doc: add emissary introduction

feat: update arcad/edge dependency
chore: update edge lib without goproxy
2023-05-24 09:57:25 +02:00 · 2023-04-26 15:56:15 +02:00 · 2023-04-25 13:54:01 +02:00 · 2023-04-24 13:49:53 +02:00 · 2023-04-24 12:23:45 +02:00 · 2023-04-21 20:04:37 +02:00
32 changed files with 1217 additions and 371 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,4 +9,5 @@ dist/
 /agent-key.json
 /apps
 /server-key.json
-/.emissary-token
+/.emissary-token
+/out
--- a/39
+++ b/39
@ -10,14 +10,24 @@ pipeline {
    }

    stages {
+        stage('Cancel older jobs') {
+            steps {
+                script {
+                    def buildNumber = env.BUILD_NUMBER as int
+                    if (buildNumber > 1) milestone(buildNumber - 1)
+                    milestone(buildNumber)
+                }
+            }
+        }
+        
        stage('Run unit tests') {
            steps {
                script {
                    withCredentials([
                        usernamePassword([
-                        credentialsId: 'forge-jenkins',
-                        usernameVariable: 'GIT_USERNAME',
-                        passwordVariable: 'GIT_PASSWORD'
+                            credentialsId: 'forge-jenkins',
+                            usernameVariable: 'GIT_USERNAME',
+                            passwordVariable: 'GIT_PASSWORD'
                        ])
                    ]) {
                        sh '''
@ -43,20 +53,25 @@ pipeline {
                script {
                    withCredentials([
                        usernamePassword([
-                        credentialsId: 'forge-jenkins',
-                        usernameVariable: 'GITEA_RELEASE_USERNAME',
-                        passwordVariable: 'GITEA_RELEASE_PASSWORD'
+                            credentialsId: 'forge-jenkins',
+                            usernameVariable: 'GITEA_RELEASE_USERNAME',
+                            passwordVariable: 'GITEA_RELEASE_PASSWORD'
                        ])
                    ]) {
                        sh 'make gitea-release'
                    }
                    def currentVersion = sh(returnStdout: true, script: 'make full-version').trim()
-                    build(
-                        job: "../emissary-firmware/${env.GIT_BRANCH}",
-                        parameters: [
-                            [$class: 'StringParameterValue', name: 'emissaryRelease', value: currentVersion]
-                        ]
-                    )
+                    if (currentVersion.endsWith('-dirty')) {
+                        unstable('Could not trigger emissary-firmware build, dirty version !')
+                    } else {
+                        build(
+                            job: "../emissary-firmware/${env.GIT_BRANCH}",
+                            parameters: [
+                                [$class: 'StringParameterValue', name: 'emissaryRelease', value: currentVersion]
+                            ],
+                            wait: false
+                        )
+                    }
                }
            }
        }
--- a/11
+++ b/11
@ -154,4 +154,13 @@ load-sample-specs:
 	cat misc/spec-samples/mdns.emissary.cadoles.com.json | ./bin/server api agent spec update -a $(AGENT_ID) --no-patch --spec-data - --spec-name mdns.emissary.cadoles.com

 full-version:
-	@echo $(FULL_VERSION)
+	@echo $(FULL_VERSION)
+
+update-edge-lib:
+	git pull --rebase
+	GOPROXY=direct GOPRIVATE=forge.cadoles.com/arcad/edge go get -u forge.cadoles.com/arcad/edge
+	go mod tidy
+	$(MAKE) test
+	git add go.mod go.sum
+	git commit -m "feat: update arcad/edge dependency"
+	git push
--- a/doc/README.md
+++ b/doc/README.md
@ -1,5 +1,7 @@
 # Documentation

+- (FR) - [Introduction](./fr/introduction.md)
+
 ## Tutorials

 - (FR) - [Premiers pas](./tutorials/fr/first-steps.md)
--- a/doc/fr/introduction.md
+++ b/doc/fr/introduction.md
@ -0,0 +1,30 @@
+# Introduction
+
+"Emissary" est un programme entrant dans la catégorie des outils de gestion et déploiement de configuration.
+
+En utilisant un agent déployé sur chaque système cible, il permet aux administrateurs système de centraliser le contrôle et la supervision de la configuration. Grâce à ses fonctionnalités avancées, il est capable de faire converger la configuration d'une machine vers un modèle précis défini par une ou plusieurs spécifications centralisées sur un serveur de pilotage dédié.
+
+Le principal atout d'"Emissary" réside dans sa capacité à activer des "contrôleurs" spécifiques pour chaque aspect de la configuration système. Ces contrôleurs sont des modules intelligents qui agissent comme des agents spécialisés, veillant à ce que les paramètres de configuration soient correctement appliqués et respectent les spécifications définies.
+
+Grâce à cette approche modulaire, "Emissary" peut gérer diverses facettes de la configuration, telles que les paramètres réseau, les règles de sécurité, les options de performance et bien plus encore. Chaque contrôleur est conçu pour répondre à des besoins spécifiques, offrant ainsi une flexibilité et une granularité optimales dans la gestion de la configuration.
+
+Certains contrôleurs permettent également l'exécution de services spécialisés comme des serveurs mandataires inverses ou des applications web autonomes.
+
+L'utilisation d'un serveur de pilotage centralisé permet à "Emissary" de stocker et de mettre à jour les spécifications de configuration de manière cohérente. Les administrateurs peuvent définir des modèles de configuration précis, les affiner au fil du temps et les appliquer en un seul clic sur l'ensemble du parc de machines gérées. Cela garantit une uniformité et une conformité accrues, tout en facilitant la maintenance et les mises à jour à grande échelle.
+
+À l'heure actuelle, Emissary est conçu pour cibler spécifiquement le système d'exploitation OpenWRT. L'activation des "contrôleurs" spécifiques à cet OS permet de converger la configuration de la machine OpenWRT vers un modèle correspondant aux spécifications centralisées sur le serveur de pilotage. Ces spécifications peuvent inclure des paramètres réseau, des configurations de sécurité, des règles de pare-feu, des options de routage, des services système, et bien d'autres éléments spécifiques à OpenWRT. 
+
+## Vue d'ensemble de l'architecture
+
+![](./resources/overview.svg)
+
+
+## Contrôleurs
+
+Voici la liste des contrôleurs implémentés à ce jour:
+
+- **Contrôleur UCI** - Permet de modifier les données [UCI](https://openwrt.org/docs/guide-user/base-system/uci) (**U**nified **C**onfiguration **S**ystem) d'un système OpenWRT et ainsi configurer les services systèmes, les règles pare-feu, la configuration des NICs, etc sur celui-ci.
+- **Contrôleur SysUpgrade** - Permet de mettre à jour un système OpenWRT via l'outil [`sysupgrade`](https://openwrt.org/docs/guide-user/installation/generic.sysupgrade).
+- **Contrôleur Proxy** - Permet de déployer des services de type passerelle mandataire inverse ("reverse proxy") sur la machine cible.
+- **Contrôleur mDNS** - Permet d'annoncer des services via mDNS sur les différents réseaux de la machine cible.
+- **Contrôleur App** - Permet de déployer des applications web "embarquées" (s'exécutant localement et non dépendantes d'une connectivité internet) sur la machine cible. Voir le projet ["Edge App"](https://forge.cadoles.com/arcad/edge).
--- a/doc/fr/resources/overview.plantuml
+++ b/doc/fr/resources/overview.plantuml
@ -0,0 +1,59 @@
+@startuml
+top to bottom direction
+skinparam linetype ortho
+
+node PilotNode as "Pilot Node" {
+    database DataStore as "Data Store"
+
+    component EmissaryServer as "Emissary Server" {
+
+        component SpecificationRegistry as "Specification Registry" {
+            component UCISpecification as "UCI Spec"
+            component MDNSSpecification as "mDNS Spec"
+            component AppSpecification as "App Spec"
+            component ProxySpecification as "Proxy Spec"
+            component SysUpgradeSpecification as "SysUpgrade Spec"
+        }
+
+        component HTTPHandler as "HTTP Handler"
+
+        HTTPHandler .down.> SpecificationRegistry: validates agents data with
+
+        HTTPHandler .right.> DataStore: saves agent data in
+    }
+}
+
+node OperatorNode as "Operator Node" {
+    component EmissaryClient as "Emissary Client"
+
+    EmissaryClient -left-> HTTPHandler: administrates
+}
+
+node OpenWRTNode as "OpenWRT Node" {
+    component EmissaryAgent as "Emissary Agent" {
+
+        component StateManager as "State Manager"
+
+        StateManager --up-> HTTPHandler: fetches agent ^*specs from
+
+        component UCIController as "UCI Controller"
+
+        UCIController .up.> StateManager: reconciles with
+
+        component SysUpgradeController as "SysUpgrade Controller"
+
+        SysUpgradeController .up.> StateManager: reconciles with
+    
+        component ProxyController as "Proxy Controller"
+
+        ProxyController .up.> StateManager: reconciles with
+
+        component MDNSController as "mDNS Controller"
+
+        MDNSController .up.> StateManager: reconciles with
+
+        component AppController as "App Controller"
+
+        AppController .up.> StateManager: reconciles with
+    }
+}
--- a/doc/fr/resources/overview.svg
+++ b/doc/fr/resources/overview.svg
@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="643px" preserveAspectRatio="none" style="width:1713px;height:643px;background:#FFFFFF;" version="1.1" viewBox="0 0 1713 643" width="1713px" zoomAndPan="magnify"><defs/><g><!--MD5=[d09f24f3d7c03358bd8c02f81fe1cb3f]
+cluster PilotNode--><g id="cluster_PilotNode"><polygon fill="none" points="16,16,26,6,685,6,685,511,675,521,16,521,16,16" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="675" x2="685" y1="16" y2="6"/><line style="stroke:#181818;stroke-width:1.0;" x1="16" x2="675" y1="16" y2="16"/><line style="stroke:#181818;stroke-width:1.0;" x1="675" x2="675" y1="16" y2="521"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="73" x="310" y="33.9659">Pilot Node</text></g><!--MD5=[9c6b5fd9fe3a3a3c784efc27685ccdf9]
+cluster EmissaryServer--><g id="cluster_EmissaryServer"><rect fill="none" height="440" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:1.0;" width="523" x="138" y="57"/><rect fill="none" height="10" style="stroke:#181818;stroke-width:1.0;" width="15" x="641" y="62"/><rect fill="none" height="2" style="stroke:#181818;stroke-width:1.0;" width="4" x="639" y="64"/><rect fill="none" height="2" style="stroke:#181818;stroke-width:1.0;" width="4" x="639" y="68"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="110" x="344.5" y="84.9659">Emissary Server</text></g><!--MD5=[5f6297313bdca82dad0981382bb4d88a]
+cluster SpecificationRegistry--><g id="cluster_SpecificationRegistry"><rect fill="none" height="273" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:1.0;" width="459" x="170" y="192"/><rect fill="none" height="10" style="stroke:#181818;stroke-width:1.0;" width="15" x="609" y="197"/><rect fill="none" height="2" style="stroke:#181818;stroke-width:1.0;" width="4" x="607" y="199"/><rect fill="none" height="2" style="stroke:#181818;stroke-width:1.0;" width="4" x="607" y="203"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="149" x="325" y="219.9659">Specification Registry</text></g><!--MD5=[b562d696a455f482404b155c6a8fbfca]
+cluster OperatorNode--><g id="cluster_OperatorNode"><polygon fill="none" points="709,62,719,52,889,52,889,150,879,160,709,160,709,62" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="879" x2="889" y1="62" y2="52"/><line style="stroke:#181818;stroke-width:1.0;" x1="709" x2="879" y1="62" y2="62"/><line style="stroke:#181818;stroke-width:1.0;" x1="879" x2="879" y1="62" y2="160"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="104" x="743" y="79.9659">Operator Node</text></g><!--MD5=[68861f6d3d90d2f41bc4d4a2796fc73e]
+cluster OpenWRTNode--><g id="cluster_OpenWRTNode"><polygon fill="none" points="709,313,719,303,1696,303,1696,616,1686,626,709,626,709,313" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="1686" x2="1696" y1="313" y2="303"/><line style="stroke:#181818;stroke-width:1.0;" x1="709" x2="1686" y1="313" y2="313"/><line style="stroke:#181818;stroke-width:1.0;" x1="1686" x2="1686" y1="313" y2="626"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="109" x="1144" y="330.9659">OpenWRT Node</text></g><!--MD5=[6e6320f5227e3e26302b14a131b17aa5]
+cluster EmissaryAgent--><g id="cluster_EmissaryAgent"><rect fill="none" height="248" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:1.0;" width="939" x="733" y="354"/><rect fill="none" height="10" style="stroke:#181818;stroke-width:1.0;" width="15" x="1652" y="359"/><rect fill="none" height="2" style="stroke:#181818;stroke-width:1.0;" width="4" x="1650" y="361"/><rect fill="none" height="2" style="stroke:#181818;stroke-width:1.0;" width="4" x="1650" y="365"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="108" x="1148.5" y="381.9659">Emissary Agent</text></g><!--MD5=[45eee4c5a57edb1e2ac175c76a239d17]
+entity DataStore--><g id="elem_DataStore"><path d="M32,105.5 C32,95.5 77,95.5 77,95.5 C77,95.5 122,95.5 122,105.5 L122,133.5679 C122,143.5679 77,143.5679 77,143.5679 C77,143.5679 32,143.5679 32,133.5679 L32,105.5 " fill="#F1F1F1" style="stroke:#181818;stroke-width:0.5;"/><path d="M32,105.5 C32,115.5 77,115.5 77,115.5 C77,115.5 122,115.5 122,105.5 " fill="none" style="stroke:#181818;stroke-width:0.5;"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="70" x="42" y="134.4659">Data Store</text></g><!--MD5=[7d2b259075cd0e421afb7965bd22532b]
+entity HTTPHandler--><g id="elem_HTTPHandler"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="132" x="335" y="95"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="447" y="100"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="445" y="102"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="445" y="106"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="92" x="350" y="129.9659">HTTP Handler</text></g><!--MD5=[d74c349cfc963885f78088443cb132a3]
+entity UCISpecification--><g id="elem_UCISpecification"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="100" x="213" y="238"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="293" y="243"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="291" y="245"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="291" y="249"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="60" x="228" y="272.9659">UCI Spec</text></g><!--MD5=[631d6ad5bad1f198f42ccf56fafe0582]
+entity MDNSSpecification--><g id="elem_MDNSSpecification"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="118" x="348" y="238"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="446" y="243"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="444" y="245"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="444" y="249"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="78" x="363" y="272.9659">mDNS Spec</text></g><!--MD5=[f8753067470155b04e2f3a693924c320]
+entity AppSpecification--><g id="elem_AppSpecification"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="103" x="501.5" y="238"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="584.5" y="243"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="582.5" y="245"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="582.5" y="249"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="63" x="516.5" y="272.9659">App Spec</text></g><!--MD5=[fd240f711946cd5d0dcadb1ea2ed786c]
+entity ProxySpecification--><g id="elem_ProxySpecification"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="112" x="213" y="392"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="305" y="397"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="303" y="399"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="303" y="403"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="72" x="228" y="426.9659">Proxy Spec</text></g><!--MD5=[74aafaf76d366e174271de99960a7b8d]
+entity SysUpgradeSpecification--><g id="elem_SysUpgradeSpecification"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="157" x="360.5" y="392"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="497.5" y="397"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="495.5" y="399"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="495.5" y="403"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="117" x="375.5" y="426.9659">SysUpgrade Spec</text></g><!--MD5=[584b4e495bc4cb9e5d46ff66335fc219]
+entity EmissaryClient--><g id="elem_EmissaryClient"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="143" x="725.5" y="95"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="848.5" y="100"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="846.5" y="102"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="846.5" y="106"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="103" x="740.5" y="129.9659">Emissary Client</text></g><!--MD5=[cbe48146c9698f81ea53c2c6f51c8eda]
+entity StateManager--><g id="elem_StateManager"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="139" x="1048.5" y="392"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="1167.5" y="397"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1165.5" y="399"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1165.5" y="403"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="99" x="1063.5" y="426.9659">State Manager</text></g><!--MD5=[27f8877b35bcf78d2c9b0e363caea569]
+entity UCIController--><g id="elem_UCIController"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="135" x="749.5" y="537"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="864.5" y="542"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="862.5" y="544"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="862.5" y="548"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="95" x="764.5" y="571.9659">UCI Controller</text></g><!--MD5=[f5a45e51cb66ff1d3b5626d0df038fee]
+entity SysUpgradeController--><g id="elem_SysUpgradeController"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="192" x="920" y="537"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="1092" y="542"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1090" y="544"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1090" y="548"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="152" x="935" y="571.9659">SysUpgrade Controller</text></g><!--MD5=[ed1f476319cb2bbabd1b988180210f61]
+entity ProxyController--><g id="elem_ProxyController"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="147" x="1147.5" y="537"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="1274.5" y="542"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1272.5" y="544"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1272.5" y="548"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="107" x="1162.5" y="571.9659">Proxy Controller</text></g><!--MD5=[dcaaaabc13b59746f8f74cc6285a228b]
+entity MDNSController--><g id="elem_MDNSController"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="153" x="1329.5" y="537"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="1462.5" y="542"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1460.5" y="544"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1460.5" y="548"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="113" x="1344.5" y="571.9659">mDNS Controller</text></g><!--MD5=[f7cab0dbd7f354492deaa54be612571f]
+entity AppController--><g id="elem_AppController"><rect fill="#F1F1F1" height="49.0679" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="138" x="1518" y="537"/><rect fill="#F1F1F1" height="10" style="stroke:#181818;stroke-width:0.5;" width="15" x="1636" y="542"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1634" y="544"/><rect fill="#F1F1F1" height="2" style="stroke:#181818;stroke-width:0.5;" width="4" x="1634" y="548"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="98" x="1533" y="571.9659">App Controller</text></g><!--MD5=[8c3501b26c9c3ea39952224ab3fba557]
+link HTTPHandler to SpecificationRegistry--><g id="link_HTTPHandler_SpecificationRegistry"><path d="M334.7,128 C268.96,128 178,128 178,128 C178,128 178,158.5475 178,190.5263 C178,190.7761 178,191.026 178,191.276 " fill="none" id="HTTPHandler-to-SpecificationRegistry" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="178,191.276,182,182.276,178,186.276,174,182.276,178,191.276" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="156" x="151.03" y="142.897">validates agents data with</text></g><!--MD5=[1442fca2dc2f53bf9ae23d9e844c6c8b]
+link HTTPHandler to DataStore--><g id="link_HTTPHandler_DataStore"><path d="M334.65,112 C334.65,112 128.41,112 128.41,112 " fill="none" id="HTTPHandler-to-DataStore" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="123.41,112,132.41,116,128.41,112,132.41,108,123.41,112" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="115" x="203.28" y="126.897">saves agent data in</text></g><!--MD5=[04b946759b53ef2d0699bda61eed296c]
+reverse link HTTPHandler to EmissaryClient--><g id="link_HTTPHandler_EmissaryClient"><path d="M473.28,112 C473.28,112 725.14,112 725.14,112 " fill="none" id="HTTPHandler-backto-EmissaryClient" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="468.28,112,477.28,116,473.28,112,477.28,108,468.28,112" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="82" x="516.21" y="107.897">administrates</text></g><!--MD5=[0dd7156c6052ea784bc88dfca61e007b]
+reverse link HTTPHandler to StateManager--><g id="link_HTTPHandler_StateManager"><path d="M473.28,128 C473.28,128 665,128 665,128 C665,128 665,409 665,409 C665,409 921.14,409 1048.21,409 " fill="none" id="HTTPHandler-backto-StateManager" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="468.28,128,477.28,132,473.28,128,477.28,124,468.28,128" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="163" x="501" y="360.137">fetches agent ^*specs from</text></g><!--MD5=[beea302d68a5d9dc6027ab4e0b987cea]
+reverse link StateManager to UCIController--><g id="link_StateManager_UCIController"><path d="M1042.15,425 C1042.15,425 876.5,425 876.5,425 C876.5,425 876.5,497.45 876.5,536.78 " fill="none" id="StateManager-backto-UCIController" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="1047.15,425,1038.15,421,1042.15,425,1038.15,429,1047.15,425" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="88" x="814.43" y="420.897">reconciles with</text></g><!--MD5=[8cf138a1950decb1251fc88353171770]
+reverse link StateManager to SysUpgradeController--><g id="link_StateManager_SysUpgradeController"><path d="M1080.25,447.43 C1080.25,447.43 1080.25,536.9 1080.25,536.9 " fill="none" id="StateManager-backto-SysUpgradeController" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="1080.25,442.43,1076.25,451.43,1080.25,447.43,1084.25,451.43,1080.25,442.43" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="88" x="991.25" y="488.057">reconciles with</text></g><!--MD5=[8dba0e44c0268b5c6a2c1c6565c41b8b]
+reverse link StateManager to ProxyController--><g id="link_StateManager_ProxyController"><path d="M1167.5,447.43 C1167.5,447.43 1167.5,536.9 1167.5,536.9 " fill="none" id="StateManager-backto-ProxyController" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="1167.5,442.43,1163.5,451.43,1167.5,447.43,1171.5,451.43,1167.5,442.43" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="88" x="1078.5" y="507.057">reconciles with</text></g><!--MD5=[94df0ade1dc92be8853ce902c4f83dad]
+reverse link StateManager to MDNSController--><g id="link_StateManager_MDNSController"><path d="M1193.72,425 C1193.72,425 1406,425 1406,425 C1406,425 1406,497.45 1406,536.78 " fill="none" id="StateManager-backto-MDNSController" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="1188.72,425,1197.72,429,1193.72,425,1197.72,421,1188.72,425" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="88" x="1266.75" y="420.897">reconciles with</text></g><!--MD5=[e74434bc519cba41fdddc7c857699717]
+reverse link StateManager to AppController--><g id="link_StateManager_AppController"><path d="M1193.96,409 C1193.96,409 1587,409 1587,409 C1587,409 1587,493.45 1587,536.66 " fill="none" id="StateManager-backto-AppController" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="1188.96,409,1197.96,413,1193.96,409,1197.96,405,1188.96,409" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="88" x="1365.31" y="404.897">reconciles with</text></g><!--MD5=[6fc50b732d8962c26a79ff20e99a40e3]
+@startuml
+top to bottom direction
+skinparam linetype ortho
+
+node PilotNode as "Pilot Node" {
+    database DataStore as "Data Store"
+
+    component EmissaryServer as "Emissary Server" {
+
+        component SpecificationRegistry as "Specification Registry" {
+            component UCISpecification as "UCI Spec"
+            component MDNSSpecification as "mDNS Spec"
+            component AppSpecification as "App Spec"
+            component ProxySpecification as "Proxy Spec"
+            component SysUpgradeSpecification as "SysUpgrade Spec"
+        }
+
+        component HTTPHandler as "HTTP Handler"
+
+        HTTPHandler .down.> SpecificationRegistry: validates agents data with
+
+        HTTPHandler .right.> DataStore: saves agent data in
+    }
+}
+
+node OperatorNode as "Operator Node" {
+    component EmissaryClient as "Emissary Client"
+
+    EmissaryClient -left-> HTTPHandler: administrates
+}
+
+node OpenWRTNode as "OpenWRT Node" {
+    component EmissaryAgent as "Emissary Agent" {
+
+        component StateManager as "State Manager"
+
+        StateManager - -up-> HTTPHandler: fetches agent ^*specs from
+
+        component UCIController as "UCI Controller"
+
+        UCIController .up.> StateManager: reconciles with
+
+        component SysUpgradeController as "SysUpgrade Controller"
+
+        SysUpgradeController .up.> StateManager: reconciles with
+    
+        component ProxyController as "Proxy Controller"
+
+        ProxyController .up.> StateManager: reconciles with
+
+        component MDNSController as "mDNS Controller"
+
+        MDNSController .up.> StateManager: reconciles with
+
+        component AppController as "App Controller"
+
+        AppController .up.> StateManager: reconciles with
+    }
+}
+@end
+
+PlantUML version 1.2022.7(Mon Aug 22 19:01:30 CEST 2022)
+(GPL source distribution)
+Java Runtime: OpenJDK Runtime Environment
+JVM: OpenJDK 64-Bit Server VM
+Default Encoding: UTF-8
+Language: fr
+Country: FR
+--></g></svg>
--- a/go.mod
+++ b/go.mod
@ -3,10 +3,11 @@ module forge.cadoles.com/Cadoles/emissary
 go 1.19

 require (
-	forge.cadoles.com/arcad/edge v0.0.0-20230402160147-f08f645432c6
+	forge.cadoles.com/arcad/edge v0.0.0-20230426135323-17808d14c978
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/alecthomas/participle/v2 v2.0.0-beta.5
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
+	github.com/brutella/dnssd v1.2.6
 	github.com/btcsuite/btcd/btcutil v1.1.3
 	github.com/davecgh/go-spew v1.1.1
 	github.com/denisbrodbeck/machineid v1.0.1
@ -24,7 +25,7 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/qri-io/jsonschema v0.2.1
 	github.com/urfave/cli/v2 v2.24.4
-	gitlab.com/wpetit/goweb v0.0.0-20230227162855-a1f09bafccb3
+	gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b
 	gopkg.in/yaml.v3 v3.0.1
 	modernc.org/sqlite v1.21.0
 )
@ -33,7 +34,6 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
 	github.com/barnybug/go-cast v0.0.0-20201201064555-a87ccbc26692 // indirect
-	github.com/brutella/dnssd v1.2.6 // indirect
 	github.com/dop251/goja_nodejs v0.0.0-20230320130059-dcf93ba651dd // indirect
 	github.com/gabriel-vasile/mimetype v1.4.1 // indirect
 	github.com/go-sourcemap/sourcemap v2.1.3+incompatible // indirect
@ -44,14 +44,14 @@ require (
 	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/igm/sockjs-go/v3 v3.0.2 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
-	github.com/miekg/dns v1.1.51 // indirect
+	github.com/miekg/dns v1.1.53 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.0 // indirect
 	github.com/oklog/ulid/v2 v2.1.0 // indirect
 	github.com/orcaman/concurrent-map v1.0.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
-	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/net v0.9.0 // indirect
 	google.golang.org/genproto v0.0.0-20220728213248-dd149ef739b9 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
@ -96,12 +96,12 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	golang.org/x/crypto v0.7.0 // indirect
-	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/term v0.6.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/term v0.7.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/tools v0.8.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/go-playground/validator.v9 v9.31.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -54,10 +54,8 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-forge.cadoles.com/arcad/edge v0.0.0-20230328183829-d8ce2901d2ab h1:xOtzLAYOUcKd/VBx/PzL2riC0zNuQ/cxxf5r3AmEvJE=
-forge.cadoles.com/arcad/edge v0.0.0-20230328183829-d8ce2901d2ab/go.mod h1:ONd6vyQ0IM0vHi1i+bmZBRc1Fd0BoXMuDdY/+0sZefw=
-forge.cadoles.com/arcad/edge v0.0.0-20230402160147-f08f645432c6 h1:MxMEBSEvwagUrFORUJ9snZekFIKkaV3OB0EplXra+LU=
-forge.cadoles.com/arcad/edge v0.0.0-20230402160147-f08f645432c6/go.mod h1:ONd6vyQ0IM0vHi1i+bmZBRc1Fd0BoXMuDdY/+0sZefw=
+forge.cadoles.com/arcad/edge v0.0.0-20230426135323-17808d14c978 h1:fekSRSb8gYcVx8C0B9K6B7+KiFHVixIwvPUkxcnRFp4=
+forge.cadoles.com/arcad/edge v0.0.0-20230426135323-17808d14c978/go.mod h1:uv3wBa+UbcEUb7IiJCj1T96Xo3cmx1BwNxbBYRZhln8=
 gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
 github.com/Azure/azure-pipeline-go v0.2.3/go.mod h1:x841ezTBIMG6O3lAcl8ATHnsOPVl2bqk7S3ta6S6u4k=
@ -983,8 +981,8 @@ github.com/miekg/dns v0.0.0-20161006100029-fc4e1e2843d8/go.mod h1:W1PPwlIAgtquWB
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
 github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
-github.com/miekg/dns v1.1.51 h1:0+Xg7vObnhrz/4ZCZcZh7zPXlmU0aveS2HDBd0m0qSo=
-github.com/miekg/dns v1.1.51/go.mod h1:2Z9d3CP1LQWihRZUf29mQ19yDThaI4DAYzte2CaQW5c=
+github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw=
+github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
@ -1312,8 +1310,8 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPS
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2cqquPa0MKWeNkmOM5RQsRhkrwMWonFMN7fE=
-gitlab.com/wpetit/goweb v0.0.0-20230227162855-a1f09bafccb3 h1:ddXRTeqEr7LcHQEtkd6gogZOh9tI1Y6Gappr0a1oa2I=
-gitlab.com/wpetit/goweb v0.0.0-20230227162855-a1f09bafccb3/go.mod h1:3sus4zjoUv1GB7eDLL60QaPkUnXJCWBpjvbe0jWifeY=
+gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b h1:nkvOl8TCj/mErADnwFFynjxBtC+hHsrESw6rw56JGmg=
+gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b/go.mod h1:3sus4zjoUv1GB7eDLL60QaPkUnXJCWBpjvbe0jWifeY=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
@ -1451,9 +1449,9 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20161013035702-8b4af36cd21a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -1530,8 +1528,9 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180227000427-d7d64896b5ff/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@ -1695,8 +1694,9 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@ -1705,8 +1705,9 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -1720,8 +1721,9 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -1811,9 +1813,9 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
+golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
 golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/internal/agent/controller/app/app_handler.go
+++ b/internal/agent/controller/app/app_handler.go
@ -3,13 +3,11 @@ package app
 import (
 	"bytes"
 	"context"
-	"database/sql"
+	"net"
 	"path/filepath"
-	"sync"
 	"text/template"

 	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
-	appSpec "forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
 	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
 	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/bus"
@ -17,19 +15,32 @@ import (
 	edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
 	"forge.cadoles.com/arcad/edge/pkg/module"
 	appModule "forge.cadoles.com/arcad/edge/pkg/module/app"
-	"forge.cadoles.com/arcad/edge/pkg/module/auth"
 	"forge.cadoles.com/arcad/edge/pkg/module/blob"
 	"forge.cadoles.com/arcad/edge/pkg/module/cast"
 	fetchModule "forge.cadoles.com/arcad/edge/pkg/module/fetch"
-	"forge.cadoles.com/arcad/edge/pkg/module/net"
+	netModule "forge.cadoles.com/arcad/edge/pkg/module/net"
+	shareModule "forge.cadoles.com/arcad/edge/pkg/module/share"
+	shareSqlite "forge.cadoles.com/arcad/edge/pkg/module/share/sqlite"
+	"forge.cadoles.com/arcad/edge/pkg/storage"
 	"forge.cadoles.com/arcad/edge/pkg/storage/sqlite"
 	"github.com/Masterminds/sprig/v3"
-	"github.com/dop251/goja"
+	"github.com/go-chi/chi/v5"
 	"github.com/lestrrat-go/jwx/v2/jwa"
 	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
 )

-const defaultSQLiteParams = "?_pragma=foreign_keys(1)&_pragma=journal_mode(WAL)&_txlock=immediate"
+type Dependencies struct {
+	Bus             bus.Bus
+	DocumentStore   storage.DocumentStore
+	BlobStore       storage.BlobStore
+	KeySet          jwk.Set
+	AppRepository   appModule.Repository
+	AppID           app.ID
+	ShareRepository shareModule.Repository
+}
+
+const defaultSQLiteParams = "?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000"

 func (c *Controller) getHandlerOptions(ctx context.Context, appKey string, specs *spec.Spec) ([]edgeHTTP.HandlerOptionFunc, error) {
 	dataDir, err := c.ensureAppDataDir(ctx, appKey)
@ -43,23 +54,46 @@ func (c *Controller) getHandlerOptions(ctx context.Context, appKey string, specs
 		return nil, errors.Wrapf(err, "could not open database file '%s'", dbFile)
 	}

+	shareDBFile := filepath.Join(dataDir, "shared.sqlite")
+	shareDB, err := sqlite.Open(shareDBFile + defaultSQLiteParams)
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not open database file '%s'", shareDBFile)
+	}
+
 	keySet, err := getAuthKeySet(specs.Config)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not retrieve auth key set")
 	}

-	bundles := make([]string, 0, len(specs.Apps))
-	for appKey, app := range specs.Apps {
-		path := c.getAppBundlePath(appKey, app.Format)
-		bundles = append(bundles, path)
+	mounts := make([]func(r chi.Router), 0)
+
+	authMount, err := getAuthMount(specs.Config.Auth, keySet)
+	if err != nil {
+		return nil, errors.WithStack(err)
 	}

-	bus := memory.NewBus()
-	modules := c.getAppModules(bus, db, specs, keySet)
+	if authMount != nil {
+		mounts = append(mounts, authMount)
+	}
+
+	mounts = append(mounts, appModule.Mount(c.appRepository))
+
+	deps := Dependencies{
+		Bus:             memory.NewBus(),
+		DocumentStore:   sqlite.NewDocumentStoreWithDB(db),
+		BlobStore:       sqlite.NewBlobStoreWithDB(db),
+		KeySet:          keySet,
+		AppRepository:   c.appRepository,
+		AppID:           app.ID(appKey),
+		ShareRepository: shareSqlite.NewRepositoryWithDB(shareDB),
+	}
+
+	modules := c.getAppModules(deps)

 	options := []edgeHTTP.HandlerOptionFunc{
-		edgeHTTP.WithBus(bus),
+		edgeHTTP.WithBus(deps.Bus),
 		edgeHTTP.WithServerModules(modules...),
+		edgeHTTP.WithHTTPMounts(mounts...),
 	}

 	return options, nil
@ -107,86 +141,150 @@ func getAuthKeySet(config *spec.Config) (jwk.Set, error) {
 	return keySet, nil
 }

-func createGetAppURL(specs *spec.Spec) GetURLFunc {
-	var (
-		compileOnce sync.Once
-		urlTemplate *template.Template
-		err         error
-	)
+func createResolveAppURL(specs *spec.Spec) (ResolveAppURLFunc, error) {
+	rawIfaceMappings := make(map[string]string, 0)
+	if specs.Config != nil && specs.Config.AppURLResolving != nil && specs.Config.AppURLResolving.IfaceMappings != nil {
+		rawIfaceMappings = specs.Config.AppURLResolving.IfaceMappings
+	}

-	return func(ctx context.Context, manifest *app.Manifest) (string, error) {
+	ifaceMappings := make(map[string]*template.Template, len(rawIfaceMappings))
+	for iface, rawTemplate := range rawIfaceMappings {
+		tmpl, err := template.New("").Funcs(sprig.TxtFuncMap()).Parse(rawTemplate)
+		if err != nil {
+			return nil, errors.Wrapf(err, "could not parse iface '%s' template", iface)
+		}
+
+		ifaceMappings[iface] = tmpl
+	}
+
+	defaultRawTemplate := `http://{{ .DeviceIP }}:{{ .AppPort }}`
+	if specs.Config != nil && specs.Config.AppURLResolving != nil && specs.Config.AppURLResolving.DefaultURLTemplate != "" {
+		defaultRawTemplate = specs.Config.AppURLResolving.DefaultURLTemplate
+	}
+
+	defaultTemplate, err := template.New("").Funcs(sprig.TxtFuncMap()).Parse(defaultRawTemplate)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return func(ctx context.Context, manifest *app.Manifest, from string) (string, error) {
+		var (
+			urlTemplate *template.Template
+			deviceIP    net.IP
+		)
+
+		fromIP := net.ParseIP(from)
+
+		if fromIP != nil {
+		LOOP:
+			for ifaceName, ifaceTmpl := range ifaceMappings {
+				iface, err := net.InterfaceByName(ifaceName)
+				if err != nil {
+					logger.Error(
+						ctx, "could not find interface",
+						logger.E(errors.WithStack(err)), logger.F("iface", ifaceName),
+					)
+
+					continue
+				}
+
+				addresses, err := iface.Addrs()
+				if err != nil {
+					logger.Error(
+						ctx, "could not list interface addresses",
+						logger.E(errors.WithStack(err)),
+						logger.F("iface", iface.Name),
+					)
+
+					continue
+				}
+
+				for _, addr := range addresses {
+					ifaIP, network, err := net.ParseCIDR(addr.String())
+					if err != nil {
+						logger.Error(
+							ctx, "could not parse interface ip",
+							logger.E(errors.WithStack(err)),
+							logger.F("iface", iface.Name),
+						)
+
+						continue
+					}
+
+					if !network.Contains(fromIP) {
+						continue
+					}
+
+					deviceIP = ifaIP
+					urlTemplate = ifaceTmpl
+
+					break LOOP
+				}
+			}
+		}
+
+		if urlTemplate == nil {
+			urlTemplate = defaultTemplate
+		}
+
+		if deviceIP == nil {
+			deviceIP = net.ParseIP("127.0.0.1")
+		}
+
+		var appEntry *spec.AppEntry
+		for appID, entry := range specs.Apps {
+			if manifest.ID != app.ID(appID) {
+				continue
+			}
+
+			appEntry = &entry
+			break
+		}
+
+		if appEntry == nil {
+			return "", errors.Errorf("could not find app '%s' in specs", manifest.ID)
+		}
+
+		_, port, err := net.SplitHostPort(appEntry.Address)
 		if err != nil {
 			return "", errors.WithStack(err)
 		}

-		var appURLTemplate string
-
-		if specs.Config == nil || specs.Config.AppURLTemplate == "" {
-			appURLTemplate = `http://{{ last ( splitList "." ( toString .Manifest.ID ) ) }}.local`
-		} else {
-			appURLTemplate = specs.Config.AppURLTemplate
-		}
-
-		compileOnce.Do(func() {
-			urlTemplate, err = template.New("").Funcs(sprig.TxtFuncMap()).Parse(appURLTemplate)
-		})
-
-		var buf bytes.Buffer
-
 		data := struct {
 			Manifest *app.Manifest
 			Specs    *spec.Spec
+			DeviceIP string
+			AppPort  string
 		}{
 			Manifest: manifest,
 			Specs:    specs,
+			DeviceIP: deviceIP.String(),
+			AppPort:  port,
 		}

+		var buf bytes.Buffer
+
 		if err := urlTemplate.Execute(&buf, data); err != nil {
 			return "", errors.WithStack(err)
 		}

 		return buf.String(), nil
-	}
+	}, nil
 }

-func (c *Controller) getAppModules(bus bus.Bus, db *sql.DB, spec *appSpec.Spec, keySet jwk.Set) []app.ServerModuleFactory {
-	ds := sqlite.NewDocumentStoreWithDB(db)
-	bs := sqlite.NewBlobStoreWithDB(db)
-
+func (c *Controller) getAppModules(deps Dependencies) []app.ServerModuleFactory {
 	return []app.ServerModuleFactory{
 		module.ContextModuleFactory(),
 		module.ConsoleModuleFactory(),
 		cast.CastModuleFactory(),
 		module.LifecycleModuleFactory(),
-		net.ModuleFactory(bus),
-		module.RPCModuleFactory(bus),
-		module.StoreModuleFactory(ds),
-		blob.ModuleFactory(bus, bs),
-		module.Extends(
-			auth.ModuleFactory(
-				auth.WithJWT(func() (jwk.Set, error) {
-					return keySet, nil
-				}),
-			),
-			func(o *goja.Object) {
-				if err := o.Set("CLAIM_TENANT", "arcad_tenant"); err != nil {
-					panic(errors.New("could not set 'CLAIM_TENANT' property"))
-				}
-
-				if err := o.Set("CLAIM_ENTRYPOINT", "arcad_entrypoint"); err != nil {
-					panic(errors.New("could not set 'CLAIM_ENTRYPOINT' property"))
-				}
-
-				if err := o.Set("CLAIM_ROLE", "arcad_role"); err != nil {
-					panic(errors.New("could not set 'CLAIM_ROLE' property"))
-				}
-
-				if err := o.Set("CLAIM_PREFERRED_USERNAME", "preferred_username"); err != nil {
-					panic(errors.New("could not set 'CLAIM_PREFERRED_USERNAME' property"))
-				}
-			},
-		),
-		appModule.ModuleFactory(c.appRepository),
-		fetchModule.ModuleFactory(bus),
+		netModule.ModuleFactory(deps.Bus),
+		module.RPCModuleFactory(deps.Bus),
+		module.StoreModuleFactory(deps.DocumentStore),
+		blob.ModuleFactory(deps.Bus, deps.BlobStore),
+		authModuleFactory(deps.KeySet),
+		appModule.ModuleFactory(deps.AppRepository),
+		fetchModule.ModuleFactory(deps.Bus),
+		shareModule.ModuleFactory(deps.AppID, deps.ShareRepository),
 	}
 }
--- a/internal/agent/controller/app/app_handler_test.go
+++ b/internal/agent/controller/app/app_handler_test.go
@ -0,0 +1,73 @@
+package app
+
+import (
+	"context"
+	"testing"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"github.com/pkg/errors"
+)
+
+func TestCreateResolveAppURL(t *testing.T) {
+	specs := &spec.Spec{
+		Apps: map[string]spec.AppEntry{
+			"app.arcad.test": {
+				Address: ":8080",
+			},
+			"app.arcad.foo": {
+				Address: ":8081",
+			},
+			"app.arcad.bar": {
+				Address: ":8082",
+			},
+		},
+		Config: &spec.Config{
+			AppURLResolving: &spec.AppURLResolving{
+				IfaceMappings: map[string]string{
+					"lo":              "http://{{ .DeviceIP }}:{{ .AppPort }}",
+					"does-not-exists": "http://{{ .DeviceIP }}:{{ .AppPort }}",
+				},
+				DefaultURLTemplate: `http://{{ last ( splitList "." ( toString .Manifest.ID ) ) }}.arcad.local`,
+			},
+		},
+	}
+
+	resolveAppURL, err := createResolveAppURL(specs)
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	manifest := &app.Manifest{
+		ID: "app.arcad.test",
+	}
+
+	ctx := context.Background()
+
+	url, err := resolveAppURL(ctx, manifest, "127.0.0.2")
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	if e, g := "http://127.0.0.1:8080", url; e != g {
+		t.Errorf("url: expected '%s', got '%s", e, g)
+	}
+
+	url, err = resolveAppURL(ctx, manifest, "")
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	if e, g := "http://test.arcad.local", url; e != g {
+		t.Errorf("url: expected '%s', got '%s", e, g)
+	}
+
+	url, err = resolveAppURL(ctx, manifest, "192.168.0.100")
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	if e, g := "http://test.arcad.local", url; e != g {
+		t.Errorf("url: expected '%s', got '%s", e, g)
+	}
+}
--- a/internal/agent/controller/app/app_repository.go
+++ b/internal/agent/controller/app/app_repository.go
@ -2,6 +2,7 @@ package app

 import (
 	"context"
+	"sort"
 	"sync"

 	"forge.cadoles.com/arcad/edge/pkg/app"
@ -11,12 +12,12 @@ import (
 	"gitlab.com/wpetit/goweb/logger"
 )

-type GetURLFunc func(context.Context, *app.Manifest) (string, error)
+type ResolveAppURLFunc func(context.Context, *app.Manifest, string) (string, error)

 type AppRepository struct {
-	getURL  GetURLFunc
-	bundles []string
-	mutex   sync.RWMutex
+	resolveAppURL ResolveAppURLFunc
+	bundles       []string
+	mutex         sync.RWMutex
 }

 // Get implements app.Repository
@ -33,7 +34,7 @@ func (r *AppRepository) Get(ctx context.Context, id app.ID) (*app.Manifest, erro
 }

 // GetURL implements app.Repository
-func (r *AppRepository) GetURL(ctx context.Context, id app.ID) (string, error) {
+func (r *AppRepository) GetURL(ctx context.Context, id app.ID, from string) (string, error) {
 	r.mutex.RLock()
 	defer r.mutex.RUnlock()

@ -42,7 +43,7 @@ func (r *AppRepository) GetURL(ctx context.Context, id app.ID) (string, error) {
 		return "", errors.WithStack(err)
 	}

-	url, err := r.getURL(ctx, manifest)
+	url, err := r.resolveAppURL(ctx, manifest, from)
 	if err != nil {
 		return "", errors.WithStack(err)
 	}
@ -77,14 +78,16 @@ func (r *AppRepository) List(ctx context.Context) ([]*app.Manifest, error) {
 		manifests = append(manifests, manifest)
 	}

+	sort.Sort(ByID(manifests))
+
 	return manifests, nil
 }

-func (r *AppRepository) Update(getURL GetURLFunc, bundles []string) {
+func (r *AppRepository) Update(resolveAppURL ResolveAppURLFunc, bundles []string) {
 	r.mutex.Lock()
 	defer r.mutex.Unlock()

-	r.getURL = getURL
+	r.resolveAppURL = resolveAppURL
 	r.bundles = bundles
 }

@ -118,7 +121,7 @@ func (r *AppRepository) findManifest(ctx context.Context, id app.ID) (*app.Manif

 func NewAppRepository() *AppRepository {
 	return &AppRepository{
-		getURL: func(ctx context.Context, m *app.Manifest) (string, error) {
+		resolveAppURL: func(ctx context.Context, m *app.Manifest, from string) (string, error) {
 			return "", errors.New("unavailable")
 		},
 		bundles: []string{},
@ -126,3 +129,9 @@ func NewAppRepository() *AppRepository {
 }

 var _ appModule.Repository = &AppRepository{}
+
+type ByID []*app.Manifest
+
+func (a ByID) Len() int           { return len(a) }
+func (a ByID) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a ByID) Less(i, j int) bool { return a[i].ID > a[j].ID }
--- a/internal/agent/controller/app/auth_module.go
+++ b/internal/agent/controller/app/auth_module.go
@ -0,0 +1,93 @@
+package app
+
+import (
+	"time"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
+	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/module"
+	"forge.cadoles.com/arcad/edge/pkg/module/auth"
+	authModule "forge.cadoles.com/arcad/edge/pkg/module/auth"
+	authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
+	"github.com/dop251/goja"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/pkg/errors"
+)
+
+const (
+	RoleVisitor    string = "visitor"
+	RoleUser       string = "user"
+	RoleSuperuser  string = "superuser"
+	RoleAdmin      string = "admin"
+	RoleSuperadmin string = "superadmin"
+)
+
+func authModuleFactory(keySet jwk.Set) app.ServerModuleFactory {
+	return module.Extends(
+		authModule.ModuleFactory(
+			authModule.WithJWT(func() (jwk.Set, error) {
+				return keySet, nil
+			}),
+		),
+		func(o *goja.Object) {
+			if err := o.Set("ROLE_VISITOR", RoleVisitor); err != nil {
+				panic(errors.New("could not set 'ROLE_VISITOR' property"))
+			}
+
+			if err := o.Set("ROLE_USER", RoleUser); err != nil {
+				panic(errors.New("could not set 'ROLE_USER' property"))
+			}
+
+			if err := o.Set("ROLE_SUPERUSER", RoleSuperuser); err != nil {
+				panic(errors.New("could not set 'ROLE_SUPERUSER' property"))
+			}
+
+			if err := o.Set("ROLE_ADMIN", RoleAdmin); err != nil {
+				panic(errors.New("could not set 'ROLE_ADMIN' property"))
+			}
+
+			if err := o.Set("ROLE_SUPERADMIN", RoleSuperadmin); err != nil {
+				panic(errors.New("could not set 'ROLE_SUPERADMIN' property"))
+			}
+		},
+	)
+}
+
+func getAuthMount(auth *spec.Auth, keySet jwk.Set) (auth.MountFunc, error) {
+	switch {
+	case auth.Local != nil:
+		var rawKey any = auth.Local.Key
+		if strKey, ok := rawKey.(string); ok {
+			rawKey = []byte(strKey)
+		}
+
+		key, err := jwk.FromRaw(rawKey)
+		if err != nil {
+			return nil, errors.WithStack(err)
+		}
+
+		cookieDuration := defaultCookieDuration
+		if auth.Local.CookieDuration != "" {
+			cookieDuration, err = time.ParseDuration(auth.Local.CookieDuration)
+			if err != nil {
+				return nil, errors.WithStack(err)
+			}
+		}
+
+		return authModule.Mount(
+			authHTTP.NewLocalHandler(
+				jwa.HS256, key,
+				authHTTP.WithRoutePrefix("/auth"),
+				authHTTP.WithAccounts(auth.Local.Accounts...),
+				authHTTP.WithCookieOptions(getCookieDomain, cookieDuration),
+			),
+			authModule.WithJWT(func() (jwk.Set, error) {
+				return keySet, nil
+			}),
+		), nil
+
+	default:
+		return nil, nil
+	}
+}
--- a/internal/agent/controller/app/controller.go
+++ b/internal/agent/controller/app/controller.go
@ -9,6 +9,7 @@ import (

 	"forge.cadoles.com/Cadoles/emissary/internal/agent"
 	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
+	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/bundle"
 	"github.com/mitchellh/hashstructure/v2"
 	"github.com/pkg/errors"
@ -96,7 +97,14 @@ func (c *Controller) updateApps(ctx context.Context, specs *spec.Spec) {
 		}
 	}

-	c.updateAppRepository(ctx, specs)
+	if err := c.updateAppRepository(ctx, specs); err != nil {
+		logger.Error(
+			ctx, "could not update app repository",
+			logger.E(errors.WithStack(err)),
+		)
+
+		return
+	}

 	// (Re)start apps if necessary
 	for appKey := range specs.Apps {
@ -109,32 +117,32 @@ func (c *Controller) updateApps(ctx context.Context, specs *spec.Spec) {
 	}
 }

-func (c *Controller) updateAppRepository(ctx context.Context, specs *spec.Spec) {
+func (c *Controller) updateAppRepository(ctx context.Context, specs *spec.Spec) error {
 	bundles := make([]string, 0, len(specs.Apps))
 	for appKey, app := range specs.Apps {
 		path := c.getAppBundlePath(appKey, app.Format)
 		bundles = append(bundles, path)
 	}

-	getURL := createGetAppURL(specs)
+	resolveAppURL, err := createResolveAppURL(specs)
+	if err != nil {
+		return errors.WithStack(err)
+	}

-	c.appRepository.Update(getURL, bundles)
+	c.appRepository.Update(resolveAppURL, bundles)
+
+	return nil
 }

 func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey string) (err error) {
 	appEntry := specs.Apps[appKey]

-	var auth *spec.Auth
-	if specs.Config != nil {
-		auth = specs.Config.Auth
-	}
-
 	appDef := struct {
-		App  spec.AppEntry
-		Auth *spec.Auth
+		App    spec.AppEntry
+		Config *spec.Config
 	}{
-		App:  appEntry,
-		Auth: auth,
+		App:    appEntry,
+		Config: specs.Config,
 	}

 	newAppDefHash, err := hashstructure.Hash(appDef, hashstructure.FormatV2, nil)
@ -164,27 +172,30 @@ func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey str
 		server = nil
 	}

-	if server == nil {
+	newServerEntry := func() (*serverEntry, error) {
 		options, err := c.getHandlerOptions(ctx, appKey, specs)
 		if err != nil {
-			return errors.Wrap(err, "could not create handler options")
-		}
-
-		var auth *spec.Auth
-		if specs.Config != nil {
-			auth = specs.Config.Auth
+			return nil, errors.Wrap(err, "could not create handler options")
 		}

 		server = &serverEntry{
-			Server:     NewServer(bundle, auth, options...),
+			Server:     NewServer(bundle, specs.Config, options...),
 			AppDefHash: 0,
 		}

-		c.servers[appKey] = server
+		return server, nil
+	}
+
+	if server == nil {
+		serverEntry, err := newServerEntry()
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		c.servers[appKey] = serverEntry
 	}

 	defChanged := newAppDefHash != server.AppDefHash
-
 	if server.Server.Running() && !defChanged {
 		return nil
 	}
@ -194,6 +205,17 @@ func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey str
 			ctx, "restarting app",
 			logger.F("address", appEntry.Address),
 		)
+
+		if err := server.Server.Stop(); err != nil {
+			return errors.WithStack(err)
+		}
+
+		serverEntry, err := newServerEntry()
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		c.servers[appKey] = serverEntry
 	} else {
 		logger.Info(
 			ctx, "starting app",
@ -255,7 +277,21 @@ func (c *Controller) ensureAppBundle(ctx context.Context, appID string, spec spe
 		return nil, "", errors.WithStack(err)
 	}

-	return bdle, "", nil
+	manifest, err := app.LoadManifest(bdle)
+	if err != nil {
+		return nil, "", errors.WithStack(err)
+	}
+
+	valid, err := validateManifest(manifest)
+	if err != nil {
+		return nil, "", errors.WithStack(err)
+	}
+
+	if !valid {
+		return nil, "", errors.New("bundle's manifest is invalid")
+	}
+
+	return bdle, spec.SHA256Sum, nil
 }

 func (c *Controller) downloadFile(url string, sha256sum string, dest string) error {
--- a/internal/agent/controller/app/manifest.go
+++ b/internal/agent/controller/app/manifest.go
@ -0,0 +1,19 @@
+package app
+
+import (
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/app/metadata"
+	"github.com/pkg/errors"
+)
+
+func validateManifest(manifest *app.Manifest) (bool, error) {
+	valid, err := manifest.Validate(
+		metadata.WithMinimumRoleValidator(RoleVisitor, RoleUser, RoleSuperuser, RoleAdmin, RoleSuperadmin),
+		metadata.WithNamedPathsValidator(metadata.NamedPathAdmin, metadata.NamedPathIcon),
+	)
+	if err != nil {
+		return false, errors.WithStack(err)
+	}
+
+	return valid, nil
+}
--- a/internal/agent/controller/app/server.go
+++ b/internal/agent/controller/app/server.go
@ -2,6 +2,7 @@ package app

 import (
 	"context"
+	"net"
 	"net/http"
 	"strings"
 	"sync"
@ -11,14 +12,11 @@ import (
 	appSpec "forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
 	"forge.cadoles.com/Cadoles/emissary/internal/proxy/wildcard"
 	edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
-	authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
 	"gitlab.com/wpetit/goweb/logger"

 	"forge.cadoles.com/arcad/edge/pkg/bundle"
 	"github.com/go-chi/chi/middleware"
 	"github.com/go-chi/chi/v5"
-	"github.com/lestrrat-go/jwx/v2/jwa"
-	"github.com/lestrrat-go/jwx/v2/jwk"
 	"github.com/pkg/errors"

 	_ "forge.cadoles.com/Cadoles/emissary/internal/imports/passwd"
@ -31,7 +29,7 @@ type Server struct {
 	handlerOptions []edgeHTTP.HandlerOptionFunc
 	server         *http.Server
 	serverMutex    sync.RWMutex
-	auth           *appSpec.Auth
+	config         *appSpec.Config
 }

 func (s *Server) Start(ctx context.Context, addr string) (err error) {
@ -46,15 +44,22 @@ func (s *Server) Start(ctx context.Context, addr string) (err error) {

 	router := chi.NewRouter()

+	router.Use(middleware.RealIP)
 	router.Use(middleware.Logger)
+	router.Use(middleware.Compress(5))

 	handler := edgeHTTP.NewHandler(s.handlerOptions...)
 	if err := handler.Load(s.bundle); err != nil {
 		return errors.Wrap(err, "could not load app bundle")
 	}

-	if err := s.configureAuth(router, s.auth); err != nil {
-		return errors.WithStack(err)
+	if s.config != nil {
+		if s.config.UnexpectedHostRedirect != nil {
+			router.Use(unexpectedHostRedirect(
+				s.config.UnexpectedHostRedirect.HostTarget,
+				s.config.UnexpectedHostRedirect.AcceptedHostPatterns...,
+			))
+		}
 	}

 	router.Handle("/*", handler)
@ -123,72 +128,54 @@ func (s *Server) Stop() error {
 	return nil
 }

-func (s *Server) configureAuth(router chi.Router, auth *spec.Auth) error {
-	if auth == nil {
-		return nil
-	}
-
-	switch {
-	case auth.Local != nil:
-		var rawKey any = s.auth.Local.Key
-		if strKey, ok := rawKey.(string); ok {
-			rawKey = []byte(strKey)
-		}
-
-		key, err := jwk.FromRaw(rawKey)
-		if err != nil {
-			return errors.WithStack(err)
-		}
-
-		cookieDuration := defaultCookieDuration
-		if s.auth.Local.CookieDuration != "" {
-			cookieDuration, err = time.ParseDuration(s.auth.Local.CookieDuration)
-			if err != nil {
-				return errors.WithStack(err)
-			}
-		}
-
-		if s.auth.Local.CookieDomain != "" {
-			router.Use(invalidCookieDomainRedirect(s.auth.Local.CookieDomain))
-		}
-
-		router.Handle("/auth/*", authHTTP.NewLocalHandler(
-			jwa.HS256, key,
-			authHTTP.WithRoutePrefix("/auth"),
-			authHTTP.WithAccounts(s.auth.Local.Accounts...),
-			authHTTP.WithCookieOptions(s.auth.Local.CookieDomain, cookieDuration),
-		))
-	}
-
-	return nil
-}
-
-func NewServer(bundle bundle.Bundle, auth *appSpec.Auth, handlerOptions ...edgeHTTP.HandlerOptionFunc) *Server {
+func NewServer(bundle bundle.Bundle, config *spec.Config, handlerOptions ...edgeHTTP.HandlerOptionFunc) *Server {
 	return &Server{
 		bundle:         bundle,
-		auth:           auth,
+		config:         config,
 		handlerOptions: handlerOptions,
 	}
 }

-func invalidCookieDomainRedirect(cookieDomain string) func(http.Handler) http.Handler {
-	domain := strings.TrimPrefix(cookieDomain, ".")
-	hostPattern := "*" + domain
+func getCookieDomain(r *http.Request) (string, error) {
+	host, _, err := net.SplitHostPort(r.Host)
+	if err != nil {
+		host = r.Host
+	}

+	// If host is an IP address
+	if ip := net.ParseIP(host); ip != nil {
+		return "", nil
+	}
+
+	// If host is an domain, return top level domain
+	domainParts := strings.Split(host, ".")
+	if len(domainParts) >= 2 {
+		topLevelDomain := strings.Join(domainParts[len(domainParts)-2:], ".")
+		return topLevelDomain, nil
+	}
+
+	// By default, return host
+	return host, nil
+}
+
+func unexpectedHostRedirect(hostTarget string, acceptedHostPatterns ...string) func(http.Handler) http.Handler {
 	return func(h http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
-			hostParts := strings.SplitN(r.Host, ":", 2)
+			host, port, err := net.SplitHostPort(r.Host)
+			if err != nil {
+				host = r.Host
+			}

-			if !wildcard.Match(hostParts[0], hostPattern) {
+			matched := wildcard.MatchAny(host, acceptedHostPatterns...)
+
+			if !matched {
 				url := r.URL

-				newHost := domain
-				if len(hostParts) > 1 {
-					newHost += ":" + hostParts[1]
+				url.Host = hostTarget
+				if port != "" {
+					url.Host += ":" + port
 				}

-				url.Host = newHost
-
 				http.Redirect(w, r, url.String(), http.StatusTemporaryRedirect)

 				return
--- a/internal/agent/controller/app/spec/schema.json
+++ b/internal/agent/controller/app/spec/schema.json
@ -38,57 +38,94 @@
                }
            }
        },
-        "auth": {
+        "config": {
            "type": "object",
            "properties": {
-                "local": {
+                "appUrlResolving": {
                    "type": "object",
                    "properties": {
-                        "key": {
-                            "type": ["object", "string"]
-                        },
-                        "accounts": {
-                            "type": "array",
-                            "items": {
-                                "type": "object",
-                                "properties": {
-                                    "username": {
-                                        "type": "string"
-                                    },
-                                    "password": {
-                                        "type": "string"
-                                    },
-                                    "algo": {
-                                        "type": "string"
-                                    },
-                                    "claims": {
-                                        "type": "object"
-                                    }
-                                },
-                                "required": [
-                                    "username",
-                                    "password",
-                                    "algo"
-                                ]
+                        "ifaceMappings": {
+                            "type": "object",
+                            "patternProperties": {
+                                ".*": {
+                                    "type": "string"
+                                }
                            }
                        },
-                        "cookieDomain": {
-                            "type": "string"
-                        },
-                        "cookieDuration": {
+                        "defaultUrlTemplate": {
                            "type": "string"
                        }
                    },
-                    "required": [
-                        "key"
-                    ]
+                    "required": ["defaultUrlTemplate"],
+                    "additionalProperties": false
+                },
+                "unexpectedHostRedirect": {
+                    "type": "object",
+                    "properties": {
+                        "acceptedHostPatterns": {
+                            "type": "array",
+                            "items": {
+                                "type": "string"
+                            }
+                        },
+                        "hostTarget": {
+                            "type": "string"
+                        }
+                    },
+                    "required": ["acceptedHostPatterns", "hostTarget"],
+                    "additionalProperties": false
+                },
+                "auth": {
+                    "type": "object",
+                    "properties": {
+                        "local": {
+                            "type": "object",
+                            "properties": {
+                                "key": {
+                                    "type": ["object", "string"]
+                                },
+                                "accounts": {
+                                    "type": "array",
+                                    "items": {
+                                        "type": "object",
+                                        "properties": {
+                                            "username": {
+                                                "type": "string"
+                                            },
+                                            "password": {
+                                                "type": "string"
+                                            },
+                                            "algo": {
+                                                "type": "string"
+                                            },
+                                            "claims": {
+                                                "type": "object"
+                                            }
+                                        },
+                                        "required": [
+                                            "username",
+                                            "password",
+                                            "algo"
+                                        ]
+                                    }
+                                },
+                                "cookieDomain": {
+                                    "type": "string"
+                                },
+                                "cookieDuration": {
+                                    "type": "string"
+                                }
+                            },
+                            "required": [
+                                "key"
+                            ],
+                            "additionalProperties": false
+                        }
+                    },
+                    "additionalProperties": false
                }
-            }
-        },
-        "config": {
-            "appUrlTemplate": {
-                "type": "string"
-            }
+            },
+            "additionalProperties": false
        }
    },
    "required": [
--- a/internal/agent/controller/app/spec/spec.go
+++ b/internal/agent/controller/app/spec/spec.go
@ -32,8 +32,19 @@ type LocalAuth struct {
 }

 type Config struct {
-	Auth           *Auth  `json:"auth"`
-	AppURLTemplate string `json:"appUrlTemplate"`
+	Auth                   *Auth                   `json:"auth"`
+	UnexpectedHostRedirect *UnexpectedHostRedirect `json:"unexpectedHostRedirect"`
+	AppURLResolving        *AppURLResolving        `json:"appUrlResolving"`
+}
+
+type UnexpectedHostRedirect struct {
+	AcceptedHostPatterns []string `json:"acceptedHostPatterns"`
+	HostTarget           string   `json:"hostTarget"`
+}
+
+type AppURLResolving struct {
+	IfaceMappings      map[string]string `json:"ifaceMappings"`
+	DefaultURLTemplate string            `json:"defaultUrlTemplate"`
 }

 func (s *Spec) SpecName() spec.Name {
--- a/internal/agent/controller/app/spec/testdata/spec-ok.json
+++ b/internal/agent/controller/app/spec/testdata/spec-ok.json
@ -9,32 +9,44 @@
        "format": "zip"
      }
    },
-    "auth": {
-      "local": {
-        "key": {
-          "d": "YOre0WZefGfUGFvDg42oL5Oad5Zsb1N_hqPyLVM5ajpTZzcHpB3wT6In9tFO_VshB6lxVtPA9ckPkpMTFY7ygt1Yomc1HkoOKRtmIaqdr4VgNQifU-4yiLiJkSbdYSeMV-KkkN8mGR1keJpJeS34W1X0W6CkU2nw7F5VueBCJfWJA0funRfuWdI68MTUgT9kRZFp-SfvptvRL6jVYHV_5hqxzHCvgEdBSF6QKwx4M6P6QBMt7ft6uMLmFx9abKFw2V51hX3PkxiSepVB3w5CYg4HtS3AHX6bILL4m0R2pdTIkap7i3tkH_xAOuKWt8D6JhadI8X1rEAwXmCS5KrRgQ",
-          "dp": "U0HfvBC6hk-SCpuotGIv3vbHCVt1aF3SHK0y32EYCOe8e_9G6YCEILfcvEJ5fiOCc2kvx6TasHQu4qj1uWRKenZlK1sJ6KDybGCkZL1D3jYnbeLZYBuWBL__YbZiST3ewbxzj_EDMWiZ8sUltahza_1weSgg8auSzTHS2LJBHIE",
-          "dq": "hVom4ScDxgqhCsQNVpZlN7M3v0tgWjl_gTOHjOyzKCHQJeC0QmJJaMKkQZPWJ8jjLqy7VwVpqC2nZU7QDuX1Cq5eJDQcXi9XtaAfIBico9WcYDre6mDyhL588YHpekyRke8HnZ810iesr0G3gU1h0QvZVVuW-pXTJOXhZTt6nFc",
-          "e": "AQAB",
-          "kty": "RSA",
-          "n": "vPnpkE3-HfNgJSru_K40LstkjiG2Bq_Tt-m0d_yUBBSbirFxF3qH4EXi7WrtZdeDahg2iV2BvpbVVj9GlmGo9OLol6jc7AP2yvZrkbABiiJhCbuPdkYbNpx6B7Itl8RT_bUSYAMZhmux5lpsn4weQ01fzjICi1rA-bIJpOfotdOjP4_lol-LxGZOGJQv9kndP8bgmssJb3Y_2s4gPtkmXySLrhpr5So-_6dVksyuBD9aLcnsMLDbywusjEMCdhqzQbvOjryomnmEXwyz_Ewb5HFK2PfgFtoHkdjqDz-mrEs3tw5g4TdYhCftzJxgbyNAEq4aEiOQrAncYyrXlotP_w",
-          "p": "8TNMF0WUe7CEeNVUTsuEcBAAXRguNtpvVifIjlwzFRGOYVGIpKuHsqQPKlZL07I9gPr9LifQnyQus3oEmTOrVs6LB9sfbukbg43ZRKoGVM40JYF5Xjs7R3mEZhgU0WaYOVe3iLtBGMfXNWFwlbfQP-zEb-dPCBX1jWT3LdgNBcE",
-          "q": "yJJLNc9w6O4y2icME8k99FugV9E7ObwUxF3v5JN3y1cmAT0h2njyE3iAGqaDZwcY1_jGCisjwoqX6i5E8xqhxX3Gcy3J7SmUAf8fhY8wU3zv9DK7skg2IdvanDb8Y1OM6GchbYZAOVPEg2IvVio8zI-Ih3DDwDk8Df0ufzoHRb8",
-          "qi": "zOE-4R3cjPesm3MX-4PdwmsaF9QZLUVRUvvHJ08pKs6kAXP18hzjctAoOjhQDxlTYqNYNePfKzKwost3OJoPgRIc9w9qwUCK1gNOS4Z_xozCIaXgMddNFhkoAfZ4JaKjNCiinzjGfqG99Lf-yzmmREuuhRv7SdS3ST4VQjiJQew"
-        },
-        "accounts": [
-          {
-            "username": "foo",
-            "algo": "plain",
-            "password": "bar",
-            "claims": {
-              "arcad_role": "user",
-              "arcad_tenant": "dev.cli",
-              "preferred_username": "Foo",
-              "sub": "foo"
+    "config": {
+      "auth": {
+        "local": {
+          "key": {
+            "d": "YOre0WZefGfUGFvDg42oL5Oad5Zsb1N_hqPyLVM5ajpTZzcHpB3wT6In9tFO_VshB6lxVtPA9ckPkpMTFY7ygt1Yomc1HkoOKRtmIaqdr4VgNQifU-4yiLiJkSbdYSeMV-KkkN8mGR1keJpJeS34W1X0W6CkU2nw7F5VueBCJfWJA0funRfuWdI68MTUgT9kRZFp-SfvptvRL6jVYHV_5hqxzHCvgEdBSF6QKwx4M6P6QBMt7ft6uMLmFx9abKFw2V51hX3PkxiSepVB3w5CYg4HtS3AHX6bILL4m0R2pdTIkap7i3tkH_xAOuKWt8D6JhadI8X1rEAwXmCS5KrRgQ",
+            "dp": "U0HfvBC6hk-SCpuotGIv3vbHCVt1aF3SHK0y32EYCOe8e_9G6YCEILfcvEJ5fiOCc2kvx6TasHQu4qj1uWRKenZlK1sJ6KDybGCkZL1D3jYnbeLZYBuWBL__YbZiST3ewbxzj_EDMWiZ8sUltahza_1weSgg8auSzTHS2LJBHIE",
+            "dq": "hVom4ScDxgqhCsQNVpZlN7M3v0tgWjl_gTOHjOyzKCHQJeC0QmJJaMKkQZPWJ8jjLqy7VwVpqC2nZU7QDuX1Cq5eJDQcXi9XtaAfIBico9WcYDre6mDyhL588YHpekyRke8HnZ810iesr0G3gU1h0QvZVVuW-pXTJOXhZTt6nFc",
+            "e": "AQAB",
+            "kty": "RSA",
+            "n": "vPnpkE3-HfNgJSru_K40LstkjiG2Bq_Tt-m0d_yUBBSbirFxF3qH4EXi7WrtZdeDahg2iV2BvpbVVj9GlmGo9OLol6jc7AP2yvZrkbABiiJhCbuPdkYbNpx6B7Itl8RT_bUSYAMZhmux5lpsn4weQ01fzjICi1rA-bIJpOfotdOjP4_lol-LxGZOGJQv9kndP8bgmssJb3Y_2s4gPtkmXySLrhpr5So-_6dVksyuBD9aLcnsMLDbywusjEMCdhqzQbvOjryomnmEXwyz_Ewb5HFK2PfgFtoHkdjqDz-mrEs3tw5g4TdYhCftzJxgbyNAEq4aEiOQrAncYyrXlotP_w",
+            "p": "8TNMF0WUe7CEeNVUTsuEcBAAXRguNtpvVifIjlwzFRGOYVGIpKuHsqQPKlZL07I9gPr9LifQnyQus3oEmTOrVs6LB9sfbukbg43ZRKoGVM40JYF5Xjs7R3mEZhgU0WaYOVe3iLtBGMfXNWFwlbfQP-zEb-dPCBX1jWT3LdgNBcE",
+            "q": "yJJLNc9w6O4y2icME8k99FugV9E7ObwUxF3v5JN3y1cmAT0h2njyE3iAGqaDZwcY1_jGCisjwoqX6i5E8xqhxX3Gcy3J7SmUAf8fhY8wU3zv9DK7skg2IdvanDb8Y1OM6GchbYZAOVPEg2IvVio8zI-Ih3DDwDk8Df0ufzoHRb8",
+            "qi": "zOE-4R3cjPesm3MX-4PdwmsaF9QZLUVRUvvHJ08pKs6kAXP18hzjctAoOjhQDxlTYqNYNePfKzKwost3OJoPgRIc9w9qwUCK1gNOS4Z_xozCIaXgMddNFhkoAfZ4JaKjNCiinzjGfqG99Lf-yzmmREuuhRv7SdS3ST4VQjiJQew"
+          },
+          "accounts": [
+            {
+              "username": "foo",
+              "algo": "plain",
+              "password": "bar",
+              "claims": {
+                "arcad_role": "user",
+                "arcad_tenant": "dev.cli",
+                "preferred_username": "Foo",
+                "sub": "foo"
+              }
            }
-          }
-        ]
+          ]
+        }
+      },
+      "unexpectedHostRedirect": {
+        "acceptedHostPatterns": ["arcad.local", "*.arcad.local", "arcad-*.local", "*.*.*.*"],
+        "hostTarget": "arcad.local"
+      },
+      "appUrlResolving": {
+        "ifaceMappings": {
+          "eth0": "http://{{ .DeviceIP }}:{{ .AppHost }}"
+        },
+        "defaultUrlTemplate": "http://{{ last ( splitList \".\" ( toString .Manifest.ID ) ) }}.arcad.local"
      }
    }
  },
--- a/internal/config/database.go
+++ b/internal/config/database.go
@ -15,6 +15,6 @@ type DatabaseConfig struct {
 func NewDefaultDatabaseConfig() DatabaseConfig {
 	return DatabaseConfig{
 		Driver: "sqlite",
-		DSN:    "sqlite://emissary.sqlite?_pragma=foreign_keys(1)&_pragma=journal_mode(WAL)&_txlock=immediate",
+		DSN:    "sqlite://emissary.sqlite?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000",
 	}
 }
--- a/internal/datastore/sqlite/agent_repository.go
+++ b/internal/datastore/sqlite/agent_repository.go
@ -20,9 +20,24 @@ type AgentRepository struct {

 // DeleteSpec implements datastore.AgentRepository.
 func (r *AgentRepository) DeleteSpec(ctx context.Context, agentID datastore.AgentID, name string) error {
-	query := `DELETE FROM specs WHERE agent_id = $1 AND name = $2`
+	err := r.withTx(ctx, func(tx *sql.Tx) error {
+		exists, err := r.agentExists(ctx, tx, agentID)
+		if err != nil {
+			return errors.WithStack(err)
+		}

-	_, err := r.db.ExecContext(ctx, query, agentID, name)
+		if !exists {
+			return errors.WithStack(datastore.ErrNotFound)
+		}
+
+		query := `DELETE FROM specs WHERE agent_id = $1 AND name = $2`
+
+		if _, err = tx.ExecContext(ctx, query, agentID, name); err != nil {
+			return errors.WithStack(err)
+		}
+
+		return nil
+	})
 	if err != nil {
 		return errors.WithStack(err)
 	}
@ -34,41 +49,57 @@ func (r *AgentRepository) DeleteSpec(ctx context.Context, agentID datastore.Agen
 func (r *AgentRepository) GetSpecs(ctx context.Context, agentID datastore.AgentID) ([]*datastore.Spec, error) {
 	specs := make([]*datastore.Spec, 0)

-	query := `
+	err := r.withTx(ctx, func(tx *sql.Tx) error {
+		exists, err := r.agentExists(ctx, tx, agentID)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		if !exists {
+			return errors.WithStack(datastore.ErrNotFound)
+		}
+
+		query := `
 		SELECT id, name, revision, data, created_at, updated_at
 		FROM specs
 		WHERE agent_id = $1
-	`
+		`

-	rows, err := r.db.QueryContext(ctx, query, agentID)
+		rows, err := tx.QueryContext(ctx, query, agentID)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		defer func() {
+			if err := rows.Close(); err != nil {
+				logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
+			}
+		}()
+
+		for rows.Next() {
+			spec := &datastore.Spec{}
+
+			data := JSONMap{}
+
+			if err := rows.Scan(&spec.ID, &spec.Name, &spec.Revision, &data, &spec.CreatedAt, &spec.UpdatedAt); err != nil {
+				return errors.WithStack(err)
+			}
+
+			spec.Data = data
+
+			specs = append(specs, spec)
+		}
+
+		if err := rows.Err(); err != nil {
+			return errors.WithStack(err)
+		}
+
+		return nil
+	})
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}

-	defer func() {
-		if err := rows.Close(); err != nil {
-			logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
-		}
-	}()
-
-	for rows.Next() {
-		spec := &datastore.Spec{}
-
-		data := JSONMap{}
-
-		if err := rows.Scan(&spec.ID, &spec.Name, &spec.Revision, &data, &spec.CreatedAt, &spec.UpdatedAt); err != nil {
-			return nil, errors.WithStack(err)
-		}
-
-		spec.Data = data
-
-		specs = append(specs, spec)
-	}
-
-	if err := rows.Err(); err != nil {
-		return nil, errors.WithStack(err)
-	}
-
 	return specs, nil
 }

@ -77,6 +108,15 @@ func (r *AgentRepository) UpdateSpec(ctx context.Context, agentID datastore.Agen
 	spec := &datastore.Spec{}

 	err := r.withTx(ctx, func(tx *sql.Tx) error {
+		exists, err := r.agentExists(ctx, tx, agentID)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		if !exists {
+			return errors.WithStack(datastore.ErrNotFound)
+		}
+
 		now := time.Now().UTC()

 		query := `
@ -96,7 +136,7 @@ func (r *AgentRepository) UpdateSpec(ctx context.Context, agentID datastore.Agen

 		data := JSONMap{}

-		err := row.Scan(&spec.ID, &spec.Name, &spec.Revision, &data, &spec.CreatedAt, &spec.UpdatedAt)
+		err = row.Scan(&spec.ID, &spec.Name, &spec.Revision, &data, &spec.CreatedAt, &spec.UpdatedAt)
 		if err != nil {
 			if errors.Is(err, sql.ErrNoRows) {
 				return errors.WithStack(datastore.ErrUnexpectedRevision)
@ -472,8 +512,28 @@ func (r *AgentRepository) Update(ctx context.Context, id datastore.AgentID, opts
 	return agent, nil
 }

+func (r *AgentRepository) agentExists(ctx context.Context, tx *sql.Tx, agentID datastore.AgentID) (bool, error) {
+	row := tx.QueryRowContext(ctx, `SELECT count(id) FROM agents WHERE id = $1`, agentID)
+
+	var count int
+
+	if err := row.Scan(&count); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return false, errors.WithStack(datastore.ErrNotFound)
+		}
+
+		return false, errors.WithStack(err)
+	}
+
+	if count == 0 {
+		return false, errors.WithStack(datastore.ErrNotFound)
+	}
+
+	return true, nil
+}
+
 func (r *AgentRepository) withTx(ctx context.Context, fn func(*sql.Tx) error) error {
-	tx, err := r.db.Begin()
+	tx, err := r.db.BeginTx(ctx, nil)
 	if err != nil {
 		return errors.WithStack(err)
 	}
--- a/internal/datastore/sqlite/agent_repository_test.go
+++ b/internal/datastore/sqlite/agent_repository_test.go
@ -0,0 +1,46 @@
+package sqlite
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+	"testing"
+	"time"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/datastore/testsuite"
+	"forge.cadoles.com/Cadoles/emissary/internal/migrate"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+
+	_ "modernc.org/sqlite"
+)
+
+func TestSQLiteAgentRepository(t *testing.T) {
+	logger.SetLevel(logger.LevelDebug)
+
+	file := "testdata/agent_repository_test.sqlite"
+
+	if err := os.Remove(file); err != nil && !errors.Is(err, os.ErrNotExist) {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	dsn := fmt.Sprintf("%s?_pragma=foreign_keys(1)&_pragma=busy_timeout=%d", file, (60 * time.Second).Milliseconds())
+
+	migr, err := migrate.New("../../../migrations", "sqlite", "sqlite://"+dsn)
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	if err := migr.Up(); err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	db, err := sql.Open("sqlite", dsn)
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	repo := NewAgentRepository(db)
+
+	testsuite.TestAgentRepository(t, repo)
+}
--- a/internal/datastore/sqlite/testdata/.gitignore
+++ b/internal/datastore/sqlite/testdata/.gitignore
@ -0,0 +1 @@
+*.sqlite*
--- a/internal/datastore/testsuite/agent_repository.go
+++ b/internal/datastore/testsuite/agent_repository.go
@ -0,0 +1,14 @@
+package testsuite
+
+import (
+	"testing"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/datastore"
+)
+
+func TestAgentRepository(t *testing.T, repo datastore.AgentRepository) {
+	t.Run("Cases", func(t *testing.T) {
+		t.Parallel()
+		runAgentRepositoryTests(t, repo)
+	})
+}
--- a/internal/datastore/testsuite/agent_repository_cases.go
+++ b/internal/datastore/testsuite/agent_repository_cases.go
@ -0,0 +1,129 @@
+package testsuite
+
+import (
+	"context"
+	"testing"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/mdns/spec"
+	"forge.cadoles.com/Cadoles/emissary/internal/datastore"
+	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
+	"github.com/pkg/errors"
+)
+
+type agentRepositoryTestCase struct {
+	Name string
+	Skip bool
+	Run  func(ctx context.Context, repo datastore.AgentRepository) error
+}
+
+var agentRepositoryTestCases = []agentRepositoryTestCase{
+	{
+		Name: "Create a new agent",
+		Run: func(ctx context.Context, repo datastore.AgentRepository) error {
+			thumbprint := "foo"
+			keySet := jwk.NewSet()
+			var metadata map[string]any
+
+			agent, err := repo.Create(ctx, thumbprint, keySet, metadata)
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			if agent.CreatedAt.IsZero() {
+				return errors.Errorf("agent.CreatedAt should not be zero time")
+			}
+
+			if agent.UpdatedAt.IsZero() {
+				return errors.Errorf("agent.UpdatedAt should not be zero time")
+			}
+
+			if e, g := datastore.AgentStatusPending, agent.Status; e != g {
+				return errors.Errorf("agent.Status: expected '%v', got '%v'", e, g)
+			}
+
+			return nil
+		},
+	},
+	{
+		Name: "Try to update spec for an unexistant agent",
+		Run: func(ctx context.Context, repo datastore.AgentRepository) error {
+			var unexistantAgentID datastore.AgentID = 9999
+			var specData map[string]any
+
+			agent, err := repo.UpdateSpec(ctx, unexistantAgentID, string(spec.Name), 0, specData)
+			if err == nil {
+				return errors.New("error should not be nil")
+			}
+
+			if !errors.Is(err, datastore.ErrNotFound) {
+				return errors.Errorf("error should be datastore.ErrNotFound, got '%+v'", err)
+			}
+
+			if agent != nil {
+				return errors.New("agent should be nil")
+			}
+
+			return nil
+		},
+	},
+	{
+		Name: "Try to delete spec of an unexistant agent",
+		Run: func(ctx context.Context, repo datastore.AgentRepository) error {
+			var unexistantAgentID datastore.AgentID = 9999
+
+			err := repo.DeleteSpec(ctx, unexistantAgentID, string(spec.Name))
+			if err == nil {
+				return errors.New("error should not be nil")
+			}
+
+			if !errors.Is(err, datastore.ErrNotFound) {
+				return errors.Errorf("error should be datastore.ErrNotFound, got '%+v'", err)
+			}
+
+			return nil
+		},
+	},
+	{
+		Name: "Try to get specs of an unexistant agent",
+		Run: func(ctx context.Context, repo datastore.AgentRepository) error {
+			var unexistantAgentID datastore.AgentID = 9999
+
+			specs, err := repo.GetSpecs(ctx, unexistantAgentID)
+			if err == nil {
+				return errors.New("error should not be nil")
+			}
+
+			if !errors.Is(err, datastore.ErrNotFound) {
+				return errors.Errorf("error should be datastore.ErrNotFound, got '%+v'", err)
+			}
+
+			if specs != nil {
+				return errors.Errorf("specs should be nil, got '%+v'", err)
+			}
+
+			return nil
+		},
+	},
+}
+
+func runAgentRepositoryTests(t *testing.T, repo datastore.AgentRepository) {
+	for _, tc := range agentRepositoryTestCases {
+		func(tc agentRepositoryTestCase) {
+			t.Run(tc.Name, func(t *testing.T) {
+				t.Parallel()
+
+				if tc.Skip {
+					t.SkipNow()
+
+					return
+				}
+
+				ctx := context.Background()
+
+				if err := tc.Run(ctx, repo); err != nil {
+					t.Errorf("%+v", errors.WithStack(err))
+				}
+			})
+		}(tc)
+	}
+}
--- a/internal/migrate/migrate.go
+++ b/internal/migrate/migrate.go
@ -2,7 +2,6 @@ package migrate

 import (
 	"fmt"
-	"log"

 	"github.com/golang-migrate/migrate/v4"
 	_ "github.com/golang-migrate/migrate/v4/database/postgres"
@ -23,8 +22,6 @@ func New(migrationDir, driver, dsn string) (*migrate.Migrate, error) {
 		fmt.Sprintf("file://%s/%s", migrationDir, driver),
 		dsn,
 	)
-
-	log.Println(migrationDir, driver, dsn)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
--- a/internal/server/spec_api.go
+++ b/internal/server/spec_api.go
@ -58,6 +58,12 @@ func (s *Server) updateSpec(w http.ResponseWriter, r *http.Request) {
 		updateSpecReq.SpecData(),
 	)
 	if err != nil {
+		if errors.Is(err, datastore.ErrNotFound) {
+			api.ErrorResponse(w, http.StatusNotFound, ErrCodeNotFound, nil)
+
+			return
+		}
+
 		if errors.Is(err, datastore.ErrUnexpectedRevision) {
 			api.ErrorResponse(w, http.StatusConflict, ErrCodeUnexpectedRevision, nil)

@ -87,6 +93,12 @@ func (s *Server) getAgentSpecs(w http.ResponseWriter, r *http.Request) {

 	specs, err := s.agentRepo.GetSpecs(ctx, agentID)
 	if err != nil {
+		if errors.Is(err, datastore.ErrNotFound) {
+			api.ErrorResponse(w, http.StatusNotFound, ErrCodeNotFound, nil)
+
+			return
+		}
+
 		logger.Error(ctx, "could not list specs", logger.E(errors.WithStack(err)))
 		api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)

--- a/misc/jenkins/Dockerfile
+++ b/misc/jenkins/Dockerfile
@ -4,7 +4,7 @@ ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
 ARG http_proxy=
 ARG https_proxy=
-ARG GO_VERSION=1.19.2
+ARG GO_VERSION=1.20.2

 # Install dev environment dependencies
 RUN export DEBIAN_FRONTEND=noninteractive &&\
--- a/misc/packaging/common/config-server.yml
+++ b/misc/packaging/common/config-server.yml
@ -9,7 +9,7 @@ server:
    port: 3000
  database:
    driver: sqlite
-    dsn: sqlite:///var/lib/emissary/data.sqlite?_pragma=foreign_keys(1)&_pragma=journal_mode(WAL)&_txlock=immediate
+    dsn: sqlite:///var/lib/emissary/data.sqlite?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000
  cors:
    allowedOrigins: []
    allowCredentials: true
--- a/misc/spec-samples/app.emissary.cadoles.com.json
+++ b/misc/spec-samples/app.emissary.cadoles.com.json
@ -1,36 +1,33 @@
 {
    "apps": {
-        "portal": {
-            "url": "https://emissary.cadol.es/files/apps/arcad.portal_v2023.3.28-3feda80.zip",
-            "sha256sum": "921402c44a5fa554d5b630d1284957b05416aa6872b402314cf52e964e06fac5",
-            "address": "127.0.0.1:8082",
+        "app.arcad.edge.hextris": {
+            "url": "https://emissary.cadol.es/files/apps/app.arcad.edge.hextris_v2023.4.20-2bbbe94.zip",
+            "sha256sum": "67942ef4b623c46308c3f640b534bd4cb6b1d6021a422e40b62ab97658ba4586",
+            "address": ":8083",
            "format": "zip"
        },
-        "hextris": {
-            "url": "https://emissary.cadol.es/files/apps/app.arcad.edge.hextris_v2023.3.22-33ece28.zip",
-            "sha256sum": "5f9f3c8d6f22796beb051d747d7ff12efa17af9d1552c0ab08baef13703a2aba",
-            "address": "127.0.0.1:8083",
-            "format": "zip"
-        },
-        "test": {
-            "url": "https://emissary.cadol.es/files/apps/edge.sdk.client.test_v2023.3.24-ed535b6.zip",
-            "sha256sum": "e97b7b79159bb5d6a13b05644c091272b02a1a3cbb1b613dd5eda37e1eb84623",
-            "address": "127.0.0.1:8084",
-            "format": "zip"
-        },
-        "diffusion": {
-            "url": "https://emissary.cadol.es/files/apps/arcad.diffusion_v2023.3.29-5b3fab4.zip",
-            "sha256sum": "1282e75719beedbc7c7e67879389d0f3e11c86d3d2c37cf13da624a66faaeb58",
-            "address": "127.0.0.1:8085",
+        "edge.sdk.client.test": {
+            "url": "https://emissary.cadol.es/files/apps/edge.sdk.client.test_v2023.4.20-20c4189.zip",
+            "sha256sum": "1edeb4aa75c1675db49cf27367b1537234a04526848ea6657931ca63f26e5dae",
+            "address": ":8084",
            "format": "zip"
        }
    },
    "config": {
-        "appUrlTemplate": "http://{{ last ( splitList \".\" ( toString .Manifest.ID ) ) }}.arcad.local:8080",
+        "appUrlResolving": {
+            "ifaceMappings": {
+                "wlp4s0": "http://{{ .DeviceIP }}:{{ .AppPort }}",
+                "enp0s31f6": "http://{{ .DeviceIP }}:{{ .AppPort }}"
+            },
+            "defaultUrlTemplate": "http://{{ last ( splitList \".\" ( toString .Manifest.ID ) ) }}.localhost.arcad.lan:8080"
+        },
+        "unexpectedHostRedirect": {
+            "acceptedHostPatterns": ["arcad.lan", "*.arcad.lan", "arcad-*.local", "*.*.*.*"],
+            "hostTarget": "localhost.arcad.lan"
+        },
        "auth": {
            "local": {
                "key": "absolutlynotsecret",
-                "cookieDomain": ".arcad.local",
                "cookieDuration": "1h",
                "accounts": [
                    {
@ -38,11 +35,44 @@
                        "algo": "plain",
                        "password": "admin",
                        "claims": {
-                            "arcad_role": "admin",
-                            "arcad_tenant": "x86",
+                            "edge_role": "admin",
+                            "edge_tenant": "emissary-dev",
                            "preferred_username": "Admin",
                            "sub": "admin"
                        }
+                    },
+                    {
+                        "username": "superadmin",
+                        "algo": "plain",
+                        "password": "superadmin",
+                        "claims": {
+                            "edge_role": "superadmin",
+                            "edge_tenant": "emissary-dev",
+                            "preferred_username": "SuperAdmin",
+                            "sub": "superadmin"
+                        }
+                    },
+                    {
+                        "username": "user",
+                        "algo": "plain",
+                        "password": "user",
+                        "claims": {
+                            "edge_role": "user",
+                            "edge_tenant": "emissary-dev",
+                            "preferred_username": "User",
+                            "sub": "user"
+                        }
+                    },
+                    {
+                        "username": "superuser",
+                        "algo": "plain",
+                        "password": "superuser",
+                        "claims": {
+                            "edge_role": "superuser",
+                            "edge_tenant": "emissary-dev",
+                            "preferred_username": "SuperUser",
+                            "sub": "superuser"
+                        }
                    }
                ]
            }
--- a/misc/spec-samples/mdns.emissary.cadoles.com.json
+++ b/misc/spec-samples/mdns.emissary.cadoles.com.json
@ -3,36 +3,17 @@
        "arcad": {
            "type": "_http._tcp",
            "port": 8080,
-            "host": "arcad",
-            "ifaces": ["wlp4s0"]
-        },
-        "portal": {
-            "type": "_http._tcp",
-            "port": 8080,
-            "host": "portal",
-            "domain": "arcad.local",
-            "ifaces": ["wlp4s0"]
+            "host": "arcad"
        },
        "hextris": {
            "type": "_http._tcp",
            "port": 8080,
-            "host": "hextris",
-            "domain": "arcad.local",
-            "ifaces": ["wlp4s0"]
+            "host": "arcad-hextris"
        },
        "test": {
            "type": "_http._tcp",
            "port": 8080,
-            "host": "test",
-            "domain": "arcad.local",
-            "ifaces": ["wlp4s0"]
-        },
-        "diffusion": {
-            "type": "_http._tcp",
-            "port": 8080,
-            "host": "diffusion",
-            "domain": "arcad.local",
-            "ifaces": ["wlp4s0"]
+            "host": "arcad-test"
        }
    }
 }
--- a/misc/spec-samples/proxy.emissary.cadoles.com.json
+++ b/misc/spec-samples/proxy.emissary.cadoles.com.json
@ -4,25 +4,13 @@
            "address": ":8080",
            "mappings": [
                {
-                    "hostPattern": "portal.arcad.local:*",
-                    "target": "http://localhost:8082"
-                },
-                {
-                    "hostPattern": "hextris.arcad.local:*",
+                    "hostPattern": "hextris.localhost.arcad.lan:*",
                    "target": "http://localhost:8083"
                },
                {
-                    "hostPattern": "test.arcad.local:*",
+                    "hostPattern": "test.localhost.arcad.lan:*",
                    "target": "http://localhost:8084"
                },
-                {
-                    "hostPattern": "diffusion.arcad.local:*",
-                    "target": "http://localhost:8085"
-                },
-                {
-                    "hostPattern": "arcad-portal.local:*",
-                    "target": "http://localhost:8082"
-                },
                {
                    "hostPattern": "arcad-hextris.local:*",
                    "target": "http://localhost:8083"
@ -31,13 +19,9 @@
                    "hostPattern": "arcad-test.local:*",
                    "target": "http://localhost:8084"
                },
-                {
-                    "hostPattern": "arcad-diffusion.local:*",
-                    "target": "http://localhost:8085"
-                },
                {
                    "hostPattern": "*",
-                    "target": "http://localhost:8082"
+                    "target": "http://localhost:8084"
                }
            ]
        }
Author	SHA1	Message	Date
William Petit	e56809289c	doc: add emissary introduction All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-05-24 09:57:25 +02:00
William Petit	6a976c0b51	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-26 15:56:15 +02:00
William Petit	d188af81af	chore: update edge lib without goproxy All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-25 13:54:01 +02:00
William Petit	e975381b4f	fix(controller,app): correctly detect ip address for cookie domain resolution All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-24 13:49:53 +02:00
William Petit	0d03a708f9	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-24 12:23:45 +02:00
William Petit	64ea0e05a9	fix(app,handler): use real ip All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-21 20:04:37 +02:00
William Petit	10844a15a3	chore: update spec samples	2023-04-21 20:03:21 +02:00
William Petit	0394e34055	feat: update arcad/edge dependency Some checks reported errors arcad/emissary/pipeline/head Something is wrong with the build of this commit Details	2023-04-21 20:02:18 +02:00
William Petit	541d30d74f	feat(controller,app): share module integration All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-21 13:10:03 +02:00
William Petit	87a45090e0	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-21 12:45:51 +02:00
William Petit	fcd159c0fb	chore: use go 1.20.2 All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-20 19:28:30 +02:00
William Petit	eda02c6be3	feat: update arcad/edge dependency Some checks failed arcad/emissary/pipeline/head There was a failure building this commit Details	2023-04-20 19:21:30 +02:00
William Petit	ef3048b005	feat(controller,app): use new edge new mountpoints api All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-20 12:23:17 +02:00
William Petit	51e1dc3b2d	fix(server,api): return 'not found' errors	2023-04-20 12:22:30 +02:00
William Petit	3d01cf0f93	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-20 11:01:04 +02:00
William Petit	bb03b3a54a	feat(controller,app): compress http responses Some checks reported errors arcad/emissary/pipeline/head Something is wrong with the build of this commit Details	2023-04-20 10:59:27 +02:00
William Petit	813f837291	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-14 16:29:09 +02:00
William Petit	ed35ee5002	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 13:48:33 +02:00
William Petit	4b5bc0bc82	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 12:08:13 +02:00
William Petit	dee62184b9	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 11:35:51 +02:00
William Petit	76656e8dbf	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 11:28:22 +02:00
William Petit	41b1619fc1	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 11:05:12 +02:00
William Petit	35d5ee868f	chore: update sample specs All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-12 11:10:11 +02:00
William Petit	765257b4b1	feat(datastore): add basic testsuite for agent repository Some checks reported errors arcad/emissary/pipeline/head Something is wrong with the build of this commit Details	2023-04-12 11:09:53 +02:00
William Petit	2315ee7b61	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-11 15:11:15 +02:00
William Petit	86a6d81e1d	chore: execute tests before commit on edge lib update All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-11 12:06:16 +02:00
William Petit	c4427dfd2b	feat(controller,app): sort apps by id	2023-04-11 12:05:51 +02:00
William Petit	280b0fbd50	feat(controller,app): validate app manifests on app load	2023-04-11 12:05:19 +02:00
William Petit	8fb86c600f	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-11 11:13:41 +02:00
William Petit	12f8b3aa25	chore: add task to update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-06 20:56:43 +02:00
William Petit	2d2dc29c84	feat: update arcad/edge dependency	2023-04-06 20:56:00 +02:00
William Petit	4cf53d9f15	chore: tidy dependencies All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-06 19:25:01 +02:00
William Petit	34e4769b49	feat: update edge dependency Some checks reported warnings arcad/emissary/pipeline/head This commit is unstable Details	2023-04-06 19:19:23 +02:00
William Petit	47c2546d54	fix(controller,app): break loop when app is found All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-06 18:25:34 +02:00
William Petit	21173911fb	feat: update edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-06 18:17:17 +02:00
William Petit	b213b8d1ae	fix(module,app): handle non existent interface in app url resolver All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-06 15:57:00 +02:00
William Petit	9dcddc5566	chore(jenkins): cancel older jobs All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-06 15:12:06 +02:00
William Petit	9a46c9d3d0	chore: tidy dependencies Some checks reported errors arcad/emissary/pipeline/head Something is wrong with the build of this commit Details	2023-04-06 15:08:23 +02:00
William Petit	69f183d126	chore(jenkins): do not wait emissary-firmware job completion Some checks reported errors arcad/emissary/pipeline/head Something is wrong with the build of this commit Details	2023-04-06 15:07:35 +02:00
William Petit	e8829170e5	feat(sqlite): use busy_timeout pragma to prevent database locking errors	2023-04-06 15:06:16 +02:00
William Petit	253c93dbac	fix(module,app): handle host without port in cookie domain identification Some checks reported errors arcad/emissary/pipeline/head Something is wrong with the build of this commit Details	2023-04-06 11:00:35 +02:00
William Petit	d2f865ccbb	chore: tidy dependencies Some checks reported errors arcad/emissary/pipeline/head Something is wrong with the build of this commit Details	2023-04-06 10:44:05 +02:00
William Petit	7ee4344adc	fix(jenkins): do not trigger emissary-firmware with dirty tag Some checks reported warnings arcad/emissary/pipeline/head This commit is unstable Details	2023-04-06 10:40:05 +02:00
William Petit	06b1235707	fix(module,app): handle hosts without port Some checks failed arcad/emissary/pipeline/head There was a failure building this commit Details	2023-04-06 10:21:52 +02:00
William Petit	2e1ee44e6a	feat(module,app): iface-based app url resolving Some checks failed arcad/emissary/pipeline/head There was a failure building this commit Details	2023-04-05 23:21:43 +02:00