chore: cache modd tool

feat(cli,app): filter out ipv6 adresses for url resolving
Mise à jour de 'doc/apps/client-api/edge-menu.md'
2023-04-20 13:57:46 +02:00 · 2023-04-20 13:57:46 +02:00 · 2023-04-20 13:14:12 +02:00 · 2023-04-20 10:41:03 +02:00 · 2023-04-20 10:36:20 +02:00 · 2023-04-20 10:17:37 +02:00
114 changed files with 3628 additions and 4873 deletions
--- a/.env.dist
+++ b/.env.dist
@ -0,0 +1 @@
 RUN_APP_ARGS=""
--- a/49
+++ b/49
@ -0,0 +1,49 @@
@Library('cadoles') _
 pipeline {
    agent {
        dockerfile {
            label 'docker'
            filename 'Dockerfile'
            dir 'misc/jenkins'
        }
    }
    stages {
        stage('Run unit tests') {
            steps {
                script {
                    sh 'make GOTEST_ARGS="-timeout 10m -count=1 -v" test'
                }
            }
        }
        stage('Release') {
            when {
                anyOf {
                    branch 'master'
                    branch 'develop'
                }
            }
            steps {
                script {
                    withCredentials([
                        usernamePassword([
                            credentialsId: 'forge-jenkins',
                            usernameVariable: 'GITEA_RELEASE_USERNAME',
                            passwordVariable: 'GITEA_RELEASE_PASSWORD'
                        ])
                    ]) {
                        sh 'make gitea-release'
                    }
                }
            }
        }
    }
    post {
        always {
            cleanWs()
        }
    }
 }
--- a/46
+++ b/46
@ -2,16 +2,21 @@ LINT_ARGS ?= --timeout 5m
 GITCHLOG_ARGS ?=
 SHELL := /bin/bash
-GOTEST_ARGS ?= -short
+GOTEST_ARGS ?= -short -timeout 60s
 ESBUILD_VERSION ?= v0.17.5
 GIT_VERSION := $(shell git describe --always)
 DATE_VERSION := $(shell date +%Y.%-m.%-d)
 FULL_VERSION := v$(DATE_VERSION)-$(GIT_VERSION)$(if $(shell git diff --stat),-dirty,)
 APP_PATH ?= misc/client-sdk-testsuite/dist
 RUN_APP_ARGS ?=
 SHELL := bash
-build: build-edge-cli
+build: build-edge-cli build-client-sdk-test-app
-watch:
+watch: tools/modd/bin/modd
-	go run -mod=readonly github.com/cortesi/modd/cmd/modd@latest
+	tools/modd/bin/modd
 .PHONY: test
 test: test-go
@ -28,10 +33,12 @@ build-edge-cli: build-sdk
 		-o ./bin/cli \
 		./cmd/cli
 build-client-sdk-test-app:
 	cd misc/client-sdk-testsuite && $(MAKE) dist
 install-git-hooks:
 	git config core.hooksPath .githooks
 tools/esbuild/bin/esbuild:
 	mkdir -p tools/esbuild/bin
 	curl -fsSL https://esbuild.github.io/dl/$(ESBUILD_VERSION) | sh
@ -44,41 +51,58 @@ pkg/sdk/client/dist/client.js: tools/esbuild/bin/esbuild node_modules
 	mkdir -p pkg/sdk/client/dist
 	tools/esbuild/bin/esbuild \
 		pkg/sdk/client/src/index.ts \
 		--minify \
 		--bundle \
 		--sourcemap \
-		--target=es2020 \
+		--target=es2015 \
 		--format=iife \
 		--global-name=Edge \
 		--define:global=window \
 		--platform=browser \
-		--footer:js="Edge=Edge.default;" \
+		--loader:.svg=dataurl \
 		--outfile=pkg/sdk/client/dist/client.js
 node_modules:
 	npm ci
-gitea-release: tools/gitea-release/bin/gitea-release.sh build
+run-app: .env
 	( set -o allexport && source .env && set +o allexport && bin/cli app run -p $(APP_PATH) $$RUN_APP_ARGS )
 .env:
 	cp .env.dist .env
 gitea-release: tools/yq/bin/yq tools/gitea-release/bin/gitea-release.sh build
 	mkdir -p .gitea-release
 	rm -rf .gitea-release/*
 	cp bin/cli .gitea-release/edge_cli_amd64
 	# Create client-sdk-testsuite package
 	tools/yq/bin/yq -i '.version = "$(FULL_VERSION)"' ./misc/client-sdk-testsuite/dist/manifest.yml
 	.gitea-release/edge_cli_amd64 app package -d ./misc/client-sdk-testsuite/dist -o .gitea-release
 	GITEA_RELEASE_PROJECT="edge" \
 		GITEA_RELEASE_ORG="arcad" \
 		GITEA_RELEASE_BASE_URL="https://forge.cadoles.com" \
-		GITEA_RELEASE_VERSION="$(GIT_VERSION)" \
+		GITEA_RELEASE_VERSION="$(FULL_VERSION)" \
-		GITEA_RELEASE_NAME="$(GIT_VERSION)" \
+		GITEA_RELEASE_NAME="$(FULL_VERSION)" \
 		GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \
 		GITEA_RELEASE_IS_DRAFT="false" \
 		GITEA_RELEASE_IS_PRERELEASE="true" \
 		GITEA_RELEASE_BODY="" \
-		GITEA_RELEASE_ATTACHMENTS="$(shell find .gitea-release/* -type f)" \
+		GITEA_RELEASE_ATTACHMENTS="$$(find .gitea-release/* -type f)" \
 		tools/gitea-release/bin/gitea-release.sh
 tools/gitea-release/bin/gitea-release.sh:
 	mkdir -p tools/gitea-release/bin
 	curl --output tools/gitea-release/bin/gitea-release.sh https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/gitea/gitea-release.sh
 	chmod +x tools/gitea-release/bin/gitea-release.sh
 tools/yq/bin/yq:
 	mkdir -p tools/yq/bin
 	curl -L --output tools/yq/bin/yq https://github.com/mikefarah/yq/releases/download/v4.31.1/yq_linux_amd64
 	chmod +x tools/yq/bin/yq
 tools/modd/bin/modd:
 	mkdir -p tools/modd/bin
 	GOBIN=$(PWD)/tools/modd/bin go install -mod=readonly github.com/cortesi/modd/cmd/modd@latest
--- a/cmd/cli/command/app/common.go
+++ b/cmd/cli/command/app/common.go
@ -0,0 +1,11 @@
 package app
 import (
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/app/metadata"
 )
 var manifestMetadataValidators = []app.MetadataValidator{
 	metadata.WithMinimumRoleValidator("visitor", "user", "superuser", "admin", "superadmin"),
 	metadata.WithNamedPathsValidator(metadata.NamedPathAdmin, metadata.NamedPathIcon),
 }
--- a/cmd/cli/command/app/default-accounts.json
+++ b/cmd/cli/command/app/default-accounts.json
@ -4,9 +4,9 @@
        "algo": "argon2id",
        "password": "$argon2id$v=19$m=65536,t=3,p=2$cWOxfEyBy4EyKZR5usB2Pw$xG+Z/E2DUJP9kF0s1fhZjIuP03gFQ65dP7pHRJz7eR8",
        "claims": {
-            "arcad_entrypoint": "edge",
+            "edge_entrypoint": "edge",
-            "arcad_role": "superadmin",
+            "edge_role": "superadmin",
-            "arcad_tenant": "dev.cli",
+            "edge_tenant": "dev.cli",
            "preferred_username": "SuperAdmin",
            "sub": "superadmin"
        }
@ -16,9 +16,9 @@
        "algo": "argon2id",
        "password": "$argon2id$v=19$m=65536,t=3,p=2$WXXc4ECnkej6WO7f0Xya6Q$UG2wcGltJcuW0cNTR85mAl65tI1kFWMMw7ADS2FMOvY",
        "claims": {
-            "arcad_entrypoint": "edge",
+            "edge_entrypoint": "edge",
-            "arcad_role": "admin",
+            "edge_role": "admin",
-            "arcad_tenant": "dev.cli",
+            "edge_tenant": "dev.cli",
            "preferred_username": "Admin",
            "sub": "admin"
        }
@ -28,9 +28,9 @@
        "algo": "argon2id",
        "password": "$argon2id$v=19$m=65536,t=3,p=2$gkDAWCzfU23+un3x0ny+YA$L/NSPrd5iKPK/UnSCKfSz4EO+v94N3LTLky4QGJOfpI",
        "claims": {
-            "arcad_entrypoint": "edge",
+            "edge_entrypoint": "edge",
-            "arcad_role": "superuser",
+            "edge_role": "superuser",
-            "arcad_tenant": "dev.cli",
+            "edge_tenant": "dev.cli",
            "preferred_username": "SuperUser",
            "sub": "superuser"
        }
@ -40,9 +40,9 @@
        "algo": "argon2id",
        "password": "$argon2id$v=19$m=65536,t=3,p=2$DhUm9qXUKP35Lzp5M37eZA$2+h6yDxSTHZqFZIuI7JZfFWozwrObna8a8yCgEEPlPE",
        "claims": {
-            "arcad_entrypoint": "edge",
+            "edge_entrypoint": "edge",
-            "arcad_role": "user",
+            "edge_role": "user",
-            "arcad_tenant": "dev.cli",
+            "edge_tenant": "dev.cli",
            "preferred_username": "User",
            "sub": "user"
        }
--- a/cmd/cli/command/app/package.go
+++ b/cmd/cli/command/app/package.go
@ -52,6 +52,10 @@ func PackageCommand() *cli.Command {
 				return errors.Wrap(err, "could not load app manifest")
 			}
 			if valid, err := manifest.Validate(manifestMetadataValidators...); !valid {
 				return errors.Wrap(err, "invalid app manifest")
 			}
 			if err := os.MkdirAll(outputDir, 0o755); err != nil {
 				return errors.Wrapf(err, "could not create directory ''%s'", outputDir)
 			}
--- a/cmd/cli/command/app/run.go
+++ b/cmd/cli/command/app/run.go
@ -1,29 +1,36 @@
 package app
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/bus"
 	"forge.cadoles.com/arcad/edge/pkg/bus/memory"
 	appHTTP "forge.cadoles.com/arcad/edge/pkg/http"
 	"forge.cadoles.com/arcad/edge/pkg/module"
-	"forge.cadoles.com/arcad/edge/pkg/module/auth"
+	appModule "forge.cadoles.com/arcad/edge/pkg/module/app"
 	appModuleMemory "forge.cadoles.com/arcad/edge/pkg/module/app/memory"
 	authModule "forge.cadoles.com/arcad/edge/pkg/module/auth"
 	authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
 	"forge.cadoles.com/arcad/edge/pkg/module/blob"
 	"forge.cadoles.com/arcad/edge/pkg/module/cast"
-	"forge.cadoles.com/arcad/edge/pkg/module/net"
+	"forge.cadoles.com/arcad/edge/pkg/module/fetch"
 	netModule "forge.cadoles.com/arcad/edge/pkg/module/net"
 	"forge.cadoles.com/arcad/edge/pkg/storage"
 	"forge.cadoles.com/arcad/edge/pkg/storage/sqlite"
 	"gitlab.com/wpetit/goweb/logger"
 	"forge.cadoles.com/arcad/edge/pkg/bundle"
 	"github.com/dop251/goja"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/lestrrat-go/jwx/v2/jwa"
@ -42,15 +49,15 @@ func RunCommand() *cli.Command {
 		Name:  "run",
 		Usage: "Run the specified app bundle",
 		Flags: []cli.Flag{
-			&cli.StringFlag{
+			&cli.StringSliceFlag{
 				Name:    "path",
 				Usage:   "use `PATH` as app bundle (zipped bundle or directory)",
 				Aliases: []string{"p"},
-				Value:   ".",
+				Value:   cli.NewStringSlice("."),
 			},
 			&cli.StringFlag{
 				Name:    "address",
-				Usage:   "use `ADDRESS` as http server listening address",
+				Usage:   "use `ADDRESS` as http server base listening address",
 				Aliases: []string{"a"},
 				Value:   ":8080",
 			},
@ -67,7 +74,7 @@ func RunCommand() *cli.Command {
 			&cli.StringFlag{
 				Name:  "storage-file",
 				Usage: "use `FILE` for SQLite storage database",
-				Value: ".edge/%APPID%/data.sqlite",
+				Value: ".edge/%APPID%/data.sqlite?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000",
 			},
 			&cli.StringFlag{
 				Name:  "accounts-file",
@ -77,22 +84,77 @@ func RunCommand() *cli.Command {
 		},
 		Action: func(ctx *cli.Context) error {
 			address := ctx.String("address")
-			path := ctx.String("path")
+			paths := ctx.StringSlice("path")
 			logFormat := ctx.String("log-format")
 			logLevel := ctx.Int("log-level")
 			storageFile := ctx.String("storage-file")
 			accountsFile := ctx.String("accounts-file")
 			logger.SetFormat(logger.Format(logFormat))
 			logger.SetLevel(logger.Level(logLevel))
 			cmdCtx := ctx.Context
 			host, portStr, err := net.SplitHostPort(address)
 			if err != nil {
 				return errors.WithStack(err)
 			}
 			port, err := strconv.ParseUint(portStr, 10, 32)
 			if err != nil {
 				return errors.WithStack(err)
 			}
 			manifests := make([]*app.Manifest, len(paths))
 			for idx, pth := range paths {
 				bdl, err := bundle.FromPath(pth)
 				if err != nil {
 					return errors.WithStack(err)
 				}
 				manifest, err := app.LoadManifest(bdl)
 				if err != nil {
 					return errors.WithStack(err)
 				}
 				manifests[idx] = manifest
 			}
 			var wg sync.WaitGroup
 			for idx, p := range paths {
 				wg.Add(1)
 				go func(path string, basePort uint64, appIndex int) {
 					defer wg.Done()
 					port := basePort + uint64(appIndex)
 					address := fmt.Sprintf("%s:%d", host, port)
 					appsRepository := newAppRepository(host, basePort, manifests...)
 					appCtx := logger.With(cmdCtx, logger.F("address", address))
 					if err := runApp(appCtx, path, address, storageFile, accountsFile, appsRepository); err != nil {
 						logger.Error(appCtx, "could not run app", logger.E(errors.WithStack(err)))
 					}
 				}(p, port, idx)
 			}
 			wg.Wait()
 			return nil
 		},
 	}
 }
 func runApp(ctx context.Context, path string, address string, storageFile string, accountsFile string, appRepository appModule.Repository) error {
 	absPath, err := filepath.Abs(path)
 	if err != nil {
 		return errors.Wrapf(err, "could not resolve path '%s'", path)
 	}
-			logger.Info(cmdCtx, "opening app bundle", logger.F("path", absPath))
+	logger.Info(ctx, "opening app bundle", logger.F("path", absPath))
 	bundle, err := bundle.FromPath(path)
 	if err != nil {
@ -104,29 +166,24 @@ func RunCommand() *cli.Command {
 		return errors.Wrap(err, "could not load manifest from app bundle")
 	}
-			storageFile := injectAppID(ctx.String("storage-file"), manifest.ID)
+	if valid, err := manifest.Validate(manifestMetadataValidators...); !valid {
 		return errors.Wrap(err, "invalid app manifest")
 	}
 	ctx = logger.With(ctx, logger.F("appID", manifest.ID))
 	storageFile = injectAppID(storageFile, manifest.ID)
 	if err := ensureDir(storageFile); err != nil {
 		return errors.WithStack(err)
 	}
 	db, err := sqlite.Open(storageFile)
 	if err != nil {
 		return errors.WithStack(err)
 	}
-			ds := sqlite.NewDocumentStoreWithDB(db)
+	accountsFile = injectAppID(accountsFile, manifest.ID)
 			bs := sqlite.NewBlobStoreWithDB(db)
 			bus := memory.NewBus()
 			handler := appHTTP.NewHandler(
 				appHTTP.WithBus(bus),
 				appHTTP.WithServerModules(getServerModules(bus, ds, bs)...),
 			)
 			if err := handler.Load(bundle); err != nil {
 				return errors.Wrap(err, "could not load app bundle")
 			}
 			router := chi.NewRouter()
 			router.Use(middleware.Logger)
 			accountsFile := injectAppID(ctx.String("accounts-file"), manifest.ID)
 	accounts, err := loadLocalAccounts(accountsFile)
 	if err != nil {
@ -138,58 +195,61 @@ func RunCommand() *cli.Command {
 	if err != nil {
 		return errors.WithStack(err)
 	}
-			router.Handle("/auth/*", authHTTP.NewLocalHandler(
+
 	ds := sqlite.NewDocumentStoreWithDB(db)
 	bs := sqlite.NewBlobStoreWithDB(db)
 	bus := memory.NewBus()
 	handler := appHTTP.NewHandler(
 		appHTTP.WithBus(bus),
 		appHTTP.WithServerModules(getServerModules(bus, ds, bs, appRepository)...),
 		appHTTP.WithHTTPMounts(
 			appModule.Mount(appRepository),
 			authModule.Mount(
 				authHTTP.NewLocalHandler(
 					jwa.HS256, key,
 					authHTTP.WithRoutePrefix("/auth"),
 					authHTTP.WithAccounts(accounts...),
-			))
+				),
 				authModule.WithJWT(dummyKeySet),
 			),
 		),
 	)
 	if err := handler.Load(bundle); err != nil {
 		return errors.Wrap(err, "could not load app bundle")
 	}
 	router := chi.NewRouter()
 	router.Use(middleware.Logger)
 	router.Use(middleware.Compress(5))
 	// Add app handler
 	router.Handle("/*", handler)
-			logger.Info(cmdCtx, "listening", logger.F("address", address))
+	logger.Info(ctx, "listening", logger.F("address", address))
 	if err := http.ListenAndServe(address, router); err != nil {
 		return errors.WithStack(err)
 	}
 	return nil
 		},
 	}
 }
-func getServerModules(bus bus.Bus, ds storage.DocumentStore, bs storage.BlobStore) []app.ServerModuleFactory {
+func getServerModules(bus bus.Bus, ds storage.DocumentStore, bs storage.BlobStore, appRepository appModule.Repository) []app.ServerModuleFactory {
 	return []app.ServerModuleFactory{
 		module.ContextModuleFactory(),
 		module.ConsoleModuleFactory(),
 		cast.CastModuleFactory(),
 		module.LifecycleModuleFactory(),
-		net.ModuleFactory(bus),
+		netModule.ModuleFactory(bus),
 		module.RPCModuleFactory(bus),
 		module.StoreModuleFactory(ds),
 		blob.ModuleFactory(bus, bs),
-		module.Extends(
+		authModule.ModuleFactory(
-			auth.ModuleFactory(
+			authModule.WithJWT(dummyKeySet),
 				auth.WithJWT(dummyKeySet),
 			),
 			func(o *goja.Object) {
 				if err := o.Set("CLAIM_TENANT", "arcad_tenant"); err != nil {
 					panic(errors.New("could not set 'CLAIM_TENANT' property"))
 				}
 				if err := o.Set("CLAIM_ENTRYPOINT", "arcad_entrypoint"); err != nil {
 					panic(errors.New("could not set 'CLAIM_ENTRYPOINT' property"))
 				}
 				if err := o.Set("CLAIM_ROLE", "arcad_role"); err != nil {
 					panic(errors.New("could not set 'CLAIM_ROLE' property"))
 				}
 				if err := o.Set("CLAIM_PREFERRED_USERNAME", "preferred_username"); err != nil {
 					panic(errors.New("could not set 'CLAIM_PREFERRED_USERNAME' property"))
 				}
 			},
 		),
 		appModule.ModuleFactory(appRepository),
 		fetch.ModuleFactory(bus),
 	}
 }
@ -264,3 +324,78 @@ func loadLocalAccounts(path string) ([]authHTTP.LocalAccount, error) {
 	return accounts, nil
 }
 func findMatchingDeviceAddress(ctx context.Context, from string, defaultAddr string) (string, error) {
 	if from == "" {
 		return defaultAddr, nil
 	}
 	fromIP := net.ParseIP(from)
 	if fromIP == nil {
 		return defaultAddr, nil
 	}
 	ifaces, err := net.Interfaces()
 	if err != nil {
 		return "", errors.WithStack(err)
 	}
 	for _, ifa := range ifaces {
 		addrs, err := ifa.Addrs()
 		if err != nil {
 			logger.Error(
 				ctx, "could not retrieve iface adresses",
 				logger.E(errors.WithStack(err)), logger.F("iface", ifa.Name),
 			)
 			continue
 		}
 		for _, addr := range addrs {
 			ip, network, err := net.ParseCIDR(addr.String())
 			if err != nil {
 				logger.Error(
 					ctx, "could not parse address",
 					logger.E(errors.WithStack(err)), logger.F("address", addr.String()),
 				)
 				continue
 			}
 			if !network.Contains(fromIP) {
 				continue
 			}
 			if ip.To4() == nil {
 				continue
 			}
 			return ip.To4().String(), nil
 		}
 	}
 	return defaultAddr, nil
 }
 func newAppRepository(host string, basePort uint64, manifests ...*app.Manifest) *appModuleMemory.Repository {
 	return appModuleMemory.NewRepository(
 		func(ctx context.Context, id app.ID, from string) (string, error) {
 			appIndex := 0
 			for i := 0; i < len(manifests); i++ {
 				if manifests[i].ID == id {
 					appIndex = i
 					break
 				}
 			}
 			addr, err := findMatchingDeviceAddress(ctx, from, host)
 			if err != nil {
 				return "", errors.WithStack(err)
 			}
 			return fmt.Sprintf("http://%s:%d", addr, int(basePort)+appIndex), nil
 		},
 		manifests...,
 	)
 }
--- a/cmd/cli/command/cast/load_url.go
+++ b/cmd/cli/command/cast/load_url.go
@ -0,0 +1,40 @@
 package cast
 import (
 	"forge.cadoles.com/arcad/edge/pkg/module/cast"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
 )
 func LoadURLCommand() *cli.Command {
 	return &cli.Command{
 		Name:  "load-url",
 		Usage: "Load `URL` in casting device",
 		Flags: []cli.Flag{
 			&cli.StringFlag{
 				Name:     "device",
 				Aliases:  []string{"d"},
 				Required: true,
 			},
 			&cli.StringFlag{
 				Name:     "url",
 				Aliases:  []string{"u"},
 				Required: true,
 			},
 		},
 		Action: func(ctx *cli.Context) error {
 			device := ctx.String("device")
 			url := ctx.String("url")
 			if err := cast.StopCast(ctx.Context, device); err != nil {
 				return errors.WithStack(err)
 			}
 			if err := cast.LoadURL(ctx.Context, device, url); err != nil {
 				return errors.WithStack(err)
 			}
 			return nil
 		},
 	}
 }
--- a/cmd/cli/command/cast/root.go
+++ b/cmd/cli/command/cast/root.go
@ -0,0 +1,16 @@
 package cast
 import (
 	"github.com/urfave/cli/v2"
 )
 func Root() *cli.Command {
 	return &cli.Command{
 		Name:  "cast",
 		Usage: "Cast related commands",
 		Subcommands: []*cli.Command{
 			ScanCommand(),
 			LoadURLCommand(),
 		},
 	}
 }
--- a/cmd/cli/command/cast/scan.go
+++ b/cmd/cli/command/cast/scan.go
@ -0,0 +1,37 @@
 package cast
 import (
 	"context"
 	"log"
 	"time"
 	"github.com/barnybug/go-cast/discovery"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
 )
 func ScanCommand() *cli.Command {
 	return &cli.Command{
 		Name:  "scan",
 		Usage: "Scan network for casting devices",
 		Flags: []cli.Flag{},
 		Action: func(ctx *cli.Context) error {
 			service := discovery.NewService(ctx.Context)
 			defer service.Stop()
 			go func() {
 				if err := service.Run(ctx.Context, time.Second); err != nil && !errors.Is(err, context.DeadlineExceeded) {
 					log.Fatalf("%+v", errors.WithStack(err))
 				}
 			}()
 			found := service.Found()
 			for device := range found {
 				log.Printf("[DEVICE]	%s	%s	%s:%d", device.Uuid(), device.Name(), device.IP().String(), device.Port())
 			}
 			return nil
 		},
 	}
 }
--- a/cmd/cli/main.go
+++ b/cmd/cli/main.go
@ -3,8 +3,9 @@ package main
 import (
 	"forge.cadoles.com/arcad/edge/cmd/cli/command"
 	"forge.cadoles.com/arcad/edge/cmd/cli/command/app"
 	"forge.cadoles.com/arcad/edge/cmd/cli/command/cast"
 )
 func main() {
-	command.Main(app.Root())
+	command.Main(app.Root(), cast.Root())
 }
--- a/doc/README.md
+++ b/doc/README.md
@ -6,6 +6,7 @@ Une **Edge App** est une application capable de s'exécuter dans un environnemen
 ### Référence
 - [Fichier `manifest.yml`](./apps/manifest.md)
 - [API Client](./apps/client-api/README.md)
 - [API Serveur](./apps/server-api/README.md)
--- a/doc/apps/client-api/README.md
+++ b/doc/apps/client-api/README.md
@ -1,64 +1,15 @@
 # API Client
-## Méthodes
+## Usage
-### `Edge.connect(): Promise`
+Afin de pouvoir utiliser le SDK "client", vous devez inclure dans la page HTML de votre application la balise `<script>` suivante:
-> `TODO`
+```html
-
+<script src="/edge/sdk/client.js"></script>
 ### `Edge.disconnect(): void`
 > `TODO`
 ### `Edge.send(message: Object): void`
 > `TODO`
 ### `Edge.rpc(method: string, params: Object): Promise`
 > `TODO`
 #### Exemple
 **Côté serveur**
 ```js
 function onInit() {
    rpc.register(echo);
 }
 function echo(ctx, params) {
    return params;
 }
 ```
-**Côté client**
+Vous pourrez ensuite accéder aux variables globales suivantes:
-```js
+- [`Edge.Client`](./edge-client.md) - Client principal d'échange avec le serveur
-Edge.connect().then(() => {
+- [`Edge.Frame`](./edge-frame.md) - Utilitaire de communication avec une frame parente
-    Edge.rpc("echo", { hello: "world!" })
+- [`Edge.Menu`](./edge-menu.md) - Gestionnaire de menu
        .then(result => console.log(result))
        .catch(err => console.error(err));
 });
 ```
 ### `Edge.upload(blob: Blob, metadata: Object): Promise`
 > `TODO`
 ### `Edge.blobUrl(bucketName: string, blobId: string): string`
 > `TODO`
 ## Événements
 ### `"message"`
 > `TODO`
 #### Exemple
 ```js
 Edge.addEventListener("message", evt => console.log(evt.detail));
 ```
--- a/doc/apps/client-api/edge-client.md
+++ b/doc/apps/client-api/edge-client.md
@ -0,0 +1,68 @@
 # `Edge.Client`
 ## Méthodes
 ### `Edge.Client.connect(): Promise`
 > `TODO`
 ### `Edge.Client.disconnect(): void`
 > `TODO`
 ### `Edge.Client.send(message: Object): void`
 > `TODO`
 ### `Edge.Client.rpc(method: string, params: Object): Promise`
 > `TODO`
 #### Exemple
 **Côté serveur**
 ```js
 function onInit() {
    rpc.register(echo);
 }
 function echo(ctx, params) {
    return params;
 }
 ```
 **Côté client**
 ```js
 Edge.Client.connect().then(() => {
    Edge.Client.rpc("echo", { hello: "world!" })
        .then(result => console.log(result))
        .catch(err => console.error(err));
 });
 ```
 ### `Edge.Client.upload(blob: Blob, metadata: Object): Promise`
 > `TODO`
 ### `Edge.Client.blobUrl(bucketName: string, blobId: string): string`
 > `TODO`
 ### `Edge.Client.externalUrl(url: string): string`
 Retourne une URL "locale" permettant d'accéder à une ressource externe, en fonction de règles propres à l'application. Voir module [`fetch`](../server-api/fetch.md).
 ## Événements
 ### `"message"`
 > `TODO`
 #### Exemple
 ```js
 Edge.Client.addEventListener("message", evt => console.log(evt.detail));
 ```
--- a/doc/apps/client-api/edge-frame.md
+++ b/doc/apps/client-api/edge-frame.md
@ -0,0 +1,30 @@
 # `Edge.Frame`
 ## Méthodes
 ### `Edge.Frame.addEventListener(name: string, listener: (event) => void)`
 > `TODO`
 ## Événements
 ### `"title_changed"`
 ```typescript
 interface TitleChangedEvent {
    detail: {
        title: string
    }
 }
 ```
 ### `"size_changed"`
 ```typescript
 interface SizeChangedEvent {
    detail: {
        width: number
        height: number
    }
 }
 ```
--- a/doc/apps/client-api/edge-menu.md
+++ b/doc/apps/client-api/edge-menu.md
@ -0,0 +1,27 @@
 # `Edge.Menu`
 ## Méthodes
 ### `Edge.Menu.show()`
 Afficher le menu.
 ### `Edge.Menu.hide()`
 Cacher le menu.
 ### `Edge.Menu.setItem(name: string, label:string, options?: { iconUrl?: string, linkUrl?: string, order?: number })`
 Créer/mettre à jour l'item nommé de la section du menu associée à l'application.
 ### `Edge.Menu.removeItem(name: string)`
 Supprimer l'item de la section du menu associée à l'application.
 ### `Edge.Menu.setAppIconUrl(url: string)`
 Mettre à jour l'URL de l'icône de la section du menu associée à l'application.
 ### `Edge.Menu.setAppTitle(title: string)`
 Mettre à jour le titre de la section du menu associée à l'application.
--- a/doc/apps/manifest.md
+++ b/doc/apps/manifest.md
@ -0,0 +1,36 @@
 # Le fichier `manifest.yml`
 Le fichier `manifest.yml` à la racine du bundle de votre application contient des informations décrivant celles ci. Vous trouverez ci dessous un exemple commenté.
 ```yaml
 # REQUIS - L'identifiant de votre application. Il doit être globalement unique. 
 # Un identifiant du type nom de domaine inversé est en général conseillé (ex: tld.mycompany.myapp)
 id: tld.mycompany.myapp
 # REQUIS - Le numéro de version de votre application
 # Celui ci devrait respecter le format "semver 2" (voir https://semver.org/)
 version: 0.0.0
 # REQUIS - Le titre de votre application.
 title: My App
 # OPTIONNEL - Les mots-clés associés à votre applications.
 tags: ["chat"]
 # OPTIONNEL - La description de votre application.
 # Vous pouvez utiliser la syntaxe Markdown pour la mettre en forme.
 description: |>
    A simple demo application
 # OPTIONNEL - Métadonnées associées à l'application
 metadata:
    # OPTIONNEL - Liste des chemins permettant d'accéder à certains URLs identifiées (page d'administration, icône si existante, etc)
    paths:
        # Si défini, chemin vers la page d'administration de l'application
        admin: /admin
        # Si défini, chemin vers l'icône associée à l'application
        icon: /my-app-icon.png
    # OPTIONNEL - Role minimum requis pour pouvoir accéder à l'application 
    minimumRole: visitor
 ```
--- a/doc/apps/my-first-app.md
+++ b/doc/apps/my-first-app.md
@ -22,23 +22,7 @@ my-app
 Ce fichier est le manifeste de votre application. Il permet au serveur d'identifier celle ci et de récupérer des informations la concernant.
-```yaml
+[Voir le fichier `manifest.yml` d'exemple](./manifest.md)
 ---
 # L'identifiant de votre application. Il doit être globalement unique. 
 # Un identifiant du type nom de domaine inversé est en général conseillé (ex: tld.mycompany.myapp)
 id: tld.mycompany.myapp
 # Le titre de votre application.
 title: My App
 # Les mots-clés associés à votre applications.
 tags: ["chat"]
 # La description de votre application.
 # Vous pouvez utiliser la syntaxe Markdown pour la mettre en forme.
 description: |>
    A simple demo application
 ```
 ## 4. Créer la page d'accueil
@ -56,13 +40,13 @@ Créer le fichier `my-app/public/index.html`:
        <script type="text/javascript">
            // On utilise le SDK via la variable globale "Edge"
            // pour se connecter au serveur de notre application.
-            Edge.connect().then(() => {
+            Edge.Client.connect().then(() => {
                // Une fois connecté, on envoie un message au serveur.
-                Edge.send({ "hello": "world" });
+                Edge.Client.send({ "hello": "world" });
            });
            // On écoute les messages en provenance du serveur.
-            Edge.addEventListener("message", (evt) => {
+            Edge.Client.addEventListener("message", (evt) => {
                console.log("New server message", evt.detail)
            });
        </script>
--- a/doc/apps/server-api/README.md
+++ b/doc/apps/server-api/README.md
@ -20,11 +20,13 @@ function onInit() {
 Listes des modules disponibles côté serveur.
 - [`app`](./app.md)
 - [`auth`](./auth.md)
 - [`blob`](./blob.md)
 - [`cast`](./cast.md)
 - [`console`](./console.md)
 - [`context`](./context.md)
 - [`fetch`](./fetch.md)
 - [`net`](./net.md)
 - [`rpc`](./rpc.md)
 - [`store`](./store.md)
--- a/doc/apps/server-api/app.md
+++ b/doc/apps/server-api/app.md
@ -0,0 +1,59 @@
 # Module `app`
 Ce module permet de récupérer des informations sur les applications actives dans l'environnement Edge courant.
 ## Méthodes
 ### `app.list(ctx: Context): []Manifest`
 Récupère la liste des applications actives.
 #### Arguments
 - `ctx` **Context** Le contexte d'exécution. Voir la documentation du module [`context`](./context.md)
 #### Valeur de retour
 Liste des objets `Manifest` décrivant chaque application active.
 ### `app.get(ctx: Context, appId: string): Manifest`
 Récupère les informations de l'application identifiée par `appId`.
 #### Arguments
 - `ctx` **Context** Le contexte d'exécution. Voir la documentation du module [`context`](./context.md)
 - `appId` **string** Identifiant de l'application
 #### Valeur de retour
 Objet `Manifest` associé à l'application, ou `null` si aucune application n'a été trouvée correspondant à l'identifiant.
 ### `app.getUrl(ctx: Context, appId: string, from: string = ''): Manifest`
 Retourne l'URL permettant d'accéder à l'application identifiée par `appId`.
 #### Arguments
 - `ctx` **Context** Le contexte d'exécution. Voir la documentation du module [`context`](./context.md)
 - `appId` **string** Identifiant de l'application
 - `from` **string** Adresse IP qui accédera à l'application (permet de générer la bonne URL vis à vis du réseau d'origine)
 #### Valeur de retour
 URL associée à l'application, ou `null` si aucune application n'a été trouvée correspondant à l'identifiant.
 ## Objets
 ### `Manifest`
 ```typescript
 interface Manifest {
    id: string                          // Identifiant de l'application
    version: string                     // Version de l'application
    title: string                       // Titre associé à l'application
    description: string                 // Description associée à l'application
    tags: string[]                      // Mots clés associés à l'application
    metadata: { [key: string]: any }    // Métadonnées associées à l'application. Voir ../manifest.md
 }
 ```
--- a/doc/apps/server-api/blob.md
+++ b/doc/apps/server-api/blob.md
@ -86,4 +86,4 @@ interface BlobInfo {
 ### `Metadata`
-L'objet `Metadata` est un objet clé/valeur arbitraire transmis avec la requête de téléversement. Voir la méthode [`Edge.upload(blob, metadata)`](../client-api/README.md#edge-upload-blob-blob-metadata-object-promise) du SDK client.
+L'objet `Metadata` est un objet clé/valeur arbitraire transmis avec la requête de téléversement. Voir la méthode [`Edge.Client.upload(blob, metadata)`](../client-api/README.md#edge-upload-blob-blob-metadata-object-promise) du SDK client.
--- a/doc/apps/server-api/fetch.md
+++ b/doc/apps/server-api/fetch.md
@ -0,0 +1,33 @@
 # Module `fetch`
 Ce module permet l'accès à des ressources distantes (sur Internet) depuis votre application.
 ## Fonctions de rappel
 Pour permettre aux utilisateurs d'accéder à des ressources distantes, vous devez déclarer la fonction `onClientFetch(ctx: Context, url: string, remoteAddr: string)` dans le fichier `server/main.js` de votre application.
 ### `onClientFetch(ctx: Context, url: string, remoteAddr: string)`
 #### Usage
 **Côté client**
 ```js
 // Création d'une URL "locale" permettant d'accéder à la ressource distante
 var url = Edge.Client.externalUrl("http://example.com")
 // Vous pouvez utiliser l'URL comme attribut `src` d'une balise <img> par exemple
 // ou effectuer une requête fetch() avec celle ci.
 fetch(url).then(res => res.text()).then(content => console.log(content));
 ```
 **Côté serveur**
 ```js
 function onClientFetch(ctx, url, remoteAddr) {
    // Autoriser la récupération de l'URL demandée ou non
    // Dans cet exemple, seule l'URL externe 'http://example.com' est autorisée
    // Les autres URLs recevront une erreur HTTP 403 - Forbidden
    var authorized = url === "http://example.com"
    return { allow: authorized };
 }
 ```
--- a/doc/apps/server-api/net.md
+++ b/doc/apps/server-api/net.md
@ -32,9 +32,9 @@ Aucune
 ```js
 // Les données envoyées par le serveur sont accessibles
 // via la propriété evt.detail.
-Edge.on('message', evt => console.log(evt.detail));
+Edge.Client.on('message', evt => console.log(evt.detail));
-Edge.connect();
+Edge.Client.connect();
 ```
 **Côté serveur**
--- a/doc/apps/server-api/rpc.md
+++ b/doc/apps/server-api/rpc.md
@ -1,6 +1,6 @@
 # Module `rpc`
-Ce module permet de déclarer des méthodes côté serveur qui seront "invoquable" côté client via la méthode [`Edge.rpc(method: string, params: Object): Promise`](../client-api/README.md#edgerpcmethod-string-params-object-promise).
+Ce module permet de déclarer des méthodes côté serveur qui seront "invoquable" côté client via la méthode [`Edge.Client.rpc(method: string, params: Object): Promise`](../client-api/README.md#edgerpcmethod-string-params-object-promise).
 ## Méthodes
@ -31,8 +31,8 @@ function echo(ctx, params) {
 **Côté client**
 ```js
-Edge.connect().then(() => {
+Edge.Client.connect().then(() => {
-    Edge.rpc("echo", { hello: "world!" })
+    Edge.Client.rpc("echo", { hello: "world!" })
        .then(result => console.log(result))
        .catch(err => console.error(err));
 });
--- a/go.mod
+++ b/go.mod
@ -8,18 +8,23 @@ require (
 )
 require (
 	github.com/brutella/dnssd v1.2.6 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
 	github.com/go-playground/locales v0.12.1 // indirect
 	github.com/go-playground/universal-translator v0.16.0 // indirect
 	github.com/goccy/go-json v0.9.11 // indirect
 	github.com/gogo/protobuf v0.0.0-20161014173244-50d1bd39ce4e // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/hashicorp/go.net v0.0.0-20151006203346-104dcad90073 // indirect
 	github.com/hashicorp/mdns v0.0.0-20151206042412-9d85cf22f9f8 // indirect
 	github.com/leodido/go-urn v1.1.0 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.1 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/httprc v1.0.4 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
 	github.com/lestrrat-go/option v1.0.0 // indirect
-	github.com/miekg/dns v0.0.0-20161006100029-fc4e1e2843d8 // indirect
+	github.com/miekg/dns v1.1.50 // indirect
 	gopkg.in/go-playground/validator.v9 v9.29.1 // indirect
 )
 require (
@ -53,7 +58,7 @@ require (
 	github.com/spf13/afero v1.9.3 // indirect
 	github.com/urfave/cli/v2 v2.24.3
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	gitlab.com/wpetit/goweb v0.0.0-20230206085656-dec695f0e2e9
+	gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b
 	go.opencensus.io v0.22.5 // indirect
 	golang.org/x/crypto v0.7.0 // indirect
 	golang.org/x/mod v0.8.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -54,6 +54,8 @@ github.com/alecthomas/kong-hcl v0.1.8-0.20190615233001-b21fea9723c8/go.mod h1:MR
 github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ=
 github.com/barnybug/go-cast v0.0.0-20201201064555-a87ccbc26692 h1:JW4WZlqyaNWUUahfr7MigeDW6jmtam5cTzzo1lwsFhE=
 github.com/barnybug/go-cast v0.0.0-20201201064555-a87ccbc26692/go.mod h1:Au0ipPuCBA7zsOC61SnyrYetm8VT3vo1UJtwHeYke44=
 github.com/brutella/dnssd v1.2.6 h1:/0P13JkHLRzeLQkWRPEn4hJCr4T3NfknIFw3aNPIC34=
 github.com/brutella/dnssd v1.2.6/go.mod h1:JoW2sJUrmVIef25G6lrLj7HS6Xdwh6q8WUIvMkkBYXs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
@ -107,7 +109,9 @@ github.com/go-chi/chi/v5 v5.0.8/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITL
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-playground/locales v0.12.1 h1:2FITxuFt/xuCNP1Acdhv62OzaCiviiE4kotfhkmOqEc=
 github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
 github.com/go-playground/universal-translator v0.16.0 h1:X++omBR/4cE2MNg91AoC3rmGrCjJ8eAeUP/K/EKx4DM=
 github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
 github.com/go-sourcemap/sourcemap v2.1.3+incompatible h1:W1iEw64niKVGogNgBN3ePyLFfuisuzeidWPMPWmECqU=
 github.com/go-sourcemap/sourcemap v2.1.3+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg=
@ -208,6 +212,7 @@ github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NB
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.1.0 h1:Sm1gr51B1kKyfD2BlRcLSiEkffoG96g6TPv6eRoEiB8=
 github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
 github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
 github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
@ -232,6 +237,8 @@ github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peK
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/miekg/dns v0.0.0-20161006100029-fc4e1e2843d8 h1:ALvJ9V8nNf04PFHMR2sot56N/pjrx5LzZGvUlnhdiCE=
 github.com/miekg/dns v0.0.0-20161006100029-fc4e1e2843d8/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
 github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@ -283,9 +290,12 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 gitlab.com/wpetit/goweb v0.0.0-20230206085656-dec695f0e2e9 h1:6JlkcdjYVQglPWYuemK2MoZAtRE4vFx85zLXflGIyI8=
 gitlab.com/wpetit/goweb v0.0.0-20230206085656-dec695f0e2e9/go.mod h1:3sus4zjoUv1GB7eDLL60QaPkUnXJCWBpjvbe0jWifeY=
 gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b h1:nkvOl8TCj/mErADnwFFynjxBtC+hHsrESw6rw56JGmg=
 gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b/go.mod h1:3sus4zjoUv1GB7eDLL60QaPkUnXJCWBpjvbe0jWifeY=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@ -340,6 +350,7 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
@ -376,6 +387,8 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@ -402,6 +415,7 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -439,10 +453,13 @@ golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@ -521,6 +538,7 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
@ -623,6 +641,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
 gopkg.in/go-playground/validator.v9 v9.29.1 h1:SvGtYmN60a5CVKTOzMSyfzWDeZRxRuGvRQyEAKbw1xc=
 gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
--- a/misc/client-sdk-testsuite/src/manifest.yml
+++ b/misc/client-sdk-testsuite/src/manifest.yml
@ -5,3 +5,8 @@ version: 0.0.0
 description: |
  Suite de tests pour le SDK client
 tags: ["test"]
 metadata:
  paths:
    icon: /icon.png
  minimumRole: superadmin
--- a/misc/client-sdk-testsuite/src/public/icon.png
+++ b/misc/client-sdk-testsuite/src/public/icon.png
--- a/misc/client-sdk-testsuite/src/public/index.html
+++ b/misc/client-sdk-testsuite/src/public/index.html
@ -4,10 +4,14 @@
    <meta charset="utf-8" />
    <title>Client SDK Test suite</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <link rel="icon" type="image/png" href="/icon.png">
    <link rel="stylesheet" href="/vendor/mocha.css" />
    <style>
      body {
-        background-color: white;
+        background-color: #f7f7f7;
      }
      body:not([edge-auto-padding="false"]) #mocha-stats {
        top: 75px !important;
      }
    </style>
  </head>
@ -25,8 +29,21 @@
    <script src="/test/net-module.js"></script>
    <script src="/test/rpc-module.js"></script>
    <script src="/test/file-module.js"></script>
    <script src="/test/app-module.js"></script>
    <script src="/test/fetch-module.js"></script>
    <script class="mocha-exec">
      mocha.run();
      Edge.Menu
        .setAppIconUrl('/icon.png')
        .setAppTitle('SDK Tests')
        .setItem('client', 'Client', { linkUrl: '/?grep=Edge', order: 1 })
        .setItem('auth-module', 'Auth Module', { linkUrl: '/?grep=Auth%20Module' , order: 4})
        .setItem('net-module', 'Net Module', { linkUrl: '/?grep=Net%20Module' , order: 3})
        .setItem('rpc', 'Remote Procedure Call', { linkUrl: '/?grep=Remote%20Procedure%20Call' , order: 5})
        .setItem('file-module', 'File Module', { linkUrl: '/?grep=File%20Module', order: 6})
        .setItem('app-module', 'App Module', { linkUrl: '/?grep=App%20Module' , order: 7})
        .setItem('fetch-module', 'Fetch Module', { linkUrl: '/?grep=Fetch%20Module' , order: 8})
    </script>
  </body>
 </html>
--- a/misc/client-sdk-testsuite/src/public/test/app-module.js
+++ b/misc/client-sdk-testsuite/src/public/test/app-module.js
@ -0,0 +1,45 @@
 describe('App Module', function() {
    before(() => {
      return Edge.Client.connect();
    });
    after(() => {
      Edge.Client.disconnect();
    });
    it('should list apps', function() {
      return Edge.Client.rpc("listApps")
        .then(apps => {
          console.log("listApps result:", apps);
          chai.assert.isNotNull(apps);
          chai.assert.isAtLeast(apps.length, 1);
        })
    });
    it('should retrieve requested app', function() {
      return Edge.Client.rpc("getApp", { appId: "edge.sdk.client.test" })
        .then(app => {
          console.log("getApp result:", app);
          chai.assert.isNotNull(app);
          chai.assert.equal(app.id, "edge.sdk.client.test");
        })
    });
    it('should retrieve requested app url without from address', function() {
      return Edge.Client.rpc("getAppUrl", { appId: "edge.sdk.client.test" })
        .then(url => {
          console.log("getAppUrl result:", url);
          chai.assert.isNotEmpty(url);
        })
    });
    it('should retrieve requested app url with from address', function() {
      return Edge.Client.rpc("getAppUrl", { appId: "edge.sdk.client.test", from: "127.0.0.2" })
        .then(url => {
          console.log("getAppUrl result:", url);
          chai.assert.isNotEmpty(url);
        })
    });
 });
--- a/misc/client-sdk-testsuite/src/public/test/auth-module.js
+++ b/misc/client-sdk-testsuite/src/public/test/auth-module.js
@ -1,15 +1,15 @@
 describe('Auth Module', function() {
    before(() => {
-      return Edge.connect();
+      return Edge.Client.connect();
    });
    after(() => {
-      Edge.disconnect();
+      Edge.Client.disconnect();
    });
    it('should retrieve user informations', function() {
-      return Edge.rpc("getUserInfo")
+      return Edge.Client.rpc("getUserInfo")
        .then(userInfo => {
          console.log("getUserInfo result:", userInfo);
          chai.assert.property(userInfo, 'subject');
--- a/misc/client-sdk-testsuite/src/public/test/client-sdk.js
+++ b/misc/client-sdk-testsuite/src/public/test/client-sdk.js
@ -1,24 +1,25 @@
-Edge.debug = true;
+Edge.Client.debug = true;
 Edge.Frame.debug = true;
 describe('Edge', function() {
  describe('#connect()', function() {
    after(() => {
-      Edge.disconnect();
+      Edge.Client.disconnect();
    });
    it('should open the connection', function() {
-      return Edge.connect()
+      return Edge.Client.connect()
        .then(() => {
-          chai.assert.isNotNull(Edge._conn);
+          chai.assert.isNotNull(Edge.Client._conn);
        });
    });
  });
  describe('#disconnect()', function() {
    it('should close the connection', function() {
-      Edge.disconnect();
+      Edge.Client.disconnect();
-      chai.assert.isNull(Edge._conn);
+      chai.assert.isNull(Edge.Client._conn);
    });
  });
--- a/misc/client-sdk-testsuite/src/public/test/fetch-module.js
+++ b/misc/client-sdk-testsuite/src/public/test/fetch-module.js
@ -0,0 +1,33 @@
 describe('Fetch Module', function () {
    before(() => {
        return Edge.Client.connect();
    });
    after(() => {
        Edge.Client.disconnect();
    });
    it('should fetch an authorized external url', function () {
        var externalUrl = Edge.Client.externalUrl("http://example.com");
        return fetch(externalUrl)
            .then(res => {
                chai.assert.equal(res.status, 200)
                return res.text()
            })
            .then(content => {
                chai.assert.include(content, '<h1>Example Domain</h1>')
            })
    });
    it('should not fetch an unauthorized external url', function () {
        var externalUrl = Edge.Client.externalUrl("https://google.com");
        return fetch(externalUrl)
            .then(res => {
                chai.assert.equal(res.status, 403)
            })
    });
 });
--- a/misc/client-sdk-testsuite/src/public/test/file-module.js
+++ b/misc/client-sdk-testsuite/src/public/test/file-module.js
@ -1,25 +1,25 @@
 describe('File Module', function () {
    before(() => {
-        return Edge.connect();
+        return Edge.Client.connect();
    });
    after(() => {
-        Edge.disconnect();
+        Edge.Client.disconnect();
    });
    it('should upload then download a blob', function () {
        const content = JSON.stringify({ "date": new Date() });
        const blob = new Blob([content], { type: "application/json" });
-        return Edge.upload(blob)
+        return Edge.Client.upload(blob)
            .then(upload => upload.result())
            .then(result => {
                chai.assert.isNotEmpty(result.blobId);
                chai.assert.isNotEmpty(result.bucket);
-                const blobUrl = Edge.blobUrl(result.bucket, result.blobId);
+                const blobUrl = Edge.Client.blobUrl(result.bucket, result.blobId);
                chai.assert.isNotEmpty(blobUrl);
                return fetch(blobUrl)
--- a/misc/client-sdk-testsuite/src/public/test/net-module.js
+++ b/misc/client-sdk-testsuite/src/public/test/net-module.js
@ -2,11 +2,11 @@ describe('Net Module', function () {
    this.timeout(5000);
    before(() => {
-        return Edge.connect();
+        return Edge.Client.connect();
    });
    after(() => {
-        Edge.disconnect();
+        Edge.Client.disconnect();
    });
    it('should broadcast a message from server', function (done) {
@ -18,12 +18,12 @@ describe('Net Module', function () {
            chai.assert.deepEqual(message, evt.detail);
-            Edge.removeEventListener('message', handler);
+            Edge.Client.removeEventListener('message', handler);
            done();
        };
-        Edge.addEventListener("message", handler);
+        Edge.Client.addEventListener("message", handler);
-        Edge.send(message);
+        Edge.Client.send(message);
    });
    it('should send a message to the server and echo back', function(done) {
@ -35,15 +35,15 @@ describe('Net Module', function () {
            chai.assert.equal(receivedMessage.now, now.toJSON());
-            Edge.removeEventListener('message', handler);
+            Edge.Client.removeEventListener('message', handler);
            done();
        }
        // Server should echo back message
-        Edge.addEventListener('message', handler);
+        Edge.Client.addEventListener('message', handler);
        // Send message to server
-        Edge.send({ test: 'echo', now });
+        Edge.Client.send({ test: 'echo', now });
    });
 });
--- a/misc/client-sdk-testsuite/src/public/test/rpc-module.js
+++ b/misc/client-sdk-testsuite/src/public/test/rpc-module.js
@ -1,17 +1,17 @@
 describe('Remote Procedure Call', function () {
    before(() => {
-        return Edge.connect();
+        return Edge.Client.connect();
    });
    after(() => {
-        Edge.disconnect();
+        Edge.Client.disconnect();
    });
    it('should call the remote echo() method and resolve the returned value', function () {
        const foo = "bar";
-        return Edge.rpc('echo', { foo })
+        return Edge.Client.rpc('echo', { foo })
            .then(result => {
                console.log(result);
                chai.assert.equal(result.foo, foo);
@ -19,7 +19,7 @@ describe('Remote Procedure Call', function () {
    });
    it('should call the remote throwErrorFromClient() method and reject with an error', function () {
-        return Edge.rpc('throwErrorFromClient')
+        return Edge.Client.rpc('throwErrorFromClient')
            .catch(err => {
                // Assert that it's an "internal" error
                // See https://www.jsonrpc.org/specification#error_object
@ -28,7 +28,7 @@ describe('Remote Procedure Call', function () {
    });
    it('should call an unregistered method and reject with an error', function () {
-        return Edge.rpc('unregisteredMethod')
+        return Edge.Client.rpc('unregisteredMethod')
            .catch(err => {
                // Assert that it's an "method not found" error
                // See https://www.jsonrpc.org/specification#error_object
@ -38,17 +38,17 @@ describe('Remote Procedure Call', function () {
    it('should call the add() method repetitively and keep count of the sent values', function () {
-        this.timeout(10000);
+        this.timeout(30000);
        const values = [];
        for (let i = 0; i <= 1000; i++) {
            values.push((Math.random() * 1000 | 0));
        }
-        return Edge.rpc('reset')
+        return Edge.Client.rpc('reset')
            .then(() => {
-                return Promise.all(values.map(v => Edge.rpc("add", { value: v })));
+                return Promise.all(values.map(v => Edge.Client.rpc("add", { value: v })));
            })
-            .then(() => Edge.rpc('total'))
+            .then(() => Edge.Client.rpc('total'))
            .then(remoteTotal => {
                const localTotal = values.reduce((t, v) => t + v);
                console.log("Remote total:", remoteTotal, "Local total:", localTotal);
--- a/misc/client-sdk-testsuite/src/server/main.js
+++ b/misc/client-sdk-testsuite/src/server/main.js
@ -11,6 +11,10 @@ function onInit() {
  rpc.register("reset", reset);
  rpc.register("total", total);
  rpc.register("getUserInfo", getUserInfo);
  rpc.register("listApps");
  rpc.register("getApp");
  rpc.register("getAppUrl");
 }
 // Called for each client message
@ -80,3 +84,23 @@ function getUserInfo(ctx, params) {
    preferredUsername: preferredUsername,
  };
 }
 function listApps(ctx) {
  return app.list(ctx);
 }
 function getApp(ctx, params) {
  var appId = params.appId;
  return app.get(ctx, appId);
 }
 function getAppUrl(ctx, params) {
  var appId = params.appId;
  var from = params.from;
  return app.getUrl(ctx, appId, from ? from : '');
 }
 function onClientFetch(ctx, url, remoteAddr) {
  return { allow: url === 'http://example.com' };
 }
--- a/misc/jenkins/Dockerfile
+++ b/misc/jenkins/Dockerfile
@ -0,0 +1,28 @@
 FROM reg.cadoles.com/proxy_cache/library/ubuntu:22.04
 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
 ARG http_proxy=
 ARG https_proxy=
 ARG GO_VERSION=1.19.2
 # Install dev environment dependencies
 RUN export DEBIAN_FRONTEND=noninteractive &&\
    apt-get update -y &&\
    apt-get install -y --no-install-recommends curl ca-certificates build-essential wget unzip tar git jq
 # Install Go
 RUN mkdir -p /tmp \
    && wget -O /tmp/go${GO_VERSION}.linux-amd64.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz \
    && rm -rf /usr/local/go \
    && mkdir -p /usr/local \
    && tar -C /usr/local -xzf /tmp/go${GO_VERSION}.linux-amd64.tar.gz
 ENV PATH="${PATH}:/usr/local/go/bin"
 # Add LetsEncrypt certificates
 RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
 # Install NodeJS
 RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \
    && apt-get install -y nodejs
--- a/modd.conf
+++ b/modd.conf
@ -6,8 +6,11 @@ misc/client-sdk-testsuite/src/**/*
 modd.conf
 {
    prep: make build-sdk
-    prep: cd misc/client-sdk-testsuite && make dist
+    prep: make build-client-sdk-test-app
    prep: make GOTEST_ARGS="-short" test
    prep: make build
-    daemon: bin/cli app run -p misc/client-sdk-testsuite/dist
+    daemon: make run-app
 }
 **/*.go {
    prep: make GOTEST_ARGS="-short" test
 }
--- a/package-lock.json
+++ b/package-lock.json
@ -10,14 +10,50 @@
      "license": "AGPL-3.0",
      "dependencies": {
        "@types/sockjs-client": "^1.5.1",
        "@webcomponents/webcomponentsjs": "^2.8.0",
        "core-js": "^3.30.1",
        "lit": "^2.7.2",
        "sockjs-client": "^1.6.1"
      }
    },
    "node_modules/@lit-labs/ssr-dom-shim": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.1.0.tgz",
      "integrity": "sha512-92uQ5ARf7UXYrzaFcAX3T2rTvaS9Z1//ukV+DqjACM4c8s0ZBQd7ayJU5Dh2AFLD/Ayuyz4uMmxQec8q3U4Ong=="
    },
    "node_modules/@lit/reactive-element": {
      "version": "1.6.1",
      "resolved": "https://registry.npmjs.org/@lit/reactive-element/-/reactive-element-1.6.1.tgz",
      "integrity": "sha512-va15kYZr7KZNNPZdxONGQzpUr+4sxVu7V/VG7a8mRfPPXUyhEYj5RzXCQmGrlP3tAh0L3HHm5AjBMFYRqlM9SA==",
      "dependencies": {
        "@lit-labs/ssr-dom-shim": "^1.0.0"
      }
    },
    "node_modules/@types/sockjs-client": {
      "version": "1.5.1",
      "resolved": "https://registry.npmjs.org/@types/sockjs-client/-/sockjs-client-1.5.1.tgz",
      "integrity": "sha512-bmZM6A1GPdjF0bcuIUC+50hZEMGkzMsiG9by6X9U+7IZFOiPtz7MJ9h05FSpPVxlj4i+TzzoG3ESo1FJlbLb6A=="
    },
    "node_modules/@types/trusted-types": {
      "version": "2.0.3",
      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.3.tgz",
      "integrity": "sha512-NfQ4gyz38SL8sDNrSixxU2Os1a5xcdFxipAFxYEuLUlvU2uDwS4NUpsImcf1//SlWItCVMMLiylsxbmNMToV/g=="
    },
    "node_modules/@webcomponents/webcomponentsjs": {
      "version": "2.8.0",
      "resolved": "https://registry.npmjs.org/@webcomponents/webcomponentsjs/-/webcomponentsjs-2.8.0.tgz",
      "integrity": "sha512-loGD63sacRzOzSJgQnB9ZAhaQGkN7wl2Zuw7tsphI5Isa0irijrRo6EnJii/GgjGefIFO8AIO7UivzRhFaEk9w=="
    },
    "node_modules/core-js": {
      "version": "3.30.1",
      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.30.1.tgz",
      "integrity": "sha512-ZNS5nbiSwDTq4hFosEDqm65izl2CWmLz0hARJMyNQBgkUZMIF51cQiMvIQKA6hvuaeWxQDP3hEedM1JZIgTldQ==",
      "hasInstallScript": true,
      "funding": {
        "type": "opencollective",
        "url": "https://opencollective.com/core-js"
      }
    },
    "node_modules/debug": {
      "version": "3.2.7",
      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
@ -55,6 +91,34 @@
      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
    },
    "node_modules/lit": {
      "version": "2.7.2",
      "resolved": "https://registry.npmjs.org/lit/-/lit-2.7.2.tgz",
      "integrity": "sha512-9QnZmG5mIKPRja96cpndMclLSi0Qrz2BXD6EbqNqCKMMjOWVm/BwAeXufFk2jqFsNmY07HOzU8X+8aTSVt3yrA==",
      "dependencies": {
        "@lit/reactive-element": "^1.6.0",
        "lit-element": "^3.3.0",
        "lit-html": "^2.7.0"
      }
    },
    "node_modules/lit-element": {
      "version": "3.3.1",
      "resolved": "https://registry.npmjs.org/lit-element/-/lit-element-3.3.1.tgz",
      "integrity": "sha512-Gl+2409uXWbf7n6cCl7Kzasm7zjT9xmdwi2BhLNi70sRKAgRkqueDu5mSIH3hPYMM0/vqBCdPXod3NbGkRA2ww==",
      "dependencies": {
        "@lit-labs/ssr-dom-shim": "^1.1.0",
        "@lit/reactive-element": "^1.3.0",
        "lit-html": "^2.7.0"
      }
    },
    "node_modules/lit-html": {
      "version": "2.7.2",
      "resolved": "https://registry.npmjs.org/lit-html/-/lit-html-2.7.2.tgz",
      "integrity": "sha512-ZJCfKlA2XELu5tn7XuzOziGFGvf1SeQm+ngLWoJ8bXtSkRrrR3ms6SWy+gsdxeYwySLij5xAhdd2C3EX0ftxdQ==",
      "dependencies": {
        "@types/trusted-types": "^2.0.2"
      }
    },
    "node_modules/ms": {
      "version": "2.1.3",
      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
@ -139,11 +203,39 @@
    }
  },
  "dependencies": {
    "@lit-labs/ssr-dom-shim": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.1.0.tgz",
      "integrity": "sha512-92uQ5ARf7UXYrzaFcAX3T2rTvaS9Z1//ukV+DqjACM4c8s0ZBQd7ayJU5Dh2AFLD/Ayuyz4uMmxQec8q3U4Ong=="
    },
    "@lit/reactive-element": {
      "version": "1.6.1",
      "resolved": "https://registry.npmjs.org/@lit/reactive-element/-/reactive-element-1.6.1.tgz",
      "integrity": "sha512-va15kYZr7KZNNPZdxONGQzpUr+4sxVu7V/VG7a8mRfPPXUyhEYj5RzXCQmGrlP3tAh0L3HHm5AjBMFYRqlM9SA==",
      "requires": {
        "@lit-labs/ssr-dom-shim": "^1.0.0"
      }
    },
    "@types/sockjs-client": {
      "version": "1.5.1",
      "resolved": "https://registry.npmjs.org/@types/sockjs-client/-/sockjs-client-1.5.1.tgz",
      "integrity": "sha512-bmZM6A1GPdjF0bcuIUC+50hZEMGkzMsiG9by6X9U+7IZFOiPtz7MJ9h05FSpPVxlj4i+TzzoG3ESo1FJlbLb6A=="
    },
    "@types/trusted-types": {
      "version": "2.0.3",
      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.3.tgz",
      "integrity": "sha512-NfQ4gyz38SL8sDNrSixxU2Os1a5xcdFxipAFxYEuLUlvU2uDwS4NUpsImcf1//SlWItCVMMLiylsxbmNMToV/g=="
    },
    "@webcomponents/webcomponentsjs": {
      "version": "2.8.0",
      "resolved": "https://registry.npmjs.org/@webcomponents/webcomponentsjs/-/webcomponentsjs-2.8.0.tgz",
      "integrity": "sha512-loGD63sacRzOzSJgQnB9ZAhaQGkN7wl2Zuw7tsphI5Isa0irijrRo6EnJii/GgjGefIFO8AIO7UivzRhFaEk9w=="
    },
    "core-js": {
      "version": "3.30.1",
      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.30.1.tgz",
      "integrity": "sha512-ZNS5nbiSwDTq4hFosEDqm65izl2CWmLz0hARJMyNQBgkUZMIF51cQiMvIQKA6hvuaeWxQDP3hEedM1JZIgTldQ=="
    },
    "debug": {
      "version": "3.2.7",
      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
@ -175,6 +267,34 @@
      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
    },
    "lit": {
      "version": "2.7.2",
      "resolved": "https://registry.npmjs.org/lit/-/lit-2.7.2.tgz",
      "integrity": "sha512-9QnZmG5mIKPRja96cpndMclLSi0Qrz2BXD6EbqNqCKMMjOWVm/BwAeXufFk2jqFsNmY07HOzU8X+8aTSVt3yrA==",
      "requires": {
        "@lit/reactive-element": "^1.6.0",
        "lit-element": "^3.3.0",
        "lit-html": "^2.7.0"
      }
    },
    "lit-element": {
      "version": "3.3.1",
      "resolved": "https://registry.npmjs.org/lit-element/-/lit-element-3.3.1.tgz",
      "integrity": "sha512-Gl+2409uXWbf7n6cCl7Kzasm7zjT9xmdwi2BhLNi70sRKAgRkqueDu5mSIH3hPYMM0/vqBCdPXod3NbGkRA2ww==",
      "requires": {
        "@lit-labs/ssr-dom-shim": "^1.1.0",
        "@lit/reactive-element": "^1.3.0",
        "lit-html": "^2.7.0"
      }
    },
    "lit-html": {
      "version": "2.7.2",
      "resolved": "https://registry.npmjs.org/lit-html/-/lit-html-2.7.2.tgz",
      "integrity": "sha512-ZJCfKlA2XELu5tn7XuzOziGFGvf1SeQm+ngLWoJ8bXtSkRrrR3ms6SWy+gsdxeYwySLij5xAhdd2C3EX0ftxdQ==",
      "requires": {
        "@types/trusted-types": "^2.0.2"
      }
    },
    "ms": {
      "version": "2.1.3",
      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
--- a/package.json
+++ b/package.json
@ -10,6 +10,9 @@
  "license": "AGPL-3.0",
  "dependencies": {
    "@types/sockjs-client": "^1.5.1",
    "@webcomponents/webcomponentsjs": "^2.8.0",
    "core-js": "^3.30.1",
    "lit": "^2.7.2",
    "sockjs-client": "^1.6.1"
  }
 }
--- a/pkg/app/app.go
+++ b/pkg/app/app.go
@ -1,39 +0,0 @@
 package app
 import (
 	"forge.cadoles.com/arcad/edge/pkg/bundle"
 	"github.com/pkg/errors"
 	"gopkg.in/yaml.v2"
 )
 type ID string
 type Manifest struct {
 	ID          ID       `yaml:"id"`
 	Version     string   `yaml:"version"`
 	Title       string   `yaml:"title"`
 	Description string   `yaml:"description"`
 	Tags        []string `yaml:"tags"`
 }
 func LoadManifest(b bundle.Bundle) (*Manifest, error) {
 	reader, _, err := b.File("manifest.yml")
 	if err != nil {
 		return nil, errors.Wrap(err, "could not read manifest.yml")
 	}
 	defer func() {
 		if err := reader.Close(); err != nil {
 			panic(errors.WithStack(err))
 		}
 	}()
 	manifest := &Manifest{}
 	decoder := yaml.NewDecoder(reader)
 	if err := decoder.Decode(manifest); err != nil {
 		return nil, errors.Wrap(err, "could not decode manifest.yml")
 	}
 	return manifest, nil
 }
--- a/pkg/app/manifest.go
+++ b/pkg/app/manifest.go
@ -0,0 +1,85 @@
 package app
 import (
 	"strings"
 	"forge.cadoles.com/arcad/edge/pkg/bundle"
 	"github.com/pkg/errors"
 	"golang.org/x/mod/semver"
 	"gopkg.in/yaml.v2"
 )
 type ID string
 type Manifest struct {
 	ID          ID       `yaml:"id" json:"id"`
 	Version     string   `yaml:"version" json:"version"`
 	Title       string   `yaml:"title" json:"title"`
 	Description string   `yaml:"description" json:"description"`
 	Tags        []string `yaml:"tags" json:"tags"`
 	Metadata    MapStr   `yaml:"metadata" json:"metadata"`
 }
 type MetadataValidator func(map[string]any) (bool, error)
 func (m *Manifest) Validate(validators ...MetadataValidator) (bool, error) {
 	if m.ID == "" {
 		return false, errors.New("'id' property should not be empty")
 	}
 	if m.Version == "" {
 		return false, errors.New("'version' property should not be empty")
 	}
 	version := m.Version
 	if !strings.HasPrefix(version, "v") {
 		version = "v" + version
 	}
 	if !semver.IsValid(version) {
 		return false, errors.Errorf("version '%s' does not respect semver format", m.Version)
 	}
 	if m.Title == "" {
 		return false, errors.New("'title' property should not be empty")
 	}
 	if m.Tags != nil {
 		for _, t := range m.Tags {
 			if strings.ContainsAny(t, " \t\n\r") {
 				return false, errors.Errorf("tag '%s' should not contain any space or new line", t)
 			}
 		}
 	}
 	for _, v := range validators {
 		valid, err := v(m.Metadata)
 		if !valid || err != nil {
 			return valid, errors.WithStack(err)
 		}
 	}
 	return true, nil
 }
 func LoadManifest(b bundle.Bundle) (*Manifest, error) {
 	reader, _, err := b.File("manifest.yml")
 	if err != nil {
 		return nil, errors.Wrap(err, "could not read manifest.yml")
 	}
 	defer func() {
 		if err := reader.Close(); err != nil {
 			panic(errors.WithStack(err))
 		}
 	}()
 	manifest := &Manifest{}
 	decoder := yaml.NewDecoder(reader)
 	if err := decoder.Decode(manifest); err != nil {
 		return nil, errors.Wrap(err, "could not decode manifest.yml")
 	}
 	return manifest, nil
 }
--- a/pkg/app/map_str.go
+++ b/pkg/app/map_str.go
@ -0,0 +1,61 @@
 package app
 import (
 	"fmt"
 	"github.com/pkg/errors"
 )
 type MapStr map[string]interface{}
 func MapStrUnion(dict1 MapStr, dict2 MapStr) MapStr {
 	dict := MapStr{}
 	for k, v := range dict1 {
 		dict[k] = v
 	}
 	for k, v := range dict2 {
 		dict[k] = v
 	}
 	return dict
 }
 func (ms *MapStr) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	var result map[interface{}]interface{}
 	err := unmarshal(&result)
 	if err != nil {
 		return errors.WithStack(err)
 	}
 	*ms = cleanUpInterfaceMap(result)
 	return nil
 }
 func cleanUpInterfaceArray(in []interface{}) []interface{} {
 	result := make([]interface{}, len(in))
 	for i, v := range in {
 		result[i] = cleanUpMapValue(v)
 	}
 	return result
 }
 func cleanUpInterfaceMap(in map[interface{}]interface{}) MapStr {
 	result := make(MapStr)
 	for k, v := range in {
 		result[fmt.Sprintf("%v", k)] = cleanUpMapValue(v)
 	}
 	return result
 }
 func cleanUpMapValue(v interface{}) interface{} {
 	switch v := v.(type) {
 	case []interface{}:
 		return cleanUpInterfaceArray(v)
 	case map[interface{}]interface{}:
 		return cleanUpInterfaceMap(v)
 	case string:
 		return v
 	default:
 		return fmt.Sprintf("%v", v)
 	}
 }
--- a/pkg/app/metadata/minimum_role.go
+++ b/pkg/app/metadata/minimum_role.go
@ -0,0 +1,28 @@
 package metadata
 import (
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"github.com/pkg/errors"
 )
 func WithMinimumRoleValidator(roles ...string) app.MetadataValidator {
 	return func(metadata map[string]any) (bool, error) {
 		rawMinimumRole, exists := metadata["minimumRole"]
 		if !exists {
 			return true, nil
 		}
 		minimumRole, ok := rawMinimumRole.(string)
 		if !ok {
 			return false, errors.Errorf("metadata['minimumRole']: unexpected value type '%T'", rawMinimumRole)
 		}
 		for _, r := range roles {
 			if minimumRole == r {
 				return true, nil
 			}
 		}
 		return false, errors.Errorf("metadata['minimumRole']: unexpected role '%s'", minimumRole)
 	}
 }
--- a/pkg/app/metadata/named_path.go
+++ b/pkg/app/metadata/named_path.go
@ -0,0 +1,51 @@
 package metadata
 import (
 	"strings"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"github.com/pkg/errors"
 )
 type NamedPath string
 const (
 	NamedPathAdmin NamedPath = "admin"
 	NamedPathIcon  NamedPath = "icon"
 )
 func WithNamedPathsValidator(names ...NamedPath) app.MetadataValidator {
 	set := map[NamedPath]struct{}{}
 	for _, n := range names {
 		set[n] = struct{}{}
 	}
 	return func(metadata map[string]any) (bool, error) {
 		rawPaths, exists := metadata["paths"]
 		if !exists {
 			return true, nil
 		}
 		paths, ok := rawPaths.(app.MapStr)
 		if !ok {
 			return false, errors.Errorf("metadata['paths']: unexpected named path value type '%T'", rawPaths)
 		}
 		for n, p := range paths {
 			if _, exists := set[NamedPath(n)]; !exists {
 				return false, errors.Errorf("metadata['paths']: unexpected named path '%s'", n)
 			}
 			path, ok := p.(string)
 			if !ok {
 				return false, errors.Errorf("metadata['paths']['%s']: unexpected named path value type '%T'", n, path)
 			}
 			if !strings.HasPrefix(path, "/") {
 				return false, errors.Errorf("metadata['paths']['%s']: named path value should start with a '/'", n)
 			}
 		}
 		return true, nil
 	}
 }
--- a/pkg/app/metadata/testdata/manifests/invalid-minimum-role.yml
+++ b/pkg/app/metadata/testdata/manifests/invalid-minimum-role.yml
@ -0,0 +1,7 @@
 id: foo.arcad.app
 version: v0.0.0
 title: Foo
 description: A test app
 tags: ["test"]
 metadata:
  minimumRole: foo
--- a/pkg/app/metadata/testdata/manifests/invalid-paths.yml
+++ b/pkg/app/metadata/testdata/manifests/invalid-paths.yml
@ -0,0 +1,10 @@
 id: foo.arcad.app
 version: v0.0.0
 title: Foo
 description: A test app
 tags: ["test"]
 metadata:
  paths:
    invalid: /admin
    icon: /my-app-icon.png
  minimumRole: visitor
--- a/pkg/app/metadata/testdata/manifests/valid.yml
+++ b/pkg/app/metadata/testdata/manifests/valid.yml
@ -0,0 +1,10 @@
 id: foo.arcad.app
 version: v0.0.0
 title: Foo
 description: A test app
 tags: ["test"]
 metadata:
  paths:
    admin: /admin
    icon: /my-app-icon.png
  minimumRole: visitor
--- a/pkg/app/metadata/validator_test.go
+++ b/pkg/app/metadata/validator_test.go
@ -0,0 +1,74 @@
 package metadata
 import (
 	"io/ioutil"
 	"path/filepath"
 	"testing"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"github.com/pkg/errors"
 	"gopkg.in/yaml.v2"
 )
 type validatorTestCase struct {
 	File        string
 	ExpectValid bool
 	ExpectError bool
 }
 var validatorTestCases = []validatorTestCase{
 	{
 		File:        "valid.yml",
 		ExpectValid: true,
 	},
 	{
 		File:        "invalid-paths.yml",
 		ExpectValid: false,
 		ExpectError: true,
 	},
 	{
 		File:        "invalid-minimum-role.yml",
 		ExpectValid: false,
 		ExpectError: true,
 	},
 }
 var validators = []app.MetadataValidator{
 	WithMinimumRoleValidator("visitor", "user", "superuser", "admin", "superadmin"),
 	WithNamedPathsValidator(NamedPathAdmin, NamedPathIcon),
 }
 func TestManifestValidate(t *testing.T) {
 	for _, tc := range validatorTestCases {
 		func(tc *validatorTestCase) {
 			t.Run(tc.File, func(t *testing.T) {
 				data, err := ioutil.ReadFile(filepath.Join("testdata/manifests", tc.File))
 				if err != nil {
 					t.Fatalf("%+v", errors.WithStack(err))
 				}
 				var manifest app.Manifest
 				if err := yaml.Unmarshal(data, &manifest); err != nil {
 					t.Fatalf("%+v", errors.WithStack(err))
 				}
 				valid, err := manifest.Validate(validators...)
 				t.Logf("[RESULT] valid:%v, err:%v", valid, err)
 				if e, g := tc.ExpectValid, valid; e != g {
 					t.Errorf("valid: expected '%v', got '%v'", e, g)
 				}
 				if tc.ExpectError && err == nil {
 					t.Error("err should not be nil")
 				}
 				if !tc.ExpectError && err != nil {
 					t.Errorf("err: expected nil, got '%+v'", err)
 				}
 			})
 		}(&tc)
 	}
 }
--- a/pkg/http/fetch.go
+++ b/pkg/http/fetch.go
@ -0,0 +1,112 @@
 package http
 import (
 	"io"
 	"net/http"
 	"net/url"
 	"forge.cadoles.com/arcad/edge/pkg/module"
 	"forge.cadoles.com/arcad/edge/pkg/module/fetch"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/logger"
 )
 func (h *Handler) handleAppFetch(w http.ResponseWriter, r *http.Request) {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
 	ctx := r.Context()
 	ctx = module.WithContext(ctx, map[module.ContextKey]any{
 		ContextKeyOriginRequest: r,
 	})
 	rawURL := r.URL.Query().Get("url")
 	url, err := url.Parse(rawURL)
 	if err != nil {
 		jsonError(w, http.StatusBadRequest, errorCodeBadRequest)
 		return
 	}
 	requestMsg := fetch.NewMessageFetchRequest(ctx, r.RemoteAddr, url)
 	reply, err := h.bus.Request(ctx, requestMsg)
 	if err != nil {
 		logger.Error(ctx, "could not retrieve fetch request reply", logger.E(errors.WithStack(err)))
 		jsonError(w, http.StatusInternalServerError, errorCodeInternalError)
 		return
 	}
 	logger.Debug(ctx, "fetch reply", logger.F("reply", reply))
 	responseMsg, ok := reply.(*fetch.MessageFetchResponse)
 	if !ok {
 		logger.Error(
 			ctx, "unexpected fetch response message",
 			logger.F("message", reply),
 		)
 		jsonError(w, http.StatusInternalServerError, errorCodeInternalError)
 		return
 	}
 	if !responseMsg.Allow {
 		jsonError(w, http.StatusForbidden, errorCodeForbidden)
 		return
 	}
 	proxyReq, err := http.NewRequest(http.MethodGet, url.String(), nil)
 	if err != nil {
 		logger.Error(
 			ctx, "could not create proxy request",
 			logger.E(errors.WithStack(err)),
 		)
 		jsonError(w, http.StatusInternalServerError, errorCodeInternalError)
 		return
 	}
 	for header, values := range r.Header {
 		for _, value := range values {
 			proxyReq.Header.Add(header, value)
 		}
 	}
 	proxyReq.Header.Add("X-Forwarded-From", r.RemoteAddr)
 	res, err := h.httpClient.Do(proxyReq)
 	if err != nil {
 		logger.Error(
 			ctx, "could not execute proxy request",
 			logger.E(errors.WithStack(err)),
 		)
 		jsonError(w, http.StatusInternalServerError, errorCodeInternalError)
 		return
 	}
 	defer func() {
 		if err := res.Body.Close(); err != nil {
 			logger.Error(
 				ctx, "could not close response body",
 				logger.E(errors.WithStack(err)),
 			)
 		}
 	}()
 	for header, values := range res.Header {
 		for _, value := range values {
 			w.Header().Add(header, value)
 		}
 	}
 	w.WriteHeader(res.StatusCode)
 	if _, err := io.Copy(w, res.Body); err != nil {
 		panic(errors.WithStack(err))
 	}
 }
--- a/pkg/http/handler.go
+++ b/pkg/http/handler.go
@ -31,6 +31,8 @@ type Handler struct {
 	server                *app.Server
 	serverModuleFactories []app.ServerModuleFactory
 	httpClient *http.Client
 	mutex sync.RWMutex
 }
@ -91,6 +93,7 @@ func NewHandler(funcs ...HandlerOptionFunc) *Handler {
 		sockjsOpts:            opts.SockJS,
 		router:                router,
 		serverModuleFactories: opts.ServerModuleFactories,
 		httpClient:            opts.HTTPClient,
 		bus:                   opts.Bus,
 	}
@ -100,11 +103,19 @@ func NewHandler(funcs ...HandlerOptionFunc) *Handler {
 			r.Get("/client.js.map", handler.handleSDKClientMap)
 		})
-		r.Route("/api/v1", func(r chi.Router) {
+		r.Route("/api", func(r chi.Router) {
-			r.Post("/upload", handler.handleAppUpload)
+			r.Post("/v1/upload", handler.handleAppUpload)
-			r.Get("/download/{bucket}/{blobID}", handler.handleAppDownload)
+			r.Get("/v1/download/{bucket}/{blobID}", handler.handleAppDownload)
 			r.Get("/v1/fetch", handler.handleAppFetch)
 		})
 		for _, fn := range opts.HTTPMounts {
 			r.Group(func(r chi.Router) {
 				fn(r)
 			})
 		}
 		r.HandleFunc("/sock/*", handler.handleSockJS)
 	})
--- a/pkg/http/options.go
+++ b/pkg/http/options.go
@ -1,11 +1,13 @@
 package http
 import (
 	"net/http"
 	"time"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/bus"
 	"forge.cadoles.com/arcad/edge/pkg/bus/memory"
 	"github.com/go-chi/chi/v5"
 	"github.com/igm/sockjs-go/v3/sockjs"
 )
@ -14,6 +16,8 @@ type HandlerOptions struct {
 	SockJS                sockjs.Options
 	ServerModuleFactories []app.ServerModuleFactory
 	UploadMaxFileSize     int64
 	HTTPClient            *http.Client
 	HTTPMounts            []func(r chi.Router)
 }
 func defaultHandlerOptions() *HandlerOptions {
@ -27,6 +31,10 @@ func defaultHandlerOptions() *HandlerOptions {
 		SockJS:                sockjsOptions,
 		ServerModuleFactories: make([]app.ServerModuleFactory, 0),
 		UploadMaxFileSize:     10 << (10 * 2), // 10Mb
 		HTTPClient: &http.Client{
 			Timeout: time.Second * 30,
 		},
 		HTTPMounts: make([]func(r chi.Router), 0),
 	}
 }
@ -55,3 +63,15 @@ func WithUploadMaxFileSize(size int64) HandlerOptionFunc {
 		opts.UploadMaxFileSize = size
 	}
 }
 func WithHTTPClient(client *http.Client) HandlerOptionFunc {
 	return func(opts *HandlerOptions) {
 		opts.HTTPClient = client
 	}
 }
 func WithHTTPMounts(mounts ...func(r chi.Router)) HandlerOptionFunc {
 	return func(opts *HandlerOptions) {
 		opts.HTTPMounts = mounts
 	}
 }
--- a/pkg/module/app/error.go
+++ b/pkg/module/app/error.go
@ -0,0 +1,5 @@
 package app
 import "errors"
 var ErrNotFound = errors.New("not found")
--- a/pkg/module/app/memory/module_test.go
+++ b/pkg/module/app/memory/module_test.go
@ -0,0 +1,58 @@
 package memory
 import (
 	"context"
 	"fmt"
 	"io/ioutil"
 	"testing"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/module"
 	appModule "forge.cadoles.com/arcad/edge/pkg/module/app"
 	"github.com/pkg/errors"
 )
 func TestAppModuleWithMemoryRepository(t *testing.T) {
 	t.Parallel()
 	server := app.NewServer(
 		module.ContextModuleFactory(),
 		module.ConsoleModuleFactory(),
 		appModule.ModuleFactory(NewRepository(
 			func(ctx context.Context, id app.ID, from string) (string, error) {
 				return fmt.Sprintf("http//%s.example.com?from=%s", id, from), nil
 			},
 			&app.Manifest{
 				ID:          "dummy1.arcad.app",
 				Version:     "0.0.0",
 				Title:       "Dummy 1",
 				Description: "Dummy App 1",
 				Tags:        []string{"dummy", "first"},
 			},
 			&app.Manifest{
 				ID:          "dummy2.arcad.app",
 				Version:     "0.0.0",
 				Title:       "Dummy 2",
 				Description: "Dummy App 2",
 				Tags:        []string{"dummy", "second"},
 			},
 		)),
 	)
 	file := "testdata/app.js"
 	data, err := ioutil.ReadFile(file)
 	if err != nil {
 		t.Fatal(err)
 	}
 	if err := server.Load(file, string(data)); err != nil {
 		t.Fatal(err)
 	}
 	defer server.Stop()
 	if err := server.Start(); err != nil {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}
 }
--- a/pkg/module/app/memory/repository.go
+++ b/pkg/module/app/memory/repository.go
@ -0,0 +1,54 @@
 package memory
 import (
 	"context"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	module "forge.cadoles.com/arcad/edge/pkg/module/app"
 	"github.com/pkg/errors"
 )
 type GetURLFunc func(context.Context, app.ID, string) (string, error)
 type Repository struct {
 	getURL GetURLFunc
 	apps   []*app.Manifest
 }
 // GetURL implements app.Repository
 func (r *Repository) GetURL(ctx context.Context, id app.ID, from string) (string, error) {
 	url, err := r.getURL(ctx, id, from)
 	if err != nil {
 		return "", errors.WithStack(err)
 	}
 	return url, nil
 }
 // Get implements app.Repository
 func (r *Repository) Get(ctx context.Context, id app.ID) (*app.Manifest, error) {
 	for _, app := range r.apps {
 		if app.ID != id {
 			continue
 		}
 		return app, nil
 	}
 	return nil, module.ErrNotFound
 }
 // List implements app.Repository
 func (r *Repository) List(ctx context.Context) ([]*app.Manifest, error) {
 	return r.apps, nil
 }
 func NewRepository(getURL GetURLFunc, manifests ...*app.Manifest) *Repository {
 	if manifests == nil {
 		manifests = make([]*app.Manifest, 0)
 	}
 	return &Repository{getURL, manifests}
 }
 var _ module.Repository = &Repository{}
--- a/pkg/module/app/memory/testdata/app.js
+++ b/pkg/module/app/memory/testdata/app.js
@ -0,0 +1,17 @@
 var ctx = context.new();
 var manifests = app.list(ctx);
 if (manifests.length !== 2) {
    throw new Error("apps.length: expected '2', got '"+manifests.length+"'");
 }
 var manifest = app.get(ctx, 'dummy2.arcad.app');
 if (!manifest) {
    throw new Error("manifest should not be null");
 }
 if (manifest.id !== "dummy2.arcad.app") {
    throw new Error("manifest.id: expected 'dummy2.arcad.app', got '"+manifest.id+"'");
 }
--- a/pkg/module/app/module.go
+++ b/pkg/module/app/module.go
@ -0,0 +1,124 @@
 package app
 import (
 	"fmt"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/module/util"
 	"github.com/dop251/goja"
 	"github.com/pkg/errors"
 )
 type Module struct {
 	repository Repository
 }
 type gojaManifest struct {
 	ID          string         `goja:"id" json:"id"`
 	Version     string         `goja:"version" json:"version"`
 	Title       string         `goja:"title" json:"title"`
 	Description string         `goja:"description" json:"description"`
 	Tags        []string       `goja:"tags" json:"tags"`
 	Metadata    map[string]any `goja:"metadata" json:"metadata"`
 }
 func toGojaManifest(manifest *app.Manifest) *gojaManifest {
 	return &gojaManifest{
 		ID:          string(manifest.ID),
 		Version:     manifest.Version,
 		Title:       manifest.Title,
 		Description: manifest.Description,
 		Tags:        manifest.Tags,
 		Metadata:    manifest.Metadata,
 	}
 }
 func toGojaManifests(manifests []*app.Manifest) []*gojaManifest {
 	gojaManifests := make([]*gojaManifest, len(manifests))
 	for i, m := range manifests {
 		gojaManifests[i] = toGojaManifest(m)
 	}
 	return gojaManifests
 }
 func (m *Module) Name() string {
 	return "app"
 }
 func (m *Module) Export(export *goja.Object) {
 	if err := export.Set("list", m.list); err != nil {
 		panic(errors.Wrap(err, "could not set 'list' function"))
 	}
 	if err := export.Set("get", m.get); err != nil {
 		panic(errors.Wrap(err, "could not set 'get' function"))
 	}
 	if err := export.Set("getUrl", m.getURL); err != nil {
 		panic(errors.Wrap(err, "could not set 'list' function"))
 	}
 }
 func (m *Module) list(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
 	ctx := util.AssertContext(call.Argument(0), rt)
 	manifests, err := m.repository.List(ctx)
 	if err != nil {
 		panic(rt.ToValue(errors.WithStack(err)))
 	}
 	return rt.ToValue(toGojaManifests(manifests))
 }
 func (m *Module) get(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
 	ctx := util.AssertContext(call.Argument(0), rt)
 	appID := assertAppID(call.Argument(1), rt)
 	manifest, err := m.repository.Get(ctx, appID)
 	if err != nil {
 		panic(rt.ToValue(errors.WithStack(err)))
 	}
 	return rt.ToValue(toGojaManifest(manifest))
 }
 func (m *Module) getURL(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
 	ctx := util.AssertContext(call.Argument(0), rt)
 	appID := assertAppID(call.Argument(1), rt)
 	var from string
 	if len(call.Arguments) > 2 {
 		from = util.AssertString(call.Argument(2), rt)
 	}
 	url, err := m.repository.GetURL(ctx, appID, from)
 	if err != nil {
 		panic(rt.ToValue(errors.WithStack(err)))
 	}
 	return rt.ToValue(url)
 }
 func ModuleFactory(repository Repository) app.ServerModuleFactory {
 	return func(server *app.Server) app.ServerModule {
 		return &Module{
 			repository: repository,
 		}
 	}
 }
 func assertAppID(value goja.Value, rt *goja.Runtime) app.ID {
 	appID, ok := value.Export().(app.ID)
 	if !ok {
 		rawAppID, ok := value.Export().(string)
 		if !ok {
 			panic(rt.NewTypeError(fmt.Sprintf("app id  must be an appid or a string, got '%T'", value.Export())))
 		}
 		appID = app.ID(rawAppID)
 	}
 	return appID
 }
--- a/pkg/module/app/mount.go
+++ b/pkg/module/app/mount.go
@ -0,0 +1,112 @@
 package app
 import (
 	"net"
 	"net/http"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"github.com/go-chi/chi/v5"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/api"
 	"gitlab.com/wpetit/goweb/logger"
 )
 type MountFunc func(r chi.Router)
 type Handler struct {
 	repo Repository
 }
 func (h *Handler) serveApps(w http.ResponseWriter, r *http.Request) {
 	manifests, err := h.repo.List(r.Context())
 	if err != nil {
 		logger.Error(r.Context(), "could not retrieve app manifest", logger.E(errors.WithStack(err)))
 		api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
 		return
 	}
 	api.DataResponse(w, http.StatusOK, struct {
 		Manifests []*app.Manifest `json:"manifests"`
 	}{
 		Manifests: manifests,
 	})
 }
 func (h *Handler) serveApp(w http.ResponseWriter, r *http.Request) {
 	appID := app.ID(chi.URLParam(r, "appID"))
 	manifest, err := h.repo.Get(r.Context(), appID)
 	if err != nil {
 		if errors.Is(err, ErrNotFound) {
 			api.ErrorResponse(w, http.StatusNotFound, api.ErrCodeNotFound, nil)
 			return
 		}
 		logger.Error(r.Context(), "could not retrieve app manifest", logger.E(errors.WithStack(err)))
 		api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
 		return
 	}
 	api.DataResponse(w, http.StatusOK, struct {
 		Manifest *app.Manifest `json:"manifest"`
 	}{
 		Manifest: manifest,
 	})
 }
 type serveAppURLRequest struct {
 	From string `json:"from,omitempty"`
 }
 func (h *Handler) serveAppURL(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	req := &serveAppURLRequest{}
 	if ok := api.Bind(w, r, req); !ok {
 		return
 	}
 	appID := app.ID(chi.URLParam(r, "appID"))
 	from := req.From
 	if from == "" {
 		host, _, err := net.SplitHostPort(r.RemoteAddr)
 		if err != nil {
 			logger.Warn(ctx, "could not split remote address", logger.E(errors.WithStack(err)))
 		} else {
 			from = host
 		}
 	}
 	url, err := h.repo.GetURL(ctx, appID, from)
 	if err != nil {
 		if errors.Is(err, ErrNotFound) {
 			api.ErrorResponse(w, http.StatusNotFound, api.ErrCodeNotFound, nil)
 			return
 		}
 		logger.Error(r.Context(), "could not retrieve app url", logger.E(errors.WithStack(err)))
 		api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
 		return
 	}
 	api.DataResponse(w, http.StatusOK, struct {
 		URL string `json:"url"`
 	}{
 		URL: url,
 	})
 }
 func Mount(repository Repository) MountFunc {
 	handler := &Handler{repository}
 	return func(r chi.Router) {
 		r.Get("/api/v1/apps", handler.serveApps)
 		r.Get("/api/v1/apps/{appID}", handler.serveApp)
 		r.Post("/api/v1/apps/{appID}/url", handler.serveAppURL)
 	}
 }
--- a/pkg/module/app/repository.go
+++ b/pkg/module/app/repository.go
@ -0,0 +1,13 @@
 package app
 import (
 	"context"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 )
 type Repository interface {
 	List(context.Context) ([]*app.Manifest, error)
 	Get(context.Context, app.ID) (*app.Manifest, error)
 	GetURL(ctx context.Context, id app.ID, from string) (string, error)
 }
--- a/pkg/module/auth/error.go
+++ b/pkg/module/auth/error.go
@ -2,7 +2,4 @@ package auth
 import "errors"
-var (
+var ErrUnauthenticated = errors.New("unauthenticated")
 	ErrUnauthenticated = errors.New("unauthenticated")
 	ErrClaimNotFound   = errors.New("claim not found")
 )
--- a/pkg/module/auth/http/local_handler.go
+++ b/pkg/module/auth/http/local_handler.go
@ -33,6 +33,8 @@ type LocalHandler struct {
 	router          chi.Router
 	algo            jwa.KeyAlgorithm
 	key             jwk.Key
 	getCookieDomain GetCookieDomainFunc
 	cookieDuration  time.Duration
 	accounts        map[string]LocalAccount
 }
@ -108,6 +110,8 @@ func (h *LocalHandler) handleForm(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	account.Claims[auth.ClaimIssuer] = "local"
 	token, err := generateSignedToken(h.algo, h.key, account.Claims)
 	if err != nil {
 		logger.Error(ctx, "could not generate signed token", logger.E(errors.WithStack(err)))
@ -116,10 +120,20 @@ func (h *LocalHandler) handleForm(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	cookieDomain, err := h.getCookieDomain(r)
 	if err != nil {
 		logger.Error(ctx, "could not retrieve cookie domain", logger.E(errors.WithStack(err)))
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return
 	}
 	cookie := http.Cookie{
 		Name:     auth.CookieName,
 		Value:    string(token),
 		Domain:   cookieDomain,
 		HttpOnly: false,
 		Expires:  time.Now().Add(h.cookieDuration),
 		Path:     "/",
 	}
@ -129,11 +143,20 @@ func (h *LocalHandler) handleForm(w http.ResponseWriter, r *http.Request) {
 }
 func (h *LocalHandler) handleLogout(w http.ResponseWriter, r *http.Request) {
 	cookieDomain, err := h.getCookieDomain(r)
 	if err != nil {
 		logger.Error(r.Context(), "could not retrieve cookie domain", logger.E(errors.WithStack(err)))
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return
 	}
 	http.SetCookie(w, &http.Cookie{
 		Name:     auth.CookieName,
 		Value:    "",
 		HttpOnly: false,
 		Expires:  time.Unix(0, 0),
 		Domain:   cookieDomain,
 		Path:     "/",
 	})
@ -168,6 +191,8 @@ func NewLocalHandler(algo jwa.KeyAlgorithm, key jwk.Key, funcs ...LocalHandlerOp
 		algo:            algo,
 		key:             key,
 		accounts:        toAccountsMap(opts.Accounts),
 		getCookieDomain: opts.GetCookieDomain,
 		cookieDuration:  opts.CookieDuration,
 	}
 	handler.initRouter(opts.RoutePrefix)
--- a/pkg/module/auth/http/options.go
+++ b/pkg/module/auth/http/options.go
@ -1,8 +1,21 @@
 package http
 import (
 	"net/http"
 	"time"
 )
 type GetCookieDomainFunc func(r *http.Request) (string, error)
 func defaultGetCookieDomain(r *http.Request) (string, error) {
 	return "", nil
 }
 type LocalHandlerOptions struct {
 	RoutePrefix     string
 	Accounts        []LocalAccount
 	GetCookieDomain GetCookieDomainFunc
 	CookieDuration  time.Duration
 }
 type LocalHandlerOptionFunc func(*LocalHandlerOptions)
@ -11,6 +24,8 @@ func defaultLocalHandlerOptions() *LocalHandlerOptions {
 	return &LocalHandlerOptions{
 		RoutePrefix:     "",
 		Accounts:        make([]LocalAccount, 0),
 		GetCookieDomain: defaultGetCookieDomain,
 		CookieDuration:  24 * time.Hour,
 	}
 }
@ -25,3 +40,10 @@ func WithRoutePrefix(prefix string) LocalHandlerOptionFunc {
 		opts.RoutePrefix = prefix
 	}
 }
 func WithCookieOptions(getCookieDomain GetCookieDomainFunc, duration time.Duration) LocalHandlerOptionFunc {
 	return func(opts *LocalHandlerOptions) {
 		opts.GetCookieDomain = getCookieDomain
 		opts.CookieDuration = duration
 	}
 }
--- a/pkg/module/auth/http/templates/login.html.tmpl
+++ b/pkg/module/auth/http/templates/login.html.tmpl
@ -91,7 +91,7 @@
                <form method="post" action="{{ .URL }}">
                    <div class="form-control">
                        <label for="username">Username</label>
-                        <input type="text" id="username" name="username" value="{{ .Username }}" required />
+                        <input type="text" id="username" name="username" value="{{ .Username }}" required autofocus />
                    </div>
                    <div class="form-control">
                        <label for="password">Password</label>
--- a/pkg/module/auth/jwt.go
+++ b/pkg/module/auth/jwt.go
@ -19,10 +19,10 @@ type GetKeySetFunc func() (jwk.Set, error)
 func WithJWT(getKeySet GetKeySetFunc) OptionFunc {
 	return func(o *Option) {
-		o.GetClaim = func(ctx context.Context, r *http.Request, claimName string) (string, error) {
+		o.GetClaims = func(ctx context.Context, r *http.Request, names ...string) ([]string, error) {
-			claim, err := getClaim[string](r, claimName, getKeySet)
+			claim, err := getClaims[string](r, getKeySet, names...)
 			if err != nil {
-				return "", errors.WithStack(err)
+				return nil, errors.WithStack(err)
 			}
 			return claim, nil
@ -61,6 +61,10 @@ func FindToken(r *http.Request, getKeySet GetKeySetFunc) (jwt.Token, error) {
 		return nil, errors.WithStack(err)
 	}
 	if keySet == nil {
 		return nil, errors.New("no keyset")
 	}
 	token, err := jwt.Parse([]byte(rawToken),
 		jwt.WithKeySet(keySet, jws.WithRequireKid(false)),
 		jwt.WithValidate(true),
@ -72,28 +76,34 @@ func FindToken(r *http.Request, getKeySet GetKeySetFunc) (jwt.Token, error) {
 	return token, nil
 }
-func getClaim[T any](r *http.Request, claimAttr string, getKeySet GetKeySetFunc) (T, error) {
+func getClaims[T any](r *http.Request, getKeySet GetKeySetFunc, names ...string) ([]T, error) {
 	token, err := FindToken(r, getKeySet)
 	if err != nil {
-		return *new(T), errors.WithStack(err)
+		return nil, errors.WithStack(err)
 	}
 	ctx := r.Context()
 	mapClaims, err := token.AsMap(ctx)
 	if err != nil {
-		return *new(T), errors.WithStack(err)
+		return nil, errors.WithStack(err)
 	}
-	rawClaim, exists := mapClaims[claimAttr]
+	claims := make([]T, len(names))
 	for idx, n := range names {
 		rawClaim, exists := mapClaims[n]
 		if !exists {
-		return *new(T), errors.WithStack(ErrClaimNotFound)
+			continue
 		}
 		claim, ok := rawClaim.(T)
 		if !ok {
-		return *new(T), errors.Errorf("unexpected claim '%s' to be of type '%T', got '%T'", claimAttr, new(T), rawClaim)
+			return nil, errors.Errorf("unexpected claim '%s' to be of type '%T', got '%T'", n, new(T), rawClaim)
 		}
-	return claim, nil
+		claims[idx] = claim
 	}
 	return claims, nil
 }
--- a/pkg/module/auth/module.go
+++ b/pkg/module/auth/module.go
@ -8,15 +8,21 @@ import (
 	"forge.cadoles.com/arcad/edge/pkg/module/util"
 	"github.com/dop251/goja"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/logger"
 )
 const (
 	ClaimSubject           = "sub"
 	ClaimIssuer            = "iss"
 	ClaimPreferredUsername = "preferred_username"
 	ClaimEdgeRole          = "edge_role"
 	ClaimEdgeTenant        = "edge_tenant"
 	ClaimEdgeEntrypoint    = "edge_entrypoint"
 )
 type Module struct {
 	server    *app.Server
-	getClaimFunc GetClaimFunc
+	getClaims GetClaimsFunc
 }
 func (m *Module) Name() string {
@ -31,6 +37,22 @@ func (m *Module) Export(export *goja.Object) {
 	if err := export.Set("CLAIM_SUBJECT", ClaimSubject); err != nil {
 		panic(errors.Wrap(err, "could not set 'CLAIM_SUBJECT' property"))
 	}
 	if err := export.Set("CLAIM_TENANT", ClaimEdgeTenant); err != nil {
 		panic(errors.Wrap(err, "could not set 'CLAIM_TENANT' property"))
 	}
 	if err := export.Set("CLAIM_ENTRYPOINT", ClaimEdgeEntrypoint); err != nil {
 		panic(errors.Wrap(err, "could not set 'CLAIM_ENTRYPOINT' property"))
 	}
 	if err := export.Set("CLAIM_ROLE", ClaimEdgeRole); err != nil {
 		panic(errors.Wrap(err, "could not set 'CLAIM_ROLE' property"))
 	}
 	if err := export.Set("CLAIM_PREFERRED_USERNAME", ClaimPreferredUsername); err != nil {
 		panic(errors.Wrap(err, "could not set 'CLAIM_PREFERRED_USERNAME' property"))
 	}
 }
 func (m *Module) getClaim(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
@ -42,16 +64,21 @@ func (m *Module) getClaim(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
 		panic(rt.ToValue(errors.New("could not find http request in context")))
 	}
-	claim, err := m.getClaimFunc(ctx, req, claimName)
+	claim, err := m.getClaims(ctx, req, claimName)
 	if err != nil {
-		if errors.Is(err, ErrUnauthenticated) || errors.Is(err, ErrClaimNotFound) {
+		if errors.Is(err, ErrUnauthenticated) {
 			return nil
 		}
-		panic(rt.ToValue(errors.WithStack(err)))
+		logger.Error(ctx, "could not retrieve claim", logger.E(errors.WithStack(err)))
 		return nil
 	}
-	return rt.ToValue(claim)
+	if len(claim) == 0 || claim[0] == "" {
 		return nil
 	}
 	return rt.ToValue(claim[0])
 }
 func ModuleFactory(funcs ...OptionFunc) app.ServerModuleFactory {
@ -63,7 +90,7 @@ func ModuleFactory(funcs ...OptionFunc) app.ServerModuleFactory {
 	return func(server *app.Server) app.ServerModule {
 		return &Module{
 			server:    server,
-			getClaimFunc: opt.GetClaim,
+			getClaims: opt.GetClaims,
 		}
 	}
 }
--- a/pkg/module/auth/mount.go
+++ b/pkg/module/auth/mount.go
@ -0,0 +1,72 @@
 package auth
 import (
 	"net/http"
 	"github.com/go-chi/chi/v5"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/api"
 	"gitlab.com/wpetit/goweb/logger"
 )
 type MountFunc func(r chi.Router)
 type Handler struct {
 	getClaims     GetClaimsFunc
 	profileClaims []string
 }
 func (h *Handler) serveProfile(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	claims, err := h.getClaims(ctx, r, h.profileClaims...)
 	if err != nil {
 		if errors.Is(err, ErrUnauthenticated) {
 			api.ErrorResponse(
 				w, http.StatusUnauthorized,
 				api.ErrCodeUnauthorized,
 				nil,
 			)
 			return
 		}
 		logger.Error(ctx, "could not retrieve claims", logger.E(errors.WithStack(err)))
 		api.ErrorResponse(
 			w, http.StatusInternalServerError,
 			api.ErrCodeUnknownError,
 			nil,
 		)
 		return
 	}
 	profile := make(map[string]any)
 	for idx, cl := range h.profileClaims {
 		profile[cl] = claims[idx]
 	}
 	api.DataResponse(w, http.StatusOK, struct {
 		Profile map[string]any `json:"profile"`
 	}{
 		Profile: profile,
 	})
 }
 func Mount(authHandler http.Handler, funcs ...OptionFunc) MountFunc {
 	opt := defaultOptions()
 	for _, fn := range funcs {
 		fn(opt)
 	}
 	handler := &Handler{
 		profileClaims: opt.ProfileClaims,
 		getClaims:     opt.GetClaims,
 	}
 	return func(r chi.Router) {
 		r.Get("/api/v1/profile", handler.serveProfile)
 		r.Handle("/auth/*", authHandler)
 	}
 }
--- a/pkg/module/auth/option.go
+++ b/pkg/module/auth/option.go
@ -7,26 +7,41 @@ import (
 	"github.com/pkg/errors"
 )
-type GetClaimFunc func(ctx context.Context, r *http.Request, claimName string) (string, error)
+type GetClaimsFunc func(ctx context.Context, r *http.Request, claims ...string) ([]string, error)
 type Option struct {
-	GetClaim GetClaimFunc
+	GetClaims     GetClaimsFunc
 	ProfileClaims []string
 }
 type OptionFunc func(*Option)
 func defaultOptions() *Option {
 	return &Option{
-		GetClaim: dummyGetClaim,
+		GetClaims: dummyGetClaims,
 		ProfileClaims: []string{
 			ClaimSubject,
 			ClaimIssuer,
 			ClaimEdgeEntrypoint,
 			ClaimEdgeRole,
 			ClaimPreferredUsername,
 			ClaimEdgeTenant,
 		},
 	}
 }
-func dummyGetClaim(ctx context.Context, r *http.Request, claimName string) (string, error) {
+func dummyGetClaims(ctx context.Context, r *http.Request, claims ...string) ([]string, error) {
-	return "", errors.Errorf("dummy getclaim func cannot retrieve claim '%s'", claimName)
+	return nil, errors.Errorf("dummy getclaim func cannot retrieve claims '%s'", claims)
 }
-func WithGetClaim(fn GetClaimFunc) OptionFunc {
+func WithGetClaims(fn GetClaimsFunc) OptionFunc {
 	return func(o *Option) {
-		o.GetClaim = fn
+		o.GetClaims = fn
 	}
 }
 func WithProfileClaims(claims ...string) OptionFunc {
 	return func(o *Option) {
 		o.ProfileClaims = claims
 	}
 }
--- a/pkg/module/blob/module_test.go
+++ b/pkg/module/blob/module_test.go
@ -19,7 +19,7 @@ func TestBlobModule(t *testing.T) {
 	logger.SetLevel(slog.LevelDebug)
 	bus := memory.NewBus()
-	store := sqlite.NewBlobStore(":memory:")
+	store := sqlite.NewBlobStore(":memory:?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000")
 	server := app.NewServer(
 		module.ContextModuleFactory(),
--- a/pkg/module/cast/cast.go
+++ b/pkg/module/cast/cast.go
@ -39,7 +39,7 @@ const (
 )
 func getDeviceClientByUUID(ctx context.Context, uuid string) (*cast.Client, error) {
-	device, err := findDeviceByUUID(ctx, uuid)
+	device, err := FindDeviceByUUID(ctx, uuid)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
@ -49,7 +49,7 @@ func getDeviceClientByUUID(ctx context.Context, uuid string) (*cast.Client, erro
 	return client, nil
 }
-func findDeviceByUUID(ctx context.Context, uuid string) (*Device, error) {
+func FindDeviceByUUID(ctx context.Context, uuid string) (*Device, error) {
 	service := discovery.NewService(ctx)
 	defer service.Stop()
@ -83,7 +83,7 @@ LOOP:
 	return nil, errors.WithStack(ErrDeviceNotFound)
 }
-func findDevices(ctx context.Context) ([]*Device, error) {
+func FindDevices(ctx context.Context) ([]*Device, error) {
 	service := discovery.NewService(ctx)
 	defer service.Stop()
@ -124,7 +124,7 @@ LOOP:
 	return devices, nil
 }
-func loadURL(ctx context.Context, deviceUUID string, url string) error {
+func LoadURL(ctx context.Context, deviceUUID string, url string) error {
 	client, err := getDeviceClientByUUID(ctx, deviceUUID)
 	if err != nil {
 		return errors.WithStack(err)
@ -153,7 +153,7 @@ func isLoadURLContextExceeded(err error) bool {
 	return err.Error() == "Failed to send load command: context deadline exceeded"
 }
-func stopCast(ctx context.Context, deviceUUID string) error {
+func StopCast(ctx context.Context, deviceUUID string) error {
 	client, err := getDeviceClientByUUID(ctx, deviceUUID)
 	if err != nil {
 		return errors.WithStack(err)
--- a/pkg/module/cast/cast_test.go
+++ b/pkg/module/cast/cast_test.go
@ -26,7 +26,7 @@ func TestCastLoadURL(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
-	devices, err := findDevices(ctx)
+	devices, err := FindDevices(ctx)
 	if err != nil {
 		t.Error(errors.WithStack(err))
 	}
@ -40,7 +40,7 @@ func TestCastLoadURL(t *testing.T) {
 	ctx, cancel2 := context.WithTimeout(context.Background(), 15*time.Second)
 	defer cancel2()
-	if err := loadURL(ctx, dev.UUID, "https://go.dev"); err != nil {
+	if err := LoadURL(ctx, dev.UUID, "https://go.dev"); err != nil {
 		t.Error(errors.WithStack(err))
 	}
@ -57,7 +57,7 @@ func TestCastLoadURL(t *testing.T) {
 	ctx, cancel4 := context.WithTimeout(context.Background(), 15*time.Second)
 	defer cancel4()
-	if err := stopCast(ctx, dev.UUID); err != nil {
+	if err := StopCast(ctx, dev.UUID); err != nil {
 		t.Error(errors.WithStack(err))
 	}
 }
--- a/pkg/module/cast/module.go
+++ b/pkg/module/cast/module.go
@ -72,7 +72,7 @@ func (m *Module) refreshDevices(call goja.FunctionCall, rt *goja.Runtime) goja.V
 		ctx, cancel := context.WithTimeout(context.Background(), timeout)
 		defer cancel()
-		devices, err := findDevices(ctx)
+		devices, err := FindDevices(ctx)
 		if err != nil && !errors.Is(err, context.DeadlineExceeded) {
 			err = errors.WithStack(err)
 			logger.Error(ctx, "error refreshing casting devices list", logger.E(errors.WithStack(err)))
@ -128,7 +128,7 @@ func (m *Module) loadUrl(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
 		ctx, cancel := context.WithTimeout(context.Background(), timeout)
 		defer cancel()
-		err := loadURL(ctx, deviceUUID, url)
+		err := LoadURL(ctx, deviceUUID, url)
 		if err != nil {
 			err = errors.WithStack(err)
 			logger.Error(ctx, "error while casting url", logger.E(err))
@ -166,7 +166,7 @@ func (m *Module) stopCast(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
 		ctx, cancel := context.WithTimeout(context.Background(), timeout)
 		defer cancel()
-		err := stopCast(ctx, deviceUUID)
+		err := StopCast(ctx, deviceUUID)
 		if err != nil {
 			err = errors.WithStack(err)
 			logger.Error(ctx, "error while quitting casting device app", logger.E(errors.WithStack(err)))
--- a/pkg/module/fetch/fetch_message.go
+++ b/pkg/module/fetch/fetch_message.go
@ -0,0 +1,49 @@
 package fetch
 import (
 	"context"
 	"net/url"
 	"forge.cadoles.com/arcad/edge/pkg/bus"
 	"github.com/oklog/ulid/v2"
 )
 const (
 	MessageNamespaceFetchRequest  bus.MessageNamespace = "fetchRequest"
 	MessageNamespaceFetchResponse bus.MessageNamespace = "fetchResponse"
 )
 type MessageFetchRequest struct {
 	Context    context.Context
 	RequestID  string
 	URL        *url.URL
 	RemoteAddr string
 }
 func (m *MessageFetchRequest) MessageNamespace() bus.MessageNamespace {
 	return MessageNamespaceFetchRequest
 }
 func NewMessageFetchRequest(ctx context.Context, remoteAddr string, url *url.URL) *MessageFetchRequest {
 	return &MessageFetchRequest{
 		Context:    ctx,
 		RequestID:  ulid.Make().String(),
 		RemoteAddr: remoteAddr,
 		URL:        url,
 	}
 }
 type MessageFetchResponse struct {
 	RequestID string
 	Allow     bool
 }
 func (m *MessageFetchResponse) MessageNamespace() bus.MessageNamespace {
 	return MessageNamespaceFetchResponse
 }
 func NewMessageFetchResponse(requestID string) *MessageFetchResponse {
 	return &MessageFetchResponse{
 		RequestID: requestID,
 	}
 }
--- a/pkg/module/fetch/module.go
+++ b/pkg/module/fetch/module.go
@ -0,0 +1,122 @@
 package fetch
 import (
 	"context"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/bus"
 	"github.com/dop251/goja"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/logger"
 )
 type Module struct {
 	server *app.Server
 	bus    bus.Bus
 }
 func (m *Module) Name() string {
 	return "fetch"
 }
 func (m *Module) Export(export *goja.Object) {
 	funcs := map[string]any{
 		"get": m.get,
 	}
 	for name, fn := range funcs {
 		if err := export.Set(name, fn); err != nil {
 			panic(errors.Wrapf(err, "could not set '%s' function", name))
 		}
 	}
 }
 func (m *Module) get(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
 	// ctx := util.AssertContext(call.Argument(0), rt)
 	return nil
 }
 func (m *Module) handleMessages() {
 	ctx := context.Background()
 	err := m.bus.Reply(ctx, MessageNamespaceFetchRequest, func(msg bus.Message) (bus.Message, error) {
 		fetchRequest, ok := msg.(*MessageFetchRequest)
 		if !ok {
 			return nil, errors.Wrapf(bus.ErrUnexpectedMessage, "expected message fetch request, got '%T'", msg)
 		}
 		res, err := m.handleFetchRequest(fetchRequest)
 		if err != nil {
 			logger.Error(ctx, "could not handle fetch request", logger.E(errors.WithStack(err)))
 			return nil, errors.WithStack(err)
 		}
 		logger.Debug(ctx, "fetch request response", logger.F("response", res))
 		return res, nil
 	})
 	if err != nil {
 		panic(errors.WithStack(err))
 	}
 }
 func (m *Module) handleFetchRequest(req *MessageFetchRequest) (*MessageFetchResponse, error) {
 	res := NewMessageFetchResponse(req.RequestID)
 	ctx := logger.With(
 		req.Context,
 		logger.F("url", req.URL.String()),
 		logger.F("remoteAddr", req.RemoteAddr),
 		logger.F("requestID", req.RequestID),
 	)
 	rawResult, err := m.server.ExecFuncByName(ctx, "onClientFetch", ctx, req.URL.String(), req.RemoteAddr)
 	if err != nil {
 		if errors.Is(err, app.ErrFuncDoesNotExist) {
 			res.Allow = false
 			return res, nil
 		}
 		return nil, errors.WithStack(err)
 	}
 	result, ok := rawResult.Export().(map[string]interface{})
 	if !ok {
 		return nil, errors.Errorf(
 			"unexpected onClientFetch result: expected 'map[string]interface{}', got '%T'",
 			rawResult.Export(),
 		)
 	}
 	var allow bool
 	rawAllow, exists := result["allow"]
 	if !exists {
 		allow = false
 	} else {
 		allow, ok = rawAllow.(bool)
 		if !ok {
 			return nil, errors.Errorf("invalid 'allow' result property: got type '%T', expected type '%T'", rawAllow, false)
 		}
 	}
 	res.Allow = allow
 	return res, nil
 }
 func ModuleFactory(bus bus.Bus) app.ServerModuleFactory {
 	return func(server *app.Server) app.ServerModule {
 		mod := &Module{
 			bus:    bus,
 			server: server,
 		}
 		go mod.handleMessages()
 		return mod
 	}
 }
--- a/pkg/module/fetch/module_test.go
+++ b/pkg/module/fetch/module_test.go
@ -0,0 +1,84 @@
 package fetch
 import (
 	"context"
 	"io/ioutil"
 	"net/url"
 	"testing"
 	"time"
 	"cdr.dev/slog"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/bus/memory"
 	"forge.cadoles.com/arcad/edge/pkg/module"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/logger"
 )
 func TestFetchModule(t *testing.T) {
 	t.Parallel()
 	logger.SetLevel(slog.LevelDebug)
 	bus := memory.NewBus()
 	server := app.NewServer(
 		module.ContextModuleFactory(),
 		module.ConsoleModuleFactory(),
 		ModuleFactory(bus),
 	)
 	data, err := ioutil.ReadFile("testdata/fetch.js")
 	if err != nil {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}
 	if err := server.Load("testdata/fetch.js", string(data)); err != nil {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}
 	defer server.Stop()
 	if err := server.Start(); err != nil {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}
 	// Wait for module to startup
 	time.Sleep(1 * time.Second)
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
 	remoteAddr := "127.0.0.1"
 	url, _ := url.Parse("http://example.com")
 	rawReply, err := bus.Request(ctx, NewMessageFetchRequest(ctx, remoteAddr, url))
 	if err != nil {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}
 	reply, ok := rawReply.(*MessageFetchResponse)
 	if !ok {
 		t.Fatalf("unexpected reply type '%T'", rawReply)
 	}
 	if e, g := true, reply.Allow; e != g {
 		t.Errorf("reply.Allow: expected '%v', got '%v'", e, g)
 	}
 	url, _ = url.Parse("https://google.com")
 	rawReply, err = bus.Request(ctx, NewMessageFetchRequest(ctx, remoteAddr, url))
 	if err != nil {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}
 	reply, ok = rawReply.(*MessageFetchResponse)
 	if !ok {
 		t.Fatalf("unexpected reply type '%T'", rawReply)
 	}
 	if e, g := false, reply.Allow; e != g {
 		t.Errorf("reply.Allow: expected '%v', got '%v'", e, g)
 	}
 }
--- a/pkg/module/fetch/testdata/fetch.js
+++ b/pkg/module/fetch/testdata/fetch.js
@ -0,0 +1,7 @@
 var ctx = context.new();
 function onClientFetch(ctx, url, remoteAddr) {
    if (url === 'http://example.com') return { allow: true };
    return { allow: false };
 }
--- a/pkg/module/store/module_test.go
+++ b/pkg/module/store/module_test.go
@ -15,7 +15,7 @@ import (
 func TestStoreModule(t *testing.T) {
 	logger.SetLevel(logger.LevelDebug)
-	store := sqlite.NewDocumentStore(":memory:")
+	store := sqlite.NewDocumentStore(":memory:?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000")
 	server := app.NewServer(
 		module.ContextModuleFactory(),
 		module.ConsoleModuleFactory(),
--- a/pkg/proxy/host_filter.go
+++ b/pkg/proxy/host_filter.go
@ -1,29 +0,0 @@
 package proxy
 import (
 	"net/http"
 	"forge.cadoles.com/arcad/edge/pkg/proxy/wildcard"
 )
 func FilterHosts(allowedHostPatterns ...string) Middleware {
 	return func(h http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			if matches := wildcard.MatchAny(r.Host, allowedHostPatterns...); !matches {
 				http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 				return
 			}
 			h.ServeHTTP(w, r)
 		}
 		return http.HandlerFunc(fn)
 	}
 }
 func WithAllowedHosts(allowedHostPatterns ...string) OptionFunc {
 	return func(o *Options) {
 		o.Middlewares = append(o.Middlewares, FilterHosts(allowedHostPatterns...))
 	}
 }
--- a/pkg/proxy/host_rewrite.go
+++ b/pkg/proxy/host_rewrite.go
@ -1,65 +0,0 @@
 package proxy
 import (
 	"net/http"
 	"net/url"
 	"sort"
 	"forge.cadoles.com/arcad/edge/pkg/proxy/wildcard"
 	"gitlab.com/wpetit/goweb/logger"
 )
 func RewriteHosts(mappings map[string]*url.URL) Middleware {
 	patterns := make([]string, len(mappings))
 	for p := range mappings {
 		patterns = append(patterns, p)
 	}
 	sort.Strings(patterns)
 	return func(h http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
 			var match *url.URL
 			for _, p := range patterns {
 				logger.Debug(ctx, "matching host to pattern", logger.F("host", r.Host), logger.F("pattern", p))
 				if matches := wildcard.Match(r.Host, p); !matches {
 					continue
 				}
 				match = mappings[p]
 				break
 			}
 			if match == nil {
 				h.ServeHTTP(w, r)
 				return
 			}
 			ctx = logger.With(ctx, logger.F("originalHost", r.Host))
 			r = r.WithContext(ctx)
 			originalURL := r.URL.String()
 			r.URL.Host = match.Host
 			r.URL.Scheme = match.Scheme
 			logger.Debug(ctx, "rewriting url", logger.F("from", originalURL), logger.F("to", r.URL.String()))
 			h.ServeHTTP(w, r)
 		}
 		return http.HandlerFunc(fn)
 	}
 }
 func WithRewriteHosts(mappings map[string]*url.URL) OptionFunc {
 	return func(o *Options) {
 		o.Middlewares = append(o.Middlewares, RewriteHosts(mappings))
 	}
 }
--- a/pkg/proxy/middleware.go
+++ b/pkg/proxy/middleware.go
@ -1,33 +0,0 @@
 package proxy
 import "net/http"
 type Middleware func(h http.Handler) http.Handler
 type ProxyResponseTransformer interface {
 	TransformResponse(*http.Response) error
 }
 type defaultProxyResponseTransformer struct{}
 // TransformResponse implements ProxyResponseTransformer
 func (*defaultProxyResponseTransformer) TransformResponse(*http.Response) error {
 	return nil
 }
 var _ ProxyResponseTransformer = &defaultProxyResponseTransformer{}
 type ProxyResponseMiddleware func(ProxyResponseTransformer) ProxyResponseTransformer
 type ProxyRequestTransformer interface {
 	TransformRequest(*http.Request)
 }
 type ProxyRequestMiddleware func(ProxyRequestTransformer) ProxyRequestTransformer
 type defaultProxyRequestTransformer struct{}
 // TransformRequest implements ProxyRequestTransformer
 func (*defaultProxyRequestTransformer) TransformRequest(*http.Request) {}
 var _ ProxyRequestTransformer = &defaultProxyRequestTransformer{}
--- a/pkg/proxy/options.go
+++ b/pkg/proxy/options.go
@ -1,29 +0,0 @@
 package proxy
 type Options struct {
 	Middlewares              []Middleware
 	ProxyRequestMiddlewares  []ProxyRequestMiddleware
 	ProxyResponseMiddlewares []ProxyResponseMiddleware
 }
 func defaultOptions() *Options {
 	return &Options{
 		Middlewares:              make([]Middleware, 0),
 		ProxyRequestMiddlewares:  make([]ProxyRequestMiddleware, 0),
 		ProxyResponseMiddlewares: make([]ProxyResponseMiddleware, 0),
 	}
 }
 type OptionFunc func(*Options)
 func WithProxyRequestMiddlewares(middlewares ...ProxyRequestMiddleware) OptionFunc {
 	return func(o *Options) {
 		o.ProxyRequestMiddlewares = middlewares
 	}
 }
 func WithproxyResponseMiddlewares(middlewares ...ProxyResponseMiddleware) OptionFunc {
 	return func(o *Options) {
 		o.ProxyResponseMiddlewares = middlewares
 	}
 }
--- a/pkg/proxy/proxy.go
+++ b/pkg/proxy/proxy.go
@ -1,131 +0,0 @@
 package proxy
 import (
 	"fmt"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
 	"sync"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/logger"
 )
 type Proxy struct {
 	reversers                sync.Map
 	handler                  http.Handler
 	proxyResponseTransformer ProxyResponseTransformer
 	proxyRequestTransformer  ProxyRequestTransformer
 }
 // ServeHTTP implements http.Handler
 func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	p.handler.ServeHTTP(w, r)
 }
 func (p *Proxy) proxyRequest(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	var reverser *httputil.ReverseProxy
 	key := fmt.Sprintf("%s://%s", r.URL.Scheme, r.URL.Host)
 	createAndStore := func() {
 		target := &url.URL{
 			Scheme: r.URL.Scheme,
 			Host:   r.URL.Host,
 		}
 		reverser = httputil.NewSingleHostReverseProxy(target)
 		originalDirector := reverser.Director
 		if p.proxyRequestTransformer != nil {
 			reverser.Director = func(r *http.Request) {
 				originalURL := r.URL.String()
 				originalDirector(r)
 				p.proxyRequestTransformer.TransformRequest(r)
 				logger.Debug(ctx, "proxying request", logger.F("targetURL", r.URL.String()), logger.F("originalURL", originalURL))
 			}
 		}
 		if p.proxyResponseTransformer != nil {
 			reverser.ModifyResponse = func(r *http.Response) error {
 				if err := p.proxyResponseTransformer.TransformResponse(r); err != nil {
 					return errors.WithStack(err)
 				}
 				return nil
 			}
 		}
 		p.reversers.Store(key, reverser)
 	}
 	raw, exists := p.reversers.Load(key)
 	if !exists {
 		createAndStore()
 	}
 	reverser, ok := raw.(*httputil.ReverseProxy)
 	if !ok {
 		createAndStore()
 	}
 	reverser.ServeHTTP(w, r)
 }
 func New(funcs ...OptionFunc) *Proxy {
 	opts := defaultOptions()
 	for _, fn := range funcs {
 		fn(opts)
 	}
 	proxy := &Proxy{}
 	handler := http.HandlerFunc(proxy.proxyRequest)
 	proxy.handler = createMiddlewareChain(handler, opts.Middlewares)
 	proxy.proxyRequestTransformer = createProxyRequestChain(&defaultProxyRequestTransformer{}, opts.ProxyRequestMiddlewares)
 	proxy.proxyResponseTransformer = createProxyResponseChain(&defaultProxyResponseTransformer{}, opts.ProxyResponseMiddlewares)
 	return proxy
 }
 var _ http.Handler = &Proxy{}
 func createMiddlewareChain(handler http.Handler, middlewares []Middleware) http.Handler {
 	reverse(middlewares)
 	for _, m := range middlewares {
 		handler = m(handler)
 	}
 	return handler
 }
 func createProxyResponseChain(transformer ProxyResponseTransformer, middlewares []ProxyResponseMiddleware) ProxyResponseTransformer {
 	reverse(middlewares)
 	for _, m := range middlewares {
 		transformer = m(transformer)
 	}
 	return transformer
 }
 func createProxyRequestChain(transformer ProxyRequestTransformer, middlewares []ProxyRequestMiddleware) ProxyRequestTransformer {
 	reverse(middlewares)
 	for _, m := range middlewares {
 		transformer = m(transformer)
 	}
 	return transformer
 }
 func reverse[S ~[]E, E any](s S) {
 	for i, j := 0, len(s)-1; i < j; i, j = i+1, j-1 {
 		s[i], s[j] = s[j], s[i]
 	}
 }
--- a/pkg/proxy/wildcard/match.go
+++ b/pkg/proxy/wildcard/match.go
@ -1,44 +0,0 @@
 package wildcard
 const wildcard = '*'
 func Match(str, pattern string) bool {
 	if pattern == "" {
 		return str == pattern
 	}
 	if pattern == string(wildcard) {
 		return true
 	}
 	return deepMatchRune([]rune(str), []rune(pattern))
 }
 func MatchAny(str string, patterns ...string) bool {
 	for _, p := range patterns {
 		if matches := Match(str, p); matches {
 			return matches
 		}
 	}
 	return false
 }
 func deepMatchRune(str, pattern []rune) bool {
 	for len(pattern) > 0 {
 		switch pattern[0] {
 		default:
 			if len(str) == 0 || str[0] != pattern[0] {
 				return false
 			}
 		case wildcard:
 			return deepMatchRune(str, pattern[1:]) ||
 				(len(str) > 0 && deepMatchRune(str[1:], pattern))
 		}
 		str = str[1:]
 		pattern = pattern[1:]
 	}
 	return len(str) == 0 && len(pattern) == 0
 }
--- a/pkg/sdk/client/dist/client.js
+++ b/pkg/sdk/client/dist/client.js
--- a/pkg/sdk/client/dist/client.js.map
+++ b/pkg/sdk/client/dist/client.js.map
--- a/pkg/sdk/client/src/client.ts
+++ b/pkg/sdk/client/src/client.ts
@ -5,6 +5,8 @@ import SockJS from 'sockjs-client';
 const EventTypeMessage = "message";
 const EdgeAuth = "edge-auth"
 const EdgeAuthTokenRequest = "edge_auth_token_request"
 const EdgeAuthTokenResponse = "edge_auth_token_reponse"
 export class Client extends EventTarget {
@ -19,15 +21,17 @@ export class Client extends EventTarget {
  constructor(autoReconnect = true) {
    super();
    this._conn = null;
    this._onConnectionClose = this._onConnectionClose.bind(this);
    this._onConnectionMessage = this._onConnectionMessage.bind(this);
    this._handleRPCResponse = this._handleRPCResponse.bind(this);
    this._handleEdgeAuthTokenRequest = this._handleEdgeAuthTokenRequest.bind(this);
    this._rpcID = 0;
    this._pendingRPC = {};
    this._queue = [];
    this._reconnectionDelay = 250;
    this._autoReconnect = autoReconnect;
    this.debug = false;
    this.connect = this.connect.bind(this);
@ -36,15 +40,29 @@ export class Client extends EventTarget {
    this.send = this.send.bind(this);
    this.upload = this.upload.bind(this);
    this.addEventListener(EventTypeMessage, this._handleRPCResponse);
    window.addEventListener('message', this._handleEdgeAuthTokenRequest);
  }
-  connect(token = "") {
+  connect(token = ""): Promise<Client> {
    let getToken: Promise<string>
    if (token) {
      getToken = Promise.resolve(token)
    } else {
      getToken = this._retrieveToken()
    }
    return getToken.then(token => this._connect(token))
  }
  disconnect() {
    this._cleanupConnection();
  }
  _connect(token: string): Promise<Client> {
    return new Promise((resolve, reject) => {
      if (token == "") {
        token = this._getAuthCookieToken()
      }
      const url = `//${document.location.host}/edge/sock?${EdgeAuth}=${token}`;
        this._log("opening connection to", url);
        const conn: any = new SockJS(url);
@ -77,22 +95,87 @@ export class Client extends EventTarget {
        conn.addEventListener('open', onOpen);
        conn.addEventListener('error', onError);
        conn.addEventListener('close', onError);
-    });
+    })
  }
-  disconnect() {
+  _retrieveToken(): Promise<string> {
-    this._cleanupConnection();
+    let token = this._getAuthCookieToken();
    if (token) {
      return Promise.resolve(token);
    }
-  _getAuthCookieToken() {
+    return this._getParentFrameToken();;
  }
  _getAuthCookieToken(): string {
    const cookie = document.cookie.split("; ")
      .find((row) => row.startsWith(EdgeAuth));
    let token = "";
    if (cookie) {
-      return cookie.split("=")[1];
+      token = cookie.split("=")[1];
    }
-    return "";
+    return token;
  }
  _getParentFrameToken(timeout = 5000): Promise<string> {
    if (!window.parent || window.parent === window) {
      return Promise.resolve("");
    }
    return new Promise((resolve, reject) => {
      let timedOut = false;
      const timeoutId = setTimeout(() => {
        timedOut = true;
        reject(new Error("Edge auth token request timed out !"));
      }, timeout);
      const listener = (evt) => {
        const message = evt.data;
        if (!message || !message.type || !message.data) {
          return
        }
        if (message.type !== EdgeAuthTokenResponse) {
          return;
        }
        window.removeEventListener('message', listener);
        clearTimeout(timeoutId);
        if (timedOut) return;
        if (!message.data) {
          reject("Unexpected auth token request response !");
          return;
        }
        resolve(message.data?.token || "");
      }
      window.addEventListener('message', listener);
      const message = { type: EdgeAuthTokenRequest };
      window.parent.postMessage(message, '*');
    })
  }
  _handleEdgeAuthTokenRequest(evt: MessageEvent) {
    const message = evt.data;
    if (!message || !message.type || message.type !== EdgeAuthTokenRequest) {
      return;
    }
    if (!evt.source) {
      return;
    }
    const token = this._getAuthCookieToken();
    // @ts-ignore
    evt.source.postMessage({ type: EdgeAuthTokenResponse, data: { token }}, evt.origin);
  }
  _onConnectionMessage(evt) {
@ -264,7 +347,11 @@ export class Client extends EventTarget {
    });
  }
-  blobUrl(bucket: string, blobId: string) {
+  blobUrl(bucket: string, blobId: string): string {
    return `/edge/api/v1/download/${bucket}/${blobId}`;
  }
  externalUrl(url: string): string {
    return `/edge/api/v1/fetch?url=${encodeURIComponent(url)}`
  }
 }
--- a/pkg/sdk/client/src/components/icons/cloud.svg
+++ b/pkg/sdk/client/src/components/icons/cloud.svg
@ -0,0 +1,6 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
    stroke="currentColor" class="w-6 h-6">
    <path stroke-linecap="round" stroke-linejoin="round"
        d="M2.25 15a4.5 4.5 0 004.5 4.5H18a3.75 3.75 0 001.332-7.257 3 3 0 00-3.758-3.848 5.25 5.25 0 00-10.233 2.33A4.502 4.502 0 002.25 15z" />
 </svg>
--- a/pkg/sdk/client/src/components/icons/cog.svg
+++ b/pkg/sdk/client/src/components/icons/cog.svg
@ -0,0 +1,6 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
    stroke="currentColor" class="w-6 h-6">
    <path stroke-linecap="round" stroke-linejoin="round"
        d="M9.594 3.94c.09-.542.56-.94 1.11-.94h2.593c.55 0 1.02.398 1.11.94l.213 1.281c.063.374.313.686.645.87.074.04.147.083.22.127.324.196.72.257 1.075.124l1.217-.456a1.125 1.125 0 011.37.49l1.296 2.247a1.125 1.125 0 01-.26 1.431l-1.003.827c-.293.24-.438.613-.431.992a6.759 6.759 0 010 .255c-.007.378.138.75.43.99l1.005.828c.424.35.534.954.26 1.43l-1.298 2.247a1.125 1.125 0 01-1.369.491l-1.217-.456c-.355-.133-.75-.072-1.076.124a6.57 6.57 0 01-.22.128c-.331.183-.581.495-.644.869l-.213 1.28c-.09.543-.56.941-1.11.941h-2.594c-.55 0-1.02-.398-1.11-.94l-.213-1.281c-.062-.374-.312-.686-.644-.87a6.52 6.52 0 01-.22-.127c-.325-.196-.72-.257-1.076-.124l-1.217.456a1.125 1.125 0 01-1.369-.49l-1.297-2.247a1.125 1.125 0 01.26-1.431l1.004-.827c.292-.24.437-.613.43-.992a6.932 6.932 0 010-.255c.007-.378-.138-.75-.43-.99l-1.004-.828a1.125 1.125 0 01-.26-1.43l1.297-2.247a1.125 1.125 0 011.37-.491l1.216.456c.356.133.751.072 1.076-.124.072-.044.146-.087.22-.128.332-.183.582-.495.644-.869l.214-1.281z" />
    <path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
 </svg>  
--- a/pkg/sdk/client/src/components/icons/home.svg
+++ b/pkg/sdk/client/src/components/icons/home.svg
@ -0,0 +1,6 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
    stroke="currentColor" class="w-6 h-6">
    <path stroke-linecap="round" stroke-linejoin="round"
        d="M2.25 12l8.954-8.955c.44-.439 1.152-.439 1.591 0L21.75 12M4.5 9.75v10.125c0 .621.504 1.125 1.125 1.125H9.75v-4.875c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125V21h4.125c.621 0 1.125-.504 1.125-1.125V9.75M8.25 21h8.25" />
 </svg>
--- a/pkg/sdk/client/src/components/icons/index.ts
+++ b/pkg/sdk/client/src/components/icons/index.ts
@ -0,0 +1,9 @@
 import UserCircleIcon from './user-circle.svg';
 import MenuIcon from './menu.svg';
 import CloudIcon from './cloud.svg';
 import LoginIcon from './login.svg';
 import HomeIcon from './home.svg';
 import LinkIcon from './link.svg';
 import LogoutIcon from './logout.svg';
 export { UserCircleIcon, MenuIcon, CloudIcon, LoginIcon, HomeIcon, LinkIcon, LogoutIcon }
--- a/pkg/sdk/client/src/components/icons/link.svg
+++ b/pkg/sdk/client/src/components/icons/link.svg
@ -0,0 +1,5 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
    stroke="currentColor" class="w-6 h-6">
    <path stroke-linecap="round" stroke-linejoin="round"
        d="M13.19 8.688a4.5 4.5 0 011.242 7.244l-4.5 4.5a4.5 4.5 0 01-6.364-6.364l1.757-1.757m13.35-.622l1.757-1.757a4.5 4.5 0 00-6.364-6.364l-4.5 4.5a4.5 4.5 0 001.242 7.244" />
 </svg>
--- a/pkg/sdk/client/src/components/icons/login.svg
+++ b/pkg/sdk/client/src/components/icons/login.svg
@ -0,0 +1,6 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
    stroke="currentColor" class="w-6 h-6">
    <path stroke-linecap="round" stroke-linejoin="round"
        d="M15.75 9V5.25A2.25 2.25 0 0013.5 3h-6a2.25 2.25 0 00-2.25 2.25v13.5A2.25 2.25 0 007.5 21h6a2.25 2.25 0 002.25-2.25V15m3 0l3-3m0 0l-3-3m3 3H9" />
 </svg>
--- a/pkg/sdk/client/src/components/icons/logout.svg
+++ b/pkg/sdk/client/src/components/icons/logout.svg
@ -0,0 +1,6 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
    stroke="currentColor" class="w-6 h-6">
    <path stroke-linecap="round" stroke-linejoin="round"
        d="M15.75 9V5.25A2.25 2.25 0 0013.5 3h-6a2.25 2.25 0 00-2.25 2.25v13.5A2.25 2.25 0 007.5 21h6a2.25 2.25 0 002.25-2.25V15M12 9l-3 3m0 0l3 3m-3-3h12.75" />
 </svg>
--- a/pkg/sdk/client/src/components/icons/menu.svg
+++ b/pkg/sdk/client/src/components/icons/menu.svg
@ -0,0 +1,6 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
    stroke="currentColor" class="w-6 h-6">
    <path stroke-linecap="round" stroke-linejoin="round"
        d="M3.75 6.75h16.5M3.75 12h16.5m-16.5 5.25h16.5" />
 </svg>
--- a/pkg/sdk/client/src/components/icons/square.svg
+++ b/pkg/sdk/client/src/components/icons/square.svg
@ -0,0 +1,5 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
    stroke="currentColor" class="w-6 h-6">
    <path stroke-linecap="round" stroke-linejoin="round"
        d="M3.75 6A2.25 2.25 0 016 3.75h2.25A2.25 2.25 0 0110.5 6v2.25a2.25 2.25 0 01-2.25 2.25H6a2.25 2.25 0 01-2.25-2.25V6zM3.75 15.75A2.25 2.25 0 016 13.5h2.25a2.25 2.25 0 012.25 2.25V18a2.25 2.25 0 01-2.25 2.25H6A2.25 2.25 0 013.75 18v-2.25zM13.5 6a2.25 2.25 0 012.25-2.25H18A2.25 2.25 0 0120.25 6v2.25A2.25 2.25 0 0118 10.5h-2.25a2.25 2.25 0 01-2.25-2.25V6zM13.5 15.75a2.25 2.25 0 012.25-2.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-2.25A2.25 2.25 0 0113.5 18v-2.25z" />
 </svg>
--- a/pkg/sdk/client/src/components/icons/user-circle.svg
+++ b/pkg/sdk/client/src/components/icons/user-circle.svg
@ -0,0 +1,6 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5"
    stroke="currentColor" class="w-6 h-6">
    <path stroke-linecap="round" stroke-linejoin="round"
        d="M17.982 18.725A7.488 7.488 0 0012 15.75a7.488 7.488 0 00-5.982 2.975m11.963 0a9 9 0 10-11.963 0m11.963 0A8.966 8.966 0 0112 21a8.966 8.966 0 01-5.982-2.275M15 9.75a3 3 0 11-6 0 3 3 0 016 0z" />
 </svg>
--- a/pkg/sdk/client/src/components/menu-item.ts
+++ b/pkg/sdk/client/src/components/menu-item.ts
@ -0,0 +1,130 @@
 import { LitElement, html, css } from 'lit';
 import { property, state } from 'lit/decorators.js';
 export const EVENT_MENU_ITEM_SELECTED = 'menu-item-selected';
 export const EVENT_MENU_ITEM_UNSELECTED = 'menu-item-unselected';
 export class MenuItem extends LitElement {
    @property({ attribute: 'icon-url', type: String })
    iconUrl: string;
    @property({ attribute: 'label', type: String })
    label: string;
    static styles = css`
    :host {
        display: inline-block;
        height: 100%;
        flex: 1;
        cursor: pointer;
        display: flex;
        flex-direction: column;
        align-items: center;
        justify-content: center;
        border-bottom: 1px solid rgb(229,231,235);
        border-top: 10px solid transparent;
        transition: all 100ms ease-out;
        background-color: #fff;
    }
    :host(:hover) {
        background-color: rgb(249,250,251);
    }
    :host(.selected) {
        border-top: 10px solid #03A9F4;
        border-bottom: 1px solid transparent;
        background-color: #fff;
    }
    :host(.unselected) {
        background-color: hsl(210 20% 95% / 1);
    }
    .menu-item-icon {
        height: 30px;
        width: 30px;
        overflow: hidden;
    }
    .menu-item-icon > img {
        width: 100%;
        height: 100%;
    }
    .menu-item-panel {
        display: none;
        position: fixed;
        top: 65px;
        left: 0;
        right: 0;
        z-index: 9999;
        background-color: #fff;
        box-shadow: 0px 4px 5px 0px hsl(0deg 0% 0% / 10%);
        max-height: 75%;
        overflow-y: auto;
    }
    :host(.selected) .menu-item-panel {
        display: block;
    }
    .menu-item-label {
        font-family: Arial, Helvetica Neue, Helvetica, sans-serif;
        color: black;
        font-size: 14px;
        margin: 3px 0;
    }
    `;
    @state()
    selected: boolean
    constructor() {
        super();
        this.addEventListener('click', this._handleClick.bind(this));
    }
    render() {
        return html`
            <div class="menu-item-icon">
                ${
                    this.iconUrl ?
                    html`<img src="${this.iconUrl}" />` :
                    ''
                }
            </div>
            <div class="menu-item-label">
                ${this.label}
            </div>
            <div class="menu-item-panel">
                <slot></slot>
            </div>
        `
    }
    _handleClick() {
        if (this.selected) {
            this.unselect();
        } else {
            this.select();
        }
    }
    select() {
        this.selected = true;
        const event = new CustomEvent(EVENT_MENU_ITEM_SELECTED, { 
            bubbles: true, 
            composed: true,
            detail: {
                element: this,
            }
        });
        this.dispatchEvent(event);
    }
    unselect() {
        this.selected = false;
        const event = new CustomEvent(EVENT_MENU_ITEM_UNSELECTED, { 
            bubbles: true, 
            composed: true,
            detail: {
                element: this,
            }
        });
        this.dispatchEvent(event);
    }
 }
--- a/pkg/sdk/client/src/components/menu-sub-item.ts
+++ b/pkg/sdk/client/src/components/menu-sub-item.ts
@ -0,0 +1,63 @@
 import { LitElement, html, css } from 'lit';
 import { property, state } from 'lit/decorators.js';
 import { LinkIcon } from './icons';
 export class MenuSubItem extends LitElement {
    @property({ attribute: 'label' })
    label: string;
    @property({ attribute: 'icon-url' })
    iconUrl: string;
    @property({ attribute: 'link-url' })
    linkUrl: string;
    @property({ attribute: 'inactive', type: Boolean })
    inactive: boolean;
    static styles = css`
    :host {
        display: block;
        flex: 1;
        cursor: pointer;
        transition: all 100ms ease-out;
        border-bottom: 1px solid rgb(229,231,235);
        padding: 5px 0 5px 7px;
        border-left: 5px solid transparent;
    }
    :host([inactive]) {
        cursor: initial;
    }
    :host(:hover) {
        border-left: 5px solid #03A9F4;
        background-color: rgb(28 169 247 / 10%);
    }
    a {
        font-size: 20px;
        font-family: Arial, Helvetica Neue, Helvetica, sans-serif;
        text-decoration: none;
        display: flex;
        flex-direction: row;
        align-items: center;
        justify-content: flex-start;
        height: 40px;
        color: black;
    }
    .edge-menu-sub-item-icon {
        height: 25px;
        width: 25px;
    }
    .edge-menu-sub-item-label {
        margin-left: 5px;
    }
    `;
    render() {
        return html`
            <a href="${this.linkUrl ? this.linkUrl : '#'}">
            <img class="edge-menu-sub-item-icon" src="${this.iconUrl ? this.iconUrl : LinkIcon}" />
                <span class="edge-menu-sub-item-label">${this.label}</span>
            </a>
        `
    }
 }
--- a/pkg/sdk/client/src/components/menu.ts
+++ b/pkg/sdk/client/src/components/menu.ts
@ -0,0 +1,239 @@
 import { LitElement, html, css } from 'lit';
 import { property, queryAll } from 'lit/decorators.js';
 import { CloudIcon, HomeIcon, LoginIcon, LinkIcon, MenuIcon, UserCircleIcon, LogoutIcon } from './icons'
 import { EVENT_MENU_ITEM_SELECTED, EVENT_MENU_ITEM_UNSELECTED, MenuItem } from './menu-item';
 import { MenuSubItem } from './menu-sub-item';
 interface Manifest {
    id: string
    description: string
    metadata: { [key: string]: any }
    tags: string[]
    title: string
    version: string
    url?: string
 }
 interface Profile {
    sub?: string
    preferred_username?: string
    iss?: string
    edge_role?: string
    edge_tenant?: string
    edge_entrypoint?: string
 }
 const BASE_API_URL = '/edge/api/v1';
 enum Roles {
    visitor = 0,
    user = 1,
    superuser = 2,
    admin = 3,
    superadmin = 4
 }
 export class Menu extends LitElement {
    @property({ attribute: 'app-icon-url', type: String })
    appIconUrl: string;
    @property({ attribute: 'app-title', type: String })
    appTitle: string;
    @property({ attribute: 'hidden', type: Boolean })
    hidden: boolean;
    @property()
    _apps: Manifest[] = []
    @property()
    _profile: Profile
    static styles = css`
    :host {
        position: fixed;
        top: 0;
        left: 0;
        right: 0;
        height: 60px;
        background-color: #fff;
        display: flex;
        flex-direction: row;
        align-items: center;
        justify-content: center;
        z-index: 9999;
    }
    :host([hidden]) {
        display: none;
    }
    `;
    @queryAll('edge-menu-item')
    _menuItems: NodeListOf<MenuItem>
    constructor() {
        super();
        this.addEventListener(EVENT_MENU_ITEM_SELECTED, this._handleMenuItemSelected.bind(this));
        this.addEventListener(EVENT_MENU_ITEM_UNSELECTED, this._handleMenuItemUnselected.bind(this));
        this._fetchApps();
        this._fetchProfile();
    }
    render() {
        const apps = this._renderApps()
        return html`
            <edge-menu-item name='menu' label="${ this.appTitle || "App" }" icon-url='${ this.appIconUrl || MenuIcon }'>
                <edge-menu-sub-item name='home' label='Home' icon-url='${HomeIcon}' link-url='/'></edge-menu-sub-item>
                <slot></slot>
            </edge-menu-item>
            ${ this._renderApps() }
            ${ this._renderProfile() }
        `;
    }
    _fetchApps() {
        return fetch(`${BASE_API_URL}/apps`)
            .then(res => res.json())
            .then(result => {
                if (result.error) {
                    throw new Error(`Unexpected server error: ${result.error.code}`);
                }
                return result.data?.manifests || [];
            })
            .then((manifests: Manifest[]) => {
                const promises = manifests.map((m: Manifest) => {
                    const fetchOptions: RequestInit = {
                        method: 'POST', 
                        body: JSON.stringify({}),
                        headers: {
                            'Content-Type': 'application/json',
                        }
                    };
                    return fetch(`${BASE_API_URL}/apps/${m.id}/url`, fetchOptions)
                        .then(res => res.json())
                        .then(result => {
                            if (result.error) {
                                throw new Error(`Unexpected server error: ${result.error.code}`);
                            }
                            m.url = result.data?.url;
                            return m;
                        })
                    ;
                });
                return Promise.all(promises);
            })
            .then((manifests: Manifest[]) => {
                this._apps = manifests;
            })
            .catch(err => console.error(err))
    }
    _fetchProfile() {
        return fetch(`${BASE_API_URL}/profile`)
            .then(res => res.json())
            .then(result => {
                if (result.error) {
                    switch (result.error.code) {
                        case "unauthorized":
                            return null;
                        default:
                            throw new Error(`Unexpected server error: ${result.error.code}`);
                    }
                }
                return result.data?.profile;
            })
            .then(profile => {
                this._profile = profile;
            })
            .catch(err => console.error(err))
        ;
    }
    _renderApps() {
        const apps = this._apps
            .filter(manifest => this._canAccess(manifest))
            .map(manifest => {
                const iconUrl = ( ( manifest.url || '') + ( manifest.metadata?.paths?.icon || '' ) ) || LinkIcon;
                return html`
                    <edge-menu-sub-item 
                        name='${ manifest.id }' 
                        label='${ manifest.title }' 
                        icon-url='${ iconUrl }' 
                        link-url='${ manifest.url || '#' }'>
                    </edge-menu-sub-item>
                `
            });
        return html`
            <edge-menu-item name='apps' label='Apps' icon-url='${CloudIcon}'>
                ${ apps }
            </edge-menu-item>
        `;
    }
    _canAccess(manifest: Manifest): boolean {
        const currentRole = this._profile?.edge_role || 'visitor';
        const minimumRole = manifest.metadata?.minimumRole || 'visitor';
        return Roles[currentRole] >= Roles[minimumRole];
    }
    _renderProfile() {
        const profile = this._profile;
        return html`
            <edge-menu-item name='profile' label="${profile?.preferred_username || 'Profile'}" icon-url='${UserCircleIcon}'>
                ${
                    profile ?
                    html`<edge-menu-sub-item name='login' label='Logout' icon-url='${LogoutIcon}' link-url='/edge/auth/logout'></edge-menu-sub-item>` :
                    html`<edge-menu-sub-item name='login' label='Login' icon-url='${LoginIcon}' link-url='/edge/auth/login'></edge-menu-sub-item>`
                }
            </edge-menu-item>
        `;
    }
    _handleMenuItemSelected(evt: CustomEvent) {
        const selectedMenuItem: HTMLElement = evt.detail.element;
        selectedMenuItem.classList.add('selected');
        selectedMenuItem.classList.remove('unselected');
        for (let item, i = 0; (item = this._menuItems[i]); i++) {
            if (item === selectedMenuItem) continue;
            item.unselect();
            item.classList.add('unselected');
        }
    }
    _handleMenuItemUnselected(evt: CustomEvent) {
        const unselectedMenuItem: HTMLElement = evt.detail.element;
        unselectedMenuItem.classList.remove('selected');
        const hasSelectedItem = this.renderRoot.querySelectorAll('edge-menu-item.selected').length !== 0
        if (hasSelectedItem) {
            return
        }
        for (let item, i = 0; (item = this._menuItems[i]); i++) {
            item.classList.remove('unselected');
        }
    }
 }
 declare global {
    interface HTMLElementTagNameMap {
        "edge-menu": Menu;
        "edge-menu-item": MenuItem;
        "edge-menu-sub-item": MenuSubItem;
    }
 }
--- a/pkg/sdk/client/src/crossframe-messenger.ts
+++ b/pkg/sdk/client/src/crossframe-messenger.ts
@ -0,0 +1,87 @@
 import { EventTarget } from "./event-target";
 enum CrossFrameMessageType {
    SIZE_CHANGED = "size_changed",
    TITLE_CHANGED = "title_changed"
 }
 interface CrossFrameMessage {
    type: CrossFrameMessageType
    data: { [key: string]: any }
 }
 export class CrossFrameMessenger extends EventTarget {
    debug: boolean;
    constructor() {
        super()
        this.debug = false;
        this._handleWindowMessage = this._handleWindowMessage.bind(this);
        this._initObservers = this._initObservers.bind(this);
        window.addEventListener('load', this._initObservers);
        window.addEventListener('message', this._handleWindowMessage)
    }
    post(message: CrossFrameMessage, target: Window = window.parent) {
        if (!target) return;
        this._log("sending crossframe message", message);
        target.postMessage(message, '*');
    }
    _log(...args) {
        if (!this.debug) return;
        console.log(...args);
    }
    _handleWindowMessage(evt: MessageEvent) {
        const message = evt.data;
        if (!message || !message.type || !message.data) {
            return;
        }
        const event = new CustomEvent(message.type, {
            cancelable: true,
            detail: message.data
        });
        this.dispatchEvent(event);
    }
    _initObservers() {
        this._initResizeObserver();
        this._initTitleMutationObserver();
    }
    _initTitleMutationObserver() {
        const titleObserver = new MutationObserver((mutations) => {
            const title = mutations[0].target.textContent;
            this.post({ type: CrossFrameMessageType.TITLE_CHANGED, data: { title }});
        });
        const title = document.querySelector('title');
        if (!title) return;
        this.post({ type: CrossFrameMessageType.TITLE_CHANGED, data: { title: title.textContent }});
        titleObserver.observe(title, { subtree: true, characterData: true, childList: true });
    }
    _initResizeObserver() {
        const resizeObserver = new ResizeObserver(() => {
            const rect = document.documentElement.getBoundingClientRect();
            const height = rect.height;
            const width = rect.width;
            this.post({ type: CrossFrameMessageType.SIZE_CHANGED, data: { height, width }});
        });
        const body = document.body;
        if (!body) return;
        resizeObserver.observe(document.documentElement);
    }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
William Petit	9944a37670	chore: cache modd tool All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-20 13:57:46 +02:00
William Petit	78307b6850	feat(cli,app): filter out ipv6 adresses for url resolving	2023-04-20 13:57:46 +02:00
wpetit	2543386e5c	Mise à jour de 'doc/apps/client-api/edge-menu.md' All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-20 13:14:12 +02:00
William Petit	20c4189599	feat(sdk,client): minify generated script All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-20 10:41:03 +02:00
William Petit	c7b639b643	feat(cli,app): compress http responses All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-20 10:36:20 +02:00
William Petit	b5b4042cc7	feat(sdk,client): add menu to help navigation between apps All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-20 10:17:37 +02:00
William Petit	9e3fc427bb	feat(sdk,client): target es2015 for old chromecast compatibility All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-14 16:24:34 +02:00
William Petit	d0b57ab15f	fix(client,sdk): accept empty token from parent frame All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-13 13:41:35 +02:00
William Petit	dc93c585eb	fix(sdk,client): add listener to current frame window All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-13 12:07:52 +02:00
William Petit	de330c0042	fix(sdk,client): use origin as postmessage target All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-13 11:35:31 +02:00
William Petit	310dac296f	feat(storage,sqlite): begin tx with context All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-13 11:23:34 +02:00
William Petit	4db7576b12	feat(client,sdk): retrieve auth token from parent frame + better resize detection All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-13 11:02:24 +02:00
William Petit	f5283b86ed	fix(app,manifest): manifest serialization All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-11 15:08:07 +02:00
wpetit	98ebd7a168	doc(app,manifest): add metadata attribute in manifest schema All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-11 11:11:00 +02:00
William Petit	8ca31d05c0	feat(app,manifest): validation + extendable metadatas All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-11 11:05:09 +02:00
William Petit	34c6a089b5	fix(client,sdk): permit cross-domain message communication All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-06 20:54:01 +02:00
William Petit	da73b842e1	fix(sdk,client): initialize crossframe observers after window load event All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-06 19:18:36 +02:00
William Petit	55d7241d95	chore(sdk,client): remove restrictive assertion All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-06 18:18:12 +02:00
William Petit	240b07af66	feat(sdk,client): add edgeframe sdk api All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-06 18:16:17 +02:00
William Petit	68e35bf5a6	fix(client,sdk): remove too specific assertion All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-06 15:59:09 +02:00
William Petit	4bc2d864ad	chore: add jenkins ci pipeline All checks were successful arcad/edge/pipeline/head This commit looks good Details	2023-04-06 14:58:12 +02:00
William Petit	dc18381dea	chore: add test timeout	2023-04-06 14:47:37 +02:00
William Petit	1dde96043a	chore: reenable tests in watch mode	2023-04-06 14:47:13 +02:00
William Petit	f758acb4e5	fix(module,fetch): wait for module initialization to prevent false failure in test	2023-04-06 14:46:46 +02:00
William Petit	054e80bbfb	fix(storage,sqlite): prevent 'database is busy' error by using busy_timeout pragma	2023-04-06 14:45:50 +02:00
William Petit	32c6f0a77e	feat(cli,run): resolve app url based on available network interfaces	2023-04-06 11:52:04 +02:00
William Petit	050e529f0a	doc(module,app): add new parameter 'from' to app.getUrl()	2023-04-06 11:27:27 +02:00
William Petit	006f13bc7b	feat(module,auth): dynamically define authentication cookie domain	2023-04-05 15:19:22 +02:00
William Petit	84c8fd51f6	chore: add cast commands for testing purpose	2023-04-05 15:12:51 +02:00
William Petit	f08f645432	chore: fix gitea-release task	2023-04-02 18:01:47 +02:00
William Petit	fbb27d6ea4	feat(app,module): fetch basic module	2023-04-02 17:59:33 +02:00
William Petit	d8ce2901d2	feat(jwt): handle nil keyset	2023-03-28 20:38:29 +02:00
William Petit	1996f4dc56	feat(auth,local_handler): cookie configuration	2023-03-28 20:37:57 +02:00
William Petit	e09de0b0a4	chore: move proxy package to arcad/emissary	2023-03-28 10:15:49 +02:00
wpetit	72765de20b	fix(doc): typo	2023-03-24 11:05:17 +01:00
William Petit	ed535b6f5d	feat(module,app): basic module to list apps	2023-03-24 10:59:15 +01:00
William Petit	07452ad8ab	chore: automatically update sdk-testsuite app version	2023-03-23 19:13:47 +01:00
William Petit	0f0fdfb02b	chore: use date based versioning	2023-03-23 19:04:29 +01:00
`@ -86,4 +86,4 @@ interface BlobInfo {`

	### `Metadata`	### `Metadata`

	L'objet `Metadata` est un objet clé/valeur arbitraire transmis avec la requête de téléversement. Voir la méthode [`Edge.upload(blob, metadata)`](../client-api/README.md#edge-upload-blob-blob-metadata-object-promise) du SDK client.	L'objet `Metadata` est un objet clé/valeur arbitraire transmis avec la requête de téléversement. Voir la méthode [`Edge.Client.upload(blob, metadata)`](../client-api/README.md#edge-upload-blob-blob-metadata-object-promise) du SDK client.