ps);
        item.Address = Utils.ToString(vmessQRCode.add);
        item.Port = vmessQRCode.port;
-        item.Id = Utils.ToString(vmessQRCode.id);
-        item.AlterId = vmessQRCode.aid;
-        item.Security = Utils.ToString(vmessQRCode.scy);
-
-        item.Security = vmessQRCode.scy.IsNotEmpty() ? vmessQRCode.scy : Global.DefaultSecurity;
+        item.Password = Utils.ToString(vmessQRCode.id);
+        item.SetProtocolExtra(new ProtocolExtraItem
+        {
+            AlterId = vmessQRCode.aid.ToString(),
+            VmessSecurity = vmessQRCode.scy.IsNullOrEmpty() ? Global.DefaultSecurity : vmessQRCode.scy,
+        });
        if (vmessQRCode.net.IsNotEmpty())
        {
            item.Network = vmessQRCode.net;
@@ -94,6 +97,7 @@ public class VmessFmt : BaseFmt
        item.Sni = Utils.ToString(vmessQRCode.sni);
        item.Alpn = Utils.ToString(vmessQRCode.alpn);
        item.Fingerprint = Utils.ToString(vmessQRCode.fp);
+        item.AllowInsecure = vmessQRCode.insecure == "1" ? Global.AllowInsecure.First() : string.Empty;

        return item;
    }
@@ -103,7 +107,6 @@ public class VmessFmt : BaseFmt
        var item = new ProfileItem
        {
            ConfigType = EConfigType.VMess,
-            Security = "auto"
        };

        var url = Utils.TryUri(str);
@@ -115,10 +118,15 @@ public class VmessFmt : BaseFmt
        item.Address = url.IdnHost;
        item.Port = url.Port;
        item.Remarks = url.GetComponents(UriComponents.Fragment, UriFormat.Unescaped);
-        item.Id = Utils.UrlDecode(url.UserInfo);
+        item.Password = Utils.UrlDecode(url.UserInfo);
+
+        item.SetProtocolExtra(new ProtocolExtraItem
+        {
+            VmessSecurity = "auto",
+        });

        var query = Utils.ParseQueryString(url.Query);
-        ResolveStdTransport(query, ref item);
+        ResolveUriQuery(query, ref item);

        return item;
    }
--- a/v2rayN/ServiceLib/Handler/Fmt/WireguardFmt.cs
+++ b/v2rayN/ServiceLib/Handler/Fmt/WireguardFmt.cs
@@ -20,14 +20,17 @@ public class WireguardFmt : BaseFmt
        item.Address = url.IdnHost;
        item.Port = url.Port;
        item.Remarks = url.GetComponents(UriComponents.Fragment, UriFormat.Unescaped);
-        item.Id = Utils.UrlDecode(url.UserInfo);
+        item.Password = Utils.UrlDecode(url.UserInfo);

        var query = Utils.ParseQueryString(url.Query);

-        item.PublicKey = Utils.UrlDecode(query["publickey"] ?? "");
-        item.Path = Utils.UrlDecode(query["reserved"] ?? "");
-        item.RequestHost = Utils.UrlDecode(query["address"] ?? "");
-        item.ShortId = Utils.UrlDecode(query["mtu"] ?? "");
+        item.SetProtocolExtra(item.GetProtocolExtra() with
+        {
+            WgPublicKey = GetQueryDecoded(query, "publickey"),
+            WgReserved = GetQueryDecoded(query, "reserved"),
+            WgInterfaceAddress = GetQueryDecoded(query, "address"),
+            WgMtu = int.TryParse(GetQueryDecoded(query, "mtu"), out var mtuVal) ? mtuVal : 1280,
+        });

        return item;
    }
@@ -46,22 +49,19 @@ public class WireguardFmt : BaseFmt
        }

        var dicQuery = new Dictionary<string, string>();
-        if (item.PublicKey.IsNotEmpty())
+        if (!item.GetProtocolExtra().WgPublicKey.IsNullOrEmpty())
        {
-            dicQuery.Add("publickey", Utils.UrlEncode(item.PublicKey));
+            dicQuery.Add("publickey", Utils.UrlEncode(item.GetProtocolExtra().WgPublicKey));
        }
-        if (item.Path.IsNotEmpty())
+        if (!item.GetProtocolExtra().WgReserved.IsNullOrEmpty())
        {
-            dicQuery.Add("reserved", Utils.UrlEncode(item.Path));
+            dicQuery.Add("reserved", Utils.UrlEncode(item.GetProtocolExtra().WgReserved));
        }
-        if (item.RequestHost.IsNotEmpty())
+        if (!item.GetProtocolExtra().WgInterfaceAddress.IsNullOrEmpty())
        {
-            dicQuery.Add("address", Utils.UrlEncode(item.RequestHost));
+            dicQuery.Add("address", Utils.UrlEncode(item.GetProtocolExtra().WgInterfaceAddress));
        }
-        if (item.ShortId.IsNotEmpty())
-        {
-            dicQuery.Add("mtu", Utils.UrlEncode(item.ShortId));
-        }
-        return ToUri(EConfigType.WireGuard, item.Address, item.Port, item.Id, dicQuery, remark);
+        dicQuery.Add("mtu", Utils.UrlEncode(item.GetProtocolExtra().WgMtu > 0 ? item.GetProtocolExtra().WgMtu.ToString() : "1280"));
+        return ToUri(EConfigType.WireGuard, item.Address, item.Port, item.Password, dicQuery, remark);
    }
 }
--- a/v2rayN/ServiceLib/Handler/NoticeHandler.cs
+++ b/v2rayN/ServiceLib/Handler/NoticeHandler.cs
@@ -1,43 +0,0 @@
-using ReactiveUI;
-
-namespace ServiceLib.Handler;
-
-public class NoticeHandler
-{
-    private static readonly Lazy<NoticeHandler> _instance = new(() => new());
-    public static NoticeHandler Instance => _instance.Value;
-
-    public void Enqueue(string? content)
-    {
-        if (content.IsNullOrEmpty())
-        {
-            return;
-        }
-        MessageBus.Current.SendMessage(content, EMsgCommand.SendSnackMsg.ToString());
-    }
-
-    public void SendMessage(string? content)
-    {
-        if (content.IsNullOrEmpty())
-        {
-            return;
-        }
-        MessageBus.Current.SendMessage(content, EMsgCommand.SendMsgView.ToString());
-    }
-
-    public void SendMessageEx(string? content)
-    {
-        if (content.IsNullOrEmpty())
-        {
-            return;
-        }
-        content = $"{DateTime.Now:yyyy/MM/dd HH:mm:ss} {content}";
-        SendMessage(content);
-    }
-
-    public void SendMessageAndEnqueue(string? msg)
-    {
-        Enqueue(msg);
-        SendMessage(msg);
-    }
-}
--- a/v2rayN/ServiceLib/Handler/SubscriptionHandler.cs
+++ b/v2rayN/ServiceLib/Handler/SubscriptionHandler.cs
@@ -0,0 +1,221 @@
+namespace ServiceLib.Handler;
+
+public static class SubscriptionHandler
+{
+    public static async Task UpdateProcess(Config config, string subId, bool blProxy, Func<bool, string, Task> updateFunc)
+    {
+        await updateFunc?.Invoke(false, ResUI.MsgUpdateSubscriptionStart);
+        var subItem = await AppManager.Instance.SubItems();
+
+        if (subItem is not { Count: > 0 })
+        {
+            await updateFunc?.Invoke(false, ResUI.MsgNoValidSubscription);
+            return;
+        }
+
+        var successCount = 0;
+        foreach (var item in subItem)
+        {
+            try
+            {
+                if (!IsValidSubscription(item, subId))
+                {
+                    continue;
+                }
+
+                var hashCode = $"{item.Remarks}->";
+                if (item.Enabled == false)
+                {
+                    await updateFunc?.Invoke(false, $"{hashCode}{ResUI.MsgSkipSubscriptionUpdate}");
+                    continue;
+                }
+
+                // Create download handler
+                var downloadHandle = CreateDownloadHandler(hashCode, updateFunc);
+                await updateFunc?.Invoke(false, $"{hashCode}{ResUI.MsgStartGettingSubscriptions}");
+
+                // Get all subscription content (main subscription + additional subscriptions)
+                var result = await DownloadAllSubscriptions(config, item, blProxy, downloadHandle);
+
+                // Process download result
+                if (await ProcessDownloadResult(config, item.Id, result, hashCode, updateFunc))
+                {
+                    successCount++;
+                }
+
+                await updateFunc?.Invoke(false, "-------------------------------------------------------");
+            }
+            catch (Exception ex)
+            {
+                var hashCode = $"{item.Remarks}->";
+                Logging.SaveLog("UpdateSubscription", ex);
+                await updateFunc?.Invoke(false, $"{hashCode}{ResUI.MsgFailedImportSubscription}: {ex.Message}");
+                await updateFunc?.Invoke(false, "-------------------------------------------------------");
+            }
+        }
+
+        await updateFunc?.Invoke(successCount > 0, $"{ResUI.MsgUpdateSubscriptionEnd}");
+    }
+
+    private static bool IsValidSubscription(SubItem item, string subId)
+    {
+        var id = item.Id.TrimEx();
+        var url = item.Url.TrimEx();
+
+        if (id.IsNullOrEmpty() || url.IsNullOrEmpty())
+        {
+            return false;
+        }
+
+        if (subId.IsNotEmpty() && item.Id != subId)
+        {
+            return false;
+        }
+
+        if (!url.StartsWith(Global.HttpsProtocol) && !url.StartsWith(Global.HttpProtocol))
+        {
+            return false;
+        }
+
+        return true;
+    }
+
+    private static DownloadService CreateDownloadHandler(string hashCode, Func<bool, string, Task> updateFunc)
+    {
+        var downloadHandle = new DownloadService();
+        downloadHandle.Error += (sender2, args) =>
+        {
+            updateFunc?.Invoke(false, $"{hashCode}{args.GetException().Message}");
+        };
+        return downloadHandle;
+    }
+
+    private static async Task<string> DownloadSubscriptionContent(DownloadService downloadHandle, string url, bool blProxy, string userAgent)
+    {
+        var result = await downloadHandle.TryDownloadString(url, blProxy, userAgent);
+
+        // If download with proxy fails, try direct connection
+        if (blProxy && result.IsNullOrEmpty())
+        {
+            result = await downloadHandle.TryDownloadString(url, false, userAgent);
+        }
+
+        return result ?? string.Empty;
+    }
+
+    private static async Task<string> DownloadAllSubscriptions(Config config, SubItem item, bool blProxy, DownloadService downloadHandle)
+    {
+        // Download main subscription content
+        var result = await DownloadMainSubscription(config, item, blProxy, downloadHandle);
+
+        // Process additional subscription links (if any)
+        if (item.ConvertTarget.IsNullOrEmpty() && item.MoreUrl.TrimEx().IsNotEmpty())
+        {
+            result = await DownloadAdditionalSubscriptions(item, result, blProxy, downloadHandle);
+        }
+
+        return result;
+    }
+
+    private static async Task<string> DownloadMainSubscription(Config config, SubItem item, bool blProxy, DownloadService downloadHandle)
+    {
+        // Prepare subscription URL and download directly
+        var url = Utils.GetPunycode(item.Url.TrimEx());
+
+        // If conversion is needed
+        if (item.ConvertTarget.IsNotEmpty())
+        {
+            var subConvertUrl = config.ConstItem.SubConvertUrl.IsNullOrEmpty()
+                ? Global.SubConvertUrls.FirstOrDefault()
+                : config.ConstItem.SubConvertUrl;
+
+            url = string.Format(subConvertUrl!, Utils.UrlEncode(url));
+
+            if (!url.Contains("target="))
+            {
+                url += string.Format("&target={0}", item.ConvertTarget);
+            }
+
+            if (!url.Contains("config="))
+            {
+                url += string.Format("&config={0}", Global.SubConvertConfig.FirstOrDefault());
+            }
+        }
+
+        // Download and return result directly
+        return await DownloadSubscriptionContent(downloadHandle, url, blProxy, item.UserAgent);
+    }
+
+    private static async Task<string> DownloadAdditionalSubscriptions(SubItem item, string mainResult, bool blProxy, DownloadService downloadHandle)
+    {
+        var result = mainResult;
+
+        // If main subscription result is Base64 encoded, decode it first
+        if (result.IsNotEmpty() && Utils.IsBase64String(result))
+        {
+            result = Utils.Base64Decode(result);
+        }
+
+        // Process additional URL list
+        var lstUrl = item.MoreUrl.TrimEx().Split(",") ?? [];
+        foreach (var it in lstUrl)
+        {
+            var url2 = Utils.GetPunycode(it);
+            if (url2.IsNullOrEmpty())
+            {
+                continue;
+            }
+
+            var additionalResult = await DownloadSubscriptionContent(downloadHandle, url2, blProxy, item.UserAgent);
+
+            if (additionalResult.IsNotEmpty())
+            {
+                // Process additional subscription results, add to main result
+                if (Utils.IsBase64String(additionalResult))
+                {
+                    result += Environment.NewLine + Utils.Base64Decode(additionalResult);
+                }
+                else
+                {
+                    result += Environment.NewLine + additionalResult;
+                }
+            }
+        }
+
+        return result;
+    }
+
+    private static async Task<bool> ProcessDownloadResult(Config config, string id, string result, string hashCode, Func<bool, string, Task> updateFunc)
+    {
+        if (result.IsNullOrEmpty())
+        {
+            await updateFunc?.Invoke(false, $"{hashCode}{ResUI.MsgSubscriptionDecodingFailed}");
+            return false;
+        }
+
+        await updateFunc?.Invoke(false, $"{hashCode}{ResUI.MsgGetSubscriptionSuccessfully}");
+
+        // If result is too short, display content directly
+        if (result.Length < 99)
+        {
+            await updateFunc?.Invoke(false, $"{hashCode}{result}");
+        }
+
+        await updateFunc?.Invoke(false, $"{hashCode}{ResUI.MsgStartParsingSubscription}");
+
+        // Add servers to configuration
+        var ret = await ConfigHandler.AddBatchServers(config, result, id, true);
+        if (ret <= 0)
+        {
+            Logging.SaveLog("FailedImportSubscription");
+            Logging.SaveLog(result);
+        }
+
+        // Update completion message
+        await updateFunc?.Invoke(false, ret > 0
+                ? $"{hashCode}{ResUI.MsgUpdateSubscriptionEnd}"
+                : $"{hashCode}{ResUI.MsgFailedImportSubscription}");
+
+        return ret > 0;
+    }
+}
--- a/v2rayN/ServiceLib/Handler/SysProxy/ProxySettingLinux.cs
+++ b/v2rayN/ServiceLib/Handler/SysProxy/ProxySettingLinux.cs
@@ -1,6 +1,6 @@
 namespace ServiceLib.Handler.SysProxy;

-public class ProxySettingLinux
+public static class ProxySettingLinux
 {
    private static readonly string _proxySetFileName = $"{Global.ProxySetLinuxShellFileName.Replace(Global.NamespaceSample, "")}.sh";

@@ -18,14 +18,13 @@ public class ProxySettingLinux

    private static async Task ExecCmd(List<string> args)
    {
-        var fileName = Utils.GetBinConfigPath(_proxySetFileName);
-        if (!File.Exists(fileName))
-        {
-            var contents = EmbedUtils.GetEmbedText(Global.ProxySetLinuxShellFileName);
-            await File.AppendAllTextAsync(fileName, contents);
+        var customSystemProxyScriptPath = AppManager.Instance.Config.SystemProxyItem?.CustomSystemProxyScriptPath;
+        var fileName = (customSystemProxyScriptPath.IsNotEmpty() && File.Exists(customSystemProxyScriptPath))
+            ? customSystemProxyScriptPath
+            : await FileUtils.CreateLinuxShellFile(_proxySetFileName, EmbedUtils.GetEmbedText(Global.ProxySetLinuxShellFileName), false);

-            await Utils.SetLinuxChmod(fileName);
-        }
+        // TODO: temporarily notify which script is being used
+        NoticeManager.Instance.SendMessage(fileName);

        await Utils.GetCliWrapOutput(fileName, args);
    }
--- a/v2rayN/ServiceLib/Handler/SysProxy/ProxySettingOSX.cs
+++ b/v2rayN/ServiceLib/Handler/SysProxy/ProxySettingOSX.cs
@@ -1,6 +1,6 @@
 namespace ServiceLib.Handler.SysProxy;

-public class ProxySettingOSX
+public static class ProxySettingOSX
 {
    private static readonly string _proxySetFileName = $"{Global.ProxySetOSXShellFileName.Replace(Global.NamespaceSample, "")}.sh";

@@ -23,14 +23,13 @@ public class ProxySettingOSX

    private static async Task ExecCmd(List<string> args)
    {
-        var fileName = Utils.GetBinConfigPath(_proxySetFileName);
-        if (!File.Exists(fileName))
-        {
-            var contents = EmbedUtils.GetEmbedText(Global.ProxySetOSXShellFileName);
-            await File.AppendAllTextAsync(fileName, contents);
+        var customSystemProxyScriptPath = AppManager.Instance.Config.SystemProxyItem?.CustomSystemProxyScriptPath;
+        var fileName = (customSystemProxyScriptPath.IsNotEmpty() && File.Exists(customSystemProxyScriptPath))
+            ? customSystemProxyScriptPath
+            : await FileUtils.CreateLinuxShellFile(_proxySetFileName, EmbedUtils.GetEmbedText(Global.ProxySetOSXShellFileName), false);

-            await Utils.SetLinuxChmod(fileName);
-        }
+        // TODO: temporarily notify which script is being used
+        NoticeManager.Instance.SendMessage(fileName);

        await Utils.GetCliWrapOutput(fileName, args);
    }
--- a/v2rayN/ServiceLib/Handler/SysProxy/ProxySettingWindows.cs
+++ b/v2rayN/ServiceLib/Handler/SysProxy/ProxySettingWindows.cs
@@ -1,9 +1,8 @@
-using System.Runtime.InteropServices;
 using static ServiceLib.Handler.SysProxy.ProxySettingWindows.InternetConnectionOption;

 namespace ServiceLib.Handler.SysProxy;

-public class ProxySettingWindows
+public static class ProxySettingWindows
 {
    private const string _regPath = @"Software\Microsoft\Windows\CurrentVersion\Internet Settings";

--- a/v2rayN/ServiceLib/Handler/SysProxy/SysProxyHandler.cs
+++ b/v2rayN/ServiceLib/Handler/SysProxy/SysProxyHandler.cs
@@ -15,7 +15,7 @@ public static class SysProxyHandler

        try
        {
-            var port = AppHandler.Instance.GetLocalPort(EInboundProtocol.socks);
+            var port = AppManager.Instance.GetLocalPort(EInboundProtocol.socks);
            var exceptions = config.SystemProxyItem.SystemProxyExceptions.Replace(" ", "");
            if (port <= 0)
            {
@@ -33,7 +33,7 @@ public static class SysProxyHandler
                    await ProxySettingLinux.SetProxy(Global.Loopback, port, exceptions);
                    break;

-                case ESysProxyType.ForcedChange when Utils.IsOSX():
+                case ESysProxyType.ForcedChange when Utils.IsMacOS():
                    await ProxySettingOSX.SetProxy(Global.Loopback, port, exceptions);
                    break;

@@ -45,7 +45,7 @@ public static class SysProxyHandler
                    await ProxySettingLinux.UnsetProxy();
                    break;

-                case ESysProxyType.ForcedClear when Utils.IsOSX():
+                case ESysProxyType.ForcedClear when Utils.IsMacOS():
                    await ProxySettingOSX.UnsetProxy();
                    break;

@@ -56,7 +56,7 @@ public static class SysProxyHandler

            if (type != ESysProxyType.Pac && Utils.IsWindows())
            {
-                PacHandler.Stop();
+                PacManager.Instance.Stop();
            }
        }
        catch (Exception ex)
@@ -90,8 +90,8 @@ public static class SysProxyHandler

    private static async Task SetWindowsProxyPac(int port)
    {
-        var portPac = AppHandler.Instance.GetLocalPort(EInboundProtocol.pac);
-        await PacHandler.Start(Utils.GetConfigPath(), port, portPac);
+        var portPac = AppManager.Instance.GetLocalPort(EInboundProtocol.pac);
+        await PacManager.Instance.StartAsync(port, portPac);
        var strProxy = $"{Global.HttpProtocol}{Global.Loopback}:{portPac}/pac?t={DateTime.Now.Ticks}";
        ProxySettingWindows.SetProxy(strProxy, "", 4);
    }
--- a/v2rayN/ServiceLib/Handler/TaskHandler.cs
+++ b/v2rayN/ServiceLib/Handler/TaskHandler.cs
@@ -1,97 +0,0 @@
-namespace ServiceLib.Handler;
-
-public class TaskHandler
-{
-    private static readonly Lazy<TaskHandler> _instance = new(() => new());
-    public static TaskHandler Instance => _instance.Value;
-
-    public void RegUpdateTask(Config config, Action<bool, string> updateFunc)
-    {
-        Task.Run(() => ScheduledTasks(config, updateFunc));
-    }
-
-    private async Task ScheduledTasks(Config config, Action<bool, string> updateFunc)
-    {
-        Logging.SaveLog("Setup Scheduled Tasks");
-
-        var numOfExecuted = 1;
-        while (true)
-        {
-            //1 minute
-            await Task.Delay(1000 * 60);
-
-            //Execute once 1 minute
-            await UpdateTaskRunSubscription(config, updateFunc);
-
-            //Execute once 20 minute
-            if (numOfExecuted % 20 == 0)
-            {
-                //Logging.SaveLog("Execute save config");
-
-                await ConfigHandler.SaveConfig(config);
-                await ProfileExHandler.Instance.SaveTo();
-            }
-
-            //Execute once 1 hour
-            if (numOfExecuted % 60 == 0)
-            {
-                //Logging.SaveLog("Execute delete expired files");
-
-                FileManager.DeleteExpiredFiles(Utils.GetBinConfigPath(), DateTime.Now.AddHours(-1));
-                FileManager.DeleteExpiredFiles(Utils.GetLogPath(), DateTime.Now.AddMonths(-1));
-                FileManager.DeleteExpiredFiles(Utils.GetTempPath(), DateTime.Now.AddMonths(-1));
-
-                //Check once 1 hour
-                await UpdateTaskRunGeo(config, numOfExecuted / 60, updateFunc);
-            }
-
-            numOfExecuted++;
-        }
-    }
-
-    private async Task UpdateTaskRunSubscription(Config config, Action<bool, string> updateFunc)
-    {
-        var updateTime = ((DateTimeOffset)DateTime.Now).ToUnixTimeSeconds();
-        var lstSubs = (await AppHandler.Instance.SubItems())?
-            .Where(t => t.AutoUpdateInterval > 0)
-            .Where(t => updateTime - t.UpdateTime >= t.AutoUpdateInterval * 60)
-            .ToList();
-
-        if (lstSubs is not { Count: > 0 })
-        {
-            return;
-        }
-
-        Logging.SaveLog("Execute update subscription");
-        var updateHandle = new UpdateService();
-
-        foreach (var item in lstSubs)
-        {
-            await updateHandle.UpdateSubscriptionProcess(config, item.Id, true, (bool success, string msg) =>
-            {
-                updateFunc?.Invoke(success, msg);
-                if (success)
-                {
-                    Logging.SaveLog($"Update subscription end. {msg}");
-                }
-            });
-            item.UpdateTime = updateTime;
-            await ConfigHandler.AddSubItem(config, item);
-            await Task.Delay(1000);
-        }
-    }
-
-    private async Task UpdateTaskRunGeo(Config config, int hours, Action<bool, string> updateFunc)
-    {
-        if (config.GuiItem.AutoUpdateInterval > 0 && hours > 0 && hours % config.GuiItem.AutoUpdateInterval == 0)
-        {
-            Logging.SaveLog("Execute update geo files");
-
-            var updateHandle = new UpdateService();
-            await updateHandle.UpdateGeoFileAll(config, (bool success, string msg) =>
-            {
-                updateFunc?.Invoke(false, msg);
-            });
-        }
-    }
-}
--- a/v2rayN/ServiceLib/Helper/DownloaderHelper.cs
+++ b/v2rayN/ServiceLib/Helper/DownloaderHelper.cs
@@ -1,7 +1,6 @@
-using System.Net;
 using Downloader;

-namespace ServiceLib.Common;
+namespace ServiceLib.Helper;

 public class DownloaderHelper
 {
@@ -25,13 +24,13 @@ public class DownloaderHelper

        var downloadOpt = new DownloadConfiguration()
        {
-            Timeout = timeout * 1000,
-            MaxTryAgainOnFailover = 2,
+            BlockTimeout = timeout * 1000,
+            MaxTryAgainOnFailure = 2,
            RequestConfiguration =
                {
                    Headers = headers,
                    UserAgent = userAgent,
-                    Timeout = timeout * 1000,
+                    ConnectTimeout = timeout * 1000,
                    Proxy = webProxy
                }
        };
@@ -63,37 +62,34 @@ public class DownloaderHelper

        var downloadOpt = new DownloadConfiguration()
        {
-            Timeout = timeout * 1000,
-            MaxTryAgainOnFailover = 2,
+            BlockTimeout = timeout * 1000,
+            MaxTryAgainOnFailure = 2,
            RequestConfiguration =
                {
-                    Timeout= timeout * 1000,
+                    ConnectTimeout= timeout * 1000,
                    Proxy = webProxy
                }
        };

-        var totalDatetime = DateTime.Now;
-        var totalSecond = 0;
+        var lastUpdateTime = DateTime.Now;
        var hasValue = false;
        double maxSpeed = 0;
        await using var downloader = new Downloader.DownloadService(downloadOpt);
-        //downloader.DownloadStarted += (sender, value) =>
-        //{
-        //    if (progress != null)
-        //    {
-        //        progress.Report("Start download data...");
-        //    }
-        //};
+
        downloader.DownloadProgressChanged += (sender, value) =>
        {
-            var ts = DateTime.Now - totalDatetime;
-            if (progress != null && ts.Seconds > totalSecond)
+            if (progress != null && value.BytesPerSecondSpeed > 0)
            {
                hasValue = true;
-                totalSecond = ts.Seconds;
                if (value.BytesPerSecondSpeed > maxSpeed)
                {
                    maxSpeed = value.BytesPerSecondSpeed;
+                }
+
+                var ts = DateTime.Now - lastUpdateTime;
+                if (ts.TotalMilliseconds >= 1000)
+                {
+                    lastUpdateTime = DateTime.Now;
                    var speed = (maxSpeed / 1000 / 1000).ToString("#0.0");
                    progress.Report(speed);
                }
@@ -103,10 +99,19 @@ public class DownloaderHelper
        {
            if (progress != null)
            {
-                if (!hasValue && value.Error != null)
+                if (hasValue && maxSpeed > 0)
+                {
+                    var finalSpeed = (maxSpeed / 1000 / 1000).ToString("#0.0");
+                    progress.Report(finalSpeed);
+                }
+                else if (value.Error != null)
                {
                    progress.Report(value.Error?.Message);
                }
+                else
+                {
+                    progress.Report("0");
+                }
            }
        };
        //progress.Report("......");
@@ -134,11 +139,11 @@ public class DownloaderHelper

        var downloadOpt = new DownloadConfiguration()
        {
-            Timeout = timeout * 1000,
-            MaxTryAgainOnFailover = 2,
+            BlockTimeout = timeout * 1000,
+            MaxTryAgainOnFailure = 2,
            RequestConfiguration =
                {
-                    Timeout= timeout * 1000,
+                    ConnectTimeout= timeout * 1000,
                    Proxy = webProxy
                }
        };
--- a/v2rayN/ServiceLib/Helper/HttpClientHelper.cs
+++ b/v2rayN/ServiceLib/Helper/HttpClientHelper.cs
@@ -0,0 +1,74 @@
+using System.Net.Http.Headers;
+using System.Net.Mime;
+
+namespace ServiceLib.Helper;
+
+/// <summary>
+/// </summary>
+public class HttpClientHelper
+{
+    private static readonly Lazy<HttpClientHelper> _instance = new(() =>
+    {
+        SocketsHttpHandler handler = new() { UseCookies = false };
+        HttpClientHelper helper = new(new HttpClient(handler));
+        return helper;
+    });
+
+    public static HttpClientHelper Instance => _instance.Value;
+    private readonly HttpClient httpClient;
+
+    private HttpClientHelper(HttpClient httpClient)
+    {
+        this.httpClient = httpClient;
+    }
+
+    public async Task<string?> TryGetAsync(string url)
+    {
+        if (url.IsNullOrEmpty())
+        {
+            return null;
+        }
+
+        try
+        {
+            var response = await httpClient.GetAsync(url);
+            return await response.Content.ReadAsStringAsync();
+        }
+        catch
+        {
+            return null;
+        }
+    }
+
+    public async Task<string?> GetAsync(string url)
+    {
+        if (url.IsNullOrEmpty())
+        {
+            return null;
+        }
+        return await httpClient.GetStringAsync(url);
+    }
+
+    public async Task PutAsync(string url, Dictionary<string, string> headers)
+    {
+        var jsonContent = JsonUtils.Serialize(headers);
+        var content = new StringContent(jsonContent, Encoding.UTF8, MediaTypeNames.Application.Json);
+
+        await httpClient.PutAsync(url, content);
+    }
+
+    public async Task PatchAsync(string url, Dictionary<string, string> headers)
+    {
+        var myContent = JsonUtils.Serialize(headers);
+        var buffer = Encoding.UTF8.GetBytes(myContent);
+        var byteContent = new ByteArrayContent(buffer);
+        byteContent.Headers.ContentType = new MediaTypeHeaderValue("application/json");
+
+        await httpClient.PatchAsync(url, byteContent);
+    }
+
+    public async Task DeleteAsync(string url)
+    {
+        await httpClient.DeleteAsync(url);
+    }
+}
--- a/v2rayN/ServiceLib/Helper/SqliteHelper.cs
+++ b/v2rayN/ServiceLib/Helper/SqliteHelper.cs
@@ -1,7 +1,6 @@
 using System.Collections;
-using SQLite;

-namespace ServiceLib.Common;
+namespace ServiceLib.Helper;

 public sealed class SQLiteHelper
 {
@@ -26,7 +25,7 @@ public sealed class SQLiteHelper

    public async Task<int> InsertAllAsync(IEnumerable models)
    {
-        return await _dbAsync.InsertAllAsync(models);
+        return await _dbAsync.InsertAllAsync(models, runInTransaction: true).ConfigureAwait(false);
    }

    public async Task<int> InsertAsync(object model)
@@ -46,7 +45,7 @@ public sealed class SQLiteHelper

    public async Task<int> UpdateAllAsync(IEnumerable models)
    {
-        return await _dbAsync.UpdateAllAsync(models);
+        return await _dbAsync.UpdateAllAsync(models, runInTransaction: true).ConfigureAwait(false);
    }

    public async Task<int> DeleteAsync(object model)
--- a/v2rayN/ServiceLib/Manager/AppManager.cs
+++ b/v2rayN/ServiceLib/Manager/AppManager.cs
@@ -0,0 +1,540 @@
+namespace ServiceLib.Manager;
+
+public sealed class AppManager
+{
+    #region Property
+
+    private static readonly Lazy<AppManager> _instance = new(() => new());
+    private Config _config;
+    private int? _statePort;
+    private int? _statePort2;
+    public static AppManager Instance => _instance.Value;
+    public Config Config => _config;
+
+    public int StatePort
+    {
+        get
+        {
+            _statePort ??= Utils.GetFreePort(GetLocalPort(EInboundProtocol.api));
+            return _statePort.Value;
+        }
+    }
+
+    public int StatePort2
+    {
+        get
+        {
+            _statePort2 ??= Utils.GetFreePort(GetLocalPort(EInboundProtocol.api2));
+            return _statePort2.Value + (_config.TunModeItem.EnableTun ? 1 : 0);
+        }
+    }
+
+    public string LinuxSudoPwd { get; set; }
+
+    public bool ShowInTaskbar { get; set; }
+
+    public ECoreType RunningCoreType { get; set; }
+
+    public bool IsRunningCore(ECoreType type)
+    {
+        switch (type)
+        {
+            case ECoreType.Xray when RunningCoreType is ECoreType.Xray or ECoreType.v2fly or ECoreType.v2fly_v5:
+            case ECoreType.sing_box when RunningCoreType is ECoreType.sing_box or ECoreType.mihomo:
+                return true;
+
+            default:
+                return false;
+        }
+    }
+
+    #endregion Property
+
+    #region App
+
+    public bool InitApp()
+    {
+        if (Utils.HasWritePermission() == false)
+        {
+            Environment.SetEnvironmentVariable(Global.LocalAppData, "1", EnvironmentVariableTarget.Process);
+        }
+
+        Logging.Setup();
+        var config = ConfigHandler.LoadConfig();
+        if (config == null)
+        {
+            return false;
+        }
+        _config = config;
+        Thread.CurrentThread.CurrentUICulture = new(_config.UiItem.CurrentLanguage);
+
+        //Under Win10
+        if (Utils.IsWindows() && Environment.OSVersion.Version.Major < 10)
+        {
+            Environment.SetEnvironmentVariable("DOTNET_EnableWriteXorExecute", "0", EnvironmentVariableTarget.User);
+        }
+
+        SQLiteHelper.Instance.CreateTable<SubItem>();
+        SQLiteHelper.Instance.CreateTable<ProfileItem>();
+        SQLiteHelper.Instance.CreateTable<ServerStatItem>();
+        SQLiteHelper.Instance.CreateTable<RoutingItem>();
+        SQLiteHelper.Instance.CreateTable<ProfileExItem>();
+        SQLiteHelper.Instance.CreateTable<DNSItem>();
+        SQLiteHelper.Instance.CreateTable<FullConfigTemplateItem>();
+#pragma warning disable CS0618
+        SQLiteHelper.Instance.CreateTable<ProfileGroupItem>();
+#pragma warning restore CS0618
+        return true;
+    }
+
+    public bool InitComponents()
+    {
+        Logging.SaveLog($"v2rayN start up | {Utils.GetRuntimeInfo()}");
+        Logging.LoggingEnabled(_config.GuiItem.EnableLog);
+
+        //First determine the port value
+        _ = StatePort;
+        _ = StatePort2;
+
+        Task.Run(async () =>
+        {
+            await MigrateProfileExtra();
+        }).Wait();
+
+        return true;
+    }
+
+    public bool Reset()
+    {
+        _statePort = null;
+        _statePort2 = null;
+        return true;
+    }
+
+    public async Task AppExitAsync(bool needShutdown)
+    {
+        try
+        {
+            Logging.SaveLog("AppExitAsync Begin");
+
+            await SysProxyHandler.UpdateSysProxy(_config, true);
+            AppEvents.AppExitRequested.Publish();
+            await Task.Delay(50); //Wait for AppExitRequested to be processed
+
+            await ConfigHandler.SaveConfig(_config);
+            await ProfileExManager.Instance.SaveTo();
+            await StatisticsManager.Instance.SaveTo();
+            await CoreManager.Instance.CoreStop();
+            StatisticsManager.Instance.Close();
+
+            Logging.SaveLog("AppExitAsync End");
+        }
+        catch { }
+        finally
+        {
+            if (needShutdown)
+            {
+                Shutdown(false);
+            }
+        }
+    }
+
+    public void Shutdown(bool byUser)
+    {
+        AppEvents.ShutdownRequested.Publish(byUser);
+    }
+
+    public async Task RebootAsAdmin()
+    {
+        ProcUtils.RebootAsAdmin();
+        await AppManager.Instance.AppExitAsync(true);
+    }
+
+    #endregion App
+
+    #region Config
+
+    public int GetLocalPort(EInboundProtocol protocol)
+    {
+        var localPort = _config.Inbound.FirstOrDefault(t => t.Protocol == nameof(EInboundProtocol.socks))?.LocalPort ?? 10808;
+        return localPort + (int)protocol;
+    }
+
+    #endregion Config
+
+    #region SqliteHelper
+
+    public async Task<List<SubItem>?> SubItems()
+    {
+        return await SQLiteHelper.Instance.TableAsync<SubItem>().OrderBy(t => t.Sort).ToListAsync();
+    }
+
+    public async Task<SubItem?> GetSubItem(string? subid)
+    {
+        return await SQLiteHelper.Instance.TableAsync<SubItem>().FirstOrDefaultAsync(t => t.Id == subid);
+    }
+
+    public async Task<List<ProfileItem>?> ProfileItems(string subid)
+    {
+        if (subid.IsNullOrEmpty())
+        {
+            return await SQLiteHelper.Instance.TableAsync<ProfileItem>().ToListAsync();
+        }
+        else
+        {
+            return await SQLiteHelper.Instance.TableAsync<ProfileItem>().Where(t => t.Subid == subid).ToListAsync();
+        }
+    }
+
+    public async Task<List<string>?> ProfileItemIndexes(string subid)
+    {
+        return (await ProfileItems(subid))?.Select(t => t.IndexId)?.ToList();
+    }
+
+    public async Task<List<ProfileItemModel>?> ProfileModels(string subid, string filter)
+    {
+        var sql = @$"select a.IndexId
+                           ,a.ConfigType
+                           ,a.Remarks
+                           ,a.Address
+                           ,a.Port
+                           ,a.Network
+                           ,a.StreamSecurity
+                           ,a.Subid
+                           ,b.remarks as subRemarks
+                        from ProfileItem a
+                        left join SubItem b on a.subid = b.id
+                        where 1=1 ";
+        if (subid.IsNotEmpty())
+        {
+            sql += $" and a.subid = '{subid}'";
+        }
+        if (filter.IsNotEmpty())
+        {
+            if (filter.Contains('\''))
+            {
+                filter = filter.Replace("'", "");
+            }
+            sql += string.Format(" and (a.remarks like '%{0}%' or a.address like '%{0}%') ", filter);
+        }
+
+        return await SQLiteHelper.Instance.QueryAsync<ProfileItemModel>(sql);
+    }
+
+    public async Task<ProfileItem?> GetProfileItem(string indexId)
+    {
+        if (indexId.IsNullOrEmpty())
+        {
+            return null;
+        }
+        return await SQLiteHelper.Instance.TableAsync<ProfileItem>().FirstOrDefaultAsync(it => it.IndexId == indexId);
+    }
+
+    public async Task<List<ProfileItem>> GetProfileItemsByIndexIds(IEnumerable<string> indexIds)
+    {
+        var ids = indexIds.Where(id => !id.IsNullOrEmpty()).Distinct().ToList();
+        if (ids.Count == 0)
+        {
+            return [];
+        }
+        return await SQLiteHelper.Instance.TableAsync<ProfileItem>()
+            .Where(it => ids.Contains(it.IndexId))
+            .ToListAsync();
+    }
+
+    public async Task<Dictionary<string, ProfileItem>> GetProfileItemsByIndexIdsAsMap(IEnumerable<string> indexIds)
+    {
+        var items = await GetProfileItemsByIndexIds(indexIds);
+        return items.ToDictionary(it => it.IndexId);
+    }
+
+    public async Task<List<ProfileItem>> GetProfileItemsOrderedByIndexIds(IEnumerable<string> indexIds)
+    {
+        var idList = indexIds.Where(id => !id.IsNullOrEmpty()).Distinct().ToList();
+        if (idList.Count == 0)
+        {
+            return [];
+        }
+
+        var items = await SQLiteHelper.Instance.TableAsync<ProfileItem>()
+            .Where(it => idList.Contains(it.IndexId))
+            .ToListAsync();
+        var itemMap = items.ToDictionary(it => it.IndexId);
+
+        return idList.Select(id => itemMap.GetValueOrDefault(id))
+            .Where(item => item != null)
+            .ToList();
+    }
+
+    public async Task<ProfileItem?> GetProfileItemViaRemarks(string? remarks)
+    {
+        if (remarks.IsNullOrEmpty())
+        {
+            return null;
+        }
+        return await SQLiteHelper.Instance.TableAsync<ProfileItem>().FirstOrDefaultAsync(it => it.Remarks == remarks);
+    }
+
+    public async Task<List<RoutingItem>?> RoutingItems()
+    {
+        return await SQLiteHelper.Instance.TableAsync<RoutingItem>().OrderBy(t => t.Sort).ToListAsync();
+    }
+
+    public async Task<RoutingItem?> GetRoutingItem(string id)
+    {
+        return await SQLiteHelper.Instance.TableAsync<RoutingItem>().FirstOrDefaultAsync(it => it.Id == id);
+    }
+
+    public async Task<List<DNSItem>?> DNSItems()
+    {
+        return await SQLiteHelper.Instance.TableAsync<DNSItem>().ToListAsync();
+    }
+
+    public async Task<DNSItem?> GetDNSItem(ECoreType eCoreType)
+    {
+        return await SQLiteHelper.Instance.TableAsync<DNSItem>().FirstOrDefaultAsync(it => it.CoreType == eCoreType);
+    }
+
+    public async Task<List<FullConfigTemplateItem>?> FullConfigTemplateItem()
+    {
+        return await SQLiteHelper.Instance.TableAsync<FullConfigTemplateItem>().ToListAsync();
+    }
+
+    public async Task<FullConfigTemplateItem?> GetFullConfigTemplateItem(ECoreType eCoreType)
+    {
+        return await SQLiteHelper.Instance.TableAsync<FullConfigTemplateItem>().FirstOrDefaultAsync(it => it.CoreType == eCoreType);
+    }
+
+    public async Task MigrateProfileExtra()
+    {
+        await MigrateProfileExtraGroup();
+
+#pragma warning disable CS0618
+
+        const int pageSize = 100;
+        var offset = 0;
+
+        while (true)
+        {
+            var sql = $"SELECT * FROM ProfileItem " +
+                $"WHERE ConfigVersion < 3 " +
+                $"AND ConfigType NOT IN ({(int)EConfigType.PolicyGroup}, {(int)EConfigType.ProxyChain}) " +
+                $"LIMIT {pageSize} OFFSET {offset}";
+            var batch = await SQLiteHelper.Instance.QueryAsync<ProfileItem>(sql);
+            if (batch is null || batch.Count == 0)
+            {
+                break;
+            }
+
+            var batchSuccessCount = await MigrateProfileExtraSub(batch);
+
+            // Only increment offset by the number of failed items that remain in the result set
+            // Successfully updated items are automatically excluded from future queries due to ConfigVersion = 3
+            offset += batch.Count - batchSuccessCount;
+        }
+
+        //await ProfileGroupItemManager.Instance.ClearAll();
+#pragma warning restore CS0618
+    }
+
+    private async Task<int> MigrateProfileExtraSub(List<ProfileItem> batch)
+    {
+        var updateProfileItems = new List<ProfileItem>();
+
+        foreach (var item in batch)
+        {
+            try
+            {
+                var extra = item.GetProtocolExtra();
+                switch (item.ConfigType)
+                {
+                    case EConfigType.Shadowsocks:
+                        extra = extra with { SsMethod = item.Security.NullIfEmpty() };
+                        break;
+
+                    case EConfigType.VMess:
+                        extra = extra with
+                        {
+                            AlterId = item.AlterId.ToString(),
+                            VmessSecurity = item.Security.NullIfEmpty(),
+                        };
+                        break;
+
+                    case EConfigType.VLESS:
+                        extra = extra with
+                        {
+                            Flow = item.Flow.NullIfEmpty(),
+                            VlessEncryption = item.Security,
+                        };
+                        break;
+
+                    case EConfigType.Hysteria2:
+                        extra = extra with
+                        {
+                            SalamanderPass = item.Path.NullIfEmpty(),
+                            Ports = item.Ports.NullIfEmpty(),
+                            UpMbps = _config.HysteriaItem.UpMbps,
+                            DownMbps = _config.HysteriaItem.DownMbps,
+                            HopInterval = _config.HysteriaItem.HopInterval.ToString(),
+                        };
+                        break;
+
+                    case EConfigType.TUIC:
+                        item.Username = item.Id;
+                        item.Id = item.Security;
+                        item.Password = item.Security;
+                        break;
+
+                    case EConfigType.HTTP:
+                    case EConfigType.SOCKS:
+                        item.Username = item.Security;
+                        break;
+
+                    case EConfigType.WireGuard:
+                        extra = extra with
+                        {
+                            WgPublicKey = item.PublicKey.NullIfEmpty(),
+                            WgInterfaceAddress = item.RequestHost.NullIfEmpty(),
+                            WgReserved = item.Path.NullIfEmpty(),
+                            WgMtu = int.TryParse(item.ShortId, out var mtu) ? mtu : 1280
+                        };
+                        break;
+                }
+
+                item.SetProtocolExtra(extra);
+
+                item.Password = item.Id;
+
+                item.ConfigVersion = 3;
+
+                updateProfileItems.Add(item);
+            }
+            catch (Exception ex)
+            {
+                Logging.SaveLog($"MigrateProfileExtra Error: {ex}");
+            }
+        }
+
+        if (updateProfileItems.Count > 0)
+        {
+            try
+            {
+                var count = await SQLiteHelper.Instance.UpdateAllAsync(updateProfileItems);
+                return count;
+            }
+            catch (Exception ex)
+            {
+                Logging.SaveLog($"MigrateProfileExtraGroup update error: {ex}");
+                return 0;
+            }
+        }
+        else
+        {
+            return 0;
+        }
+    }
+
+    private async Task<bool> MigrateProfileExtraGroup()
+    {
+#pragma warning disable CS0618
+        var list = await SQLiteHelper.Instance.TableAsync<ProfileGroupItem>().ToListAsync();
+        var groupItems = new ConcurrentDictionary<string, ProfileGroupItem>(list.Where(t => !string.IsNullOrEmpty(t.IndexId)).ToDictionary(t => t.IndexId!));
+
+        var sql = $"SELECT * FROM ProfileItem WHERE ConfigVersion < 3 AND ConfigType IN ({(int)EConfigType.PolicyGroup}, {(int)EConfigType.ProxyChain})";
+        var items = await SQLiteHelper.Instance.QueryAsync<ProfileItem>(sql);
+
+        if (items is null || items.Count == 0)
+        {
+            Logging.SaveLog("MigrateProfileExtraGroup: No items to migrate.");
+            return true;
+        }
+
+        Logging.SaveLog($"MigrateProfileExtraGroup: Found {items.Count} group items to migrate.");
+
+        var updateProfileItems = new List<ProfileItem>();
+
+        foreach (var item in items)
+        {
+            try
+            {
+                var extra = item.GetProtocolExtra();
+
+                extra = extra with { GroupType = nameof(item.ConfigType) };
+                groupItems.TryGetValue(item.IndexId, out var groupItem);
+                if (groupItem != null && !groupItem.NotHasChild())
+                {
+                    extra = extra with
+                    {
+                        ChildItems = groupItem.ChildItems,
+                        SubChildItems = groupItem.SubChildItems,
+                        Filter = groupItem.Filter,
+                        MultipleLoad = groupItem.MultipleLoad,
+                    };
+                }
+
+                item.SetProtocolExtra(extra);
+
+                item.ConfigVersion = 3;
+                updateProfileItems.Add(item);
+            }
+            catch (Exception ex)
+            {
+                Logging.SaveLog($"MigrateProfileExtraGroup item error [{item.IndexId}]: {ex}");
+            }
+        }
+
+        if (updateProfileItems.Count > 0)
+        {
+            try
+            {
+                var count = await SQLiteHelper.Instance.UpdateAllAsync(updateProfileItems);
+                Logging.SaveLog($"MigrateProfileExtraGroup: Successfully updated {updateProfileItems.Count} items.");
+                return updateProfileItems.Count == count;
+            }
+            catch (Exception ex)
+            {
+                Logging.SaveLog($"MigrateProfileExtraGroup update error: {ex}");
+                return false;
+            }
+        }
+
+        return true;
+
+        //await ProfileGroupItemManager.Instance.ClearAll();
+#pragma warning restore CS0618
+    }
+
+    #endregion SqliteHelper
+
+    #region Core Type
+
+    public List<string> GetShadowsocksSecurities(ProfileItem profileItem)
+    {
+        var coreType = GetCoreType(profileItem, EConfigType.Shadowsocks);
+        switch (coreType)
+        {
+            case ECoreType.v2fly:
+                return Global.SsSecurities;
+
+            case ECoreType.Xray:
+                return Global.SsSecuritiesInXray;
+
+            case ECoreType.sing_box:
+                return Global.SsSecuritiesInSingbox;
+        }
+        return Global.SsSecuritiesInSingbox;
+    }
+
+    public ECoreType GetCoreType(ProfileItem profileItem, EConfigType eConfigType)
+    {
+        if (profileItem?.CoreType != null)
+        {
+            return (ECoreType)profileItem.CoreType;
+        }
+
+        var item = _config.CoreTypeItem?.FirstOrDefault(it => it.ConfigType == eConfigType);
+        return item?.CoreType ?? ECoreType.Xray;
+    }
+
+    #endregion Core Type
+}
--- a/v2rayN/ServiceLib/Manager/CertPemManager.cs
+++ b/v2rayN/ServiceLib/Manager/CertPemManager.cs
@@ -0,0 +1,434 @@
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+
+namespace ServiceLib.Manager;
+
+/// <summary>
+/// Manager for certificate operations with CA pinning to prevent MITM attacks
+/// </summary>
+public class CertPemManager
+{
+    private static readonly string _tag = "CertPemManager";
+    private static readonly Lazy<CertPemManager> _instance = new(() => new());
+    public static CertPemManager Instance => _instance.Value;
+
+    /// <summary>
+    /// Trusted CA certificate thumbprints (SHA256) to prevent MITM attacks
+    /// </summary>
+    private static readonly HashSet<string> TrustedCaThumbprints = new(StringComparer.OrdinalIgnoreCase)
+    {
+        "EBD41040E4BB3EC742C9E381D31EF2A41A48B6685C96E7CEF3C1DF6CD4331C99", // GlobalSign Root CA
+        "6DC47172E01CBCB0BF62580D895FE2B8AC9AD4F873801E0C10B9C837D21EB177", // Entrust.net Premium 2048 Secure Server CA
+        "73C176434F1BC6D5ADF45B0E76E727287C8DE57616C1E6E6141A2B2CBC7D8E4C", // Entrust Root Certification Authority
+        "D8E0FEBC1DB2E38D00940F37D27D41344D993E734B99D5656D9778D4D8143624", // Certum Root CA
+        "D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF4", // Comodo AAA Services root
+        "85A0DD7DD720ADB7FF05F83D542B209DC7FF4528F7D677B18389FEA5E5C49E86", // QuoVadis Root CA 2
+        "18F1FC7F205DF8ADDDEB7FE007DD57E3AF375A9C4D8D73546BF4F1FED1E18D35", // QuoVadis Root CA 3
+        "CECDDC905099D8DADFC5B1D209B737CBE2C18CFB2C10C0FF0BCF0D3286FC1AA2", // XRamp Global CA Root
+        "C3846BF24B9E93CA64274C0EC67C1ECC5E024FFCACD2D74019350E81FE546AE4", // Go Daddy Class 2 CA
+        "1465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658", // Starfield Class 2 CA
+        "3E9099B5015E8F486C00BCEA9D111EE721FABA355A89BCF1DF69561E3DC6325C", // DigiCert Assured ID Root CA
+        "4348A0E9444C78CB265E058D5E8944B4D84F9662BD26DB257F8934A443C70161", // DigiCert Global Root CA
+        "7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF", // DigiCert High Assurance EV Root CA
+        "62DD0BE9B9F50A163EA0F8E75C053B1ECA57EA55C8688F647C6881F2C8357B95", // SwissSign Gold CA - G2
+        "F1C1B50AE5A20DD8030EC9F6BC24823DD367B5255759B4E71B61FCE9F7375D73", // SecureTrust CA
+        "4200F5043AC8590EBB527D209ED1503029FBCBD41CA1B506EC27F15ADE7DAC69", // Secure Global CA
+        "0C2CD63DF7806FA399EDE809116B575BF87989F06518F9808C860503178BAF66", // COMODO Certification Authority
+        "1793927A0614549789ADCE2F8F34F7F0B66D0F3AE3A3B84D21EC15DBBA4FADC7", // COMODO ECC Certification Authority
+        "41C923866AB4CAD6B7AD578081582E020797A6CBDF4FFF78CE8396B38937D7F5", // OISTE WISeKey Global Root GA CA
+        "E3B6A2DB2ED7CE48842F7AC53241C7B71D54144BFB40C11F3F1D0B42F5EEA12D", // Certigna
+        "C0A6F4DC63A24BFDCF54EF2A6A082A0A72DE35803E2FF5FF527AE5D87206DFD5", // ePKI Root Certification Authority
+        "EAA962C4FA4A6BAFEBE415196D351CCD888D4F53F3FA8AE6D7C466A94E6042BB", // certSIGN ROOT CA
+        "6C61DAC3A2DEF031506BE036D2A6FE401994FBD13DF9C8D466599274C446EC98", // NetLock Arany (Class Gold) Főtanúsítvány
+        "3C5F81FEA5FAB82C64BFA2EAECAFCDE8E077FC8620A7CAE537163DF36EDBF378", // Microsec e-Szigno Root CA 2009
+        "CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B", // GlobalSign Root CA - R3
+        "2530CC8E98321502BAD96F9B1FBA1B099E2D299E0F4548BB914F363BC0D4531F", // Izenpe.com
+        "45140B3247EB9CC8C5B4F0D7B53091F73292089E6E5A63E2749DD3ACA9198EDA", // Go Daddy Root Certificate Authority - G2
+        "2CE1CB0BF9D2F9E102993FBE215152C3B2DD0CABDE1C68E5319B839154DBB7F5", // Starfield Root Certificate Authority - G2
+        "568D6905A2C88708A4B3025190EDCFEDB1974A606A13C6E5290FCB2AE63EDAB5", // Starfield Services Root Certificate Authority - G2
+        "0376AB1D54C5F9803CE4B2E201A0EE7EEF7B57B636E8A93C9B8D4860C96F5FA7", // AffirmTrust Commercial
+        "0A81EC5A929777F145904AF38D5D509F66B5E2C58FCDB531058B0E17F3F0B41B", // AffirmTrust Networking
+        "70A73F7F376B60074248904534B11482D5BF0E698ECC498DF52577EBF2E93B9A", // AffirmTrust Premium
+        "BD71FDF6DA97E4CF62D1647ADD2581B07D79ADF8397EB4ECBA9C5E8488821423", // AffirmTrust Premium ECC
+        "5C58468D55F58E497E743982D2B50010B6D165374ACF83A7D4A32DB768C4408E", // Certum Trusted Network CA
+        "BFD88FE1101C41AE3E801BF8BE56350EE9BAD1A6B9BD515EDC5C6D5B8711AC44", // TWCA Root Certification Authority
+        "513B2CECB810D4CDE5DD85391ADFC6C2DD60D87BB736D2B521484AA47A0EBEF6", // Security Communication RootCA2
+        "55926084EC963A64B96E2ABE01CE0BA86A64FBFEBCC7AAB5AFC155B37FD76066", // Actalis Authentication Root CA
+        "9A114025197C5BB95D94E63D55CD43790847B646B23CDF11ADA4A00EFF15FB48", // Buypass Class 2 Root CA
+        "EDF7EBBCA27A2A384D387B7D4010C666E2EDB4843E4C29B4AE1D5B9332E6B24D", // Buypass Class 3 Root CA
+        "FD73DAD31C644FF1B43BEF0CCDDA96710B9CD9875ECA7E31707AF3E96D522BBD", // T-TeleSec GlobalRoot Class 3
+        "49E7A442ACF0EA6287050054B52564B650E4F49E42E348D6AA38E039E957B1C1", // D-TRUST Root Class 3 CA 2 2009
+        "EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881", // D-TRUST Root Class 3 CA 2 EV 2009
+        "E23D4A036D7B70E9F595B1422079D2B91EDFBB1FB651A0633EAA8A9DC5F80703", // CA Disig Root R2
+        "9A6EC012E1A7DA9DBE34194D478AD7C0DB1822FB071DF12981496ED104384113", // ACCVRAIZ1
+        "59769007F7685D0FCD50872F9F95D5755A5B2B457D81F3692B610A98672F0E1B", // TWCA Global Root CA
+        "DD6936FE21F8F077C123A1A521C12224F72255B73E03A7260693E8A24B0FA389", // TeliaSonera Root CA v1
+        "91E2F5788D5810EBA7BA58737DE1548A8ECACD014598BC0B143E041B17052552", // T-TeleSec GlobalRoot Class 2
+        "F356BEA244B7A91EB35D53CA9AD7864ACE018E2D35D5F8F96DDF68A6F41AA474", // Atos TrustedRoot 2011
+        "8A866FD1B276B57E578E921C65828A2BED58E9F2F288054134B7F1F4BFC9CC74", // QuoVadis Root CA 1 G3
+        "8FE4FB0AF93A4D0D67DB0BEBB23E37C71BF325DCBCDD240EA04DAF58B47E1840", // QuoVadis Root CA 2 G3
+        "88EF81DE202EB018452E43F864725CEA5FBD1FC2D9D205730709C5D8B8690F46", // QuoVadis Root CA 3 G3
+        "7D05EBB682339F8C9451EE094EEBFEFA7953A114EDB2F44949452FAB7D2FC185", // DigiCert Assured ID Root G2
+        "7E37CB8B4C47090CAB36551BA6F45DB840680FBA166A952DB100717F43053FC2", // DigiCert Assured ID Root G3
+        "CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F", // DigiCert Global Root G2
+        "31AD6648F8104138C738F39EA4320133393E3A18CC02296EF97C2AC9EF6731D0", // DigiCert Global Root G3
+        "552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988", // DigiCert Trusted Root G4
+        "52F0E1C4E58EC629291B60317F074671B85D7EA80D5B07273463534B32B40234", // COMODO RSA Certification Authority
+        "E793C9B02FD8AA13E21C31228ACCB08119643B749C898964B1746D46C3D4CBD2", // USERTrust RSA Certification Authority
+        "4FF460D54B9C86DABFBCFC5712E0400D2BED3FBC4D4FBDAA86E06ADCD2A9AD7A", // USERTrust ECC Certification Authority
+        "179FBC148A3DD00FD24EA13458CC43BFA7F59C8182D783A513F6EBEC100C8924", // GlobalSign ECC Root CA - R5
+        "3C4FB0B95AB8B30032F432B86F535FE172C185D0FD39865837CF36187FA6F428", // Staat der Nederlanden Root CA - G3
+        "5D56499BE4D2E08BCFCAD08A3E38723D50503BDE706948E42F55603019E528AE", // IdenTrust Commercial Root CA 1
+        "30D0895A9A448A262091635522D1F52010B5867ACAE12C78EF958FD4F4389F2F", // IdenTrust Public Sector Root CA 1
+        "43DF5774B03E7FEF5FE40D931A7BEDF1BB2E6B42738C4E6D3841103D3AA7F339", // Entrust Root Certification Authority - G2
+        "02ED0EB28C14DA45165C566791700D6451D7FB56F0B2AB1D3B8EB070E56EDFF5", // Entrust Root Certification Authority - EC1
+        "5CC3D78E4E1D5E45547A04E6873E64F90CF9536D1CCC2EF800F355C4C5FD70FD", // CFCA EV ROOT
+        "6B9C08E86EB0F767CFAD65CD98B62149E5494A67F5845E7BD1ED019F27B86BD6", // OISTE WISeKey Global Root GB CA
+        "A1339D33281A0B56E557D3D32B1CE7F9367EB094BD5FA72A7E5004C8DED7CAFE", // SZAFIR ROOT CA2
+        "B676F2EDDAE8775CD36CB0F63CD1D4603961F49E6265BA013A2F0307B6D0B804", // Certum Trusted Network CA 2
+        "A040929A02CE53B4ACF4F2FFC6981CE4496F755E6D45FE0B2A692BCD52523F36", // Hellenic Academic and Research Institutions RootCA 2015
+        "44B545AA8A25E65A73CA15DC27FC36D24C1CB9953A066539B11582DC487B4833", // Hellenic Academic and Research Institutions ECC RootCA 2015
+        "96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6", // ISRG Root X1
+        "EBC5570C29018C4D67B1AA127BAF12F703B4611EBC17B7DAB5573894179B93FA", // AC RAIZ FNMT-RCM
+        "8ECDE6884F3D87B1125BA31AC3FCB13D7016DE7F57CC904FE1CB97C6AE98196E", // Amazon Root CA 1
+        "1BA5B2AA8C65401A82960118F80BEC4F62304D83CEC4713A19C39C011EA46DB4", // Amazon Root CA 2
+        "18CE6CFE7BF14E60B2E347B8DFE868CB31D02EBB3ADA271569F50343B46DB3A4", // Amazon Root CA 3
+        "E35D28419ED02025CFA69038CD623962458DA5C695FBDEA3C22B0BFB25897092", // Amazon Root CA 4
+        "A1A86D04121EB87F027C66F53303C28E5739F943FC84B38AD6AF009035DD9457", // D-TRUST Root CA 3 2013
+        "46EDC3689046D53A453FB3104AB80DCAEC658B2660EA1629DD7E867990648716", // TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
+        "BFFF8FD04433487D6A8AA60C1A29767A9FC2BBB05E420F713A13B992891D3893", // GDCA TrustAUTH R5 ROOT
+        "85666A562EE0BE5CE925C1D8890A6F76A87EC16D4D7D5F29EA7419CF20123B69", // SSL.com Root Certification Authority RSA
+        "3417BB06CC6007DA1B961C920B8AB4CE3FAD820E4AA30B9ACBC4A74EBDCEBC65", // SSL.com Root Certification Authority ECC
+        "2E7BF16CC22485A7BBE2AA8696750761B0AE39BE3B2FE9D0CC6D4EF73491425C", // SSL.com EV Root Certification Authority RSA R2
+        "22A2C1F7BDED704CC1E701B5F408C310880FE956B5DE2A4A44F99C873A25A7C8", // SSL.com EV Root Certification Authority ECC
+        "2CABEAFE37D06CA22ABA7391C0033D25982952C453647349763A3AB5AD6CCF69", // GlobalSign Root CA - R6
+        "8560F91C3624DABA9570B5FEA0DBE36FF11A8323BE9486854FB3F34A5571198D", // OISTE WISeKey Global Root GC CA
+        "9BEA11C976FE014764C1BE56A6F914B5A560317ABD9988393382E5161AA0493C", // UCA Global G2 Root
+        "D43AF9B35473755C9684FC06D7D8CB70EE5C28E773FB294EB41EE71722924D24", // UCA Extended Validation Root
+        "D48D3D23EEDB50A459E55197601C27774B9D7B18C94D5A059511A10250B93168", // Certigna Root CA
+        "40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367", // emSign Root CA - G1
+        "86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B", // emSign ECC Root CA - G3
+        "125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F", // emSign Root CA - C1
+        "BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3", // emSign ECC Root CA - C3
+        "5A2FC03F0C83B090BBFA40604B0988446C7636183DF9846E17101A447FB8EFD6", // Hongkong Post Root CA 3
+        "DB3517D1F6732A2D5AB97C533EC70779EE3270A62FB4AC4238372460E6F01E88", // Entrust Root Certification Authority - G4
+        "358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02", // Microsoft ECC Root Certificate Authority 2017
+        "C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0", // Microsoft RSA Root Certificate Authority 2017
+        "BEB00B30839B9BC32C32E4447905950641F26421B15ED089198B518AE2EA1B99", // e-Szigno Root CA 2017
+        "657CFE2FA73FAA38462571F332A2363A46FCE7020951710702CDFBB6EEDA3305", // certSIGN Root CA G2
+        "97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8", // Trustwave Global Certification Authority
+        "945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4", // Trustwave Global ECC P256 Certification Authority
+        "55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097", // Trustwave Global ECC P384 Certification Authority
+        "88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265", // NAVER Global Root Certification Authority
+        "554153B13D2CF9DDB753BFBE1A4E0AE08D0AA4187058FE60A2B862B2E4B87BCB", // AC RAIZ FNMT-RCM SERVIDORES SEGUROS
+        "319AF0A7729E6F89269C131EA6A3A16FCD86389FDCAB3C47A4A675C161A3F974", // GlobalSign Secure Mail Root R45
+        "5CBF6FB81FD417EA4128CD6F8172A3C9402094F74AB2ED3A06B4405D04F30B19", // GlobalSign Secure Mail Root E45
+        "4FA3126D8D3A11D1C4855A4F807CBAD6CF919D3A5A88B03BEA2C6372D93C40C9", // GlobalSign Root R46
+        "CBB9C44D84B8043E1050EA31A69F514955D7BFD2E2C6B49301019AD61D9F5058", // GlobalSign Root E46
+        "9A296A5182D1D451A2E37F439B74DAAFA267523329F90F9A0D2007C334E23C9A", // GLOBALTRUST 2020
+        "FB8FEC759169B9106B1E511644C618C51304373F6C0643088D8BEFFD1B997599", // ANF Secure Server Root CA
+        "6B328085625318AA50D173C98D8BDA09D57E27413D114CF787A0F5D06C030CF6", // Certum EC-384 CA
+        "FE7696573855773E37A95E7AD4D9CC96C30157C15D31765BA9B15704E1AE78FD", // Certum Trusted Root CA
+        "2E44102AB58CB85419451C8E19D9ACF3662CAFBC614B6A53960A30F7D0E2EB41", // TunTrust Root CA
+        "D95D0E8EDA79525BF9BEB11B14D2100D3294985F0C62D9FABD9CD999ECCB7B1D", // HARICA TLS RSA Root CA 2021
+        "3F99CC474ACFCE4DFED58794665E478D1547739F2E780F1BB4CA9B133097D401", // HARICA TLS ECC Root CA 2021
+        "1BE7ABE30686B16348AFD1C61B6866A0EA7F4821E67D5E8AF937CF8011BC750D", // HARICA Client RSA Root CA 2021
+        "8DD4B5373CB0DE36769C12339280D82746B3AA6CD426E797A31BABE4279CF00B", // HARICA Client ECC Root CA 2021
+        "57DE0583EFD2B26E0361DA99DA9DF4648DEF7EE8441C3B728AFA9BCDE0F9B26A", // Autoridad de Certificacion Firmaprofesional CIF A62634068
+        "30FBBA2C32238E2A98547AF97931E550428B9B3F1C8EEB6633DCFA86C5B27DD3", // vTrus ECC Root CA
+        "8A71DE6559336F426C26E53880D00D88A18DA4C6A91F0DCB6194E206C5C96387", // vTrus Root CA
+        "69729B8E15A86EFC177A57AFB7171DFC64ADD28C2FCA8CF1507E34453CCB1470", // ISRG Root X2
+        "F015CE3CC239BFEF064BE9F1D2C417E1A0264A0A94BE1F0C8D121864EB6949CC", // HiPKI Root CA - G1
+        "B085D70B964F191A73E4AF0D54AE7A0E07AAFDAF9B71DD0862138AB7325A24A2", // GlobalSign ECC Root CA - R4
+        "D947432ABDE7B7FA90FC2E6B59101B1280E0E1C7E4E40FA3C6887FFF57A7F4CF", // GTS Root R1
+        "8D25CD97229DBF70356BDA4EB3CC734031E24CF00FAFCFD32DC76EB5841C7EA8", // GTS Root R2
+        "34D8A73EE208D9BCDB0D956520934B4E40E69482596E8B6F73C8426B010A6F48", // GTS Root R3
+        "349DFA4058C5E263123B398AE795573C4E1313C83FE68F93556CD5E8031B3C7D", // GTS Root R4
+        "242B69742FCB1E5B2ABF98898B94572187544E5B4D9911786573621F6A74B82C", // Telia Root CA v2
+        "E59AAA816009C22BFF5B25BAD37DF306F049797C1F81D85AB089E657BD8F0044", // D-TRUST BR Root CA 1 2020
+        "08170D1AA36453901A2F959245E347DB0C8D37ABAABC56B81AA100DC958970DB", // D-TRUST EV Root CA 1 2020
+        "018E13F0772532CF809BD1B17281867283FC48C6E13BE9C69812854A490C1B05", // DigiCert TLS ECC P384 Root G5
+        "371A00DC0533B3721A7EEB40E8419E70799D2B0A0F2C1D80693165F7CEC4AD75", // DigiCert TLS RSA4096 Root G5
+        "E8E8176536A60CC2C4E10187C3BEFCA20EF263497018F566D5BEA0F94D0C111B", // DigiCert SMIME ECC P384 Root G5
+        "90370D3EFA88BF58C30105BA25104A358460A7FA52DFC2011DF233A0F417912A", // DigiCert SMIME RSA4096 Root G5
+        "77B82CD8644C4305F7ACC5CB156B45675004033D51C60C6202A8E0C33467D3A0", // Certainly Root R1
+        "B4585F22E4AC756A4E8612A1361C5D9D031A93FD84FEBB778FA3068B0FC42DC2", // Certainly Root E1
+        "82BD5D851ACF7F6E1BA7BFCBC53030D0E7BC3C21DF772D858CAB41D199BDF595", // DIGITALSIGN GLOBAL ROOT RSA CA
+        "261D7114AE5F8FF2D8C7209A9DE4289E6AFC9D717023D85450909199F1857CFE", // DIGITALSIGN GLOBAL ROOT ECDSA CA
+        "E74FBDA55BD564C473A36B441AA799C8A68E077440E8288B9FA1E50E4BBACA11", // Security Communication ECC RootCA1
+        "F3896F88FE7C0A882766A7FA6AD2749FB57A7F3E98FB769C1FA7B09C2C44D5AE", // BJCA Global Root CA1
+        "574DF6931E278039667B720AFDC1600FC27EB66DD3092979FB73856487212882", // BJCA Global Root CA2
+        "48E1CF9E43B688A51044160F46D773B8277FE45BEAAD0E4DF90D1974382FEA99", // LAWtrust Root CA2 (4096)
+        "22D9599234D60F1D4BC7C7E96F43FA555B07301FD475175089DAFB8C25E477B3", // Sectigo Public Email Protection Root E46
+        "D5917A7791EB7CF20A2E57EB98284A67B28A57E89182DA53D546678C9FDE2B4F", // Sectigo Public Email Protection Root R46
+        "C90F26F0FB1B4018B22227519B5CA2B53E2CA5B3BE5CF18EFE1BEF47380C5383", // Sectigo Public Server Authentication Root E46
+        "7BB647A62AEEAC88BF257AA522D01FFEA395E0AB45C73F93F65654EC38F25A06", // Sectigo Public Server Authentication Root R46
+        "8FAF7D2E2CB4709BB8E0B33666BF75A5DD45B5DE480F8EA8D4BFE6BEBC17F2ED", // SSL.com TLS RSA Root CA 2022
+        "C32FFD9F46F936D16C3673990959434B9AD60AAFBB9E7CF33654F144CC1BA143", // SSL.com TLS ECC Root CA 2022
+        "AD7DD58D03AEDB22A30B5084394920CE12230C2D8017AD9B81AB04079BDD026B", // SSL.com Client ECC Root CA 2022
+        "1D4CA4A2AB21D0093659804FC0EB2175A617279B56A2475245C9517AFEB59153", // SSL.com Client RSA Root CA 2022
+        "E38655F4B0190C84D3B3893D840A687E190A256D98052F159E6D4A39F589A6EB", // Atos TrustedRoot Root CA ECC G2 2020
+        "78833A783BB2986C254B9370D3C20E5EBA8FA7840CBF63FE17297A0B0119685E", // Atos TrustedRoot Root CA RSA G2 2020
+        "B2FAE53E14CCD7AB9212064701AE279C1D8988FACB775FA8A008914E663988A8", // Atos TrustedRoot Root CA ECC TLS 2021
+        "81A9088EA59FB364C548A6F85559099B6F0405EFBF18E5324EC9F457BA00112F", // Atos TrustedRoot Root CA RSA TLS 2021
+        "E0D3226AEB1163C2E48FF9BE3B50B4C6431BE7BB1EACC5C36B5D5EC509039A08", // TrustAsia Global Root CA G3
+        "BE4B56CB5056C0136A526DF444508DAA36A0B54F42E4AC38F72AF470E479654C", // TrustAsia Global Root CA G4
+        "D92C171F5CF890BA428019292927FE22F3207FD2B54449CB6F675AF4922146E2", // D-Trust SBR Root CA 1 2022
+        "DBA84DD7EF622D485463A90137EA4D574DF8550928F6AFA03B4D8B1141E636CC", // D-Trust SBR Root CA 2 2022
+        "3AE6DF7E0D637A65A8C81612EC6F9A142F85A16834C10280D88E707028518755", // Telekom Security SMIME ECC Root 2021
+        "578AF4DED0853F4E5998DB4AEAF9CBEA8D945F60B620A38D1A3C13B2BC7BA8E1", // Telekom Security TLS ECC Root 2020
+        "78A656344F947E9CC0F734D9053D32F6742086B6B9CD2CAE4FAE1A2E4EFDE048", // Telekom Security SMIME RSA Root 2023
+        "EFC65CADBB59ADB6EFE84DA22311B35624B71B3B1EA0DA8B6655174EC8978646", // Telekom Security TLS RSA Root 2023
+        "BEF256DAF26E9C69BDEC1602359798F3CAF71821A03E018257C53C65617F3D4A", // FIRMAPROFESIONAL CA ROOT-A WEB
+        "3F63BB2814BE174EC8B6439CF08D6D56F0B7C405883A5648A334424D6B3EC558", // TWCA CYBER Root CA
+        "3A0072D49FFC04E996C59AEB75991D3C340F3615D6FD4DCE90AC0B3D88EAD4F4", // TWCA Global Root CA G2
+        "3F034BB5704D44B2D08545A02057DE93EBF3905FCE721ACBC730C06DDAEE904E", // SecureSign Root CA12
+        "4B009C1034494F9AB56BBA3BA1D62731FC4D20D8955ADCEC10A925607261E338", // SecureSign Root CA14
+        "E778F0F095FE843729CD1A0082179E5314A9C291442805E1FB1D8FB6B8886C3A", // SecureSign Root CA15
+        "0552E6F83FDF65E8FA9670E666DF28A4E21340B510CBE52566F97C4FB94B2BD1", // D-TRUST BR Root CA 2 2023
+        "436472C1009A325C54F1A5BBB5468A7BAEECCBE05DE5F099CB70D3FE41E13C16", // TrustAsia SMIME ECC Root CA
+        "C7796BEB62C101BB143D262A7C96A0C6168183223EF50D699632D86E03B8CC9B", // TrustAsia SMIME RSA Root CA
+        "C0076B9EF0531FB1A656D67C4EBE97CD5DBAA41EF44598ACC2489878C92D8711", // TrustAsia TLS ECC Root CA
+        "06C08D7DAFD876971EB1124FE67F847EC0C7A158D3EA53CBE940E2EA9791F4C3", // TrustAsia TLS RSA Root CA
+        "8E8221B2E7D4007836A1672F0DCC299C33BC07D316F132FA1A206D587150F1CE", // D-TRUST EV Root CA 2 2023
+        "9A12C392BFE57891A0C545309D4D9FD567E480CB613D6342278B195C79A7931F", // SwissSign RSA SMIME Root CA 2022 - 1
+        "193144F431E0FDDB740717D4DE926A571133884B4360D30E272913CBE660CE41", // SwissSign RSA TLS Root CA 2022 - 1
+        "D9A32485A8CCA85539CEF12FFFFF711378A17851D73DA2732AB4302D763BD62B", // OISTE Client Root ECC G1
+        "D02A0F994A868C66395F2E7A880DF509BD0C29C96DE16015A0FD501EDA4F96A9", // OISTE Client Root RSA G1
+        "EEC997C0C30F216F7E3B8B307D2BAE42412D753FC8219DAFD1520B2572850F49", // OISTE Server Root ECC G1
+        "9AE36232A5189FFDDB353DFD26520C015395D22777DAC59DB57B98C089A651E6", // OISTE Server Root RSA G1
+        "B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4", // e-Szigno TLS Root CA 2023
+    };
+
+    /// <summary>
+    /// Get certificate in PEM format from a server with CA pinning validation
+    /// </summary>
+    public async Task<(string?, string?)> GetCertPemAsync(string target, string serverName, int timeout = 4)
+    {
+        try
+        {
+            var (domain, _, port, _) = Utils.ParseUrl(target);
+
+            using var cts = new CancellationTokenSource();
+            cts.CancelAfter(TimeSpan.FromSeconds(timeout));
+
+            using var client = new TcpClient();
+            await client.ConnectAsync(domain, port > 0 ? port : 443, cts.Token);
+
+            await using var ssl = new SslStream(client.GetStream(), false, ValidateServerCertificate);
+
+            var sslOptions = new SslClientAuthenticationOptions
+            {
+                TargetHost = serverName,
+                RemoteCertificateValidationCallback = ValidateServerCertificate
+            };
+
+            await ssl.AuthenticateAsClientAsync(sslOptions, cts.Token);
+
+            var remote = ssl.RemoteCertificate;
+            if (remote == null)
+            {
+                return (null, null);
+            }
+
+            var leaf = new X509Certificate2(remote);
+            return (ExportCertToPem(leaf), null);
+        }
+        catch (OperationCanceledException)
+        {
+            Logging.SaveLog(_tag, new TimeoutException($"Connection timeout after {timeout} seconds"));
+            return (null, $"Connection timeout after {timeout} seconds");
+        }
+        catch (Exception ex)
+        {
+            Logging.SaveLog(_tag, ex);
+            return (null, ex.Message);
+        }
+    }
+
+    /// <summary>
+    /// Get certificate chain in PEM format from a server with CA pinning validation
+    /// </summary>
+    public async Task<(List<string>, string?)> GetCertChainPemAsync(string target, string serverName, int timeout = 4)
+    {
+        var pemList = new List<string>();
+        try
+        {
+            var (domain, _, port, _) = Utils.ParseUrl(target);
+
+            using var cts = new CancellationTokenSource();
+            cts.CancelAfter(TimeSpan.FromSeconds(timeout));
+
+            using var client = new TcpClient();
+            await client.ConnectAsync(domain, port > 0 ? port : 443, cts.Token);
+
+            await using var ssl = new SslStream(client.GetStream(), false, ValidateServerCertificate);
+
+            var sslOptions = new SslClientAuthenticationOptions
+            {
+                TargetHost = serverName,
+                RemoteCertificateValidationCallback = ValidateServerCertificate
+            };
+
+            await ssl.AuthenticateAsClientAsync(sslOptions, cts.Token);
+
+            if (ssl.RemoteCertificate is not X509Certificate2 certChain)
+            {
+                return (pemList, null);
+            }
+
+            var chain = new X509Chain();
+            chain.Build(certChain);
+
+            pemList.AddRange(chain.ChainElements.Select(element => ExportCertToPem(element.Certificate)));
+
+            return (pemList, null);
+        }
+        catch (OperationCanceledException)
+        {
+            Logging.SaveLog(_tag, new TimeoutException($"Connection timeout after {timeout} seconds"));
+            return (pemList, $"Connection timeout after {timeout} seconds");
+        }
+        catch (Exception ex)
+        {
+            Logging.SaveLog(_tag, ex);
+            return (pemList, ex.Message);
+        }
+    }
+
+    /// <summary>
+    /// Validate server certificate with CA pinning
+    /// </summary>
+    private bool ValidateServerCertificate(
+        object sender,
+        X509Certificate? certificate,
+        X509Chain? chain,
+        SslPolicyErrors sslPolicyErrors)
+    {
+        if (certificate == null)
+        {
+            return false;
+        }
+
+        // Check certificate name mismatch
+        if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNameMismatch))
+        {
+            return false;
+        }
+
+        // Build certificate chain
+        var cert2 = certificate as X509Certificate2 ?? new X509Certificate2(certificate);
+        var certChain = chain ?? new X509Chain();
+
+        certChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
+        certChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
+        certChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
+        certChain.ChainPolicy.VerificationTime = DateTime.Now;
+
+        certChain.Build(cert2);
+
+        // Find root CA
+        if (certChain.ChainElements.Count == 0)
+        {
+            return false;
+        }
+
+        var rootCert = certChain.ChainElements[certChain.ChainElements.Count - 1].Certificate;
+        var rootThumbprint = rootCert.GetCertHashString(HashAlgorithmName.SHA256);
+
+        return TrustedCaThumbprints.Contains(rootThumbprint);
+    }
+
+    public static string ExportCertToPem(X509Certificate2 cert)
+    {
+        var der = cert.Export(X509ContentType.Cert);
+        var b64 = Convert.ToBase64String(der);
+        return $"-----BEGIN CERTIFICATE-----\n{b64}\n-----END CERTIFICATE-----\n";
+    }
+
+    /// <summary>
+    /// Parse concatenated PEM certificates string into a list of individual certificates
+    /// Normalizes format: removes line breaks from base64 content for better compatibility
+    /// </summary>
+    /// <param name="pemChain">Concatenated PEM certificates string (supports both \r\n and \n line endings)</param>
+    /// <returns>List of individual PEM certificate strings with normalized format</returns>
+    public static List<string> ParsePemChain(string pemChain)
+    {
+        var certs = new List<string>();
+        if (string.IsNullOrWhiteSpace(pemChain))
+        {
+            return certs;
+        }
+
+        // Normalize line endings (CRLF -> LF) at the beginning
+        pemChain = pemChain.Replace("\r\n", "\n").Replace("\r", "\n");
+
+        const string beginMarker = "-----BEGIN CERTIFICATE-----";
+        const string endMarker = "-----END CERTIFICATE-----";
+
+        var index = 0;
+        while (index < pemChain.Length)
+        {
+            var beginIndex = pemChain.IndexOf(beginMarker, index, StringComparison.Ordinal);
+            if (beginIndex == -1)
+            {
+                break;
+            }
+
+            var endIndex = pemChain.IndexOf(endMarker, beginIndex, StringComparison.Ordinal);
+            if (endIndex == -1)
+            {
+                break;
+            }
+
+            // Extract certificate content
+            var base64Start = beginIndex + beginMarker.Length;
+            var base64Content = pemChain.Substring(base64Start, endIndex - base64Start);
+
+            // Remove all whitespace from base64 content
+            base64Content = new string(base64Content.Where(c => !char.IsWhiteSpace(c)).ToArray());
+
+            // Reconstruct with clean format: BEGIN marker + base64 (no line breaks) + END marker
+            var normalizedCert = $"{beginMarker}\n{base64Content}\n{endMarker}\n";
+            certs.Add(normalizedCert);
+
+            // Move to next certificate
+            index = endIndex + endMarker.Length;
+        }
+
+        return certs;
+    }
+
+    /// <summary>
+    /// Concatenate a list of PEM certificates into a single string
+    /// </summary>
+    /// <param name="pemList">List of individual PEM certificate strings</param>
+    /// <returns>Concatenated PEM certificates string</returns>
+    public static string ConcatenatePemChain(IEnumerable<string> pemList)
+    {
+        if (pemList == null)
+        {
+            return string.Empty;
+        }
+
+        return string.Concat(pemList);
+    }
+
+    public static string GetCertSha256Thumbprint(string pemCert, bool includeColon = false)
+    {
+        try
+        {
+            var cert = X509Certificate2.CreateFromPem(pemCert);
+            var thumbprint = cert.GetCertHashString(HashAlgorithmName.SHA256);
+            if (includeColon)
+            {
+                return string.Join(":", thumbprint.Chunk(2).Select(c => new string(c)));
+            }
+            return thumbprint;
+        }
+        catch
+        {
+            return string.Empty;
+        }
+    }
+}
--- a/v2rayN/ServiceLib/Manager/ClashApiManager.cs
+++ b/v2rayN/ServiceLib/Manager/ClashApiManager.cs
@@ -1,11 +1,11 @@
 using static ServiceLib.Models.ClashProxies;

-namespace ServiceLib.Handler;
+namespace ServiceLib.Manager;

-public sealed class ClashApiHandler
+public sealed class ClashApiManager
 {
-    private static readonly Lazy<ClashApiHandler> instance = new(() => new());
-    public static ClashApiHandler Instance => instance.Value;
+    private static readonly Lazy<ClashApiManager> instance = new(() => new());
+    public static ClashApiManager Instance => instance.Value;

    private static readonly string _tag = "ClashApiHandler";
    private Dictionary<string, ProxiesItem>? _proxies;
@@ -35,7 +35,7 @@ public sealed class ClashApiHandler
        return null;
    }

-    public void ClashProxiesDelayTest(bool blAll, List<ClashProxyModel> lstProxy, Action<ClashProxyModel?, string> updateFunc)
+    public void ClashProxiesDelayTest(bool blAll, List<ClashProxyModel> lstProxy, Func<ClashProxyModel?, string, Task> updateFunc)
    {
        Task.Run(async () =>
        {
@@ -65,7 +65,7 @@ public sealed class ClashApiHandler
                return;
            }
            var urlBase = $"{GetApiUrl()}/proxies";
-            urlBase += @"/{0}/delay?timeout=10000&url=" + AppHandler.Instance.Config.SpeedTestItem.SpeedPingTestUrl;
+            urlBase += @"/{0}/delay?timeout=10000&url=" + AppManager.Instance.Config.SpeedTestItem.SpeedPingTestUrl;

            var tasks = new List<Task>();
            foreach (var it in lstProxy)
@@ -79,12 +79,12 @@ public sealed class ClashApiHandler
                tasks.Add(Task.Run(async () =>
                {
                    var result = await HttpClientHelper.Instance.TryGetAsync(url);
-                    updateFunc?.Invoke(it, result);
+                    await updateFunc?.Invoke(it, result);
                }));
            }
            await Task.WhenAll(tasks);
            await Task.Delay(1000);
-            updateFunc?.Invoke(null, "");
+            await updateFunc?.Invoke(null, "");
        });
    }

@@ -182,6 +182,6 @@ public sealed class ClashApiHandler

    private string GetApiUrl()
    {
-        return $"{Global.HttpProtocol}{Global.Loopback}:{AppHandler.Instance.StatePort2}";
+        return $"{Global.HttpProtocol}{Global.Loopback}:{AppManager.Instance.StatePort2}";
    }
 }
--- a/v2rayN/ServiceLib/Manager/CoreAdminManager.cs
+++ b/v2rayN/ServiceLib/Manager/CoreAdminManager.cs
@@ -0,0 +1,91 @@
+using CliWrap;
+using CliWrap.Buffered;
+
+namespace ServiceLib.Manager;
+
+public class CoreAdminManager
+{
+    private static readonly Lazy<CoreAdminManager> _instance = new(() => new());
+    public static CoreAdminManager Instance => _instance.Value;
+    private Config _config;
+    private Func<bool, string, Task>? _updateFunc;
+    private int _linuxSudoPid = -1;
+    private const string _tag = "CoreAdminHandler";
+
+    public async Task Init(Config config, Func<bool, string, Task> updateFunc)
+    {
+        if (_config != null)
+        {
+            return;
+        }
+        _config = config;
+        _updateFunc = updateFunc;
+
+        await Task.CompletedTask;
+    }
+
+    private async Task UpdateFunc(bool notify, string msg)
+    {
+        await _updateFunc?.Invoke(notify, msg);
+    }
+
+    public async Task<ProcessService?> RunProcessAsLinuxSudo(string fileName, CoreInfo coreInfo, string configPath)
+    {
+        StringBuilder sb = new();
+        sb.AppendLine("#!/bin/bash");
+        var cmdLine = $"{fileName.AppendQuotes()} {string.Format(coreInfo.Arguments, Utils.GetBinConfigPath(configPath).AppendQuotes())}";
+        sb.AppendLine($"exec sudo -S -- {cmdLine}");
+        var shFilePath = await FileUtils.CreateLinuxShellFile("run_as_sudo.sh", sb.ToString(), true);
+
+        var procService = new ProcessService(
+            fileName: shFilePath,
+            arguments: "",
+            workingDirectory: Utils.GetBinConfigPath(),
+            displayLog: true,
+            redirectInput: true,
+            environmentVars: null,
+            updateFunc: _updateFunc
+        );
+
+        await procService.StartAsync(AppManager.Instance.LinuxSudoPwd);
+
+        if (procService is null or { HasExited: true })
+        {
+            throw new Exception(ResUI.FailedToRunCore);
+        }
+        _linuxSudoPid = procService.Id;
+
+        return procService;
+    }
+
+    public async Task KillProcessAsLinuxSudo()
+    {
+        if (_linuxSudoPid < 0)
+        {
+            return;
+        }
+
+        try
+        {
+            var shellFileName = Utils.IsMacOS() ? Global.KillAsSudoOSXShellFileName : Global.KillAsSudoLinuxShellFileName;
+            var shFilePath = await FileUtils.CreateLinuxShellFile("kill_as_sudo.sh", EmbedUtils.GetEmbedText(shellFileName), true);
+            if (shFilePath.Contains(' '))
+            {
+                shFilePath = shFilePath.AppendQuotes();
+            }
+            var arg = new List<string>() { "-c", $"sudo -S {shFilePath} {_linuxSudoPid}" };
+            var result = await Cli.Wrap(Global.LinuxBash)
+                .WithArguments(arg)
+                .WithStandardInputPipe(PipeSource.FromString(AppManager.Instance.LinuxSudoPwd))
+                .ExecuteBufferedAsync();
+
+            await UpdateFunc(false, result.StandardOutput.ToString());
+        }
+        catch (Exception ex)
+        {
+            Logging.SaveLog(_tag, ex);
+        }
+
+        _linuxSudoPid = -1;
+    }
+}
--- a/v2rayN/ServiceLib/Manager/CoreInfoManager.cs
+++ b/v2rayN/ServiceLib/Manager/CoreInfoManager.cs
@@ -1,12 +1,12 @@
-namespace ServiceLib.Handler;
+namespace ServiceLib.Manager;

-public sealed class CoreInfoHandler
+public sealed class CoreInfoManager
 {
-    private static readonly Lazy<CoreInfoHandler> _instance = new(() => new());
+    private static readonly Lazy<CoreInfoManager> _instance = new(() => new());
    private List<CoreInfo>? _coreInfo;
-    public static CoreInfoHandler Instance => _instance.Value;
+    public static CoreInfoManager Instance => _instance.Value;

-    public CoreInfoHandler()
+    public CoreInfoManager()
    {
        InitCoreInfo();
    }
@@ -80,6 +80,10 @@ public sealed class CoreInfoHandler
                    Url = GetCoreUrl(ECoreType.v2fly),
                    Match = "V2Ray",
                    VersionArg = "-version",
+                    Environment = new Dictionary<string, string?>()
+                    {
+                        { Global.V2RayLocalAsset, Utils.GetBinPath("") },
+                    },
                },

                new CoreInfo
@@ -90,6 +94,10 @@ public sealed class CoreInfoHandler
                    Url = GetCoreUrl(ECoreType.v2fly_v5),
                    Match = "V2Ray",
                    VersionArg = "version",
+                    Environment = new Dictionary<string, string?>()
+                    {
+                        { Global.V2RayLocalAsset, Utils.GetBinPath("") },
+                    },
                },

                new CoreInfo
@@ -107,20 +115,25 @@ public sealed class CoreInfoHandler
                    DownloadUrlOSXArm64 = urlXray + "/download/{0}/Xray-macos-arm64-v8a.zip",
                    Match = "Xray",
                    VersionArg = "-version",
+                    Environment = new Dictionary<string, string?>()
+                    {
+                        { Global.XrayLocalAsset, Utils.GetBinPath("") },
+                        { Global.XrayLocalCert, Utils.GetBinPath("") },
+                    },
                },

                new CoreInfo
                {
                    CoreType = ECoreType.mihomo,
-                    CoreExes = ["mihomo-windows-amd64-compatible", "mihomo-windows-amd64", "mihomo-linux-amd64", "clash", "mihomo"],
+                    CoreExes = GetMihomoCoreExes(),
                    Arguments = "-f {0}" + PortableMode(),
                    Url = GetCoreUrl(ECoreType.mihomo),
                    ReleaseApiUrl = urlMihomo.Replace(Global.GithubUrl, Global.GithubApiUrl),
-                    DownloadUrlWin64 = urlMihomo + "/download/{0}/mihomo-windows-amd64-compatible-{0}.zip",
+                    DownloadUrlWin64 = urlMihomo + "/download/{0}/mihomo-windows-amd64-v1-{0}.zip",
                    DownloadUrlWinArm64 = urlMihomo + "/download/{0}/mihomo-windows-arm64-{0}.zip",
-                    DownloadUrlLinux64 = urlMihomo + "/download/{0}/mihomo-linux-amd64-compatible-{0}.gz",
+                    DownloadUrlLinux64 = urlMihomo + "/download/{0}/mihomo-linux-amd64-v1-{0}.gz",
                    DownloadUrlLinuxArm64 = urlMihomo + "/download/{0}/mihomo-linux-arm64-{0}.gz",
-                    DownloadUrlOSX64 = urlMihomo + "/download/{0}/mihomo-darwin-amd64-compatible-{0}.gz",
+                    DownloadUrlOSX64 = urlMihomo + "/download/{0}/mihomo-darwin-amd64-v1-{0}.gz",
                    DownloadUrlOSXArm64 = urlMihomo + "/download/{0}/mihomo-darwin-arm64-{0}.gz",
                    Match = "Mihomo",
                    VersionArg = "-v",
@@ -205,12 +218,24 @@ public sealed class CoreInfoHandler
                new CoreInfo
                {
                    CoreType = ECoreType.shadowquic,
-                    CoreExes = [ "shadowquic", "shadowquic"],
+                    CoreExes = [ "shadowquic" ],
                    Arguments = "-c {0}",
                    Url =  GetCoreUrl(ECoreType.shadowquic),
                    AbsolutePath = false,
-                }
+                },

+                new CoreInfo
+                {
+                    CoreType = ECoreType.mieru,
+                    CoreExes = [ "mieru" ],
+                    Arguments = "run",
+                    Url =  GetCoreUrl(ECoreType.mieru),
+                    AbsolutePath = false,
+                    Environment = new Dictionary<string, string?>()
+                    {
+                        { "MIERU_CONFIG_JSON_FILE", "{0}" },
+                    },
+                },
        ];
    }

@@ -223,4 +248,34 @@ public sealed class CoreInfoHandler
    {
        return $"{Global.GithubUrl}/{Global.CoreUrls[eCoreType]}/releases";
    }
+
+    private static List<string>? GetMihomoCoreExes()
+    {
+        var names = new List<string>();
+
+        if (Utils.IsWindows())
+        {
+            names.Add("mihomo-windows-amd64-v1");
+            names.Add("mihomo-windows-amd64-compatible");
+            names.Add("mihomo-windows-amd64");
+            names.Add("mihomo-windows-arm64");
+        }
+        else if (Utils.IsLinux())
+        {
+            names.Add("mihomo-linux-amd64-v1");
+            names.Add("mihomo-linux-amd64");
+            names.Add("mihomo-linux-arm64");
+        }
+        else if (Utils.IsMacOS())
+        {
+            names.Add("mihomo-darwin-amd64-v1");
+            names.Add("mihomo-darwin-amd64");
+            names.Add("mihomo-darwin-arm64");
+        }
+
+        names.Add("clash");
+        names.Add("mihomo");
+
+        return names;
+    }
 }
--- a/v2rayN/ServiceLib/Manager/CoreManager.cs
+++ b/v2rayN/ServiceLib/Manager/CoreManager.cs
@@ -0,0 +1,292 @@
+namespace ServiceLib.Manager;
+
+/// <summary>
+/// Core process processing class
+/// </summary>
+public class CoreManager
+{
+    private static readonly Lazy<CoreManager> _instance = new(() => new());
+    public static CoreManager Instance => _instance.Value;
+    private Config _config;
+    private WindowsJobService? _processJob;
+    private ProcessService? _processService;
+    private ProcessService? _processPreService;
+    private bool _linuxSudo = false;
+    private Func<bool, string, Task>? _updateFunc;
+    private const string _tag = "CoreHandler";
+
+    public async Task Init(Config config, Func<bool, string, Task> updateFunc)
+    {
+        _config = config;
+        _updateFunc = updateFunc;
+
+        //Copy the bin folder to the storage location (for init)
+        if (Environment.GetEnvironmentVariable(Global.LocalAppData) == "1")
+        {
+            var fromPath = Utils.GetBaseDirectory("bin");
+            var toPath = Utils.GetBinPath("");
+            if (fromPath != toPath)
+            {
+                FileUtils.CopyDirectory(fromPath, toPath, true, false);
+            }
+        }
+
+        if (Utils.IsNonWindows())
+        {
+            var coreInfo = CoreInfoManager.Instance.GetCoreInfo();
+            foreach (var it in coreInfo)
+            {
+                if (it.CoreType == ECoreType.v2rayN)
+                {
+                    if (Utils.UpgradeAppExists(out var upgradeFileName))
+                    {
+                        await Utils.SetLinuxChmod(upgradeFileName);
+                    }
+                    continue;
+                }
+
+                foreach (var name in it.CoreExes)
+                {
+                    var exe = Utils.GetBinPath(Utils.GetExeName(name), it.CoreType.ToString());
+                    if (File.Exists(exe))
+                    {
+                        await Utils.SetLinuxChmod(exe);
+                    }
+                }
+            }
+        }
+    }
+
+    /// <param name="mainContext">Resolved main context (with pre-socks ports already merged if applicable).</param>
+    /// <param name="preContext">Optional pre-socks context passed to <see cref="CoreStartPreService"/>.</param>
+    public async Task LoadCore(CoreConfigContext? mainContext, CoreConfigContext? preContext)
+    {
+        if (mainContext == null)
+        {
+            await UpdateFunc(false, ResUI.CheckServerSettings);
+            return;
+        }
+
+        var node = mainContext.Node;
+        var fileName = Utils.GetBinConfigPath(Global.CoreConfigFileName);
+        var result = await CoreConfigHandler.GenerateClientConfig(mainContext, fileName);
+        if (result.Success != true)
+        {
+            await UpdateFunc(true, result.Msg);
+            return;
+        }
+
+        await UpdateFunc(false, $"{node.GetSummary()}");
+        await UpdateFunc(false, $"{Utils.GetRuntimeInfo()}");
+        await UpdateFunc(false, string.Format(ResUI.StartService, DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss")));
+        await CoreStop();
+        await Task.Delay(100);
+
+        if (Utils.IsWindows() && _config.TunModeItem.EnableTun)
+        {
+            await Task.Delay(100);
+            await WindowsUtils.RemoveTunDevice();
+        }
+
+        await CoreStart(mainContext);
+        await CoreStartPreService(preContext);
+        if (_processService != null)
+        {
+            await UpdateFunc(true, $"{node.GetSummary()}");
+        }
+    }
+
+    public async Task<ProcessService?> LoadCoreConfigSpeedtest(List<ServerTestItem> selecteds)
+    {
+        var coreType = selecteds.FirstOrDefault()?.CoreType == ECoreType.sing_box ? ECoreType.sing_box : ECoreType.Xray;
+        var fileName = string.Format(Global.CoreSpeedtestConfigFileName, Utils.GetGuid(false));
+        var configPath = Utils.GetBinConfigPath(fileName);
+        var result = await CoreConfigHandler.GenerateClientSpeedtestConfig(_config, configPath, selecteds, coreType);
+        await UpdateFunc(false, result.Msg);
+        if (result.Success != true)
+        {
+            return null;
+        }
+
+        await UpdateFunc(false, string.Format(ResUI.StartService, DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss")));
+        await UpdateFunc(false, configPath);
+
+        var coreInfo = CoreInfoManager.Instance.GetCoreInfo(coreType);
+        return await RunProcess(coreInfo, fileName, true, false);
+    }
+
+    public async Task<ProcessService?> LoadCoreConfigSpeedtest(ServerTestItem testItem)
+    {
+        var node = await AppManager.Instance.GetProfileItem(testItem.IndexId);
+        if (node is null)
+        {
+            return null;
+        }
+
+        var fileName = string.Format(Global.CoreSpeedtestConfigFileName, Utils.GetGuid(false));
+        var configPath = Utils.GetBinConfigPath(fileName);
+        var (context, _) = await CoreConfigContextBuilder.Build(_config, node);
+        var result = await CoreConfigHandler.GenerateClientSpeedtestConfig(_config, context, testItem, configPath);
+        if (result.Success != true)
+        {
+            return null;
+        }
+
+        var coreType = AppManager.Instance.GetCoreType(node, node.ConfigType);
+        var coreInfo = CoreInfoManager.Instance.GetCoreInfo(coreType);
+        return await RunProcess(coreInfo, fileName, true, false);
+    }
+
+    public async Task CoreStop()
+    {
+        try
+        {
+            if (_linuxSudo)
+            {
+                await CoreAdminManager.Instance.KillProcessAsLinuxSudo();
+                _linuxSudo = false;
+            }
+
+            if (_processService != null)
+            {
+                await _processService.StopAsync();
+                _processService.Dispose();
+                _processService = null;
+            }
+
+            if (_processPreService != null)
+            {
+                await _processPreService.StopAsync();
+                _processPreService.Dispose();
+                _processPreService = null;
+            }
+        }
+        catch (Exception ex)
+        {
+            Logging.SaveLog(_tag, ex);
+        }
+    }
+
+    #region Private
+
+    private async Task CoreStart(CoreConfigContext context)
+    {
+        var node = context.Node;
+        var coreType = AppManager.Instance.RunningCoreType = AppManager.Instance.GetCoreType(node, node.ConfigType);
+        var coreInfo = CoreInfoManager.Instance.GetCoreInfo(coreType);
+
+        var displayLog = node.ConfigType != EConfigType.Custom || node.DisplayLog;
+        var proc = await RunProcess(coreInfo, Global.CoreConfigFileName, displayLog, true);
+        if (proc is null)
+        {
+            return;
+        }
+        _processService = proc;
+    }
+
+    private async Task CoreStartPreService(CoreConfigContext? preContext)
+    {
+        if (_processService is { HasExited: false } && preContext != null)
+        {
+            var preCoreType = preContext?.Node?.CoreType ?? ECoreType.sing_box;
+            var fileName = Utils.GetBinConfigPath(Global.CorePreConfigFileName);
+            var result = await CoreConfigHandler.GenerateClientConfig(preContext, fileName);
+            if (result.Success)
+            {
+                var coreInfo = CoreInfoManager.Instance.GetCoreInfo(preCoreType);
+                var proc = await RunProcess(coreInfo, Global.CorePreConfigFileName, true, true);
+                if (proc is null)
+                {
+                    return;
+                }
+                _processPreService = proc;
+            }
+        }
+    }
+
+    private async Task UpdateFunc(bool notify, string msg)
+    {
+        await _updateFunc?.Invoke(notify, msg);
+    }
+
+    #endregion Private
+
+    #region Process
+
+    private async Task<ProcessService?> RunProcess(CoreInfo? coreInfo, string configPath, bool displayLog, bool mayNeedSudo)
+    {
+        var fileName = CoreInfoManager.Instance.GetCoreExecFile(coreInfo, out var msg);
+        if (fileName.IsNullOrEmpty())
+        {
+            await UpdateFunc(false, msg);
+            return null;
+        }
+
+        try
+        {
+            if (mayNeedSudo
+                && _config.TunModeItem.EnableTun
+                && (coreInfo.CoreType is ECoreType.sing_box or ECoreType.mihomo)
+                && Utils.IsNonWindows())
+            {
+                _linuxSudo = true;
+                await CoreAdminManager.Instance.Init(_config, _updateFunc);
+                return await CoreAdminManager.Instance.RunProcessAsLinuxSudo(fileName, coreInfo, configPath);
+            }
+
+            return await RunProcessNormal(fileName, coreInfo, configPath, displayLog);
+        }
+        catch (Exception ex)
+        {
+            Logging.SaveLog(_tag, ex);
+            await UpdateFunc(mayNeedSudo, ex.Message);
+            return null;
+        }
+    }
+
+    private async Task<ProcessService?> RunProcessNormal(string fileName, CoreInfo? coreInfo, string configPath, bool displayLog)
+    {
+        var environmentVars = new Dictionary<string, string>();
+        foreach (var kv in coreInfo.Environment)
+        {
+            environmentVars[kv.Key] = string.Format(kv.Value, coreInfo.AbsolutePath ? Utils.GetBinConfigPath(configPath).AppendQuotes() : configPath);
+        }
+
+        var procService = new ProcessService(
+            fileName: fileName,
+            arguments: string.Format(coreInfo.Arguments, coreInfo.AbsolutePath ? Utils.GetBinConfigPath(configPath).AppendQuotes() : configPath),
+            workingDirectory: Utils.GetBinConfigPath(),
+            displayLog: displayLog,
+            redirectInput: false,
+            environmentVars: environmentVars,
+            updateFunc: _updateFunc
+        );
+
+        await procService.StartAsync();
+
+        await Task.Delay(100);
+
+        if (procService is null or { HasExited: true })
+        {
+            throw new Exception(ResUI.FailedToRunCore);
+        }
+        AddProcessJob(procService.Handle);
+
+        return procService;
+    }
+
+    private void AddProcessJob(nint processHandle)
+    {
+        if (Utils.IsWindows())
+        {
+            _processJob ??= new();
+            try
+            {
+                _processJob?.AddProcess(processHandle);
+            }
+            catch { }
+        }
+    }
+
+    #endregion Process
+}
--- a/v2rayN/ServiceLib/Manager/GroupProfileManager.cs
+++ b/v2rayN/ServiceLib/Manager/GroupProfileManager.cs
@@ -0,0 +1,151 @@
+namespace ServiceLib.Manager;
+
+public class GroupProfileManager
+{
+    public static async Task<bool> HasCycle(ProfileItem item)
+    {
+        return await HasCycle(item.IndexId, item.GetProtocolExtra());
+    }
+
+    public static async Task<bool> HasCycle(string? indexId, ProtocolExtraItem? extraInfo)
+    {
+        return await HasCycle(indexId, extraInfo, new HashSet<string>(), new HashSet<string>());
+    }
+
+    private static async Task<bool> HasCycle(string? indexId, ProtocolExtraItem? extraInfo, HashSet<string> visited, HashSet<string> stack)
+    {
+        if (indexId.IsNullOrEmpty() || extraInfo == null)
+        {
+            return false;
+        }
+
+        if (stack.Contains(indexId))
+        {
+            return true;
+        }
+
+        if (visited.Contains(indexId))
+        {
+            return false;
+        }
+
+        visited.Add(indexId);
+        stack.Add(indexId);
+
+        try
+        {
+            if (extraInfo.GroupType.IsNullOrEmpty())
+            {
+                return false;
+            }
+
+            if (extraInfo.ChildItems.IsNullOrEmpty())
+            {
+                return false;
+            }
+
+            var childIds = Utils.String2List(extraInfo.ChildItems)
+                ?.Where(p => !string.IsNullOrEmpty(p))
+                .ToList();
+            if (childIds == null)
+            {
+                return false;
+            }
+
+            var childItems = await AppManager.Instance.GetProfileItemsByIndexIds(childIds);
+            foreach (var childItem in childItems)
+            {
+                if (await HasCycle(childItem.IndexId, childItem?.GetProtocolExtra(), visited, stack))
+                {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+        finally
+        {
+            stack.Remove(indexId);
+        }
+    }
+
+    public static async Task<(List<ProfileItem> Items, ProtocolExtraItem? Extra)> GetChildProfileItems(ProfileItem profileItem)
+    {
+        var protocolExtra = profileItem?.GetProtocolExtra();
+        return (await GetChildProfileItemsByProtocolExtra(protocolExtra), protocolExtra);
+    }
+
+    public static async Task<List<ProfileItem>> GetChildProfileItemsByProtocolExtra(ProtocolExtraItem? protocolExtra)
+    {
+        if (protocolExtra == null)
+        {
+            return [];
+        }
+
+        var items = new List<ProfileItem>();
+        items.AddRange(await GetSubChildProfileItems(protocolExtra));
+        items.AddRange(await GetSelectedChildProfileItems(protocolExtra));
+
+        return items;
+    }
+
+    private static async Task<List<ProfileItem>> GetSelectedChildProfileItems(ProtocolExtraItem? extra)
+    {
+        if (extra == null || extra.ChildItems.IsNullOrEmpty())
+        {
+            return [];
+        }
+        var childProfileIds = Utils.String2List(extra.ChildItems)
+            ?.Where(p => !string.IsNullOrEmpty(p))
+            .ToList() ?? [];
+        if (childProfileIds.Count == 0)
+        {
+            return [];
+        }
+
+        var ordered = await AppManager.Instance.GetProfileItemsOrderedByIndexIds(childProfileIds);
+        return ordered;
+    }
+
+    private static async Task<List<ProfileItem>> GetSubChildProfileItems(ProtocolExtraItem? extra)
+    {
+        if (extra == null || extra.SubChildItems.IsNullOrEmpty())
+        {
+            return [];
+        }
+        var childProfiles = await AppManager.Instance.ProfileItems(extra.SubChildItems ?? string.Empty);
+
+        return childProfiles?.Where(p =>
+                p != null &&
+                p.IsValid() &&
+                !p.ConfigType.IsComplexType() &&
+                (extra.Filter.IsNullOrEmpty() || Regex.IsMatch(p.Remarks, extra.Filter))
+            )
+            .ToList() ?? [];
+    }
+
+    public static async Task<Dictionary<string, ProfileItem>> GetAllChildProfileItems(ProfileItem profileItem)
+    {
+        var itemMap = new Dictionary<string, ProfileItem>();
+        var visited = new HashSet<string>();
+
+        await CollectChildItems(profileItem, itemMap, visited);
+
+        return itemMap;
+    }
+
+    private static async Task CollectChildItems(ProfileItem profileItem, Dictionary<string, ProfileItem> itemMap,
+        HashSet<string> visited)
+    {
+        var (childItems, _) = await GetChildProfileItems(profileItem);
+        foreach (var child in childItems.Where(child => visited.Add(child.IndexId)))
+        {
+            itemMap[child.IndexId] = child;
+
+            if (child.ConfigType.IsGroupType())
+            {
+                await CollectChildItems(child, itemMap, visited);
+            }
+        }
+    }
+}
--- a/v2rayN/ServiceLib/Manager/NoticeManager.cs
+++ b/v2rayN/ServiceLib/Manager/NoticeManager.cs
@@ -0,0 +1,62 @@
+namespace ServiceLib.Manager;
+
+public class NoticeManager
+{
+    private static readonly Lazy<NoticeManager> _instance = new(() => new());
+    public static NoticeManager Instance => _instance.Value;
+
+    public void Enqueue(string? content)
+    {
+        if (content.IsNullOrEmpty())
+        {
+            return;
+        }
+        AppEvents.SendSnackMsgRequested.Publish(content);
+    }
+
+    public void SendMessage(string? content)
+    {
+        if (content.IsNullOrEmpty())
+        {
+            return;
+        }
+        AppEvents.SendMsgViewRequested.Publish(content);
+    }
+
+    public void SendMessageEx(string? content)
+    {
+        if (content.IsNullOrEmpty())
+        {
+            return;
+        }
+        content = $"{DateTime.Now:yyyy/MM/dd HH:mm:ss} {content}";
+        SendMessage(content);
+    }
+
+    public void SendMessageAndEnqueue(string? msg)
+    {
+        Enqueue(msg);
+        SendMessage(msg);
+    }
+
+    /// <summary>
+    /// Sends each error and warning in <paramref name="validatorResult"/> to the message panel
+    /// and enqueues a summary snack notification (capped at 10 messages).
+    /// Returns <c>true</c> when there were any messages so the caller can decide on early-return
+    /// based on <see cref="NodeValidatorResult.Success"/>.
+    /// </summary>
+    public bool NotifyValidatorResult(NodeValidatorResult validatorResult)
+    {
+        var msgs = new List<string>([.. validatorResult.Errors, .. validatorResult.Warnings]);
+        if (msgs.Count == 0)
+        {
+            return false;
+        }
+        foreach (var msg in msgs)
+        {
+            SendMessage(msg);
+        }
+        Enqueue(Utils.List2String(msgs.Take(10).ToList(), true));
+        return true;
+    }
+}
--- a/v2rayN/ServiceLib/Manager/PacManager.cs
+++ b/v2rayN/ServiceLib/Manager/PacManager.cs
@@ -1,23 +1,21 @@
-using System.Net.Sockets;
-using System.Text;
+namespace ServiceLib.Manager;

-namespace ServiceLib.Handler;
-
-public class PacHandler
+public class PacManager
 {
-    private static string _configPath;
-    private static int _httpPort;
-    private static int _pacPort;
-    private static TcpListener? _tcpListener;
-    private static byte[] _writeContent;
-    private static bool _isRunning;
-    private static bool _needRestart = true;
+    private static readonly Lazy<PacManager> _instance = new(() => new PacManager());
+    public static PacManager Instance => _instance.Value;

-    public static async Task Start(string configPath, int httpPort, int pacPort)
+    private int _httpPort;
+    private int _pacPort;
+    private TcpListener? _tcpListener;
+    private byte[] _writeContent;
+    private bool _isRunning;
+    private bool _needRestart = true;
+
+    public async Task StartAsync(int httpPort, int pacPort)
    {
-        _needRestart = configPath != _configPath || httpPort != _httpPort || pacPort != _pacPort || !_isRunning;
+        _needRestart = httpPort != _httpPort || pacPort != _pacPort || !_isRunning;

-        _configPath = configPath;
        _httpPort = httpPort;
        _pacPort = pacPort;

@@ -30,24 +28,24 @@ public class PacHandler
        }
    }

-    private static async Task InitText()
+    private async Task InitText()
    {
-        var path = Path.Combine(_configPath, "pac.txt");
+        var customSystemProxyPacPath = AppManager.Instance.Config.SystemProxyItem?.CustomSystemProxyPacPath;
+        var fileName = (customSystemProxyPacPath.IsNotEmpty() && File.Exists(customSystemProxyPacPath))
+            ? customSystemProxyPacPath
+            : Path.Combine(Utils.GetConfigPath(), "pac.txt");

-        // Delete the old pac file
-        if (File.Exists(path) && Utils.GetFileHash(path).Equals("b590c07280f058ef05d5394aa2f927fe"))
-        {
-            File.Delete(path);
-        }
+        // TODO: temporarily notify which script is being used
+        NoticeManager.Instance.SendMessage(fileName);

-        if (!File.Exists(path))
+        if (!File.Exists(fileName))
        {
            var pac = EmbedUtils.GetEmbedText(Global.PacFileName);
-            await File.AppendAllTextAsync(path, pac);
+            await File.AppendAllTextAsync(fileName, pac);
        }

-        var pacText =
-            (await File.ReadAllTextAsync(path)).Replace("__PROXY__", $"PROXY 127.0.0.1:{_httpPort};DIRECT;");
+        var pacText = await File.ReadAllTextAsync(fileName);
+        pacText = pacText.Replace("__PROXY__", $"PROXY 127.0.0.1:{_httpPort};DIRECT;");

        var sb = new StringBuilder();
        sb.AppendLine("HTTP/1.0 200 OK");
@@ -59,7 +57,7 @@ public class PacHandler
        _writeContent = Encoding.UTF8.GetBytes(sb.ToString());
    }

-    private static void RunListener()
+    private void RunListener()
    {
        _tcpListener = TcpListener.Create(_pacPort);
        _isRunning = true;
@@ -87,14 +85,14 @@ public class PacHandler
        }, TaskCreationOptions.LongRunning);
    }

-    private static void WriteContent(TcpClient client)
+    private void WriteContent(TcpClient client)
    {
        var stream = client.GetStream();
        stream.Write(_writeContent, 0, _writeContent.Length);
        stream.Flush();
    }

-    public static void Stop()
+    public void Stop()
    {
        if (_tcpListener == null)
        {
--- a/v2rayN/ServiceLib/Manager/ProfileExManager.cs
+++ b/v2rayN/ServiceLib/Manager/ProfileExManager.cs
@@ -1,18 +1,16 @@
-using System.Collections.Concurrent;
-
 //using System.Reactive.Linq;

-namespace ServiceLib.Handler;
+namespace ServiceLib.Manager;

-public class ProfileExHandler
+public class ProfileExManager
 {
-    private static readonly Lazy<ProfileExHandler> _instance = new(() => new());
+    private static readonly Lazy<ProfileExManager> _instance = new(() => new());
    private ConcurrentBag<ProfileExItem> _lstProfileEx = [];
    private readonly Queue<string> _queIndexIds = new();
-    public static ProfileExHandler Instance => _instance.Value;
+    public static ProfileExManager Instance => _instance.Value;
    private static readonly string _tag = "ProfileExHandler";

-    public ProfileExHandler()
+    public ProfileExManager()
    {
        //Init();
    }
--- a/v2rayN/ServiceLib/Manager/StatisticsManager.cs
+++ b/v2rayN/ServiceLib/Manager/StatisticsManager.cs
@@ -1,21 +1,21 @@
-namespace ServiceLib.Handler;
+namespace ServiceLib.Manager;

-public class StatisticsHandler
+public class StatisticsManager
 {
-    private static readonly Lazy<StatisticsHandler> instance = new(() => new());
-    public static StatisticsHandler Instance => instance.Value;
+    private static readonly Lazy<StatisticsManager> instance = new(() => new());
+    public static StatisticsManager Instance => instance.Value;

    private Config _config;
    private ServerStatItem? _serverStatItem;
    private List<ServerStatItem> _lstServerStat;
-    private Action<ServerSpeedItem>? _updateFunc;
+    private Func<ServerSpeedItem, Task>? _updateFunc;

    private StatisticsXrayService? _statisticsXray;
    private StatisticsSingboxService? _statisticsSingbox;
    private static readonly string _tag = "StatisticsHandler";
    public List<ServerStatItem> ServerStat => _lstServerStat;

-    public async Task Init(Config config, Action<ServerSpeedItem> updateFunc)
+    public async Task Init(Config config, Func<ServerSpeedItem, Task> updateFunc)
    {
        _config = config;
        _updateFunc = updateFunc;
@@ -91,15 +91,15 @@ public class StatisticsHandler
    {
        await SQLiteHelper.Instance.ExecuteAsync($"delete from ServerStatItem where indexId not in ( select indexId from ProfileItem )");

-        long ticks = DateTime.Now.Date.Ticks;
+        var ticks = DateTime.Now.Date.Ticks;
        await SQLiteHelper.Instance.ExecuteAsync($"update ServerStatItem set todayUp = 0,todayDown=0,dateNow={ticks} where dateNow<>{ticks}");

        _lstServerStat = await SQLiteHelper.Instance.TableAsync<ServerStatItem>().ToListAsync();
    }

-    private void UpdateServerStatHandler(ServerSpeedItem server)
+    private async Task UpdateServerStatHandler(ServerSpeedItem server)
    {
-        _ = UpdateServerStat(server);
+        await UpdateServerStat(server);
    }

    private async Task UpdateServerStat(ServerSpeedItem server)
@@ -123,12 +123,12 @@ public class StatisticsHandler
        server.TodayDown = _serverStatItem.TodayDown;
        server.TotalUp = _serverStatItem.TotalUp;
        server.TotalDown = _serverStatItem.TotalDown;
-        _updateFunc?.Invoke(server);
+        await _updateFunc?.Invoke(server);
    }

    private async Task GetServerStatItem(string indexId)
    {
-        long ticks = DateTime.Now.Date.Ticks;
+        var ticks = DateTime.Now.Date.Ticks;
        if (_serverStatItem != null && _serverStatItem.IndexId != indexId)
        {
            _serverStatItem = null;
--- a/v2rayN/ServiceLib/Manager/TaskManager.cs
+++ b/v2rayN/ServiceLib/Manager/TaskManager.cs
@@ -0,0 +1,120 @@
+namespace ServiceLib.Manager;
+
+public class TaskManager
+{
+    private static readonly Lazy<TaskManager> _instance = new(() => new());
+    public static TaskManager Instance => _instance.Value;
+    private Config _config;
+    private Func<bool, string, Task>? _updateFunc;
+
+    public void RegUpdateTask(Config config, Func<bool, string, Task> updateFunc)
+    {
+        _config = config;
+        _updateFunc = updateFunc;
+
+        Task.Run(ScheduledTasks);
+    }
+
+    private async Task ScheduledTasks()
+    {
+        Logging.SaveLog("Setup Scheduled Tasks");
+
+        var numOfExecuted = 1;
+        while (true)
+        {
+            //1 minute
+            await Task.Delay(1000 * 60);
+
+            //Execute once 1 minute
+            try
+            {
+                await UpdateTaskRunSubscription();
+            }
+            catch (Exception ex)
+            {
+                Logging.SaveLog("ScheduledTasks - UpdateTaskRunSubscription", ex);
+            }
+
+            //Execute once 20 minute
+            if (numOfExecuted % 20 == 0)
+            {
+                //Logging.SaveLog("Execute save config");
+
+                try
+                {
+                    await ConfigHandler.SaveConfig(_config);
+                    await ProfileExManager.Instance.SaveTo();
+                }
+                catch (Exception ex)
+                {
+                    Logging.SaveLog("ScheduledTasks - SaveConfig", ex);
+                }
+            }
+
+            //Execute once 1 hour
+            if (numOfExecuted % 60 == 0)
+            {
+                //Logging.SaveLog("Execute delete expired files");
+
+                FileUtils.DeleteExpiredFiles(Utils.GetBinConfigPath(), DateTime.Now.AddHours(-1));
+                FileUtils.DeleteExpiredFiles(Utils.GetLogPath(), DateTime.Now.AddMonths(-1));
+                FileUtils.DeleteExpiredFiles(Utils.GetTempPath(), DateTime.Now.AddMonths(-1));
+
+                try
+                {
+                    await UpdateTaskRunGeo(numOfExecuted / 60);
+                }
+                catch (Exception ex)
+                {
+                    Logging.SaveLog("ScheduledTasks - UpdateTaskRunGeo", ex);
+                }
+            }
+
+            numOfExecuted++;
+        }
+    }
+
+    private async Task UpdateTaskRunSubscription()
+    {
+        var updateTime = ((DateTimeOffset)DateTime.Now).ToUnixTimeSeconds();
+        var lstSubs = (await AppManager.Instance.SubItems())?
+            .Where(t => t.AutoUpdateInterval > 0)
+            .Where(t => updateTime - t.UpdateTime >= t.AutoUpdateInterval * 60)
+            .ToList();
+
+        if (lstSubs is not { Count: > 0 })
+        {
+            return;
+        }
+
+        Logging.SaveLog("Execute update subscription");
+
+        foreach (var item in lstSubs)
+        {
+            await SubscriptionHandler.UpdateProcess(_config, item.Id, true, async (success, msg) =>
+            {
+                await _updateFunc?.Invoke(success, msg);
+                if (success)
+                {
+                    Logging.SaveLog($"Update subscription end. {msg}");
+                }
+            });
+            item.UpdateTime = updateTime;
+            await ConfigHandler.AddSubItem(_config, item);
+            await Task.Delay(1000);
+        }
+    }
+
+    private async Task UpdateTaskRunGeo(int hours)
+    {
+        if (_config.GuiItem.AutoUpdateInterval > 0 && hours > 0 && hours % _config.GuiItem.AutoUpdateInterval == 0)
+        {
+            Logging.SaveLog("Execute update geo files");
+
+            await new UpdateService(_config, async (success, msg) =>
+            {
+                await _updateFunc?.Invoke(false, msg);
+            }).UpdateGeoFileAll();
+        }
+    }
+}
--- a/v2rayN/ServiceLib/Manager/WebDavManager.cs
+++ b/v2rayN/ServiceLib/Manager/WebDavManager.cs
@@ -1,12 +1,11 @@
-using System.Net;
 using WebDav;

-namespace ServiceLib.Handler;
+namespace ServiceLib.Manager;

-public sealed class WebDavHandler
+public sealed class WebDavManager
 {
-    private static readonly Lazy<WebDavHandler> _instance = new(() => new());
-    public static WebDavHandler Instance => _instance.Value;
+    private static readonly Lazy<WebDavManager> _instance = new(() => new());
+    public static WebDavManager Instance => _instance.Value;

    private readonly Config? _config;
    private WebDavClient? _client;
@@ -15,9 +14,9 @@ public sealed class WebDavHandler
    private readonly string _webFileName = "backup.zip";
    private readonly string _tag = "WebDav--";

-    public WebDavHandler()
+    public WebDavManager()
    {
-        _config = AppHandler.Instance.Config;
+        _config = AppManager.Instance.Config;
    }

    private async Task<bool> GetClient()
@@ -44,9 +43,12 @@ public sealed class WebDavHandler
                _webDir = _config.WebDavItem.DirName.TrimEx();
            }

+            // Ensure BaseAddress URL ends with a trailing slash
+            var baseUrl = _config.WebDavItem.Url.Trim().TrimEnd('/') + "/";
+
            var clientParams = new WebDavClientParams
            {
-                BaseAddress = new Uri(_config.WebDavItem.Url),
+                BaseAddress = new Uri(baseUrl),
                Credentials = new NetworkCredential(_config.WebDavItem.UserName, _config.WebDavItem.Password)
            };
            _client = new WebDavClient(clientParams);
--- a/v2rayN/ServiceLib/Models/CheckUpdateModel.cs
+++ b/v2rayN/ServiceLib/Models/CheckUpdateModel.cs
@@ -1,10 +1,10 @@
 namespace ServiceLib.Models;

-public class CheckUpdateModel
+public class CheckUpdateModel : ReactiveObject
 {
    public bool? IsSelected { get; set; }
    public string? CoreType { get; set; }
-    public string? Remarks { get; set; }
+    [Reactive] public string? Remarks { get; set; }
    public string? FileName { get; set; }
    public bool? IsFinished { get; set; }
 }
--- a/v2rayN/ServiceLib/Models/ClashProxyModel.cs
+++ b/v2rayN/ServiceLib/Models/ClashProxyModel.cs
@@ -1,7 +1,7 @@
 namespace ServiceLib.Models;

 [Serializable]
-public class ClashProxyModel
+public class ClashProxyModel : ReactiveObject
 {
    public string? Name { get; set; }

@@ -9,9 +9,9 @@ public class ClashProxyModel

    public string? Now { get; set; }

-    public int Delay { get; set; }
+    [Reactive] public int Delay { get; set; }

-    public string? DelayName { get; set; }
+    [Reactive] public string? DelayName { get; set; }

    public bool IsActive { get; set; }
 }
--- a/v2rayN/ServiceLib/Models/Config.cs
+++ b/v2rayN/ServiceLib/Models/Config.cs
@@ -8,21 +8,6 @@ public class Config
    public string IndexId { get; set; }
    public string SubIndexId { get; set; }

-    public ECoreType RunningCoreType { get; set; }
-
-    public bool IsRunningCore(ECoreType type)
-    {
-        switch (type)
-        {
-            case ECoreType.Xray when RunningCoreType is ECoreType.Xray or ECoreType.v2fly or ECoreType.v2fly_v5:
-            case ECoreType.sing_box when RunningCoreType is ECoreType.sing_box or ECoreType.mihomo:
-                return true;
-
-            default:
-                return false;
-        }
-    }
-
    #endregion property

    #region other entities
@@ -48,6 +33,7 @@ public class Config
    public List<InItem> Inbound { get; set; }
    public List<KeyEventItem> GlobalHotkeys { get; set; }
    public List<CoreTypeItem> CoreTypeItem { get; set; }
+    public SimpleDNSItem SimpleDNSItem { get; set; }

    #endregion other entities
 }
--- a/v2rayN/ServiceLib/Models/ConfigItems.cs
+++ b/v2rayN/ServiceLib/Models/ConfigItems.cs
@@ -71,7 +71,6 @@ public class GUIItem
    public bool DisplayRealTimeSpeed { get; set; }
    public bool KeepOlderDedupl { get; set; }
    public int AutoUpdateInterval { get; set; }
-    public bool EnableSecurityProtocolTls13 { get; set; }
    public int TrayMenuServersLimit { get; set; } = 20;
    public bool EnableHWA { get; set; } = false;
    public bool EnableLog { get; set; } = true;
@@ -101,7 +100,6 @@ public class UIItem
    public bool DoubleClick2Activate { get; set; }
    public bool AutoHideStartup { get; set; }
    public bool Hide2TrayWhenClose { get; set; }
-    public bool ShowInTaskbar { get; set; }
    public bool MacOSShowInDock { get; set; }
    public List<ColumnItem> MainColumnItem { get; set; }
    public List<WindowSizeItem> WindowSizeItem { get; set; }
@@ -142,10 +140,10 @@ public class CoreTypeItem
 public class TunModeItem
 {
    public bool EnableTun { get; set; }
+    public bool AutoRoute { get; set; } = true;
    public bool StrictRoute { get; set; } = true;
    public string Stack { get; set; }
    public int Mtu { get; set; }
-    public bool EnableExInbound { get; set; }
    public bool EnableIPv6Address { get; set; }
 }

@@ -164,7 +162,6 @@ public class RoutingBasicItem
 {
    public string DomainStrategy { get; set; }
    public string DomainStrategy4Singbox { get; set; }
-    public string DomainMatcher { get; set; }
    public string RoutingIndexId { get; set; }
 }

@@ -220,6 +217,8 @@ public class SystemProxyItem
    public string SystemProxyExceptions { get; set; }
    public bool NotProxyLocalAddress { get; set; } = true;
    public string SystemProxyAdvancedProtocol { get; set; }
+    public string? CustomSystemProxyPacPath { get; set; }
+    public string? CustomSystemProxyScriptPath { get; set; }
 }

 [Serializable]
@@ -253,3 +252,22 @@ public class WindowSizeItem
    public int Width { get; set; }
    public int Height { get; set; }
 }
+
+[Serializable]
+public class SimpleDNSItem
+{
+    public bool? UseSystemHosts { get; set; }
+    public bool? AddCommonHosts { get; set; }
+    public bool? FakeIP { get; set; }
+    public bool? GlobalFakeIp { get; set; }
+    public bool? BlockBindingQuery { get; set; }
+    public string? DirectDNS { get; set; }
+    public string? RemoteDNS { get; set; }
+    public string? BootstrapDNS { get; set; }
+    public string? Strategy4Freedom { get; set; }
+    public string? Strategy4Proxy { get; set; }
+    public bool? ServeStale { get; set; }
+    public bool? ParallelQuery { get; set; }
+    public string? Hosts { get; set; }
+    public string? DirectExpectedIPs { get; set; }
+}
--- a/v2rayN/ServiceLib/Models/CoreConfigContext.cs
+++ b/v2rayN/ServiceLib/Models/CoreConfigContext.cs
@@ -0,0 +1,25 @@
+namespace ServiceLib.Models;
+
+public record CoreConfigContext
+{
+    public required ProfileItem Node { get; init; }
+    public required ECoreType RunCoreType { get; init; }
+    public RoutingItem? RoutingItem { get; init; }
+    public DNSItem? RawDnsItem { get; init; }
+    public SimpleDNSItem SimpleDnsItem { get; init; } = new();
+    public Dictionary<string, ProfileItem> AllProxiesMap { get; init; } = new();
+    public Config AppConfig { get; init; } = new();
+    public FullConfigTemplateItem? FullConfigTemplate { get; init; } = new();
+
+    // Test ServerTestItem Map
+    public Dictionary<string, string> ServerTestItemMap { get; init; } = new();
+
+    // TUN Compatibility
+    public bool IsTunEnabled { get; init; } = false;
+    public HashSet<string> ProtectDomainList { get; init; } = new();
+    // -> tun inbound --(if routing proxy)--> relay outbound
+    // -> proxy core (relay inbound --> proxy outbound --(dialerProxy)--> protect outbound)
+    // -> protect inbound -> direct proxy outbound data -> internet
+    public int TunProtectSsPort { get; init; } = 0;
+    public int ProxyRelaySsPort { get; init; } = 0;
+}
--- a/v2rayN/ServiceLib/Models/CoreInfo.cs
+++ b/v2rayN/ServiceLib/Models/CoreInfo.cs
@@ -17,4 +17,5 @@ public class CoreInfo
    public string? Match { get; set; }
    public string? VersionArg { get; set; }
    public bool AbsolutePath { get; set; }
+    public IDictionary<string, string?> Environment { get; set; } = new Dictionary<string, string?>();
 }
--- a/v2rayN/ServiceLib/Models/DNSItem.cs
+++ b/v2rayN/ServiceLib/Models/DNSItem.cs
@@ -1,5 +1,3 @@
-using SQLite;
-
 namespace ServiceLib.Models;

 [Serializable]
@@ -9,7 +7,7 @@ public class DNSItem
    public string Id { get; set; }

    public string Remarks { get; set; }
-    public bool Enabled { get; set; } = true;
+    public bool Enabled { get; set; } = false;
    public ECoreType CoreType { get; set; }
    public bool UseSystemHosts { get; set; }
    public string? NormalDNS { get; set; }
--- a/v2rayN/ServiceLib/Models/FullConfigTemplateItem.cs
+++ b/v2rayN/ServiceLib/Models/FullConfigTemplateItem.cs
@@ -0,0 +1,16 @@
+namespace ServiceLib.Models;
+
+[Serializable]
+public class FullConfigTemplateItem
+{
+    [PrimaryKey]
+    public string Id { get; set; }
+
+    public string Remarks { get; set; }
+    public bool Enabled { get; set; } = false;
+    public ECoreType CoreType { get; set; }
+    public string? Config { get; set; }
+    public string? TunConfig { get; set; }
+    public bool? AddProxyOnly { get; set; } = false;
+    public string? ProxyDetour { get; set; }
+}
--- a/v2rayN/ServiceLib/Models/GitHubRelease.cs
+++ b/v2rayN/ServiceLib/Models/GitHubRelease.cs
@@ -1,5 +1,3 @@
-using System.Text.Json.Serialization;
-
 namespace ServiceLib.Models;

 public class GitHubReleaseAsset
--- a/v2rayN/ServiceLib/Models/ProfileExItem.cs
+++ b/v2rayN/ServiceLib/Models/ProfileExItem.cs
@@ -1,5 +1,3 @@
-using SQLite;
-
 namespace ServiceLib.Models;

 [Serializable]
--- a/v2rayN/ServiceLib/Models/ProfileGroupItem.cs
+++ b/v2rayN/ServiceLib/Models/ProfileGroupItem.cs
@@ -0,0 +1,22 @@
+namespace ServiceLib.Models;
+
+[Obsolete("Use ProtocolExtraItem instead.")]
+[Serializable]
+public class ProfileGroupItem
+{
+    [PrimaryKey]
+    public string IndexId { get; set; }
+
+    public string ChildItems { get; set; }
+
+    public string? SubChildItems { get; set; }
+
+    public string? Filter { get; set; }
+
+    public EMultipleLoad MultipleLoad { get; set; } = EMultipleLoad.LeastPing;
+
+    public bool NotHasChild()
+    {
+        return string.IsNullOrWhiteSpace(ChildItems) && string.IsNullOrWhiteSpace(SubChildItems);
+    }
+}
--- a/v2rayN/ServiceLib/Models/ProfileItem.cs
+++ b/v2rayN/ServiceLib/Models/ProfileItem.cs
@@ -1,21 +1,20 @@
-using ReactiveUI;
-using SQLite;
-
 namespace ServiceLib.Models;

 [Serializable]
-public class ProfileItem : ReactiveObject
+public class ProfileItem
 {
+    private ProtocolExtraItem? _protocolExtraCache;
+
    public ProfileItem()
    {
        IndexId = string.Empty;
        ConfigType = EConfigType.VMess;
-        ConfigVersion = 2;
+        ConfigVersion = 3;
+        Subid = string.Empty;
        Address = string.Empty;
        Port = 0;
-        Id = string.Empty;
-        AlterId = 0;
-        Security = string.Empty;
+        Password = string.Empty;
+        Username = string.Empty;
        Network = string.Empty;
        Remarks = string.Empty;
        HeaderType = string.Empty;
@@ -23,27 +22,28 @@ public class ProfileItem : ReactiveObject
        Path = string.Empty;
        StreamSecurity = string.Empty;
        AllowInsecure = string.Empty;
-        Subid = string.Empty;
-        Flow = string.Empty;
    }

    #region function

    public string GetSummary()
    {
-        var summary = $"[{(ConfigType).ToString()}] ";
-        var arrAddr = Address.Split('.');
-        var addr = arrAddr.Length switch
+        var summary = $"[{ConfigType.ToString()}] ";
+        if (IsComplex())
        {
-            > 2 => $"{arrAddr.First()}***{arrAddr.Last()}",
-            > 1 => $"***{arrAddr.Last()}",
-            _ => Address
-        };
-        summary += ConfigType switch
+            summary += $"[{CoreType.ToString()}]{Remarks}";
+        }
+        else
        {
-            EConfigType.Custom => $"[{CoreType.ToString()}]{Remarks}",
-            _ => $"{Remarks}({addr}:{Port})"
-        };
+            var arrAddr = Address.Contains(':') ? Address.Split(':') : Address.Split('.');
+            var addr = arrAddr.Length switch
+            {
+                > 2 => $"{arrAddr.First()}***{arrAddr.Last()}",
+                > 1 => $"***{arrAddr.Last()}",
+                _ => Address
+            };
+            summary += $"{Remarks}({addr}:{Port})";
+        }
        return summary;
    }

@@ -61,38 +61,139 @@ public class ProfileItem : ReactiveObject
        return Network.TrimEx();
    }

+    public bool IsComplex()
+    {
+        return ConfigType.IsComplexType();
+    }
+
+    public bool IsValid()
+    {
+        if (IsComplex())
+        {
+            return true;
+        }
+
+        if (Address.IsNullOrEmpty() || Port is <= 0 or >= 65536)
+        {
+            return false;
+        }
+
+        switch (ConfigType)
+        {
+            case EConfigType.VMess:
+                if (Password.IsNullOrEmpty() || !Utils.IsGuidByParse(Password))
+                {
+                    return false;
+                }
+
+                break;
+
+            case EConfigType.VLESS:
+                if (Password.IsNullOrEmpty() || (!Utils.IsGuidByParse(Password) && Password.Length > 30))
+                {
+                    return false;
+                }
+
+                if (!Global.Flows.Contains(GetProtocolExtra().Flow ?? string.Empty))
+                {
+                    return false;
+                }
+
+                break;
+
+            case EConfigType.Shadowsocks:
+                if (Password.IsNullOrEmpty())
+                {
+                    return false;
+                }
+
+                if (string.IsNullOrEmpty(GetProtocolExtra().SsMethod)
+                    || !Global.SsSecuritiesInSingbox.Contains(GetProtocolExtra().SsMethod))
+                {
+                    return false;
+                }
+
+                break;
+        }
+
+        if ((ConfigType is EConfigType.VLESS or EConfigType.Trojan)
+            && StreamSecurity == Global.StreamSecurityReality
+            && PublicKey.IsNullOrEmpty())
+        {
+            return false;
+        }
+
+        return true;
+    }
+
+    public void SetProtocolExtra(ProtocolExtraItem extraItem)
+    {
+        _protocolExtraCache = extraItem;
+        ProtoExtra = JsonUtils.Serialize(extraItem, false);
+    }
+
+    public void SetProtocolExtra()
+    {
+        ProtoExtra = JsonUtils.Serialize(_protocolExtraCache, false);
+    }
+
+    public ProtocolExtraItem GetProtocolExtra()
+    {
+        return _protocolExtraCache ??= JsonUtils.Deserialize<ProtocolExtraItem>(ProtoExtra) ?? new ProtocolExtraItem();
+    }
+
    #endregion function

    [PrimaryKey]
    public string IndexId { get; set; }

    public EConfigType ConfigType { get; set; }
+    public ECoreType? CoreType { get; set; }
    public int ConfigVersion { get; set; }
+    public string Subid { get; set; }
+    public bool IsSub { get; set; } = true;
+    public int? PreSocksPort { get; set; }
+    public bool DisplayLog { get; set; } = true;
+    public string Remarks { get; set; }
    public string Address { get; set; }
    public int Port { get; set; }
-    public string Ports { get; set; }
-    public string Id { get; set; }
-    public int AlterId { get; set; }
-    public string Security { get; set; }
+    public string Password { get; set; }
+    public string Username { get; set; }
    public string Network { get; set; }
-    public string Remarks { get; set; }
    public string HeaderType { get; set; }
    public string RequestHost { get; set; }
    public string Path { get; set; }
    public string StreamSecurity { get; set; }
    public string AllowInsecure { get; set; }
-    public string Subid { get; set; }
-    public bool IsSub { get; set; } = true;
-    public string Flow { get; set; }
    public string Sni { get; set; }
    public string Alpn { get; set; } = string.Empty;
-    public ECoreType? CoreType { get; set; }
-    public int? PreSocksPort { get; set; }
    public string Fingerprint { get; set; }
-    public bool DisplayLog { get; set; } = true;
    public string PublicKey { get; set; }
    public string ShortId { get; set; }
    public string SpiderX { get; set; }
+    public string Mldsa65Verify { get; set; }
    public string Extra { get; set; }
    public bool? MuxEnabled { get; set; }
+    public string Cert { get; set; }
+    public string CertSha { get; set; }
+    public string EchConfigList { get; set; }
+    public string EchForceQuery { get; set; }
+    public string Finalmask { get; set; }
+
+    public string ProtoExtra { get; set; }
+
+    [Obsolete("Use ProtocolExtraItem.Ports instead.")]
+    public string Ports { get; set; }
+
+    [Obsolete("Use ProtocolExtraItem.AlterId instead.")]
+    public int AlterId { get; set; }
+
+    [Obsolete("Use ProtocolExtraItem.Flow instead.")]
+    public string Flow { get; set; }
+
+    [Obsolete("Use ProfileItem.Password instead.")]
+    public string Id { get; set; }
+
+    [Obsolete("Use ProtocolExtraItem.xxx instead.")]
+    public string Security { get; set; }
 }
--- a/v2rayN/ServiceLib/Models/ProfileItemModel.cs
+++ b/v2rayN/ServiceLib/Models/ProfileItemModel.cs
@@ -1,18 +1,24 @@
-using ReactiveUI.Fody.Helpers;
-
 namespace ServiceLib.Models;

 [Serializable]
-public class ProfileItemModel : ProfileItem
+public class ProfileItemModel : ReactiveObject
 {
    public bool IsActive { get; set; }
+    public string IndexId { get; set; }
+    public EConfigType ConfigType { get; set; }
+    public string Remarks { get; set; }
+    public string Address { get; set; }
+    public int Port { get; set; }
+    public string Network { get; set; }
+    public string StreamSecurity { get; set; }
+    public string Subid { get; set; }
    public string SubRemarks { get; set; }
+    public int Sort { get; set; }

    [Reactive]
    public int Delay { get; set; }

    public decimal Speed { get; set; }
-    public int Sort { get; set; }

    [Reactive]
    public string DelayVal { get; set; }
@@ -31,4 +37,15 @@ public class ProfileItemModel : ProfileItem

    [Reactive]
    public string TotalDown { get; set; }
+
+    public string GetSummary()
+    {
+        var summary = $"[{ConfigType}] {Remarks}";
+        if (!ConfigType.IsComplexType())
+        {
+            summary += $"({Address}:{Port})";
+        }
+
+        return summary;
+    }
 }
--- a/v2rayN/ServiceLib/Models/ProtocolExtraItem.cs
+++ b/v2rayN/ServiceLib/Models/ProtocolExtraItem.cs
@@ -0,0 +1,38 @@
+namespace ServiceLib.Models;
+
+public record ProtocolExtraItem
+{
+    // vmess
+    public string? AlterId { get; init; }
+    public string? VmessSecurity { get; init; }
+
+    // vless
+    public string? Flow { get; init; }
+    public string? VlessEncryption { get; init; }
+    //public string? VisionSeed { get; init; }
+
+    // shadowsocks
+    //public string? PluginArgs { get; init; }
+    public string? SsMethod { get; init; }
+
+    // wireguard
+    public string? WgPublicKey { get; init; }
+    public string? WgPresharedKey { get; init; }
+    public string? WgInterfaceAddress { get; init; }
+    public string? WgReserved { get; init; }
+    public int? WgMtu { get; init; }
+
+    // hysteria2
+    public string? SalamanderPass { get; init; }
+    public int? UpMbps { get; init; }
+    public int? DownMbps { get; init; }
+    public string? Ports { get; init; }
+    public string? HopInterval { get; init; }
+
+    // group profile
+    public string? GroupType { get; init; }
+    public string? ChildItems { get; init; }
+    public string? SubChildItems { get; init; }
+    public string? Filter { get; init; }
+    public EMultipleLoad? MultipleLoad { get; init; }
+}
--- a/v2rayN/ServiceLib/Models/RoutingItem.cs
+++ b/v2rayN/ServiceLib/Models/RoutingItem.cs
@@ -1,5 +1,3 @@
-using SQLite;
-
 namespace ServiceLib.Models;

 [Serializable]
--- a/v2rayN/ServiceLib/Models/RulesItem.cs
+++ b/v2rayN/ServiceLib/Models/RulesItem.cs
@@ -15,4 +15,5 @@ public class RulesItem
    public List<string>? Process { get; set; }
    public bool Enabled { get; set; } = true;
    public string? Remarks { get; set; }
+    public ERuleType? RuleType { get; set; }
 }
--- a/Show More
+++ b/Show More