Added auto deprecation feature

Fixed client mode flow args
2025-08-21 22:27:14 +00:00 · 2025-07-20 17:37:46 +03:00 · 2025-07-20 17:26:44 +03:00 · 2025-07-19 15:51:17 +03:00 · 2025-07-19 12:56:25 +03:00 · 2025-07-19 12:20:52 +03:00
12 changed files with 3892 additions and 385 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -557,6 +557,12 @@ dependencies = [
 "typenum",
 ]
 [[package]]
 name = "data-encoding"
 version = "2.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476"
 [[package]]
 name = "deranged"
 version = "0.3.11"
@@ -599,6 +605,18 @@ dependencies = [
 "cfg-if",
 ]
 [[package]]
 name = "enum-as-inner"
 version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1e6a265c649f3f5979b601d26f1d05ada116434c87741c9493cb56218f76cbc"
 dependencies = [
 "heck",
 "proc-macro2",
 "quote",
 "syn",
 ]
 [[package]]
 name = "env_filter"
 version = "0.1.0"
@@ -690,6 +708,21 @@ dependencies = [
 "percent-encoding",
 ]
 [[package]]
 name = "futures"
 version = "0.3.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0"
 dependencies = [
 "futures-channel",
 "futures-core",
 "futures-executor",
 "futures-io",
 "futures-sink",
 "futures-task",
 "futures-util",
 ]
 [[package]]
 name = "futures-channel"
 version = "0.3.30"
@@ -706,6 +739,23 @@ version = "0.3.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d"
 [[package]]
 name = "futures-executor"
 version = "0.3.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d"
 dependencies = [
 "futures-core",
 "futures-task",
 "futures-util",
 ]
 [[package]]
 name = "futures-io"
 version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"
 [[package]]
 name = "futures-macro"
 version = "0.3.30"
@@ -735,10 +785,13 @@ version = "0.3.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48"
 dependencies = [
 "futures-channel",
 "futures-core",
 "futures-io",
 "futures-macro",
 "futures-sink",
 "futures-task",
 "memchr",
 "pin-project-lite",
 "pin-utils",
 "slab",
@@ -836,6 +889,17 @@ dependencies = [
 "digest",
 ]
 [[package]]
 name = "hostname"
 version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3c731c3e10504cc8ed35cfe2f1db4c9274c3d35fa486e3b31df46f068ef3e867"
 dependencies = [
 "libc",
 "match_cfg",
 "winapi",
 ]
 [[package]]
 name = "http"
 version = "0.2.12"
@@ -995,6 +1059,16 @@ dependencies = [
 "cc",
 ]
 [[package]]
 name = "idna"
 version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c"
 dependencies = [
 "unicode-bidi",
 "unicode-normalization",
 ]
 [[package]]
 name = "idna"
 version = "0.5.0"
@@ -1015,6 +1089,18 @@ dependencies = [
 "hashbrown",
 ]
 [[package]]
 name = "ipconfig"
 version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f"
 dependencies = [
 "socket2",
 "widestring",
 "windows-sys 0.48.0",
 "winreg 0.50.0",
 ]
 [[package]]
 name = "ipnet"
 version = "2.9.0"
@@ -1053,20 +1139,25 @@ dependencies = [
 [[package]]
 name = "khm"
-version = "0.4.0"
+version = "0.6.3"
 dependencies = [
 "actix-web",
 "base64 0.21.7",
 "chrono",
 "clap",
 "env_logger",
 "futures",
 "hostname",
 "log",
 "regex",
 "reqwest",
 "rust-embed",
 "serde",
 "serde_json",
 "tokio",
 "tokio-postgres",
 "tokio-util",
 "trust-dns-resolver",
 ]
 [[package]]
@@ -1081,6 +1172,12 @@ version = "0.2.155"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
 [[package]]
 name = "linked-hash-map"
 version = "0.5.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
 [[package]]
 name = "linux-raw-sys"
 version = "0.4.14"
@@ -1120,6 +1217,21 @@ version = "0.4.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
 [[package]]
 name = "lru-cache"
 version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "31e24f1ad8321ca0e8a1e0ac13f23cb668e6f5466c2c57319f6a5cf1cc8e3b1c"
 dependencies = [
 "linked-hash-map",
 ]
 [[package]]
 name = "match_cfg"
 version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4"
 [[package]]
 name = "md-5"
 version = "0.10.6"
@@ -1538,9 +1650,15 @@ dependencies = [
 "wasm-bindgen",
 "wasm-bindgen-futures",
 "web-sys",
- "winreg",
+ "winreg 0.52.0",
 ]
 [[package]]
 name = "resolv-conf"
 version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "95325155c684b1c89f7765e30bc1c42e4a6da51ca513615660cb8a62ef9a88e3"
 [[package]]
 name = "ring"
 version = "0.17.8"
@@ -1556,6 +1674,40 @@ dependencies = [
 "windows-sys 0.52.0",
 ]
 [[package]]
 name = "rust-embed"
 version = "8.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "025908b8682a26ba8d12f6f2d66b987584a4a87bc024abc5bbc12553a8cd178a"
 dependencies = [
 "rust-embed-impl",
 "rust-embed-utils",
 "walkdir",
 ]
 [[package]]
 name = "rust-embed-impl"
 version = "8.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6065f1a4392b71819ec1ea1df1120673418bf386f50de1d6f54204d836d4349c"
 dependencies = [
 "proc-macro2",
 "quote",
 "rust-embed-utils",
 "syn",
 "walkdir",
 ]
 [[package]]
 name = "rust-embed-utils"
 version = "8.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f6cc0c81648b20b70c491ff8cce00c1c3b223bb8ed2b5d41f0e54c6c4c0a3594"
 dependencies = [
 "sha2",
 "walkdir",
 ]
 [[package]]
 name = "rustc-demangle"
 version = "0.1.24"
@@ -1630,6 +1782,15 @@ version = "1.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
 [[package]]
 name = "same-file"
 version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
 dependencies = [
 "winapi-util",
 ]
 [[package]]
 name = "schannel"
 version = "0.1.23"
@@ -1810,9 +1971,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 [[package]]
 name = "syn"
-version = "2.0.68"
+version = "2.0.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9"
+checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -1858,6 +2019,26 @@ dependencies = [
 "windows-sys 0.52.0",
 ]
 [[package]]
 name = "thiserror"
 version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
 dependencies = [
 "thiserror-impl",
 ]
 [[package]]
 name = "thiserror-impl"
 version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn",
 ]
 [[package]]
 name = "time"
 version = "0.3.36"
@@ -2029,9 +2210,21 @@ checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
 dependencies = [
 "log",
 "pin-project-lite",
 "tracing-attributes",
 "tracing-core",
 ]
 [[package]]
 name = "tracing-attributes"
 version = "0.1.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn",
 ]
 [[package]]
 name = "tracing-core"
 version = "0.1.32"
@@ -2041,6 +2234,52 @@ dependencies = [
 "once_cell",
 ]
 [[package]]
 name = "trust-dns-proto"
 version = "0.23.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3119112651c157f4488931a01e586aa459736e9d6046d3bd9105ffb69352d374"
 dependencies = [
 "async-trait",
 "cfg-if",
 "data-encoding",
 "enum-as-inner",
 "futures-channel",
 "futures-io",
 "futures-util",
 "idna 0.4.0",
 "ipnet",
 "once_cell",
 "rand",
 "smallvec",
 "thiserror",
 "tinyvec",
 "tokio",
 "tracing",
 "url",
 ]
 [[package]]
 name = "trust-dns-resolver"
 version = "0.23.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "10a3e6c3aff1718b3c73e395d1f35202ba2ffa847c6a62eea0db8fb4cfe30be6"
 dependencies = [
 "cfg-if",
 "futures-util",
 "ipconfig",
 "lru-cache",
 "once_cell",
 "parking_lot",
 "rand",
 "resolv-conf",
 "smallvec",
 "thiserror",
 "tokio",
 "tracing",
 "trust-dns-proto",
 ]
 [[package]]
 name = "try-lock"
 version = "0.2.5"
@@ -2093,7 +2332,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c"
 dependencies = [
 "form_urlencoded",
- "idna",
+ "idna 0.5.0",
 "percent-encoding",
 ]
@@ -2115,6 +2354,16 @@ version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
 [[package]]
 name = "walkdir"
 version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
 dependencies = [
 "same-file",
 "winapi-util",
 ]
 [[package]]
 name = "want"
 version = "0.3.1"
@@ -2223,6 +2472,43 @@ dependencies = [
 "web-sys",
 ]
 [[package]]
 name = "widestring"
 version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dd7cf3379ca1aac9eea11fba24fd7e315d621f8dfe35c8d7d2be8b793726e07d"
 [[package]]
 name = "winapi"
 version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
 dependencies = [
 "winapi-i686-pc-windows-gnu",
 "winapi-x86_64-pc-windows-gnu",
 ]
 [[package]]
 name = "winapi-i686-pc-windows-gnu"
 version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 [[package]]
 name = "winapi-util"
 version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
 dependencies = [
 "windows-sys 0.52.0",
 ]
 [[package]]
 name = "winapi-x86_64-pc-windows-gnu"
 version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 [[package]]
 name = "windows-core"
 version = "0.52.0"
@@ -2371,6 +2657,16 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 [[package]]
 name = "winreg"
 version = "0.50.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1"
 dependencies = [
 "cfg-if",
 "windows-sys 0.48.0",
 ]
 [[package]]
 name = "winreg"
 version = "0.52.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "khm"
-version = "0.4.0"
+version = "0.6.3"
 edition = "2021"
 authors = ["AB <ab@hexor.cy>"]
@@ -12,8 +12,13 @@ env_logger = "0.11.3"
 log = "0.4"
 regex = "1.10.5"
 base64 = "0.21"
-tokio = { version = "1", features = ["full"] }
+tokio = { version = "1", features = ["full", "sync"] }
 tokio-postgres = { version = "0.7", features = ["with-chrono-0_4"] }
 tokio-util = { version = "0.7", features = ["codec"] }
 clap = { version = "4", features = ["derive"] }
 chrono = "0.4.38"
 reqwest = { version = "0.12", features = ["json"] }
 trust-dns-resolver = "0.23"
 futures = "0.3"
 hostname = "0.3"
 rust-embed = "8.0"
--- a/13
+++ b/13
@@ -0,0 +1,13 @@
        DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 
                    Version 2, December 2004 
 Copyright (C) 2004 Sam Hocevar <sam@hocevar.net> 
 Everyone is permitted to copy and distribute verbatim or modified 
 copies of this license document, and changing it is allowed as long 
 as the name is changed. 
            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 
  0. You just DO WHAT THE FUCK YOU WANT TO.
--- a/README.MD
+++ b/README.MD
@@ -38,6 +38,7 @@ Options:
 - `--db-name <DB_NAME>` Server mode: Name of the PostgreSQL database [default: khm]
 - `--db-user <DB_USER>` Server mode: Username for the PostgreSQL database
 - `--db-password <DB_PASSWORD>` Server mode: Password for the PostgreSQL database
 - `--basic-auth <BASIC_AUTH>` Client mode: Basic Auth credentials [default: ""]
 - `--host <HOST>` Client mode: Full host address of the server to connect to. Like `https://khm.example.com/<FLOW_NAME>`
 - `--known-hosts <KNOWN_HOSTS>` Client mode: Path to the known_hosts file [default: ~/.ssh/known_hosts]
--- a/src/client.rs
+++ b/src/client.rs
@@ -11,6 +11,8 @@ use std::path::Path;
 struct SshKey {
    server: String,
    public_key: String,
    #[serde(default)]
    deprecated: bool,
 }
 fn read_known_hosts(file_path: &str) -> io::Result<Vec<SshKey>> {
@@ -26,7 +28,11 @@ fn read_known_hosts(file_path: &str) -> io::Result<Vec<SshKey>> {
                if parts.len() >= 2 {
                    let server = parts[0].to_string();
                    let public_key = parts[1..].join(" ");
-                    keys.push(SshKey { server, public_key });
+                    keys.push(SshKey {
                        server,
                        public_key,
                        deprecated: false, // Keys from known_hosts are not deprecated
                    });
                }
            }
            Err(e) => {
@@ -42,14 +48,29 @@ fn write_known_hosts(file_path: &str, keys: &[SshKey]) -> io::Result<()> {
    let path = Path::new(file_path);
    let mut file = File::create(&path)?;
-    for key in keys {
+    // Filter out deprecated keys - they should not be written to known_hosts
    let active_keys: Vec<&SshKey> = keys.iter().filter(|key| !key.deprecated).collect();
    let active_count = active_keys.len();
    for key in active_keys {
        writeln!(file, "{} {}", key.server, key.public_key)?;
    }
-    info!("Wrote {} keys to known_hosts file", keys.len());
+    info!(
        "Wrote {} active keys to known_hosts file (filtered out deprecated keys)",
        active_count
    );
    Ok(())
 }
 // Get local hostname for request headers
 fn get_hostname() -> String {
    match hostname::get() {
        Ok(name) => name.to_string_lossy().to_string(),
        Err(_) => "unknown-host".to_string(),
    }
 }
 async fn send_keys_to_server(
    host: &str,
    keys: Vec<SshKey>,
@@ -61,6 +82,17 @@ async fn send_keys_to_server(
    let mut headers = HeaderMap::new();
    // Add hostname header
    let hostname = get_hostname();
    headers.insert(
        "X-Client-Hostname",
        HeaderValue::from_str(&hostname).unwrap_or_else(|_| {
            error!("Failed to create hostname header value");
            HeaderValue::from_static("unknown-host")
        }),
    );
    info!("Adding hostname header: {}", hostname);
    if !auth_string.is_empty() {
        let parts: Vec<&str> = auth_string.splitn(2, ':').collect();
        if parts.len() == 2 {
@@ -105,6 +137,17 @@ async fn get_keys_from_server(
    let mut headers = HeaderMap::new();
    // Add hostname header
    let hostname = get_hostname();
    headers.insert(
        "X-Client-Hostname",
        HeaderValue::from_str(&hostname).unwrap_or_else(|_| {
            error!("Failed to create hostname header value");
            HeaderValue::from_static("unknown-host")
        }),
    );
    info!("Adding hostname header: {}", hostname);
    if !auth_string.is_empty() {
        let parts: Vec<&str> = auth_string.splitn(2, ':').collect();
        if parts.len() == 2 {
@@ -132,23 +175,55 @@ async fn get_keys_from_server(
 pub async fn run_client(args: crate::Args) -> std::io::Result<()> {
    info!("Client mode: Reading known_hosts file");
-    let keys = read_known_hosts(&args.known_hosts).expect("Failed to read known hosts file");
+
    let keys = match read_known_hosts(&args.known_hosts) {
        Ok(keys) => keys,
        Err(e) => {
            if e.kind() == io::ErrorKind::NotFound {
                info!(
                    "known_hosts file not found: {}. Starting with empty key list.",
                    args.known_hosts
                );
                Vec::new()
            } else {
                error!("Failed to read known_hosts file: {}", e);
                return Err(e);
            }
        }
    };
    let host = args.host.expect("host is required in client mode");
-    info!("Client mode: Sending keys to server at {}", host);
+    let flow = args.flow.expect("flow is required in client mode");
-    send_keys_to_server(&host, keys, &args.basic_auth)
+    let url = format!("{}/{}", host, flow);
-        .await
+
-        .expect("Failed to send keys to server");
+    info!("Client mode: Sending keys to server at {}", url);
    if let Err(e) = send_keys_to_server(&url, keys, &args.basic_auth).await {
        error!("Failed to send keys to server: {}", e);
        return Err(io::Error::new(
            io::ErrorKind::Other,
            format!("Network error: {}", e),
        ));
    }
    if args.in_place {
        info!("Client mode: In-place update is enabled. Fetching keys from server.");
-        let server_keys = get_keys_from_server(&host, &args.basic_auth)
+        let server_keys = match get_keys_from_server(&url, &args.basic_auth).await {
-            .await
+            Ok(keys) => keys,
-            .expect("Failed to get keys from server");
+            Err(e) => {
                error!("Failed to get keys from server: {}", e);
                return Err(io::Error::new(
                    io::ErrorKind::Other,
                    format!("Network error: {}", e),
                ));
            }
        };
        info!("Client mode: Writing updated known_hosts file");
-        write_known_hosts(&args.known_hosts, &server_keys)
+        if let Err(e) = write_known_hosts(&args.known_hosts, &server_keys) {
-            .expect("Failed to write known hosts file");
+            error!("Failed to write known_hosts file: {}", e);
            return Err(e);
        }
    }
    info!("Client mode: Finished operations");
--- a/src/db.rs
+++ b/src/db.rs
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,6 +1,7 @@
 mod client;
 mod db;
 mod server;
 mod web;
 use clap::Parser;
 use env_logger;
@@ -21,7 +22,7 @@ use log::{error, info};
    khm --server --ip 0.0.0.0 --port 1337 --db-host psql.psql.svc --db-name khm --db-user admin --db-password <SECRET> --flows work,home\n\
    \n\
    Running in client mode to send diff and sync ~/.ssh/known_hosts with remote flow `work` in place:\n\
-    khm --host https://khm.example.com/work --known-hosts ~/.ssh/known_hosts --in-place\n\
+    khm --host https://khm.example.com --flow work --known-hosts ~/.ssh/known_hosts --in-place\n\
    \n\
    "
 )]
@@ -95,10 +96,18 @@ struct Args {
    #[arg(
        long,
        required_if_eq("server", "false"),
-        help = "Client mode: Full host address of the server to connect to. Like https://khm.example.com/<FLOW_NAME>"
+        help = "Client mode: Full host address of the server to connect to. Like https://khm.example.com"
    )]
    host: Option<String>,
    /// Flow name to use on the server
    #[arg(
        long,
        required_if_eq("server", "false"),
        help = "Client mode: Flow name to use on the server"
    )]
    flow: Option<String>,
    /// Path to the known_hosts file (default: ~/.ssh/known_hosts)
    #[arg(
        long,
@@ -119,6 +128,25 @@ async fn main() -> std::io::Result<()> {
    let args = Args::parse();
    // Check if we have the minimum required arguments
    if !args.server && (args.host.is_none() || args.flow.is_none()) {
        // Neither server mode nor client mode properly configured
        eprintln!("Error: You must specify either server mode (--server) or client mode (--host and --flow)");
        eprintln!();
        eprintln!("Examples:");
        eprintln!(
            "  Server mode: {} --server --db-user admin --db-password pass --flows work,home",
            env!("CARGO_PKG_NAME")
        );
        eprintln!(
            "  Client mode: {} --host https://khm.example.com --flow work",
            env!("CARGO_PKG_NAME")
        );
        eprintln!();
        eprintln!("Use --help for more information.");
        std::process::exit(1);
    }
    if args.server {
        info!("Running in server mode");
        if let Err(e) = server::run_server(args).await {
--- a/src/server.rs
+++ b/src/server.rs
@@ -1,17 +1,17 @@
-use actix_web::{web, App, HttpResponse, HttpServer, Responder};
+use actix_web::{web, App, HttpRequest, HttpResponse, HttpServer, Responder};
 use log::{error, info};
 use regex::Regex;
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::sync::{Arc, Mutex};
 use tokio_postgres::{Client, NoTls};
-use crate::db;
+use crate::db::ReconnectingDbClient;
 #[derive(Serialize, Deserialize, Clone, Debug)]
 pub struct SshKey {
    pub server: String,
    pub public_key: String,
    #[serde(default)]
    pub deprecated: bool,
 }
 #[derive(Serialize, Deserialize, Clone, Debug)]
@@ -35,104 +35,69 @@ pub fn is_valid_ssh_key(key: &str) -> bool {
        || ed25519_re.is_match(key)
 }
-pub async fn insert_key_if_not_exists(
+// Extract client hostname from request headers
-    client: &Client,
+fn get_client_hostname(req: &HttpRequest) -> String {
-    key: &SshKey,
+    if let Some(hostname) = req.headers().get("X-Client-Hostname") {
-) -> Result<i32, tokio_postgres::Error> {
+        if let Ok(hostname_str) = hostname.to_str() {
-    let row = client
+            return hostname_str.to_string();
        .query_opt(
            "SELECT key_id FROM public.keys WHERE host = $1 AND key = $2",
            &[&key.server, &key.public_key],
        )
        .await?;
    if let Some(row) = row {
        client
            .execute(
                "UPDATE public.keys SET updated = NOW() WHERE key_id = $1",
                &[&row.get::<_, i32>(0)],
            )
            .await?;
        info!("Updated existing key for server: {}", key.server);
        Ok(row.get(0))
    } else {
        let row = client.query_one(
            "INSERT INTO public.keys (host, key, updated) VALUES ($1, $2, NOW()) RETURNING key_id",
            &[&key.server, &key.public_key]
        ).await?;
        info!("Inserted new key for server: {}", key.server);
        Ok(row.get(0))
    }
 }
 pub async fn insert_flow_key(
    client: &Client,
    flow_name: &str,
    key_id: i32,
 ) -> Result<(), tokio_postgres::Error> {
    client
        .execute(
            "INSERT INTO public.flows (name, key_id) VALUES ($1, $2) ON CONFLICT DO NOTHING",
            &[&flow_name, &key_id],
        )
        .await?;
    info!("Inserted key_id {} into flow: {}", key_id, flow_name);
    Ok(())
 }
 pub async fn get_keys_from_db(client: &Client) -> Result<Vec<Flow>, tokio_postgres::Error> {
    let rows = client.query(
        "SELECT k.host, k.key, f.name FROM public.keys k INNER JOIN public.flows f ON k.key_id = f.key_id",
        &[]
    ).await?;
    let mut flows_map: HashMap<String, Flow> = HashMap::new();
    for row in rows {
        let host: String = row.get(0);
        let key: String = row.get(1);
        let flow: String = row.get(2);
        let ssh_key = SshKey {
            server: host,
            public_key: key,
        };
        if let Some(flow_entry) = flows_map.get_mut(&flow) {
            flow_entry.servers.push(ssh_key);
        } else {
            flows_map.insert(
                flow.clone(),
                Flow {
                    name: flow,
                    servers: vec![ssh_key],
                },
            );
        }
    }
-
+    "unknown-client".to_string()
    info!("Retrieved {} flows from database", flows_map.len());
    Ok(flows_map.into_values().collect())
 }
 pub async fn get_keys(
    flows: web::Data<Flows>,
    flow_id: web::Path<String>,
    allowed_flows: web::Data<Vec<String>>,
    req: HttpRequest,
    query: web::Query<std::collections::HashMap<String, String>>,
 ) -> impl Responder {
    let client_hostname = get_client_hostname(&req);
    let flow_id_str = flow_id.into_inner();
    info!(
        "Received keys request from client '{}' for flow '{}'",
        client_hostname, flow_id_str
    );
    if !allowed_flows.contains(&flow_id_str) {
-        error!("Flow ID not allowed: {}", flow_id_str);
+        error!(
            "Flow ID not allowed for client '{}': {}",
            client_hostname, flow_id_str
        );
        return HttpResponse::Forbidden().body("Flow ID not allowed");
    }
    let flows = flows.lock().unwrap();
    if let Some(flow) = flows.iter().find(|flow| flow.name == flow_id_str) {
-        let servers: Vec<&SshKey> = flow.servers.iter().collect();
+        // Check if we should include deprecated keys (default: false for CLI clients)
-        info!("Returning {} keys for flow: {}", servers.len(), flow_id_str);
+        let include_deprecated = query
            .get("include_deprecated")
            .map(|v| v == "true")
            .unwrap_or(false);
        let servers: Vec<&SshKey> = if include_deprecated {
            // Return all keys (for web interface)
            flow.servers.iter().collect()
        } else {
            // Return only active keys (for CLI clients)
            flow.servers.iter().filter(|key| !key.deprecated).collect()
        };
        info!(
            "Returning {} keys ({} total, deprecated filtered: {}) for flow '{}' to client '{}'",
            servers.len(),
            flow.servers.len(),
            !include_deprecated,
            flow_id_str,
            client_hostname
        );
        HttpResponse::Ok().json(servers)
    } else {
-        error!("Flow ID not found: {}", flow_id_str);
+        error!(
            "Flow ID not found for client '{}': {}",
            client_hostname, flow_id_str
        );
        HttpResponse::NotFound().body("Flow ID not found")
    }
 }
@@ -141,20 +106,36 @@ pub async fn add_keys(
    flows: web::Data<Flows>,
    flow_id: web::Path<String>,
    new_keys: web::Json<Vec<SshKey>>,
-    db_client: web::Data<Arc<Client>>,
+    db_client: web::Data<Arc<ReconnectingDbClient>>,
    allowed_flows: web::Data<Vec<String>>,
    req: HttpRequest,
 ) -> impl Responder {
    let client_hostname = get_client_hostname(&req);
    let flow_id_str = flow_id.into_inner();
    info!(
        "Received {} keys from client '{}' for flow '{}'",
        new_keys.len(),
        client_hostname,
        flow_id_str
    );
    if !allowed_flows.contains(&flow_id_str) {
-        error!("Flow ID not allowed: {}", flow_id_str);
+        error!(
            "Flow ID not allowed for client '{}': {}",
            client_hostname, flow_id_str
        );
        return HttpResponse::Forbidden().body("Flow ID not allowed");
    }
-    // Проверяем формат SSH ключей
+    // Check SSH key format
    let mut valid_keys = Vec::new();
    for new_key in new_keys.iter() {
        if !is_valid_ssh_key(&new_key.public_key) {
-            error!("Invalid SSH key format for server: {}", new_key.server);
+            error!(
                "Invalid SSH key format from client '{}' for server: {}",
                client_hostname, new_key.server
            );
            return HttpResponse::BadRequest().body(format!(
                "Invalid SSH key format for server: {}",
                new_key.server
@@ -164,48 +145,67 @@ pub async fn add_keys(
    }
    info!(
-        "Processing batch of {} keys for flow: {}",
+        "Processing batch of {} keys from client '{}' for flow: {}",
        valid_keys.len(),
        client_hostname,
        flow_id_str
    );
-    // Батчевая вставка ключей с получением статистики
+    // Batch insert keys with statistics
-    let key_stats = match crate::db::batch_insert_keys(&db_client, &valid_keys).await {
+    let key_stats = match db_client
        .batch_insert_keys_reconnecting(valid_keys.clone())
        .await
    {
        Ok(stats) => stats,
        Err(e) => {
-            error!("Failed to batch insert keys into database: {}", e);
+            error!(
                "Failed to batch insert keys from client '{}' into database: {}",
                client_hostname, e
            );
            return HttpResponse::InternalServerError()
                .body("Failed to batch insert keys into database");
        }
    };
-    // Если нет новых ключей, нет необходимости обновлять связи с flow
+    // Always try to associate all keys with the flow, regardless of whether they're new or existing
-    if key_stats.inserted > 0 {
+    if !key_stats.key_id_map.is_empty() {
-        // Извлекаем только ID ключей из статистики
+        // Extract all key IDs from statistics, both new and existing
        let key_ids: Vec<i32> = key_stats.key_id_map.iter().map(|(_, id)| *id).collect();
-        // Батчевая вставка связей ключей с flow
+        // Batch insert key-flow associations
-        if let Err(e) = crate::db::batch_insert_flow_keys(&db_client, &flow_id_str, &key_ids).await
+        if let Err(e) = db_client
            .batch_insert_flow_keys_reconnecting(flow_id_str.clone(), key_ids.clone())
            .await
        {
-            error!("Failed to batch insert flow keys into database: {}", e);
+            error!(
                "Failed to batch insert flow keys from client '{}' into database: {}",
                client_hostname, e
            );
            return HttpResponse::InternalServerError()
                .body("Failed to batch insert flow keys into database");
        }
        info!(
-            "Added flow associations for {} keys in flow '{}'",
+            "Added flow associations for {} keys from client '{}' in flow '{}'",
            key_ids.len(),
            client_hostname,
            flow_id_str
        );
    } else {
-        info!("No new keys to associate with flow '{}'", flow_id_str);
+        info!(
            "No keys to associate from client '{}' with flow '{}'",
            client_hostname, flow_id_str
        );
    }
-    // Получаем обновленные данные
+    // Get updated data
-    let updated_flows = match get_keys_from_db(&db_client).await {
+    let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
        Ok(flows) => flows,
        Err(e) => {
-            error!("Failed to get updated flows from database: {}", e);
+            error!(
                "Failed to get updated flows from database after client '{}' request: {}",
                client_hostname, e
            );
            return HttpResponse::InternalServerError()
                .body("Failed to refresh flows from database");
        }
@@ -218,7 +218,8 @@ pub async fn add_keys(
    if let Some(flow) = updated_flow {
        let servers: Vec<&SshKey> = flow.servers.iter().collect();
        info!(
-            "Keys summary for flow '{}': total received={}, new={}, unchanged={}, total in flow={}",
+            "Keys summary for client '{}', flow '{}': total received={}, new={}, unchanged={}, total in flow={}",
            client_hostname,
            flow_id_str,
            key_stats.total,
            key_stats.inserted,
@@ -226,7 +227,7 @@ pub async fn add_keys(
            servers.len()
        );
-        // Добавляем статистику в HTTP заголовки ответа
+        // Add statistics to HTTP response headers
        let mut response = HttpResponse::Ok();
        response.append_header(("X-Keys-Total", key_stats.total.to_string()));
        response.append_header(("X-Keys-New", key_stats.inserted.to_string()));
@@ -234,7 +235,10 @@ pub async fn add_keys(
        response.json(servers)
    } else {
-        error!("Flow ID not found after update: {}", flow_id_str);
+        error!(
            "Flow ID not found after update from client '{}': {}",
            client_hostname, flow_id_str
        );
        HttpResponse::NotFound().body("Flow ID not found")
    }
 }
@@ -250,28 +254,22 @@ pub async fn run_server(args: crate::Args) -> std::io::Result<()> {
        args.db_host, db_user, db_password, args.db_name
    );
-    info!("Connecting to database at {}", args.db_host);
+    info!("Creating database client for {}", args.db_host);
-    let (db_client, connection) = match tokio_postgres::connect(&db_conn_str, NoTls).await {
+    let mut db_client_temp = ReconnectingDbClient::new(db_conn_str.clone());
        Ok((client, conn)) => (client, conn),
        Err(e) => {
            error!("Failed to connect to the database: {}", e);
            return Err(std::io::Error::new(
                std::io::ErrorKind::ConnectionRefused,
                format!("Database connection error: {}", e),
            ));
        }
    };
    let db_client = Arc::new(db_client);
-    // Spawn a new thread to run the database connection
+    // Initial connection
-    tokio::spawn(async move {
+    if let Err(e) = db_client_temp.connect(&db_conn_str).await {
-        if let Err(e) = connection.await {
+        error!("Failed to connect to the database: {}", e);
-            error!("Connection error: {}", e);
+        return Err(std::io::Error::new(
-        }
+            std::io::ErrorKind::ConnectionRefused,
-    });
+            format!("Database connection error: {}", e),
        ));
    }
    let db_client = Arc::new(db_client_temp);
    // Initialize database schema if needed
-    if let Err(e) = db::initialize_db_schema(&db_client).await {
+    if let Err(e) = db_client.initialize_schema().await {
        error!("Failed to initialize database schema: {}", e);
        return Err(std::io::Error::new(
            std::io::ErrorKind::Other,
@@ -279,7 +277,7 @@ pub async fn run_server(args: crate::Args) -> std::io::Result<()> {
        ));
    }
-    let mut initial_flows = match get_keys_from_db(&db_client).await {
+    let mut initial_flows = match db_client.get_keys_from_db_reconnecting().await {
        Ok(flows) => flows,
        Err(e) => {
            error!("Failed to get initial flows from database: {}", e);
@@ -306,8 +304,42 @@ pub async fn run_server(args: crate::Args) -> std::io::Result<()> {
            .app_data(web::Data::new(flows.clone()))
            .app_data(web::Data::new(db_client.clone()))
            .app_data(allowed_flows.clone())
            // API routes
            .route("/api/version", web::get().to(crate::web::get_version_api))
            .route("/api/flows", web::get().to(crate::web::get_flows_api))
            .route(
                "/{flow_id}/scan-dns",
                web::post().to(crate::web::scan_dns_resolution),
            )
            .route(
                "/{flow_id}/bulk-deprecate",
                web::post().to(crate::web::bulk_deprecate_servers),
            )
            .route(
                "/{flow_id}/bulk-restore",
                web::post().to(crate::web::bulk_restore_servers),
            )
            .route(
                "/{flow_id}/keys/{server}",
                web::delete().to(crate::web::delete_key_by_server),
            )
            .route(
                "/{flow_id}/keys/{server}/restore",
                web::post().to(crate::web::restore_key_by_server),
            )
            .route(
                "/{flow_id}/keys/{server}/delete",
                web::delete().to(crate::web::permanently_delete_key_by_server),
            )
            // Original API routes
            .route("/{flow_id}/keys", web::get().to(get_keys))
            .route("/{flow_id}/keys", web::post().to(add_keys))
            // Web interface routes
            .route("/", web::get().to(crate::web::serve_web_interface))
            .route(
                "/static/{filename:.*}",
                web::get().to(crate::web::serve_static_file),
            )
    })
    .bind((args.ip.as_str(), args.port))?
    .run()
--- a/src/web.rs
+++ b/src/web.rs
@@ -0,0 +1,470 @@
 use actix_web::{web, HttpResponse, Result};
 use log::info;
 use rust_embed::RustEmbed;
 use serde_json::json;
 use std::sync::Arc;
 use trust_dns_resolver::TokioAsyncResolver;
 use trust_dns_resolver::config::*;
 use serde::{Deserialize, Serialize};
 use futures::future;
 use tokio::sync::Semaphore;
 use tokio::time::{timeout, Duration};
 use crate::db::ReconnectingDbClient;
 use crate::server::Flows;
 #[derive(RustEmbed)]
 #[folder = "static/"]
 struct StaticAssets;
 #[derive(Serialize, Deserialize, Debug)]
 pub struct DnsResolutionResult {
    pub server: String,
    pub resolved: bool,
    pub error: Option<String>,
 }
 #[derive(Serialize, Deserialize, Debug)]
 pub struct BulkDeprecateRequest {
    pub servers: Vec<String>,
 }
 async fn check_dns_resolution(hostname: String, semaphore: Arc<Semaphore>) -> DnsResolutionResult {
    let _permit = match semaphore.acquire().await {
        Ok(permit) => permit,
        Err(_) => {
            return DnsResolutionResult {
                server: hostname,
                resolved: false,
                error: Some("Failed to acquire semaphore".to_string()),
            };
        }
    };
    let resolver = TokioAsyncResolver::tokio(
        ResolverConfig::default(),
        ResolverOpts::default(),
    );
    let lookup_result = timeout(Duration::from_secs(5), resolver.lookup_ip(&hostname)).await;
    match lookup_result {
        Ok(Ok(_)) => DnsResolutionResult {
            server: hostname,
            resolved: true,
            error: None,
        },
        Ok(Err(e)) => DnsResolutionResult {
            server: hostname,
            resolved: false,
            error: Some(e.to_string()),
        },
        Err(_) => DnsResolutionResult {
            server: hostname,
            resolved: false,
            error: Some("DNS lookup timeout (5s)".to_string()),
        },
    }
 }
 // API endpoint to get application version
 pub async fn get_version_api() -> Result<HttpResponse> {
    Ok(HttpResponse::Ok().json(json!({
        "version": env!("CARGO_PKG_VERSION")
    })))
 }
 // API endpoint to get list of available flows
 pub async fn get_flows_api(allowed_flows: web::Data<Vec<String>>) -> Result<HttpResponse> {
    info!("API request for available flows");
    Ok(HttpResponse::Ok().json(&**allowed_flows))
 }
 // API endpoint to scan DNS resolution for all hosts in a flow
 pub async fn scan_dns_resolution(
    flows: web::Data<Flows>,
    path: web::Path<String>,
    allowed_flows: web::Data<Vec<String>>,
 ) -> Result<HttpResponse> {
    let flow_id_str = path.into_inner();
    info!("API request to scan DNS resolution for flow '{}'"  , flow_id_str);
    if !allowed_flows.contains(&flow_id_str) {
        return Ok(HttpResponse::Forbidden().json(json!({
            "error": "Flow ID not allowed"
        })));
    }
    let flows_guard = flows.lock().unwrap();
    let flow = match flows_guard.iter().find(|flow| flow.name == flow_id_str) {
        Some(flow) => flow,
        None => {
            return Ok(HttpResponse::NotFound().json(json!({
                "error": "Flow ID not found"
            })));
        }
    };
    // Get unique hostnames
    let mut hostnames: std::collections::HashSet<String> = std::collections::HashSet::new();
    for key in &flow.servers {
        hostnames.insert(key.server.clone());
    }
    drop(flows_guard);
    info!("Scanning DNS resolution for {} unique hosts", hostnames.len());
    // Limit concurrent DNS requests to prevent "too many open files" error
    let semaphore = Arc::new(Semaphore::new(20));
    // Scan all hostnames concurrently with rate limiting
    let mut scan_futures = Vec::new();
    for hostname in hostnames {
        scan_futures.push(check_dns_resolution(hostname, semaphore.clone()));
    }
    let results = future::join_all(scan_futures).await;
    let unresolved_count = results.iter().filter(|r| !r.resolved).count();
    info!("DNS scan complete: {} unresolved out of {} hosts", unresolved_count, results.len());
    Ok(HttpResponse::Ok().json(json!({
        "results": results,
        "total": results.len(),
        "unresolved": unresolved_count
    })))
 }
 // API endpoint to bulk deprecate multiple servers
 pub async fn bulk_deprecate_servers(
    flows: web::Data<Flows>,
    path: web::Path<String>,
    request: web::Json<BulkDeprecateRequest>,
    db_client: web::Data<Arc<ReconnectingDbClient>>,
    allowed_flows: web::Data<Vec<String>>,
 ) -> Result<HttpResponse> {
    let flow_id_str = path.into_inner();
    info!("API request to bulk deprecate {} servers in flow '{}'", request.servers.len(), flow_id_str);
    if !allowed_flows.contains(&flow_id_str) {
        return Ok(HttpResponse::Forbidden().json(json!({
            "error": "Flow ID not allowed"
        })));
    }
    // Use single bulk operation instead of loop
    let total_deprecated = match db_client
        .bulk_deprecate_keys_by_servers_reconnecting(request.servers.clone(), flow_id_str.clone())
        .await
    {
        Ok(count) => {
            info!("Bulk deprecated {} key(s) for {} servers", count, request.servers.len());
            count
        }
        Err(e) => {
            return Ok(HttpResponse::InternalServerError().json(json!({
                "error": format!("Failed to bulk deprecate keys: {}", e)
            })));
        }
    };
    // Refresh the in-memory flows
    let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
        Ok(flows) => flows,
        Err(e) => {
            return Ok(HttpResponse::InternalServerError().json(json!({
                "error": format!("Failed to refresh flows: {}", e)
            })));
        }
    };
    let mut flows_guard = flows.lock().unwrap();
    *flows_guard = updated_flows;
    let response = json!({
        "message": format!("Successfully deprecated {} key(s) for {} server(s)", total_deprecated, request.servers.len()),
        "deprecated_count": total_deprecated,
        "servers_processed": request.servers.len()
    });
    Ok(HttpResponse::Ok().json(response))
 }
 // API endpoint to bulk restore multiple servers
 pub async fn bulk_restore_servers(
    flows: web::Data<Flows>,
    path: web::Path<String>,
    request: web::Json<BulkDeprecateRequest>,
    db_client: web::Data<Arc<ReconnectingDbClient>>,
    allowed_flows: web::Data<Vec<String>>,
 ) -> Result<HttpResponse> {
    let flow_id_str = path.into_inner();
    info!("API request to bulk restore {} servers in flow '{}'", request.servers.len(), flow_id_str);
    if !allowed_flows.contains(&flow_id_str) {
        return Ok(HttpResponse::Forbidden().json(json!({
            "error": "Flow ID not allowed"
        })));
    }
    // Use single bulk operation
    let total_restored = match db_client
        .bulk_restore_keys_by_servers_reconnecting(request.servers.clone(), flow_id_str.clone())
        .await
    {
        Ok(count) => {
            info!("Bulk restored {} key(s) for {} servers", count, request.servers.len());
            count
        }
        Err(e) => {
            return Ok(HttpResponse::InternalServerError().json(json!({
                "error": format!("Failed to bulk restore keys: {}", e)
            })));
        }
    };
    // Refresh the in-memory flows
    let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
        Ok(flows) => flows,
        Err(e) => {
            return Ok(HttpResponse::InternalServerError().json(json!({
                "error": format!("Failed to refresh flows: {}", e)
            })));
        }
    };
    let mut flows_guard = flows.lock().unwrap();
    *flows_guard = updated_flows;
    let response = json!({
        "message": format!("Successfully restored {} key(s) for {} server(s)", total_restored, request.servers.len()),
        "restored_count": total_restored,
        "servers_processed": request.servers.len()
    });
    Ok(HttpResponse::Ok().json(response))
 }
 // API endpoint to deprecate a specific key by server name
 pub async fn delete_key_by_server(
    flows: web::Data<Flows>,
    path: web::Path<(String, String)>,
    db_client: web::Data<Arc<ReconnectingDbClient>>,
    allowed_flows: web::Data<Vec<String>>,
 ) -> Result<HttpResponse> {
    let (flow_id_str, server_name) = path.into_inner();
    info!(
        "API request to deprecate key for server '{}' in flow '{}'",
        server_name, flow_id_str
    );
    if !allowed_flows.contains(&flow_id_str) {
        return Ok(HttpResponse::Forbidden().json(json!({
            "error": "Flow ID not allowed"
        })));
    }
    // Deprecate in database
    match db_client
        .deprecate_key_by_server_reconnecting(server_name.clone(), flow_id_str.clone())
        .await
    {
        Ok(deprecated_count) => {
            if deprecated_count > 0 {
                info!(
                    "Deprecated {} key(s) for server '{}' in flow '{}'",
                    deprecated_count, server_name, flow_id_str
                );
                // Refresh the in-memory flows
                let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
                    Ok(flows) => flows,
                    Err(e) => {
                        return Ok(HttpResponse::InternalServerError().json(json!({
                            "error": format!("Failed to refresh flows: {}", e)
                        })));
                    }
                };
                let mut flows_guard = flows.lock().unwrap();
                *flows_guard = updated_flows;
                Ok(HttpResponse::Ok().json(json!({
                    "message": format!("Successfully deprecated {} key(s) for server '{}'", deprecated_count, server_name),
                    "deprecated_count": deprecated_count
                })))
            } else {
                Ok(HttpResponse::NotFound().json(json!({
                    "error": format!("No keys found for server '{}'", server_name)
                })))
            }
        }
        Err(e) => Ok(HttpResponse::InternalServerError().json(json!({
            "error": format!("Failed to deprecate key: {}", e)
        }))),
    }
 }
 // API endpoint to restore a deprecated key
 pub async fn restore_key_by_server(
    flows: web::Data<Flows>,
    path: web::Path<(String, String)>,
    db_client: web::Data<Arc<ReconnectingDbClient>>,
    allowed_flows: web::Data<Vec<String>>,
 ) -> Result<HttpResponse> {
    let (flow_id_str, server_name) = path.into_inner();
    info!(
        "API request to restore key for server '{}' in flow '{}'",
        server_name, flow_id_str
    );
    if !allowed_flows.contains(&flow_id_str) {
        return Ok(HttpResponse::Forbidden().json(json!({
            "error": "Flow ID not allowed"
        })));
    }
    // Restore in database
    match db_client
        .restore_key_by_server_reconnecting(server_name.clone(), flow_id_str.clone())
        .await
    {
        Ok(restored_count) => {
            if restored_count > 0 {
                info!(
                    "Restored {} key(s) for server '{}' in flow '{}'",
                    restored_count, server_name, flow_id_str
                );
                // Refresh the in-memory flows
                let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
                    Ok(flows) => flows,
                    Err(e) => {
                        return Ok(HttpResponse::InternalServerError().json(json!({
                            "error": format!("Failed to refresh flows: {}", e)
                        })));
                    }
                };
                let mut flows_guard = flows.lock().unwrap();
                *flows_guard = updated_flows;
                Ok(HttpResponse::Ok().json(json!({
                    "message": format!("Successfully restored {} key(s) for server '{}'", restored_count, server_name),
                    "restored_count": restored_count
                })))
            } else {
                Ok(HttpResponse::NotFound().json(json!({
                    "error": format!("No deprecated keys found for server '{}'", server_name)
                })))
            }
        }
        Err(e) => Ok(HttpResponse::InternalServerError().json(json!({
            "error": format!("Failed to restore key: {}", e)
        }))),
    }
 }
 // API endpoint to permanently delete a key
 pub async fn permanently_delete_key_by_server(
    flows: web::Data<Flows>,
    path: web::Path<(String, String)>,
    db_client: web::Data<Arc<ReconnectingDbClient>>,
    allowed_flows: web::Data<Vec<String>>,
 ) -> Result<HttpResponse> {
    let (flow_id_str, server_name) = path.into_inner();
    info!(
        "API request to permanently delete key for server '{}' in flow '{}'",
        server_name, flow_id_str
    );
    if !allowed_flows.contains(&flow_id_str) {
        return Ok(HttpResponse::Forbidden().json(json!({
            "error": "Flow ID not allowed"
        })));
    }
    // Permanently delete from database
    match db_client
        .permanently_delete_key_by_server_reconnecting(server_name.clone(), flow_id_str.clone())
        .await
    {
        Ok(deleted_count) => {
            if deleted_count > 0 {
                info!(
                    "Permanently deleted {} key(s) for server '{}' in flow '{}'",
                    deleted_count, server_name, flow_id_str
                );
                // Refresh the in-memory flows
                let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
                    Ok(flows) => flows,
                    Err(e) => {
                        return Ok(HttpResponse::InternalServerError().json(json!({
                            "error": format!("Failed to refresh flows: {}", e)
                        })));
                    }
                };
                let mut flows_guard = flows.lock().unwrap();
                *flows_guard = updated_flows;
                Ok(HttpResponse::Ok().json(json!({
                    "message": format!("Successfully deleted {} key(s) for server '{}'", deleted_count, server_name),
                    "deleted_count": deleted_count
                })))
            } else {
                Ok(HttpResponse::NotFound().json(json!({
                    "error": format!("No keys found for server '{}'", server_name)
                })))
            }
        }
        Err(e) => Ok(HttpResponse::InternalServerError().json(json!({
            "error": format!("Failed to delete key: {}", e)
        }))),
    }
 }
 // Serve static files from embedded assets
 pub async fn serve_static_file(path: web::Path<String>) -> Result<HttpResponse> {
    let file_path = path.into_inner();
    match StaticAssets::get(&file_path) {
        Some(content) => {
            let content_type = match std::path::Path::new(&file_path)
                .extension()
                .and_then(|s| s.to_str())
            {
                Some("html") => "text/html; charset=utf-8",
                Some("css") => "text/css; charset=utf-8",
                Some("js") => "application/javascript; charset=utf-8",
                Some("png") => "image/png",
                Some("jpg") | Some("jpeg") => "image/jpeg",
                Some("svg") => "image/svg+xml",
                _ => "application/octet-stream",
            };
            Ok(HttpResponse::Ok()
                .content_type(content_type)
                .body(content.data.as_ref().to_vec()))
        }
        None => Ok(HttpResponse::NotFound().body(format!("File not found: {}", file_path))),
    }
 }
 // Serve the main web interface from embedded assets
 pub async fn serve_web_interface() -> Result<HttpResponse> {
    match StaticAssets::get("index.html") {
        Some(content) => Ok(HttpResponse::Ok()
            .content_type("text/html; charset=utf-8")
            .body(content.data.as_ref().to_vec())),
        None => Ok(HttpResponse::NotFound().body("Web interface not found")),
    }
 }
--- a/static/index.html
+++ b/static/index.html
@@ -0,0 +1,180 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>SSH Key Manager</title>
    <link rel="stylesheet" href="/static/style.css">
    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600&display=swap" rel="stylesheet">
 </head>
 <body>
    <div class="container">
        <header>
            <div class="header-title">
                <h1>SSH Key Manager</h1>
                <span class="version" id="appVersion">Loading...</span>
            </div>
            <div class="flow-selector">
                <label for="flowSelect">Flow:</label>
                <select id="flowSelect">
                    <option value="">Select a flow...</option>
                </select>
                <button id="refreshBtn" class="btn btn-secondary">Refresh</button>
            </div>
        </header>
        <main>
            <div class="stats-panel">
                <div class="stat-item">
                    <span class="stat-value" id="totalKeys">0</span>
                    <span class="stat-label">Total Keys</span>
                </div>
                <div class="stat-item">
                    <span class="stat-value" id="activeKeys">0</span>
                    <span class="stat-label">Active Keys</span>
                </div>
                <div class="stat-item">
                    <span class="stat-value deprecated" id="deprecatedKeys">0</span>
                    <span class="stat-label">Deprecated Keys</span>
                </div>
                <div class="stat-item">
                    <span class="stat-value" id="uniqueServers">0</span>
                    <span class="stat-label">Unique Servers</span>
                </div>
            </div>
            <div class="actions-panel">
                <button id="addKeyBtn" class="btn btn-primary">Add SSH Key</button>
                <button id="scanDnsBtn" class="btn btn-secondary">Scan DNS Resolution</button>
                <button id="bulkDeleteBtn" class="btn btn-danger" disabled>Deprecate Selected</button>
                <button id="bulkRestoreBtn" class="btn btn-success" disabled style="display: none;">Restore Selected</button>
                <button id="bulkPermanentDeleteBtn" class="btn btn-danger" disabled style="display: none;">Delete Selected</button>
                <div class="filter-controls">
                    <label class="filter-label">
                        <input type="checkbox" id="showDeprecatedOnly"> 
                        <span>Show only deprecated keys</span>
                    </label>
                </div>
                <div class="search-box">
                    <input type="text" id="searchInput" placeholder="Search servers or keys...">
                </div>
            </div>
            <div class="keys-table-container">
                <table class="keys-table">
                    <thead>
                        <tr>
                            <th>
                                <input type="checkbox" id="selectAll">
                            </th>
                            <th>Server/Type</th>
                            <th>Key Preview</th>
                            <th></th>
                            <th>Actions</th>
                        </tr>
                    </thead>
                    <tbody id="keysTableBody">
                        <!-- Keys will be populated here -->
                    </tbody>
                </table>
                <div id="noKeysMessage" class="no-keys-message" style="display: none;">
                    No SSH keys found for this flow.
                </div>
            </div>
            <div class="pagination">
                <button id="prevPage" class="btn btn-secondary" disabled>Previous</button>
                <span id="pageInfo">Page 1 of 1</span>
                <button id="nextPage" class="btn btn-secondary" disabled>Next</button>
            </div>
        </main>
    </div>
    <!-- Add Key Modal -->
    <div id="addKeyModal" class="modal">
        <div class="modal-content">
            <div class="modal-header">
                <h2>Add SSH Key</h2>
                <span class="close">&times;</span>
            </div>
            <div class="modal-body">
                <form id="addKeyForm">
                    <div class="form-group">
                        <label for="serverInput">Server/Hostname:</label>
                        <input type="text" id="serverInput" required placeholder="example.com">
                    </div>
                    <div class="form-group">
                        <label for="keyInput">SSH Public Key:</label>
                        <textarea id="keyInput" required placeholder="ssh-rsa AAAAB3..."></textarea>
                    </div>
                    <div class="form-actions">
                        <button type="button" class="btn btn-secondary" id="cancelAdd">Cancel</button>
                        <button type="submit" class="btn btn-primary">Add Key</button>
                    </div>
                </form>
            </div>
        </div>
    </div>
    <!-- View Key Modal -->
    <div id="viewKeyModal" class="modal">
        <div class="modal-content">
            <div class="modal-header">
                <h2>SSH Key Details</h2>
                <span class="close">&times;</span>
            </div>
            <div class="modal-body">
                <div class="form-group">
                    <label>Server:</label>
                    <div id="viewServer" class="read-only-field"></div>
                </div>
                <div class="form-group">
                    <label>SSH Public Key:</label>
                    <textarea id="viewKey" class="read-only-field" readonly></textarea>
                </div>
                <div class="form-actions">
                    <button type="button" class="btn btn-secondary" id="closeView">Close</button>
                    <button type="button" class="btn btn-primary" id="copyKey">Copy Key</button>
                </div>
            </div>
        </div>
    </div>
    <!-- DNS Scan Results Modal -->
    <div id="dnsScanModal" class="modal">
        <div class="modal-content modal-large">
            <div class="modal-header">
                <h2>DNS Resolution Scan Results</h2>
                <span class="close">&times;</span>
            </div>
            <div class="modal-body">
                <div id="dnsScanStats" class="scan-stats"></div>
                <div id="unresolvedHosts" class="unresolved-hosts">
                    <div class="section-header">
                        <h3>Unresolved Hosts</h3>
                        <button id="selectAllUnresolved" class="btn btn-sm btn-secondary">Select All</button>
                    </div>
                    <div id="unresolvedList" class="host-list"></div>
                </div>
                <div class="form-actions">
                    <button type="button" class="btn btn-secondary" id="closeDnsScan">Close</button>
                    <button type="button" class="btn btn-danger" id="deprecateUnresolved" disabled>Deprecate Selected</button>
                </div>
            </div>
        </div>
    </div>
    <!-- Loading Overlay -->
    <div id="loadingOverlay" class="loading-overlay">
        <div class="loading-spinner"></div>
        <div class="loading-text">Loading...</div>
    </div>
    <!-- Toast Notifications -->
    <div id="toastContainer" class="toast-container"></div>
    <script src="/static/script.js"></script>
 </body>
 </html>
--- a/static/script.js
+++ b/static/script.js
--- a/static/style.css
+++ b/static/style.css
@@ -0,0 +1,825 @@
 :root {
    --primary-color: #2563eb;
    --primary-hover: #1d4ed8;
    --secondary-color: #64748b;
    --danger-color: #dc2626;
    --danger-hover: #b91c1c;
    --success-color: #16a34a;
    --warning-color: #d97706;
    --background: #f8fafc;
    --surface: #ffffff;
    --border: #e2e8f0;
    --text-primary: #1e293b;
    --text-secondary: #64748b;
    --shadow: 0 1px 3px 0 rgb(0 0 0 / 0.1), 0 1px 2px -1px rgb(0 0 0 / 0.1);
    --shadow-lg: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
    --border-radius: 0.5rem;
    --font-family: 'Inter', sans-serif;
 }
 * {
    margin: 0;
    padding: 0;
    box-sizing: border-box;
 }
 body {
    font-family: var(--font-family);
    background-color: var(--background);
    color: var(--text-primary);
    line-height: 1.6;
 }
 .container {
    max-width: 1400px;
    margin: 0 auto;
    padding: 2rem;
    min-height: 100vh;
 }
 header {
    display: flex;
    justify-content: space-between;
    align-items: center;
    margin-bottom: 2rem;
    padding-bottom: 1rem;
    border-bottom: 2px solid var(--border);
 }
 header h1 {
    font-size: 2.5rem;
    font-weight: 600;
    color: var(--text-primary);
    margin: 0;
 }
 .header-title {
    display: flex;
    align-items: baseline;
    gap: 1rem;
 }
 .version {
    font-size: 0.875rem;
    color: var(--text-secondary);
    background: var(--background);
    padding: 0.25rem 0.5rem;
    border-radius: var(--border-radius);
    font-weight: 500;
    border: 1px solid var(--border);
 }
 .flow-selector {
    display: flex;
    align-items: center;
    gap: 1rem;
 }
 .flow-selector label {
    font-weight: 500;
    color: var(--text-secondary);
 }
 .flow-selector select {
    padding: 0.5rem 1rem;
    border: 1px solid var(--border);
    border-radius: var(--border-radius);
    background: var(--surface);
    color: var(--text-primary);
    font-size: 1rem;
    min-width: 200px;
 }
 .btn {
    padding: 0.5rem 1rem;
    border: none;
    border-radius: var(--border-radius);
    font-size: 0.875rem;
    font-weight: 500;
    cursor: pointer;
    transition: all 0.2s ease;
    display: inline-flex;
    align-items: center;
    gap: 0.5rem;
    text-decoration: none;
 }
 .btn:disabled {
    opacity: 0.6;
    cursor: not-allowed;
 }
 .btn-primary {
    background-color: var(--primary-color);
    color: white;
 }
 .btn-primary:hover:not(:disabled) {
    background-color: var(--primary-hover);
 }
 .btn-secondary {
    background-color: var(--secondary-color);
    color: white;
 }
 .btn-secondary:hover:not(:disabled) {
    background-color: #475569;
 }
 .btn-danger {
    background-color: var(--danger-color);
    color: white;
 }
 .btn-danger:hover:not(:disabled) {
    background-color: var(--danger-hover);
 }
 .btn-success {
    background-color: var(--success-color);
    color: white;
 }
 .btn-success:hover:not(:disabled) {
    background-color: #059669;
 }
 .btn-sm {
    padding: 0.25rem 0.5rem;
    font-size: 0.75rem;
 }
 .stats-panel {
    display: grid;
    grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
    gap: 1rem;
    margin-bottom: 2rem;
 }
 .stat-item {
    background: var(--surface);
    padding: 1.5rem;
    border-radius: var(--border-radius);
    box-shadow: var(--shadow);
    text-align: center;
 }
 .stat-value {
    display: block;
    font-size: 2rem;
    font-weight: 600;
    color: var(--primary-color);
 }
 .stat-value.deprecated {
    color: var(--danger-color);
 }
 .stat-label {
    color: var(--text-secondary);
    font-size: 0.875rem;
    font-weight: 500;
 }
 .actions-panel {
    display: flex;
    justify-content: space-between;
    align-items: center;
    margin-bottom: 1.5rem;
    gap: 1rem;
    flex-wrap: wrap;
 }
 .filter-controls {
    display: flex;
    align-items: center;
    gap: 1rem;
 }
 .filter-label {
    display: flex;
    align-items: center;
    gap: 0.5rem;
    font-size: 0.875rem;
    color: var(--text-primary);
    cursor: pointer;
    user-select: none;
    padding: 0.5rem 0.75rem;
    border-radius: var(--border-radius);
    transition: background-color 0.2s ease;
 }
 .filter-label:hover {
    background-color: var(--background);
 }
 .filter-label.active {
    background-color: var(--primary-color);
    color: white;
 }
 .filter-label.active input[type="checkbox"] {
    accent-color: white;
 }
 .filter-label input[type="checkbox"] {
    margin: 0;
 }
 .filter-label span {
    white-space: nowrap;
 }
 .search-box input {
    padding: 0.5rem 1rem;
    border: 1px solid var(--border);
    border-radius: var(--border-radius);
    background: var(--surface);
    color: var(--text-primary);
    font-size: 1rem;
    width: 300px;
 }
 .keys-table-container {
    background: var(--surface);
    border-radius: var(--border-radius);
    box-shadow: var(--shadow);
    overflow: hidden;
    margin-bottom: 1.5rem;
 }
 .keys-table {
    width: 100%;
    border-collapse: collapse;
 }
 .keys-table th,
 .keys-table td {
    padding: 1rem;
    text-align: left;
    border-bottom: 1px solid var(--border);
 }
 .keys-table th {
    background-color: #f1f5f9;
    font-weight: 600;
    color: var(--text-primary);
 }
 .keys-table tbody tr:hover {
    background-color: #f8fafc;
 }
 .keys-table tbody tr.deprecated {
    opacity: 0.6;
    background-color: #fef2f2;
 }
 .keys-table tbody tr.deprecated:hover {
    background-color: #fee2e2;
 }
 .keys-table tbody tr.deprecated .key-preview,
 .keys-table tbody tr.deprecated td:nth-child(2) {
    text-decoration: line-through;
    color: var(--text-secondary);
 }
 .host-group-header {
    background-color: #f1f5f9;
    font-weight: 600;
    transition: background-color 0.2s ease;
    border-left: 4px solid var(--primary-color);
 }
 .host-group-header:hover {
    background-color: #e2e8f0;
 }
 .host-group-header.collapsed {
    border-left-color: var(--secondary-color);
 }
 .host-group-header .expand-icon {
    transition: transform 0.2s ease;
    display: inline-block;
    margin-right: 0.5rem;
    user-select: none;
 }
 .host-group-header.collapsed .expand-icon {
    transform: rotate(-90deg);
 }
 .host-group-header input[type="checkbox"] {
    margin: 0;
 }
 .host-group-header td:first-child {
    width: 50px;
    text-align: center;
 }
 .host-group-header td:nth-child(2) {
    cursor: pointer;
    user-select: none;
 }
 .key-row {
    border-left: 4px solid transparent;
 }
 .key-row.hidden {
    display: none;
 }
 .host-summary {
    font-size: 0.875rem;
    color: var(--text-secondary);
 }
 .key-count {
    background-color: var(--primary-color);
    color: white;
    padding: 0.125rem 0.375rem;
    border-radius: 0.25rem;
    font-size: 0.75rem;
    font-weight: 500;
    margin-left: 0.5rem;
 }
 .deprecated-count {
    background-color: var(--danger-color);
    color: white;
    padding: 0.125rem 0.375rem;
    border-radius: 0.25rem;
    font-size: 0.75rem;
    font-weight: 500;
    margin-left: 0.25rem;
 }
 .key-preview {
    font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
    font-size: 0.875rem;
    color: var(--text-secondary);
    max-width: 200px;
    overflow: hidden;
    text-overflow: ellipsis;
    white-space: nowrap;
 }
 .key-type {
    display: inline-block;
    padding: 0.25rem 0.5rem;
    background-color: #e0e7ff;
    color: #3730a3;
    border-radius: 0.25rem;
    font-size: 0.75rem;
    font-weight: 500;
 }
 .key-type.rsa { background-color: #fef3c7; color: #92400e; }
 .key-type.ed25519 { background-color: #dcfce7; color: #166534; }
 .key-type.ecdsa { background-color: #e0e7ff; color: #3730a3; }
 .key-type.dsa { background-color: #fce7f3; color: #9d174d; }
 .deprecated-badge {
    display: inline-block;
    padding: 0.25rem 0.5rem;
    background-color: #fecaca;
    color: #991b1b;
    border-radius: 0.25rem;
    font-size: 0.75rem;
    font-weight: 500;
    margin-left: 0.5rem;
 }
 .no-keys-message {
    text-align: center;
    padding: 3rem;
    color: var(--text-secondary);
    font-size: 1.125rem;
 }
 .pagination {
    display: flex;
    justify-content: center;
    align-items: center;
    gap: 1rem;
 }
 .modal {
    display: none;
    position: fixed;
    z-index: 1000;
    left: 0;
    top: 0;
    width: 100%;
    height: 100%;
    background-color: rgba(0, 0, 0, 0.5);
    backdrop-filter: blur(4px);
 }
 .modal-content {
    background-color: var(--surface);
    margin: 5% auto;
    padding: 0;
    border-radius: var(--border-radius);
    box-shadow: var(--shadow-lg);
    width: 90%;
    max-width: 600px;
    max-height: 80vh;
    overflow: hidden;
 }
 .modal-header {
    display: flex;
    justify-content: space-between;
    align-items: center;
    padding: 1.5rem;
    border-bottom: 1px solid var(--border);
 }
 .modal-header h2 {
    font-size: 1.5rem;
    font-weight: 600;
 }
 .close {
    font-size: 1.5rem;
    font-weight: bold;
    cursor: pointer;
    color: var(--text-secondary);
    padding: 0.5rem;
    border-radius: var(--border-radius);
    transition: all 0.2s ease;
 }
 .close:hover {
    background-color: var(--background);
    color: var(--text-primary);
 }
 .modal-body {
    padding: 1.5rem;
    max-height: 60vh;
    overflow-y: auto;
 }
 .form-group {
    margin-bottom: 1.5rem;
 }
 .form-group label {
    display: block;
    margin-bottom: 0.5rem;
    font-weight: 500;
    color: var(--text-primary);
 }
 .form-group input,
 .form-group textarea {
    width: 100%;
    padding: 0.75rem;
    border: 1px solid var(--border);
    border-radius: var(--border-radius);
    font-size: 1rem;
    font-family: var(--font-family);
    background: var(--surface);
    color: var(--text-primary);
    transition: border-color 0.2s ease;
 }
 .form-group input:focus,
 .form-group textarea:focus {
    outline: none;
    border-color: var(--primary-color);
    box-shadow: 0 0 0 3px rgba(37, 99, 235, 0.1);
 }
 .form-group textarea {
    resize: vertical;
    min-height: 120px;
    font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
    font-size: 0.875rem;
 }
 .read-only-field {
    background-color: var(--background) !important;
    cursor: not-allowed;
 }
 .form-actions {
    display: flex;
    justify-content: flex-end;
    gap: 1rem;
    margin-top: 2rem;
 }
 .loading-overlay {
    display: none;
    position: fixed;
    z-index: 9999;
    left: 0;
    top: 0;
    width: 100%;
    height: 100%;
    background-color: rgba(255, 255, 255, 0.9);
    backdrop-filter: blur(4px);
 }
 .loading-spinner {
    position: absolute;
    top: 50%;
    left: 50%;
    transform: translate(-50%, -50%);
    width: 40px;
    height: 40px;
    border: 4px solid var(--border);
    border-top: 4px solid var(--primary-color);
    border-radius: 50%;
    animation: spin 1s linear infinite;
 }
 .loading-text {
    position: absolute;
    top: 60%;
    left: 50%;
    transform: translate(-50%, -50%);
    color: var(--text-secondary);
    font-weight: 500;
 }
@keyframes spin {
    0% { transform: translate(-50%, -50%) rotate(0deg); }
    100% { transform: translate(-50%, -50%) rotate(360deg); }
 }
 .toast-container {
    position: fixed;
    top: 1rem;
    right: 1rem;
    z-index: 10000;
    display: flex;
    flex-direction: column;
    gap: 0.5rem;
 }
 .toast {
    padding: 1rem 1.5rem;
    border-radius: var(--border-radius);
    color: white;
    font-weight: 500;
    box-shadow: var(--shadow-lg);
    transform: translateX(100%);
    transition: transform 0.3s ease;
    max-width: 400px;
    display: flex;
    align-items: center;
    gap: 0.5rem;
 }
 .toast.show {
    transform: translateX(0);
 }
 .toast.success {
    background-color: var(--success-color);
 }
 .toast.error {
    background-color: var(--danger-color);
 }
 .toast.warning {
    background-color: var(--warning-color);
 }
 .toast.info {
    background-color: var(--primary-color);
 }
@media (max-width: 768px) {
    .container {
        padding: 1rem;
    }
    header {
        flex-direction: column;
        gap: 1rem;
        align-items: stretch;
    }
    .header-title {
        flex-direction: column;
        align-items: flex-start;
        gap: 0.5rem;
    }
    .header-title h1 {
        font-size: 2rem;
    }
    .actions-panel {
        flex-direction: column;
        align-items: stretch;
        gap: 1rem;
    }
    .filter-controls {
        justify-content: center;
    }
    .search-box input {
        width: 100%;
    }
    .keys-table-container {
        overflow-x: auto;
    }
    .keys-table {
        min-width: 600px;
    }
    .modal-content {
        margin: 10% auto;
        width: 95%;
    }
    .form-actions {
        flex-direction: column;
    }
    .stats-panel {
        grid-template-columns: 1fr;
    }
 }
 /* Checkbox styles */
 input[type="checkbox"] {
    width: 1rem;
    height: 1rem;
    accent-color: var(--primary-color);
 }
 /* Indeterminate checkbox styling */
 input[type="checkbox"]:indeterminate {
    background-color: var(--primary-color);
    background-image: linear-gradient(90deg, transparent 40%, white 40%, white 60%, transparent 60%);
    border-color: var(--primary-color);
 }
 /* Action buttons in table */
 .table-actions {
    display: flex;
    gap: 0.5rem;
    align-items: center;
 }
 /* Error states */
 .form-group input:invalid,
 .form-group textarea:invalid {
    border-color: var(--danger-color);
 }
 .form-group input:invalid:focus,
 .form-group textarea:invalid:focus {
    box-shadow: 0 0 0 3px rgba(220, 38, 38, 0.1);
 }
 /* Success states */
 .form-group input:valid,
 .form-group textarea:valid {
    border-color: var(--success-color);
 }
 /* DNS Scan Modal Styles */
 .modal-large {
    max-width: 800px;
 }
 .scan-stats {
    background: var(--background);
    padding: 1rem;
    border-radius: var(--border-radius);
    margin-bottom: 1.5rem;
    display: grid;
    grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
    gap: 1rem;
 }
 .scan-stat {
    text-align: center;
 }
 .scan-stat-value {
    display: block;
    font-size: 1.5rem;
    font-weight: 600;
    color: var(--primary-color);
 }
 .scan-stat-label {
    color: var(--text-secondary);
    font-size: 0.875rem;
 }
 .unresolved-count {
    color: var(--danger-color) !important;
 }
 .section-header {
    display: flex;
    justify-content: space-between;
    align-items: center;
    margin-bottom: 1rem;
 }
 .section-header h3 {
    font-size: 1.125rem;
    font-weight: 600;
    color: var(--text-primary);
 }
 .host-list {
    max-height: 300px;
    overflow-y: auto;
    border: 1px solid var(--border);
    border-radius: var(--border-radius);
 }
 .host-item {
    display: flex;
    align-items: center;
    padding: 0.75rem;
    border-bottom: 1px solid var(--border);
    transition: background-color 0.2s ease;
 }
 .host-item:last-child {
    border-bottom: none;
 }
 .host-item:hover {
    background-color: var(--background);
 }
 .host-item label {
    display: flex;
    align-items: center;
    gap: 0.75rem;
    flex: 1;
    cursor: pointer;
    margin: 0;
 }
 .host-name {
    font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
    font-weight: 500;
    color: var(--text-primary);
 }
 .host-error {
    font-size: 0.75rem;
    color: var(--danger-color);
    margin-left: auto;
    max-width: 200px;
    word-break: break-word;
 }
 .empty-state {
    text-align: center;
    padding: 2rem;
    color: var(--text-secondary);
    font-style: italic;
 }
 .scan-progress {
    background: var(--background);
    padding: 1rem;
    border-radius: var(--border-radius);
    margin-bottom: 1rem;
    text-align: center;
 }
 .scan-progress-text {
    color: var(--text-secondary);
    margin-bottom: 0.5rem;
 }
 .progress-bar {
    width: 100%;
    height: 8px;
    background: var(--border);
    border-radius: 4px;
    overflow: hidden;
 }
 .progress-fill {
    height: 100%;
    background: var(--primary-color);
    transition: width 0.3s ease;
    border-radius: 4px;
 }
Author	SHA1	Message	Date
Ultradesu	af6c4d7e61	Added auto deprecation feature	2025-07-20 17:37:46 +03:00
Ultradesu	9c5518b39e	Added auto deprecation feature	2025-07-20 17:26:44 +03:00
Ultradesu	1eccc0e0f7	Fixed client mode flow args	2025-07-19 15:51:17 +03:00
Ultradesu	45ac3fca51	Fixed web ui. Added deprecation feature	2025-07-19 12:56:25 +03:00
Ultradesu	e33910a2db	Added web ui	2025-07-19 12:20:52 +03:00
Ultradesu	c5d8ebd89f	Added web ui	2025-07-19 12:20:37 +03:00
Ultradesu	1534d88300	Added web ui	2025-07-18 18:35:04 +03:00
Ultradesu	3fa43d276d	Added web ui	2025-07-18 18:06:26 +03:00
Ultradesu	d5ce88dfff	Added web ui	2025-07-18 17:52:58 +03:00
Alexandr Bogomyakov	484ddd9803	Add files via upload	2025-07-17 16:19:45 +03:00
Alexandr Bogomyakov	2f1fcd681e	Update README.MD	2025-05-12 02:46:25 +03:00
A B	26acbf75ac	Fix cross-flow keys	2025-05-11 23:44:18 +00:00
A B	4b2b56bcd2	Improved server performance and logging	2025-04-29 22:44:29 +00:00
A B	2cfc2c6c3a	Improved server performance and logging	2025-04-29 22:44:17 +00:00